Common Hardware Requirements for Computer Networking Common Hardware Requirements for Computer Networking • Network Interface Card : Also known as network adapter, interfaces a computer.
Download ReportTranscript Common Hardware Requirements for Computer Networking Common Hardware Requirements for Computer Networking • Network Interface Card : Also known as network adapter, interfaces a computer.
Slide 1
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 2
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 3
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 4
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 5
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 6
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 7
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 8
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 9
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 10
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 11
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 12
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 13
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 14
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 15
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 16
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 17
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 18
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 19
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 20
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 21
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 22
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 23
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 24
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 25
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 26
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 27
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 28
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 29
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 30
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 31
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 32
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 33
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 34
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 35
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 36
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 37
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 38
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 39
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 40
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 41
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 42
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 43
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 44
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 45
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 46
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 47
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 48
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 2
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 3
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 4
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 5
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 6
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 7
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 8
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 9
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 10
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 11
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 12
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 13
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 14
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 15
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 16
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 17
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 18
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 19
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 20
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 21
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 22
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 23
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 24
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 25
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 26
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 27
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 28
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 29
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 30
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 31
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 32
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 33
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 34
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 35
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 36
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 37
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 38
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 39
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 40
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 41
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 42
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 43
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 44
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 45
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 46
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 47
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges
Slide 48
Common Hardware Requirements for
Computer Networking
Common Hardware Requirements for
Computer Networking
• Network Interface Card : Also known as
network adapter, interfaces a computer board
with the network medium.
• Repeater : two-ports electronic device that just
repeats what it receives from one port to the
other.
• Bridge : a more sophisticated repeater with
logic capabilities that filters packets
• Hub : multi-port repeater.
• Switch : multi-port bridge
Common Hardware Requirements for
Computer Networking
• Router : links two or more networks (different types
too), passing messages with appropriate routing
information.
• Gateway : Similar to routers, links two networks.
• Modem :Converts digital data originating from a
terminal or computer, to analog signals used by
voice communication networks such as the
telephone system
• Firewalls : Firewalls are systems that establish
access control policies among networks.
Network Interface Card(nic)
An expansion board you
insert into a computer so
the computer can be
connected to a network.
Most NICs are designed
for a particular type of
network, protocol, and
media, although some
can serve multiple
networks
Network Interface Card
Repeaters
A communications device that amplifies
or regenerates the data signal in order to
extend the transmission distance.
Available for both analog and digital
signals, it is used extensively in long
distance transmission.
Bridges
A Bridge is an electrical device which
connects and passes packets between
two network segments. In general, a
bridge will forward or discard an
incoming frame based on the MAC
address of that frame.
Hubs
Hub's major function is to replicate data
it receives from one device attached to it
to all others.
Hubs differ in the amount of devices
that can connect to them, the length of
wire that can transmit on, and the type
of media they support.
Switches
Switch is a device used to link several separate
LANs and provide packet filtering between
them.
Packets are filtered by the switch based on the
destination address.
Switches can also support numerous
transmissions simultaneously.
Routers
A device that forwards data packets from one
local area network (LAN) or wide area network
(WAN) to another.
Routers read the network address in each
transmitted frame and make a decision on how
to send it based on the most expedient route
(traffic load, line costs, speed,bad lines, etc.).
Gateways
• A computer that performs protocol conversion
between different types of networks or
applications.
• Gateways function at layer 4 and above in the
OSI model.
Gateways (contd..)
• Examples of gateways found on today's markets
are:
• VocalTec Gateway: A gateway that converts
human speech traveling on analog phone lines into
local area network protocol data, and visa-versa.
• RadVision Gateway: Converts video from digital
phone lines into local area network protocol data,
and visa-versa.
Modems
"Modem" (MOdulator-DEModulator).
A modem is a device that converts digital data
originating from a terminal or computer, to
analog signals used by voice communication
networks such as the telephone system. At one
end, modems convert the digital pulses to audible
tones and convert audio tones back to digital
pulses at the other.
Modems (contd..)
Characteristics :
Transmission speed
Internal/External
Error detection and correction
Compression
Firewall
• Firewalls are systems that establish access
control policies among networks. They can
block information from entering a network or
from getting out of that network, they can permit
different users to perform different kinds of
operations, according to the user's
authorizations.
Firewall (contd..)
There are two general types of firewalls:
• Packet Level Firewalls, which examine
packets and decide according to filtering
rules whether to pass them to the network.
• Application Level Firewalls, which monitor
specific applications protocols.
Networking Software
Networking support is typically provided by two
software components:
• High-Level Networking Software.
• Network Driver Software.
High-Level Networking
Software.
• Provides end-user-oriented functions that
are associated with the Application layer
through the Network layer of the OSI
model.
• This is the software that the end user
perceives.
Network Driver Software
• Provides an interface between the high-level
networking software and the particular
Network Interface Card (NIC) that is being
used for physical LAN communication
Commonly Used High Level
Networking Software Systems
•
•
•
•
•
•
•
•
PPP
SLIP
FTP
TELNET
SMTP
SNMP
UDP
TCP/IP
PPP
• Short for Point-to-Point Protocol, a method
of connecting a computer to the Internet
• Developed by the Internet Engineering Task
Force in 1991, it has become popular for
Internet access as well as a method for
carrying higher level protocols.
SLIP
• (Serial Line IP) A data link protocol for
dial-up access to TCP/IP networks. It is
commonly used to gain access to the
Internet as well as to provide dial-up access
between two LANs.
• SLIP transmits IP packets over any serial
link (dial up or private lines)
FTP
• (File Transfer Protocol) A protocol used to
transfer files over a TCP/IP network
(Internet,UNIX, etc.). It includes functions
to log onto the network, list directories and
copy files. It can also convert between the
ASCII and EBCDIC character codes.
TELNET
• A terminal emulation protocol commonly
used on the Internet and TCP/IP-based
networks.
• It allows a user at a terminal or computer to
log onto a remote device and run a program.
• Telnet was originally developed for
ARPAnet and is an inherent part of the
TCP/IP communications protocol.
SMTP
• (Simple Mail Transfer Protocol) The standard email protocol on the Internet.
• It is a TCP/IP protocol that defines the message
format and the message transfer agent (MTA),
which stores and forwards the mail.
• SMTP was originally designed for only ASCII
text, but MIME and other encoding methods
enable program and multimedia files to be
attached to e-mail messages.
SNMP
• (Simple Network Management Protocol) A
widely-used network monitoring and
control protocol
UDP
• (User Datagram Protocol) A protocol within the
TCP/IP protocol suite that is used in place of TCP
when a reliable delivery is not required.
• For example, UDP is used for realtime audio and
video traffic where lost packets are simply ignored,
because there is no time to retransmit.
• If UDP is used and a reliable delivery is required,
packet sequence checking and error notification
must be written into the applications.
TCP/IP
• Transmission Control Protocol/Internet Protocol,
the suite of communications protocols used to
connect hosts on the Internet.
• TCP/IP uses several protocols, the two main ones
being TCP and IP.
• TCP/IP is built into the UNIX operating system
and is used by the Internet, making it the de facto
standard for transmitting data over networks.
Network Operating System
• Also called as NOS.
• It is an Operating System that manages
network resources.
• It manages multiple requests concurrently &
provides security necessary in a multi-user
environment.
• Ex. : NetWare, UNIX and Windows NT
NetWare
• A popular local-area network (LAN) operating
system developed by Novell
Corporation.
• NetWare is a software product that runs on a
variety of different types of LANs, from Ethernets
to IBM token-ring networks.
• It provides users and programmers with a
consistent interface that is independent of the
actual hardware used to transmit messages.
UNIX
• A multiuser, multitasking operating system
that is widely used as the master control
program in workstations and especially
servers.
• Due to its portability, flexibility, and power,
UNIX has become the leading
operating system for workstations
Windows NT
• (Windows New Technology) An advanced
32-bit operating system from Microsoft for
Intel x86 and Alpha CPUs.
• it is a self-contained operating system
that runs 16-bit and 32-bit Windows
applications as well as DOS applications
Facilities Of A Network
Operating System
• Redirection
• Server software
• File service
Redirection
• Redirection is taking something headed in
one direction and making it go in a different
direction.
• With redirection, an operating program does
not know or care where its output is going.
Server Software
• Software that resides in a server and
provides services to multiple users on
the network.
• A NOS is made of a redirector and a server.
Not all machines need to run the server
software, because not all computers need to
share their resources.
File Service
• A file server’s primary task is to make files
available to users, although it also makes other
resources available, including printers and
plotters.
• File service allows users to share the files on a
server. The server PC can make its whole disk,
certain directories, or certain files available. The
file server’s hard disk becomes an extension of
each user’s PC.
Network Security
• Refers to techniques for ensuring that data stored
in a computer cannot be read or compromised by
unauthorized persons
• Most security measures involve data encryption
and passwords. Data encryption is the translation
of data into a form that is unintelligible without a
deciphering mechanism.
• A password is a secret word or phrase that gives a
user access to a particular program or system.
Network Security
• The authorization of access to files and
directories in a network.
• Users are assigned an ID number and
password that allows them access to
information and programs within their
authority.
• Network security is controlled by the
network administrator.
Types Of Network Security
• Share level security.
• User level security.
Share Level Security
• In Share-level security access control to a
file, printer or other network resource based
on knowing the password of that resource.
Share-level security provides less protection
than user-level security, which identifies
each person in the organization.
User Level Security
• In User-level security access control to a
file, printer or other network resource based
on username. It provides greater protection
than share-level security, because users are
identified individually or within a group.
User-level permissions are stored in a
central server and managed by the network
administrator.
Purpose Of Security
• To Prevent unauthorized individuals form
examining sensitive information.
• To Prevent unauthorized individuals form
modifying important information.
• To Prevent malicious individuals form
disrupting the normal operation of a system.
Outline Of The Process Of Securing
The Network
• Risk Assessment
• Vulnerability
• Security Policy
Risk Assessment
• Risk assessment is the process of finding
out what data you have and how important
is it to you.
• In addition to the importance of the data is
the amount of damage you will incur if it is
lost or compromised
• Risk assessment also means hardware and
software analysis
Vulnerability
• There are dozens and dozens of ways your
network can be compromised, and the first
step in finding them is by taking a look
around. Looking around is literally the first
step in assessing your vulnerability
Security Policy
• Security policy is a written document that
outlines the rules by which all users of the
network must abide by. These rules can
encompass many different aspects of
network use and misuse.
Security Policy (contd..)
Security policy should address certain issues like:
• Acceptable use
• Access
• User privacy
• Passwords
• Enforcement
• Purchasing
• Support and maintenance
Default Security Policies
The following is an example of a default
security policy:
• Passwords
• System Level
• Network Level
• File and Directory Level
• Owned By An Individual User
• Shared Resources
• Administrative Privileges