UNIT-3

Chapter -6
E-Commerce:
Network Infrastructure
Network Meaning
LAN
Continued…
Continued…
Continued…
LAN TOPOLOGIES
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Ethernet LAN
Continued…
 One of the popular implementations of broadcast based local area network in various
organizations is often referred to as Ethernet.
 The Ethernet Local Area Network standard uses the CSMA/CD media access method.
 Originally developed at Xerox further PARC to connect around 100 workstations in the
Palo Alto, it was adopted by DEC and Intel who along with Xerox further developed the
standard for a 10 Mbps ethemet based on the CSMA/CD protocol.
 The various cabling systems used in the IEEE 802.3 LAN include 10Base2, 10Base5,
lOBaseT, 100BaseT, lOBaseF and, lOOBaseF. In the cable notations the first number 10
and 100 denotes the signaling speed of 10 Mbps and 100 Mbps.
Continued…
Continued…
Continued…
Continued…
 10Base5 is an ISO specification for running Ethernet through thick coaxial cables. The
suffix 5 signifies that the maximum length of a single segment can be only 500 meters.
 10Base5 cabling based local area network can span a maximum of 2.5 kilometers. Using
five segments, interconnected by four repeaters/ it can cover the total span of 2500
meters.
 Each segment can have a maximum number of 100 stations, with an inter station spacing
of 2.5 meters.
 The cable contains markings at every 2.5 meters, where stations can be connected. The
Media Access Unit (MAU) cable is connected to these 2.5-meter markings by vampire
taps, (i.e.) by inserting a pin halfway into the core of the coaxial cable.
 The external end of the MAU is a 15 pin male AUI connector. Stations are connected using
the AUI cable with a maximum cable length of 50 meters.
 An AUI cable is used for connecting the external MAU and the Ethernet interface of the
station.
Continued…

Fig. 10 Thick Coaxial Cable Ethernet

Continued…
Continued…
 10Base2 is the specification for ethernet over thin coaxial cables. The thin coaxial
Ethernet system uses a flexible cable, making it easier to connect the cable directly to the
ethemet interface located inside the computer.
 Each segment in the 10Base2 system can be 185 meters long the suffix 2 refers to the
segment length of 200 meters (rounding of 185 meters).
 The connections are made using the standard BNC connectors that form a T junction at
the ethemet interface of the computer. The MAU is built into the ethemet interface itself,
therefore it does not require external AUI cable. The T junction is directly attached to the
interface and the coaxial cable is connected to the two sides of the T (Fig.11).
 The system offers a flexible and inexpensive way of networking computers, but Steers
from the drawback that a single loose connection breaks down the operation of the
network. It is difficult to identify these loose connections and they can be source-of
nuisance.
Continued…
Continued…
WAN
WAN
WAN
WAN
WAN
WAN
Continued…
Continued…
Continued…
Continued…
Continued…
TCP/IP Reference Model
Continued…
 Host-to-Network Access Layer:
 The Host-to-network layer is the lowest layer of the TCP/IP reference model.
 It combines the link layer and the physical layer of the ISO/OSI model. At this layer, data
is transferred between adjacent network nodes in a WAN or between nodes on the same
LAN.
 The host-to-network layer provides the methods to transfer data between network
entities.
 It also provides error detection and correction procedures, since the errors might come
from the physical transfer.
 The host-to-network layer is responsible for physically transmitting the bit stream and
reconstructing the “framed” data from a received bit stream for the higher layers.
 The data transfer at this layer is normally not end-to-end transfer. It is in fact a data
transfer from one node to another, where “the other node” might be the destination node
or a node on the path to the destination.
Continued…
Continued…
Continued…
Domain Name Systems
Domain Name Systems
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
DNS Resolver
DNS Resolver
DNS Resolver
 Internet Industry Structure
 Network Access points (NAPs) are central points, which interconnect many different
national backbones and Internet Service Providers (ISPs).
 Backbone ISPs are interconnected at a NAP.
 Assume/ two ISPs/ ISP-A and ISP-B are connected to a NAP. The traffic meant for ISP-A,
originating at ISP-B reaches NAP and gets injected into the link connecting ISP-A,
Continued…

Internet Architecture
Continued…
 Each national internet service provider connects to one or more NAP and operates
national backbone.
 These ISPs offer connectivity through the local Internet Point Of Presence (IPOP) to
other internet service providers who operate locally and thus have local IPOP.
 Business organizations and home users connect to the local IPOF provider, which in turn
is connected to the backbone and ultimately to a NAP.
 NAP based connectivity implies that the traffic exchange between two ISPs connected to
it, will happen at the NAP.
 The traffic between to two users located in the same city but accessing the internet
through two different ISFs will be exchanged through the NAP/ which may be located in a
third city. To address the problem the concept of Peer/Private Network Access Points
was introduced.
Continued…
 The PNAPs are technically identical to a NAP, but interconnect peer backbone ISPs or
even peer local ISPs.
 Peering agreements are worked out between the involved ISPs.
 Peering offers better and more efficient routes and enhances the over all efficiency.
Traffic between two local ISPs operating in the same city need not visit a network access
point in another city.
 The peering arrangements can be either cooperative or commercial. The Seattle Internet
Exchange (SIX) is an example of a cooperative peering arrangement.
End of Chapter-6
 Chapter -7
E-Commerce:
Securing the Business on Internet
 Vulnerability of Information on Internet
Why Vulnerability of Information on Internet?

 Many early network protocols, that now form part of the internet infrastructure, were
designed without security in mind.
 A fundamentally insecure infrastructure and an extremely dynamic environment—in
terms of both topology and emerging technology—make network defense extremely
difficult. Because of the inherent openness of the internet and the original design of the
protocols, internet attacks in general are quick, easy, inexpensive, and many a time hard
to detect or trace.
 Attacks can be launched readily from any remote corner of the world, with the location of
the attacker being easily hidden.
Continued…
 Since much of the traffic on the internet is not encrypted, confidentiality and integrity are
difficult to achieve. This situation undermines not only applications, but also more
fundamental mechanisms such as authentication and non-repudiation. As a result, sites
may be affected by a security compromise at another site, over which they have no
control.

 Another factor that contributes to the vulnerability of the internet is the unplanned
growth and use of the network, accompanied by rapid deployment of network services,
and involving complex applications.

 The explosive growth of the internet has expanded the need for well-trained and
experienced people to engineer and administer the network in a secure manner. Because
the need for network security experts far exceeds the supply, inexperienced people are
called upon to secure systems, opening up opportunities for the intruder community.
Continued…
Sources of Technical Vulnerabilities:

 Flaws in Software or Protocol Designs :

 Protocols define the rules and conventions for computers to communicate on a network.
 A protocol having a fundamental design flaw is fundamentally vulnerable to misuse, no
matter how well it is implemented.
 An example of this is the Network File System (NFS), which allows systems to share
files. This protocol does not provide for authentication; there is no way of verifying that a
person logging in really is whom he or she claims to be. This security lapse makes NFS
servers targets of the intruder community.
Continued…
 Weaknesses in Implementation of Protocols and Software:

 Even when a protocol is well designed, it can be vulnerable because of the way it is
implemented.
 For example, an electronic mail protocol may be implemented in a way that permits
intruders to connect to the mail port of the victim's machine and fool the machine into
performing a task not intended by the service.
 If intruders supply certain data to the "To;" field, instead of a correct e-mail address, they
may be able to fool the machine into sending them confidential information about the
user and password as well as access to the victim's machine, with privileges to read
protected files or run programs on the system. This type of vulnerability enables
intruders to attack the victim's machine from remote sites, without access to an account
on the victim's system.
Continued…
 Weaknesses in System and Network Configurations :

 Vulnerabilities in the category of system and network configurations may not be caused
by problems inherent in protocols or software programs. Rather, vulnerabilities are a
result of the way these components are set up and used.
 Products may be delivered with default settings that intruders can exploit. System
administrators and users may neglect to change the default settings, or they may simply
set up their system to operate in a way that leaves the network vulnerable.
Continued…
Types of Incidents:
 Probe
 A probe is characterized by unusual attempts to gain access to a system, or to discover
information about the system. One example is an attempt to log in to an unused account.

 Scan:
 A scan is simply a large number of probes, done by using an automated tool. Scans can
sometimes be the result of misconfigurations or other errors, but they are often a
prelude to a more directed attack on systems whose security can be breached-
Continued…
 Account Compromise:
 An account compromise is the unauthorized use of a computer account by someone
other than the account owner, without involving system level or root level privileges. It
might expose the victim to serious data loss, data theft, or theft of services.

 Root Compromise:
 A root compromise is similar to an account compromise, except that the account that has
been compromised has special privileges on the system. The term 'root' is derived from
an account on UNIX systems, that typically has unlimited, or "super-user", privileges.
Intruders who succeed in a root compromise have the entire system at their mercy and
can do just about anything on the victim's system, including running their own programs
and even changing the way the system works.
Continued…
 Packet Sniffer:
 A packet sniffer is a program that captures data from information packets, as they travel
over the network. This data may include user names, passwords, and proprietary
information that travel over the network in unencrypted format. With perhaps hundreds
or thousands of passwords captured by the sniffer, intruders can launch widespread
attacks on systems.
 Denial of Service:
 A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,
making it inaccessible to its intended users. DoS attacks accomplish this by flooding the
target with traffic, or sending it information that triggers a crash.
Continued…
 Exploitation of Trust:
 Computers connected via networks enjoy privileges or trust relationships with one
another. For example, the computer checks a set of files, that specify which other
computers, on the network are permitted to use those commands before executing some
commands. If attackers can forge their identity, appearing to be using the trusted
computer, they may be able to gain unauthorized access to other computers.
 Malicious Code:
 Malicious code is a generic term for programs that cause undesired results on a system
when executed. Such programs are generally discovered after the damage is done.
Malicious code includes Trojan horses, viruses, and worms. Trojan horses and viruses
are usually hidden in legitimate programs or files that the attackers have altered. These
altered files produce unintended additional effects whenever they are rendered or
executed.
 Security Policy, Procedures & Practices
Security Policy:

 A security policy is a formal statement of the rules by which people with access to an
organization's technology and information assets must take, to ensure the security of
these assets.
 It provides a framework for making specific decisions such as which defense
mechanisms to use and how to configure services.
 It is the basis for developing secure programming guidelines and procedures, for users
and system administrators to follow.
Continued…
 A security policy generally covers the following aspects:

 High-level description of the technical environment of the site, the legal environment
(governing laws), the authority of the policy, and the basic philosophy to be used when
interpreting the policy
 Risk analysis to identify the site's assets, the threats existing against those assets, and the
costs of asset loss.
 Guidelines for system administrators on how to manage the systems.
 Definition of acceptable use for users
 Guidelines for reacting to a site compromise (e.g.:whether to trace the intruder or
shutdown and rebuild the system)
Continued…
Security Related Procedures:
 Procedures are specific steps to be followed, based on the security policy.
 Procedures address topics such as connecting to the site's system from home or while
traveling, retrieving programs from the network, using encryption, authentication for
issuing accounts, configuration, and monitoring.
Continued…
Security Practices:
System administration practices play a key role in network security. Some
commonly recommended practices are:
 Implement a one-time password system, ensure that all accounts have a password and
these passwords are difficult to guess.
 Use strong cryptographic techniques to ensure the integrity of system software on a
regular basis.
 Use safe programming techniques when writing software.
 Make appropriate changes to the network configuration when vulnerabilities become
known.
 Keep the systems current with upgrades and patches.
 Check for security alerts and technical advice regularly.
 Audit systems and networks, and regularly check logs for detecting an intrusion.
Continued…
Site Security:
 A site is any organization that has network-related resources like host computers that
users use routers, terminal servers.
 It is important that the services hosted by the site provide the intended functionality to
legitimate clients, without any breakdown- Occasionally, a hacker may try to break-in
and disrupt the services or alter the contents of the site, which may be embarrassing to
the organization.
 Separation of Services
 A site may wish to provide many services to its users, some of which may be external.
The services may have different levels of access needs and models of trust. Apart from
performance reasons, there are a variety of security reasons to attempt to isolate the
services onto dedicated host computers.
Continued…
 There are two conflicting, underlying philosophies that can be adopted when defining a
security plan. The choice between them depends on the site and its needs for security.

 The "deny all" model suggests turning off all services and then selectively enabling
services on a case by case basis as required. This can be done at the host or network
level, as appropriate. This model is generally more secure than the next one- However,
more work and a better understanding of services is required to successfully implement
a "deny all" configuration.

 The "allow all" model is based on the logic of simply turning on all services, usually with
the default at the host level; and allowing all protocols to travel across network
boundaries, usually with the default at the router level. As security gaps become
apparent, they are restricted or patched at either the host or network level. This model is
much easier to implement, but is generally less secure than the "deny all" model.
 Protecting the Network
DoS (Denial of Service):
Continued…
 The denial of service attack brings the network to a state in which it can no longer carry
legitimate users' data.
 The two common weaknesses that the "denial of service" attackers exploit in carrying
out the attack on a site are as follows:
1. Attacking routers
2. Flooding the network with extraneous traffic
 An attack on the router is designed to cause it to stop forwarding packets, or forward
them improperly. It may be due to a misconfiguration, the injection of a spurious routing
update, or a "flood attack".
 A flood attack on a network involves the broadcast of flood packets. An ideal flood
attack would be the injection of a single packet which exploits some known flaw in the
network nodes, causing them to retransmit the packet, or generate error packets, each of
which is picked up and repeated by another host. A well chosen attack packet can even
generate an exponential explosion of transmissions.
Continued…
How to Prevent Denial of Service?

 The solution to most of these problems is to protect the routing update packets sent by
the routing protocols in use. There are three levels of protection:
1. Clear-text password
2. Cryptographic checksum
3. Encryption

 Passwords only offer minimal protection against intruders who do not have direct access
to physical networks. Passwords also offer some protection against misconfigured
routers (i.e., routers which attempt to route packets out of the box). The advantage of
passwords is that they have very low overheads, in both bandwidth and CPU
consumption.
Continued…
 Checksums protect against the injection of spurious packets, even if the intruder has
direct access to the physical network. Combined with a sequence number, or other
unique identifiers, a checksum can also protect against "replay" attacks, wherein an old
(but valid at the time) routing update is retransmitted, by either an intruder or a
misbehaving router.

 Maximum security is provided by complete encryption of sequenced, or uniquely

identified, routing updates. This prevents an intruder from determining the topology of
the network. The disadvantage of encryption is the overhead involved in processing
updates.
Continued…
Sniffing:
 Sniffing is a data interception technology. Sniffer is a program that monitor or reading
all network traffic passing in and out over a network. Telnet, Relogin, FTP, NNTP, SMTP,
HTTP, IMAP that all protocol are vulnerable for sniffing because it send data and
password in clear text.

 Sniffing can be use both the ways legally or illegally like for monitor network traffic,
network security and for stealing information like password, files from the network.
Sniffing can be done both way one is from command line utility and other is from GUI
interface. Many network engineers; security professionals and even crackers use these
techniques to sniff the network.
Continued…
 Computers are always communicating with other machine during normal task like web
surfing, file sharing, emails etc.

 A computers are connected on Local Area Network (LAN) means they are sharing a
connection with several other computers.

 There are two types of network like Shared network (using HUB) and one is
Switched network (using switch) sniffers work differently on both the network.

Shared Network (Hub):

 All hosts are connected with each other through the hub and they are sharing same
bandwidth. In Shared network packets broadcast to all ports.

 Suppose computer A want to send packet to the Computer E then computer A send the
packet on network with destination MAC address of Computer E along with source
MAC address but in hub network packet will broadcast to every machine ports
connected to LAN.
Continued…
 If hacker runs a sniffer tool on any of one machine then he can easily grab the data and
take your valuable information in no time. It is commonly refereed as the Man in the
middle attack

Switched Network(Switch):
 all host are connected with each other through the switch. Switch maintain table of
every computer MAC address.

 Switch operates at data link layer of the OSI Layer model. Switch does not broadcast all
information on network. Switches examine the data packets for source and destination
addresses and then forward the data packet to the appropriate destination. so its
difficult to sniff switches attacker are using technique that he send bogus MAC Address
to fool the switch.

 Attacker use two method to sniff switch network ARP spoofing and Mac Flooding.
Continued…
Continued…
How Sniffing Threatens Security?
1) Sniffing data from the network leads to leakage of several kinds of information, that

should be kept secret for a computer network to be secure. Through the use of sniffers
the critical information such as passwords, financial account numbers, confidential or
sensitive data and low level protocol information can be tapped.

2) Systems mask the password when the user types it on the screen, they are often sent as

clear text over the network. These passwords can be easily seen by any Ethernet sniffer
or by putting the Ethernet card in the promiscuous mode. End users may guard the
password with all proper care to protect access to their account but, a common piece of
software that can put the Ethernet interface in a promiscuous mode can intercept their
passwords, providing the intruder access to confidential or sensitive data.
Continued…
How Sniffing Threatens Security?
3) In businesses that conduct electronic funds transfers over the internet, many

transactions involving the transmission of financial account numbers, such as credit

card numbers and checking account numbers can very well be picked up by the sniffer
device. The interceptor can then use the information to access and even transfer the
funds from user's account. As a result of the sniffer's ability to intercept passwords and
account information, the intruder may gain access to confidential and private
information maintained by users in seemingly protected areas.
Continued…
How to prevent Sniffing?
1) Encrypting all the message traffic on the network ensures that the sniffer will only be

able to get the encrypted text (cypher text) rather than the clear text information. The
information will remain protected, provided the encryption mechanism deployed is
strong enough and cannot be easily broken. Segmenting the local area network can
mitigate the sniffing accomplished through local network interface devices.

2) Kerberos is another package that encrypts account information going over the network.

It comes with a stream-encrypting remote login (rlogin) shell and stream-encrypting

remote terminal (telnet) program. This prevents intruders from capturing the actions
of the user, after he logs in.
FIREWALL
Continued…
Continued…
Continued…
Continued…
Continued…
Continued…
What a Firewall can’t do?
 Firewalls do not protect against threats emanating from internal users i.e., those who

arc part of the trusted network.

 Firewalls are concerned with monitoring the traffic and permitting only authenticated

and legitimate traffic flow. It does not concern itself with integrity issues related to
applications and data.

 For the most part firewalls, as discussed above, are concerned with the controlled flow

of data traffic and do not provide confidentiality of data. However, application proxies at
the firewall machine can provide encryption and decryption of all the data passing
through, as it becomes a single access point to the application.

 Firewalls cannot protect very well against viruses. A firewall cannot protect against a

data-driven attack — attacks in which something is mailed or copied to an internal host,

where it is then executed.
END OF CHAPTER-7
END OF UNIT-3