Network and Information Security

Networking

Computer network A collection of

computing devices that are connected in
various ways in order to communicate and
share resources
Usually, the connections between
computers in a network are made using
physical wires or cables
However, some connections are wireless,
using radio waves or infrared signals
 Networking

The generic term node or host refers to

any device on a network
Data transfer rate The speed with which
data is moved from one place on a
network to another
Data transfer rate is a key issue in
computer networks
 Networking

Computer networks have opened up an

entire frontier in the world of computing
called the client/server model

Figure 1 Client/Server interaction

 Networking

File server A computer that stores and

manages files for multiple users on a
network
Web server A computer dedicated to
responding to requests (from the browser
client) for web pages
 Types of Networks

Local-area network (LAN) A network

that connects a relatively small number of
machines in a relatively close
geographical area
 Types of Networks

Various configurations, called topologies, have

been used to administer LANs
 Ring topology A configuration that connects all
nodes in a closed loop on which messages travel in
one direction
 Star topology A configuration that centers around
one node to which all others are connected and
through which all messages are sent
 Bus topology All nodes are connected to a single
communication line that carries messages in both
directions
 Types of Networks

Figure 2 Various network topologies

 A bus technology called Ethernet has become the

industry standard for local-area networks
 Types of Networks

Wide-area network (WAN) A network that

connects two or more local-area networks over a
potentially large geographic distance
 Often one particular node on a LAN is set up to
serve as a gateway to handle all communication
going between that LAN and other networks

Communication between networks is called

internetworking
 The Internet, as we know it today, is essentially the
ultimate wide-area network, spanning the entire globe
 Types of Networks

Metropolitan-area network (MAN) The

communication infrastructures that have
been developed in and around large cities
 So, who owns the Internet?

Well, nobody does. No single person or

company owns the Internet or even
controls it entirely. As a wide-area network,
it is made up of many smaller networks.
These smaller networks are often owned
and managed by a person or organization.
The Internet, then, is really defined by how
connections can be made between these
networks.
 Types of Networks

Figure 3 Local-area networks connected across a distance to create a wide-area network

 Internet Connections

Internet backbone A set of high-speed

networks that carry Internet traffic
These networks are provided by
companies such as AT&T, GTE, and IBM
Internet service provider (ISP) A
company that provides other companies or
individuals with access to the Internet
 Internet Connections

 There are various technologies available that you can

use to connect a home computer to the Internet
 A phone modem converts computer data into an analog
audio signal for transfer over a telephone line, and then a
modem at the destination converts it back again into data
 A digital subscriber line (DSL) uses regular copper phone
lines to transfer digital data to and from the phone company’s
central office
 A cable modem uses the same line that your cable TV
signals come in on to transfer the data back and forth
 Internet Connections

Broadband A connection in which transfer

speeds are faster than 128 bits per second
 DSL connections and cable modems are broadband
connections
 The speed for downloads (getting data from the
Internet to your home computer) may not be the same
as uploads (sending data from your home computer
to the Internet)
 Packet Switching

 To improve the efficiency of transferring information over

a shared communication line, messages are divided into
fixed-sized, numbered packets
 Network devices called routers are used to direct
packets between networks
Figure 4
Messages
sent by
packet
switching
 Open Systems

 The International
Organization for
Standardization (ISO)
established the Open
Systems
Interconnection (OSI)
Reference Model
 Each layer deals with a
Figure 5 The layers of the OSI Reference Model
particular aspect of
network communication
 Network Protocols

Network protocols are layered such that

each one relies on the protocols that
underlie it
Sometimes referred to as a protocol
stack

Figure 6 Layering of key network protocols

 TCP/IP

TCP stands for Transmission Control Protocol

 TCP software breaks messages into
packets, hands them off to the IP software for
delivery, and then orders and reassembles
the packets at their destination
IP stands for Internet Protocol
 IP software deals with the routing of packets
through the maze of interconnected networks
to their final destination
 TCP/IP (cont.)

UDP stands for User Datagram Protocol

It is an alternative to TCP
The main difference is that TCP is highly
reliable, at the cost of decreased
performance, while UDP is less reliable, but
generally faster
 High-Level Protocols

Other protocols build on the foundation

established by the TCP/IP protocol suite
Simple Mail Transfer Protocol (SMTP)
File Transfer Protocol (FTP)
Telnet
Hyper Text Transfer Protocol (http)
 MIME Types

Related to the idea of network protocols

and standardization is the concept of a
file’s MIME type
MIME stands for Multipurpose Internet Mail
Extension
Based on a document’s MIME type, an
application program can decide how to deal
with the data it is given
MIME Types

Figure 7
Some protocols
and the ports
they use
 Firewalls

Firewall A machine and its software that

serve as a special gateway to a network,
protecting it from inappropriate access
Filters the network traffic that comes in,
checking the validity of the messages as
much as possible and perhaps denying some
messages altogether
Enforces an organization’s access control
policy
 Firewalls

Figure 8 A firewall protecting a LAN

 Network Addresses

Hostname A unique identification that

specifies a particular computer on the
Internet
For example
 matisse.csc.villanova.edu
 condor.develocorp.com
 Network Addresses

Network software translates a hostname

into its corresponding IP address
For example
 205.39.145.18
 Network Addresses

An IP address can be split into

 network address, which specifies a specific network
 host number, which specifies a particular machine in
that network

Figure 9
An IP address is
stored in four
bytes
 Domain Name System

A hostname consists of the computer name

followed by the domain name
csc.villanova.edu is the domain name
 A domain name is separated into two or more
sections that specify the organization, and possibly a
subset of an organization, of which the computer is a
part
 Two organizations can have a computer named the
same thing because the domain name makes it clear
which one is being referred to
 Domain Name System

The very last section of the domain is called its

top-level domain (TLD) name

Figure 10 Top-level domains, including some relatively new ones

 Domain Name System

Organizations based in countries other than the

United States use a top-level domain that
corresponds to their two-letter country codes

Figure 11
Some of the top-level domain
names based on country codes
 Domain Name System

The domain name system (DNS) is

chiefly used to translate hostnames into
numeric IP addresses
DNS is an example of a distributed database
If that server can resolve the hostname, it
does so
If not, that server asks another domain name
server
 Threats

The term refers to anything that can

accidentally or intentionally exploit
vulnerability and damage, destroy, or
obtain an asset.
 Types of Threats

The main types of cyber threats are:

Intentional
Unintentional
Natural.
 Types of Threats

Intentional
Things like malware, ransomware, phishing,
malicious code, wrongfully accessing user
login credentials.

Unintentional
Unintentional threats are often attributed to
human error.
Someone might leave the door to the IT
servers unlocked or leave sensitive
information unmonitored.
 Types of Threats

Natural threats:
floods, hurricanes, tornadoes, earthquakes,
etc.
Damage to your asset.
Not directly related to information security
 Vulnerability

Vulnerability refers to a weakness in your

hardware, software, or procedures.
It’s a gap through which a bad actor can
gain access to your assets.
In other words, threats exploit
vulnerabilities.
 Risk

Intersection of Threats and Vulnerabilities

Risk = Threats + Vulnerabilities
 Malware

A Malware is a set of instructions that run on

your computer and make your system do
something that an attacker wants it to do.
 Steal personal information
 Delete files
 Click fraud
 Steal software serial numbers
 Use your computer as relay
 Types of Malwares

 Infectious:
 Viruses, worms

 Concealment:
 Trojan horses, logic bombs, rootkits

 Malware for stealing information:

 Spyware, keyloggers, screen scrapers

 Malware for profit:

 Dialers, scarewares, ransomware

 Malware as platform for other attacks

 Botnets, backdoors (trapdoors)
 Malware Zoo

 Virus
 Backdoor
 Trojan horse
 Spyware
 Scareware
 Worm
 Ransomeware
 Virus

a program that can infect other programs by

modifying them to include a, possibly evolved,
version of itself
Fred Cohen 1983
 Viruses Example
 ILOVEYOU – A famous email-based virus that spread through
attachments.
 Melissa – A macro virus that infected Microsoft Word
documents.
 WannaCry – A ransomware virus that encrypted files and
demanded payment.
 Trojan Horse – Disguised as legitimate software but harms the
system.
 Stuxnet – A sophisticated virus that targeted industrial control
systems.
 Conficker – A fast-spreading worm that affected Windows
systems.
 Michelangelo – A boot sector virus that activated on March 6
each year.
 Zeus – A banking Trojan used to steal financial data.
 Backdoor

Secret entry point into a system

Specific user identifier or password that
circumvents normal security procedures.

Commonly used by developers

Could be included in a compiler.
 Trojan

 A trojan describes the class of malware that appears to

perform a desirable function but in fact performs
undisclosed malicious functions that allow unauthorized
access to the victim computer
 Executable
 Interpreted file
 Kernel
 Service
 MBR
 Hypervisor
 Spyware

Malware that collects little bits of

information at a time about users without
their knowledge
 Keyloggers: stealthly tracking and logging key strokes
 Screen scrapers: stealthly reading data from a
computer display
 May also tracking browsing habit
 May also re-direct browsing and display ads
 Scareware

• Malware that scares victims into take actions

that ultimately end up compromising our own
security.
 E.g. paying for and installing fake anti-virus products
 Worm

 Self-replicating malware that does not require a

host program
Propagates a fully working version of itself to
other machines
Carries a payload performing hidden tasks
 Backdoors, spam relays, DDoS agents; …
 Ransomware

 Holds a computer system, or the data it contains,

hostage against its user by demanding a ransom.
 Disable an essential system service or lock the display at
system startup
 Encrypt some of the user's personal files, originally
referred to as cryptoviruses, cryptotrojans or
cryptoworms

 Victim user has to

 enter a code obtainable only after wiring payment to the
attacker or sending an SMS message
 buy a decryption or removal tool