SlideShare a Scribd company logo

Introduction to network security and lan technology

•
•
Aksum Institute of Technology(AIT, @Letsgo)
Aksum Institute of Technology(AIT, @Letsgo)

Provides basic lecture notes about LAN technologies and network securities.

Education
1 of 18
Download to read offline
Compiled By Haftom A. Aksum University(AKU) Page 1 Chapter Two (Part-One) Introduction to Network Security and LAN Technology The term LAN refers to a local network or a group of interconnected network that are under the same administrative control. In the early days of networking, LANS are defined as small networks that existed in a single physical location. While LANs can be a single network installed in a home or small office, the definition of LAN has evolved to include interconnected local networks consisting of many hundreds of hosts, installed in multiple buildings and locations. The LAN technology will assist the devices on the network communicate with each other. These LAN technology is the special combinations of software and hardware which makes the network perform at a specific speed and in the certain way. It may serve 2 or 3 users to as many thousands of users. The connection among the devices could wired or wireless. Ethernet, Token Ring and Wireless LAN using IEEE 802.11 are examples of standard LAN technologies. Types of LAN Technologies: A. Ethernet: Ethernet is the most popular physical layer LAN technology in use today. It defines the number of conductors that are required for a connection, the performance thresholds that can be expected, and provides the framework for data transmission. A standard Ethernet network can transmit data at a rate up to 10 Megabits per second (10 Mbps). Other LAN types include Token Ring, Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, Fiber Distributed Data Interface (FDDI), Asynchronous Transfer Mode (ATM) and LocalTalk. Ethernet is popular because it strikes a good balance between speed, cost and ease of installation. These benefits, combined with wide acceptance in the computer marketplace and the ability to support virtually all popular network protocols, make Ethernet an ideal networking technology for most computer users today. The Institute for Electrical and Electronic Engineers developed an Ethernet standard known as IEEE Standard 802.3. This standard defines rules for configuring an Ethernet network and also specifies how the elements in an Ethernet network interact with one another. By adhering to the IEEE standard, network equipment and network protocols can communicate efficiently. B. Fast Ethernet: The Fast Ethernet standard (IEEE 802.3u) has been established for Ethernet networks that need higher transmission speeds. This standard raises the Ethernet speed limit from 10 Mbps to 100
Compiled By Haftom A. Aksum University(AKU) Page 2 Mbps with only minimal changes to the existing cable structure. Fast Ethernet provides faster throughput for video, multimedia, graphics, Internet surfing and stronger error detection and correction. There are three types of Fast Ethernet: 100BASE-TX for use with level 5 UTP cable; 100BASE- FX for use with fiber-optic cable; and 100BASE-T4 which utilizes an extra two wires for use with level 3 UTP cable. The 100BASE-TX standard has become the most popular due to its close compatibility with the 10BASE-T Ethernet standard. Network managers who want to incorporate Fast Ethernet into an existing configuration are required to make many decisions. The number of users in each site on the network that need the higher throughput must be determined; which segments of the backbone need to be reconfigured specifically for 100BASE-T; plus what hardware is necessary in order to connect the 100BASE- T segments with existing 10BASE-T segments. Gigabit Ethernet is a future technology that promises a migration path beyond Fast Ethernet so the next generation of networks will support even higher data transfer speeds. C. Gigabit Ethernet: Gigabit Ethernet was developed to meet the need for faster communication networks with applications such as multimedia and Voice over IP (VoIP). Also known as “gigabit-Ethernet- over-copper” or 1000Base-T, GigE is a version of Ethernet that runs at speeds 10 times faster than 100Base-T. It is defined in the IEEE 802.3 standard and is currently used as an enterprise backbone. Existing Ethernet LANs with 10 and 100 Mbps cards can feed into a Gigabit Ethernet backbone to interconnect high performance switches, routers and servers. From the data link layer of the OSI model upward, the look and implementation of Gigabit Ethernet is identical to that of Ethernet. The most important differences between Gigabit Ethernet and Fast Ethernet include the additional support of full duplex operation in the MAC layer and the data rates. D. 10 Gigabit Ethernet: 10 Gigabit Ethernet is the fastest and most recent of the Ethernet standards. IEEE 802.3ae defines a version of Ethernet with a nominal rate of 10Gbits/s that makes it 10 times faster than Gigabit Ethernet. Unlike other Ethernet systems, 10 Gigabit Ethernet is based entirely on the use of optical fiber connections. This developing standard is moving away from a LAN design that broadcasts to all
Compiled By Haftom A. Aksum University(AKU) Page 3 nodes, toward a system which includes some elements of wide area routing. As it is still very new, which of the standards will gain commercial acceptance has yet to be determined. E. Asynchronous Transfer Mode (ATM) ATM is a cell-based fast-packet communication technique that can support data-transfer rates from sub-T1 speeds to 10 Gbps. ATM achieves its high speeds in part by transmitting data in fixed-size cells and dispensing with error-correction protocols. It relies on the inherent integrity of digital lines to ensure data integrity. ATM can be integrated into an existing network as needed without having to update the entire network. Its fixed-length cell-relay operation is the signaling technology of the future and offers more predictable performance than variable length frames. Networks are extremely versatile and an ATM network can connect points in a building, or across the country, and still be treated as a single network. F. Power over Ethernet (PoE) PoE is a solution in which an electrical current is run to networking hardware over the Ethernet Category 5 cable or higher. This solution does not require an extra AC power cord at the product location. This minimizes the amount of cable needed as well as eliminates the difficulties and cost of installing extra outlets. LAN Technology Specifications Name IEEE tandard Data Rate Media Type Maximum Distance Ethernet 802.3 10 Mbps 10Base-T 100 meters Fast Ethernet/ 100Base-T 802.3u 100 Mbps 100Base-TX 100Base-FX 100 meters 2000 meters Gigabit Ethernet/ GigE 802.3z 1000 Mbps 1000Base-T 1000Base-SX 1000Base-LX 100 meters 275/550 meters 550/5000 meters 10 Gigabit IEEE 802.3ae 10 Gbps 10GBase-SR 300 meters
Compiled By Haftom A. Aksum University(AKU) Page 4 Ethernet 10GBase-LX4 10GBase-LR/ER 10GBase- SW/LW/EW 300m MMF/ 10km SMF 10km/40km 300m/10km/40km G. Token Ring Token Ring is another form of network configuration. It differs from Ethernet in that all messages are transferred in one direction along the ring at all times. Token Ring networks sequentially pass a “token” to each connected device. When the token arrives at a particular computer (or device), the recipient is allowed to transmit data onto the network. Since only one device may be transmitting at any given time, no data collisions occur. Access to the network is guaranteed, and time-sensitive applications can be supported. However, these benefits come at a price. Component costs are usually higher, and the networks themselves are considered to be more complex and difficult to implement. Various PC vendors have been proponents of Token Ring networks. Networking and Ethernet Basics Protocols: After a physical connection has been established, network protocols define the standards that allow computers to communicate. A protocol establishes the rules and encoding specifications for sending data. This defines how computers identify one another on a network, the form that the data should take in transit, and how this information is processed once it reaches its final destination. Protocols also define procedures for determining the type of error checking that will be used, the data compression method, if one is needed, how the sending device will indicate that it has finished sending a message, how the receiving device will indicate that it has received a message, and the handling of lost or damaged transmissions or “packets”. The main types of network protocols in use today are: TCP/IP (for UNIX, Windows NT, Windows 95 and other platforms); IPX (for Novell NetWare); DECnet (for networking Digital Equipment Corp. computers); AppleTalk (for Macintosh computers), and NetBIOS/NetBEUI (for LAN Manager and Windows NT networks). Although each network protocol is different, they all share the same physical cabling. This common method of accessing the physical network allows multiple protocols to peacefully
Compiled By Haftom A. Aksum University(AKU) Page 5 coexist over the network media, and allows the builder of a network to use common hardware for a variety of protocols. This concept is known as “protocol independence,” which means that devices which are compatible at the physical and data link layers allow the user to run many different protocols over the same medium. The Open System Interconnection Model: The Open System Interconnection (OSI) model specifies how dissimilar computing devices such as Network Interface Cards (NICs), bridges and routers exchange data over a network by offering a networking framework for implementing protocols in seven layers. Beginning at the application layer, control is passed from one layer to the next. The following describes the seven layers as defined by the OSI model, shown in the order they occur whenever a user transmits information. Layer 7: Application This layer supports the application and end-user processes. Within this layer, user privacy is considered and communication partners, service and constraints are all identified. File transfers, email, Telnet and FTP applications are all provided within this layer. Layer 6: Presentation (Syntax) Within this layer, information is translated back and forth between application and network formats. This translation transforms the information into data the application layer and network recognize regardless of encryption and formatting. Layer 5: Session Within this layer, connections between applications are made, managed and terminated as needed to allow for data exchanges between applications at each end of a dialogue. Layer 4: Transport Complete data transfer is ensured as information is transferred transparently between systems in this layer. The transport layer also assures appropriate flow control and end-to-end error recovery. Layer 3: Network Using switching and routing technologies, this layer is responsible for creating virtual circuits to transmit information from node to node. Other functions include routing, forwarding, addressing, internet working, error and congestion control, and packet sequencing. Layer 2: Data Link
Compiled By Haftom A. Aksum University(AKU) Page 6 Information in data packets are encoded and decoded into bits within this layer. Errors from the physical layer flow control and frame synchronization are corrected here utilizing transmission protocol knowledge and management. This layer consists of two sub layers: the Media Access Control (MAC) layer, which controls the way networked computers gain access to data and transmit it, and the Logical Link Control (LLC) layer, which controls frame synchronization, flow control and error checking. Layer 1: Physical This layer enables hardware to send and receive data over a carrier such as cabling, a card or other physical means. It conveys the bitstream through the network at the electrical and mechanical level. Fast Ethernet, RS232, and ATM are all protocols with physical layer components. This order is then reversed as information is received, so that the physical layer is the first and application layer is the final layer that information passes through. Standard Ethernet Code In order to understand standard Ethernet code, one must understand what each digit means. Following is a guide: Guide to Ethernet Coding 10 at the beginning means the network operates at 10Mbps. BASE means the type of signaling used is baseband. 2 or 5 at the end indicates the maximum cable length in meters. T the end stands for twisted-pair cable. X at the end stands for full duplex-capable cable. FL at the end stands for fiber optic cable. For example: 100BASE-TX indicates a Fast Ethernet connection (100 Mbps) that uses a twisted pair cable capable of full-duplex transmissions. Media
Compiled By Haftom A. Aksum University(AKU) Page 7 An important part of designing and installing an Ethernet is selecting the appropriate Ethernet medium. There are four major types of media in use today: Thickwire for 10BASE5 networks; thin coax for 10BASE2 networks; unshielded twisted pair (UTP) for 10BASE-T networks; and fiber optic for 10BASE-FL or Fiber-Optic Inter-Repeater Link (FOIRL) networks. This wide variety of media reflects the evolution of Ethernet and also points to the technology’s flexibility. Thickwire was one of the first cabling systems used in Ethernet, but it was expensive and difficult to use. This evolved to thin coax, which is easier to work with and less expensive. It is important to note that each type of Ethernet, Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, has its own preferred media types. The most popular wiring schemes are 10BASE-T and 100BASE-TX, which use unshielded twisted pair (UTP) cable. This is similar to telephone cable and comes in a variety of grades, with each higher grade offering better performance. Level 5 cable is the highest, most expensive grade, offering support for transmission rates of up to 100 Mbps. Level 4 and level 3 cable are less expensive, but cannot support the same data throughput speeds; level 4 cable can support speeds of up to 20 Mbps; level 3 up to 16 Mbps. The 100BASE-T4 standard allows for support of 100 Mbps Ethernet over level 3 cables, but at the expense of adding another pair of wires (4 pair instead of the 2 pair used for 10BASE-T). For most users, this is an awkward scheme and therefore 100BASE-T4 has seen little popularity. Level 2 and level 1 cables are not used in the design of 10BASE-T networks. For specialized applications, fiber-optic, or 10BASE-FL, Ethernet segments are popular. Fiber- optic cable is more expensive, but it is invaluable in situations where electronic emissions and environmental hazards are a concern. Fiber-optic cable is often used in inter-building applications to insulate networking equipment from electrical damage caused by lightning. Because it does not conduct electricity, fiber-optic cable can also be useful in areas where heavy electromagnetic interference is present, such as on a factory floor. The Ethernet standard allows for fiber-optic cable segments up to two kilometers long, making fiber-optic Ethernet perfect for connecting nodes and buildings that are otherwise not reachable with copper media.
Compiled By Haftom A. Aksum University(AKU) Page 8 Cable Grade Capabilities Cable Name Makeup Frequency Support Data Rate Network Compatibility Cat-5 4 twisted pairs of copper wire — terminated by RJ45 connectors 100 MHz Up to 1000Mbps ATM, Token Ring,1000Base-T, 100Base-TX, 10Base-T Cat-5e 4 twisted pairs of copper wire — terminated by RJ45 connectors 100 MHz Up to 1000Mbps 10Base-T, 100Base- TX, 1000Base-T Cat-6 4 twisted pairs of copper wire — terminated by RJ45 connectors 250 MHz 1000Mbps 10Base-T, 100Base- TX, 1000Base-T Wireless Standards - 802.11b 802.11a 802.11g and 802.11n 802.11a: • Pros of 802.11a - fast maximum speed; regulated frequencies prevent signal interference from other devices • Cons of 802.11a - highest cost; shorter range signal that is more easily obstructed 802.11b: • Pros of 802.11b - lowest cost; signal range is good and not easily obstructed • Cons of 802.11b - slowest maximum speed; home appliances may interfere on the unregulated frequency band
Compiled By Haftom A. Aksum University(AKU) Page 9 802.11g: • Pros of 802.11g - fast maximum speed; signal range is good and not easily obstructed • Cons of 802.11g - costs more than 802.11b; appliances may interfere on the unregulated signal frequency. 802.11n: • Pros of 802.11n - fastest maximum speed and best signal range; more resistant to signal interference from outside sources • Cons of 802.11n - standard is not yet finalized; costs more than 802.11g; the use of multiple signals may greatly interfere with nearby 802.11b/g based networks. Summary 10BaseT: It is one among the several adaptations of standard Ethernet for the local LAN's. This 10BaseT is also known as twisted pair Ethernet because it uses the twisted pair cable and carries 10 Mbps throughout the distance of 100 m maximum length. This cable more flexible and thinner when compared to the coaxial cable used in the 10Base5 or 10Base2 standard. 100BaseT: It functions at a rate of 100mbps speed. It is also known as fast Ethernet. This implies that the designation refers to both the fiber and copper based Ethernet versions. It meets the growing industry standard with its high speed. It is supported by most of the vendors such as Adaptec, Hewlett, Cisco, IBM, Bay Networks, 3Com, Adaptec and mostly endorsed by IEEE802.3u standards. This network uses the star topology provides data frame compatibility with the IEEE as well as Ethernet. It supports all network design topologies and rules of 10BaseT Ethernet networks. It allows the organization to use the existing category 5 cables and network infrastructure while upgrading to the higher level transmission speeds. Like Ethernet, 100Base T is based on the CSMA/CD LAN access method. 1000BaseT: It is a cheaper version of the Gigabit Ethernet, which is used in the IEEE802.3ab standard. This 802.3ab is especially designed to use CAT 6, 5e or 5 types. It allows businesses to make use of the Gigabit Ethernet on its current installations. It has the capacity to reach up to 100 meters on the CAT5 cable, however CAT5e is always recommended for the twisted pair type gigabit
Compiled By Haftom A. Aksum University(AKU) Page 10 Ethernet and its implementations. Here 1 Gigabit is equal to 1000 megabits per second. It uses 4 pairs of category 5 unshielded twisted pair to accomplish the Gigabit data rate. 100BaseTX: The 100Base TX supports the transmission at the rate of 100Mbps through 2 wire cabling. It mostly uses 1 pair of wire for transmitting the data and another pair for receiving the data. Generally, 2 pairs of wires will be bundled as a single cable with an additional pair of wires. This 100Base TX is not designed to tolerate the crosstalk which will occur when the cable is shared with the other signals. It is a predominant form of the fast Ethernet since, it belongs to category 5 cable which comprises of 4 pairs, it can also support 2 100Base TX links with the help of wiring adaptor. 100BaseFX: This version of the fast internet is proposed and to be used for fiber optic cable. It was introduced while 100BaseTX at the same time 100BaseFX introduced. Part of the IEEE 802.3y standard can be used either in full duplex mode or in half duplex mode. It produces 100 Mbps in all the usage modes. This 100 Base FX uses 100Base -X PHY with the FX PMD to support the 100 Mbps transmission rate through 2 fiber optical cable. 1000BaseX: The first 1 Gigabit or 1000 megabit Ethernet standard has to be released which is also called Gigabit Ethernet. This is proposed for the use with fiber optical cables. There is a large base installed category 5 unshielded balanced twisted pair wiring and also the engineers designing this Gigabit Ethernet believed that it was an important thing to create an implementation which could run across the 100m lengths of category 5 high quality cabling terminated by the RJ -45 connectors. 10GBaseSR: The 10GBase-SR is the short range. In the endless quest for the faster data transmission rate, network standard is pushed to the next levels. The 10 Gigabit Ethernet is also known as 10GbE. It has the capacity to offer data transmission up to 10 Gigabits/second rate. Which is 100 times or 10,000Mbps faster when compared to the modern LAN implementations. Most of the hardware, networking manufactures or markets 10GbE equipments. The 10 Gigabit IEEE 802.3ae Ethernet specification like serial interface which is designed for transmission on the Multimode fiber. The 10Gbase SR is proposed for MAN or LAN implementation with the maximum 300 meters
Compiled By Haftom A. Aksum University(AKU) Page 11 distance with the help of 50 microns multicode fiber cable. It can also implement with multicode fiber cabling of 62.5microns but it is limited to the 33 meters. This type is designed for the use over the dark fiber. 10GBaseLR: This standard provides greater distance with the help of single mode fiber of multicode fiber. It is proposed to be used through a longer wavelength of single mode fiber, it provides a potential range of transmission from 40 kilometers to 2 meters. This range makes standards available to the WAN, MAN and LAN deployments. It was long range single mode fiber. This 10Base LR type is proposed for the use over the dark fiber. 10GBaseER: It is a port type uses 1550nm lasers and for the single mode fiber. It has a reach of nearly 40 kilometers through an engineered links as well as 30 km over the standard links. Its physicality coding is defined in IEEE 802.3 clause 49 and physical medium dependent in clause 52. It provides serialized data at 10.3125 Gbits per second line rate. This transmitter is implemented with EML- externally modulated laser. It is the mode of 10Base E is supporting which has link length up to 40km on the single mode fiber and it is designed for the use over dark fiber. 10GBaseSW: It is defined for the use with a WAN PHY. This will drive the maximum link distances nearly up to 80km depends on the fiber standard employed. This adds the WAN interface sublayer (WIS) . It is used to generate the Ethernet data streams which may be mapped directly to the SONET/SDH streams at physical level without any need of higher level processing or MAC. 10GBaseLW: It is the largest base which uses WAN PHY like 10BaseSW. The 10Base-LW is not compatible with the SDH or SONET interface since it didn't conform to the electrical, logical and optical requirements which is specified by the SDH or SONET. It supports 10Base supporting L with the link length of 10 kilometers on a single standard mode fiber. This type is designed to connect the SONET equipments. 10GBaseEW: The 10Base EW is the model of 10Base-E supporting the link length up to 40 kilometers on the single mode fiber with the help of optical wavelength 1550nm. This media type is required to connect the SONET equipment.
Compiled By Haftom A. Aksum University(AKU) Page 12 10GBaseT: It works on a standard of IEEE 802.3. It runs over 4 wires which consist of 2 twisted pairs in the category 5 or category 3 cable. An active switch or hub takes the middle and have a port on each of the nodes. This configuration is also used for the Gigabit Ethernet and 100Base T. it uses unshielded twisted pair type wiring or STP cables. Properties: CSMA/CD: It is most commonly used in the wired environments. Ethernet is the one which transfer data on the network through CSMA/CD- carrier sense multiple access along with collision detection. It detects the activity on the wire and reacts for collisions. CSMA/CA: It is especially geared towards the wireless environments. CSMA indicates that the computers wait until the ether is free. At that time, no electrical signal denotes when an ether is free. Here the signal is the only carrier of the ether and also act of waiting for the opportunity to send on an ether is the carrier sense. Broadcast: The computer sends data through the network by moving the data frame to all the computers which directly connects with the local network. Ethernet is one of the broadcast based network technologies. It is the one which send data throughout the entire local network. This broadband carries multiple signals on a single line. It is designed for every device on the subnet. Collision: The 2 different types of data frames from 2 different computers will interfere with each other due to they released the network at the same time. Since most of the networks are not an instant, it is always possible for 2 stations to find the ether, deem it essential time to send and also both the send will take place at the same time. When this collision occurs, then the sender has to stop the transmission immediately and has to wait for some random length of time, and starts transmission again. Bonding: Bonding works like a disk striping in the RAID setup and offers redundancy for the network connections. Bonding will use 2 or more channels, NIC's or connections to allow the data via
Compiled By Haftom A. Aksum University(AKU) Page 13 instead of simply one. Bonding combines physical links to create a faster logical link aggregation of IEEE 802.3ad. Speed: It is referred as a network speed, throughput or bandwidth. It helps to measure the amount of data moved via the network in the assigned time duration. It is measured in Gbps- Gigabits per second, tbps - Terabits per second, kbps- kilobits per second, Mbps- megabits per second. The specific connection or any actual network speed can also be measured by using some latest techniques and methods. The potential speed of the connection or network is generally stated as a speed when buying the network technologies and services, you are getting potential speed and not the actual speed. Distance: Distance is the one how far away the data can travel to receive from one point on the network to the other. When it comes to the media, this distance is referred as how far the data has to travel before that requires to be rebuilt by a switch. Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) Confidentiality: Confidentiality is the concealment of information or resources. The need for keeping information secret arises from the use of computers in sensitive fields such as government and industry. For example, military and civilian institutions in the government often restrict access to information to those who need that information. The first formal work in computer security was motivated by the military's attempt to implement controls to enforce a "need to know" principle. This principle also applies to industrial firms, which keep their proprietary designs secure lest their competitors try to steal the designs. As a further example, all types of institutions keep personnel records secret. Access control mechanisms support confidentiality. One access control mechanism for preserving confidentiality is cryptography, which scrambles data to make it incomprehensible. A cryptographic key controls access to the unscrambled data, but then the cryptographic key itself becomes another datum to be protected. Ex: Enciphering an income tax return will prevent anyone from reading it. If the owner needs to see the return, it must be deciphered. Only the possessor of the cryptographic key can enter it
Compiled By Haftom A. Aksum University(AKU) Page 14 into a deciphering program. However, if someone else can read the key when it is entered into the program, the confidentiality of the tax return has been compromised. All the mechanisms that enforce confidentiality require supporting services from the system. The assumption is that the security services can rely on the kernel, and other agents, to supply correct data. Thus, assumptions and trust underlie confidentiality mechanisms. Integrity: refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change. Integrity includes data integrity (the content of the information) and origin integrity (the source of the data, often called authentication). The source of the information may bear on its accuracy and credibility and on the trust that people place in the information. This dichotomy illustrates the principle that the aspect of integrity known as credibility is central to the proper functioning of a system. We will return to this issue when discussing malicious logic. EX: A newspaper may print information obtained from a leak at the White House but attribute it to the wrong source. The information is printed as received (preserving data integrity), but its source is incorrect (corrupting origin integrity). Availability: Availability of information refers to ensuring that authorized parties are able to access the information when needed. Information only has value if the right people can access it at the right times. Denying access to information has become a very common attack nowadays. Almost every week you can find news about high profile websites being taken down by DDoS attacks. The primary aim of DDoS attacks is to deny users of the website access to the resources of the website. Such downtime can be very costly. Other factors that could lead to lack of availability to important information may include accidents such as power outages or natural disasters such as floods. How does one ensure data availability? Backup is key. Regularly doing off-site backups can limit the damage caused by damage to hard drives or natural disasters. For information services that is highly critical, redundancy might be appropriate. Having a off-site location ready to restore services in case anything happens to your primary data centers will heavily reduce the downtime in case of anything happens. EXAMPLE: Suppose Anne has compromised a bank's secondary system server, which supplies bank account balances. When anyone else asks that server for information, Anne can supply any
Compiled By Haftom A. Aksum University(AKU) Page 15 information she desires. Merchants validate checks by contacting the bank's primary balance server. If a merchant gets no response, the secondary server will be asked to supply the data. Anne's colleague prevents merchants from contacting the primary balance server, so all merchant queries go to the secondary server. Anne will never have a check turned down, regardless of her actual account balance. Notice that if the bank had only one server (the primary one), this scheme would not work. The merchant would be unable to validate the check. Attempts to block availability, called denial of service attacks, can be the most difficult to detect, because the analyst must determine if the unusual access patterns are attributable to deliberate manipulation of resources or of environment. Complicating this determination is the nature of statistical models. Network Threats and attacks Threat: a threat is a potential violation of security. The violation need not actually occur for there to be a threat. The fact that the violation might occur means that those actions that could cause it to occur must be guarded against (or prepared for). Those actions are called attacks. Those who execute such actions, or cause them to be executed, are called attackers. The three security services—confidentiality, integrity, and availability—counter threats to the security of a system. Attack: There are two types of attacks in general, either they are passive, meaning information is being screened and monitored ; other attacks are active, which means that the information is altered with the intent to modify or destroy the data or the network itself. The three goals of security—confidentiality, integrity and availability—can be threatened by security attacks. Below Figure relates the taxonomy of attack types to security goals.
Compiled By Haftom A. Aksum University(AKU) Page 16  Snooping, the unauthorized interception of information is a form of disclosure. It is passive, suggesting simply that some entity is listening to (or reading) communications or browsing through files or system information. Wiretapping, or passive wiretapping, is a form of snooping in which a network is monitored. Confidentiality services counter this threat.  Modification or alteration, an unauthorized change of information, covers three classes of threats. The goal may be deception, in which some entity relies on the modified data to determine which action to take, or in which incorrect information is accepted as correct and is released. If the modified data controls the operation of the system, the threats of disruption and usurpation arise.  Masquerading or spoofing, an impersonation of one entity by another, is a form of both deception and usurpation. It lures a victim into believing that the entity with which it is communicating is a different entity. For example, if a user tries to log into a computer across the Internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. Similarly, if a user tries to read a file, but an attacker has
Compiled By Haftom A. Aksum University(AKU) Page 17 arranged for the user to be given a different file, another spoof has taken place. This may be a passive attack (in which the user does not attempt to authenticate the recipient, but merely accesses it), but it is usually an active attack (in which the masquerader issues responses to mislead the user about its identity).  Repudiation of origin, a false denial that an entity sent (or created) something, is a form of deception. For example, suppose a customer sends a letter to a vendor agreeing to pay a large amount of money for a product. The vendor ships the product and then demands payment. The customer denies having ordered the product and by law is therefore entitled to keep the unsolicited shipment without payment. The customer has repudiated the origin of the letter. If the vendor cannot prove that the letter came from the customer, the attack succeeds. A variant of this is denial by a user that he created specific information or entities such as files. Integrity mechanisms cope with this threat.  Denial of receipt, a false denial that an entity received some information or message, is a form of deception. Suppose a customer orders an expensive product, but the vendor demands payment before shipment. The customer pays, and the vendor ships the product. The customer then asks the vendor when he will receive the product. If the customer has already received the product, the question constitutes a denial of receipt attack. The vendor can defend against this attack only by proving that the customer did, despite his denials, receive the product. Integrity and availability mechanisms guard against these attacks.  Denial of service, a long-term inhibition of service, is a form of usurpation, although it is often used with other mechanisms to deceive. The attacker prevents a server from providing a service. The denial may occur at the source (by preventing the server from obtaining the resources needed to perform its function), at the destination (by blocking the communications from the server), or along the intermediate path (by discarding messages from either the client or the server, or both). Denial of service poses the same threat as an infinite delay. Availability mechanisms counter this threat.  Denial of service or delay may result from direct attacks or from non-security-related problems. From our point of view, the cause and result are important; the intention
Compiled By Haftom A. Aksum University(AKU) Page 18 underlying them is not. If delay or denial of service compromises system security, or is part of a sequence of events leading to the compromise of a system, then we view it as an attempt to breach system security. But the attempt may not be deliberate; indeed, it may be the product of environmental characteristics rather than specific actions of an attacker.

Recommended

Ns lecture2: Introduction to LAN Technology
Ns lecture2: Introduction to LAN TechnologyNs lecture2: Introduction to LAN Technology
Ns lecture2: Introduction to LAN TechnologyAksum Institute of Technology(AIT, @Letsgo)
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Aksum Institute of Technology(AIT, @Letsgo)
 
Ns lecture3: Introduction to Multi Protocol Label Switching(MPLS)
Ns lecture3: Introduction to Multi Protocol Label Switching(MPLS) Ns lecture3: Introduction to Multi Protocol Label Switching(MPLS)
Ns lecture3: Introduction to Multi Protocol Label Switching(MPLS) Aksum Institute of Technology(AIT, @Letsgo)
 
Ns lecture1: Introduction to Routing Protocol
Ns lecture1: Introduction to Routing ProtocolNs lecture1: Introduction to Routing Protocol
Ns lecture1: Introduction to Routing ProtocolAksum Institute of Technology(AIT, @Letsgo)
 
Ethernet - Networking presentation
Ethernet - Networking presentationEthernet - Networking presentation
Ethernet - Networking presentationViet Nguyen
 
Ethernet
EthernetEthernet
Ethernetsijil chacko
 
Ethernet networking
Ethernet networkingEthernet networking
Ethernet networkingRaghu nath
 
Local Area Network – Wired LAN
Local Area Network – Wired LANLocal Area Network – Wired LAN
Local Area Network – Wired LANRaj vardhan
 

Recommended

Ns lecture2: Introduction to LAN Technology
Ns lecture2: Introduction to LAN TechnologyNs lecture2: Introduction to LAN Technology
Ns lecture2: Introduction to LAN TechnologyAksum Institute of Technology(AIT, @Letsgo)
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Aksum Institute of Technology(AIT, @Letsgo)
 
Ns lecture3: Introduction to Multi Protocol Label Switching(MPLS)
Ns lecture3: Introduction to Multi Protocol Label Switching(MPLS) Ns lecture3: Introduction to Multi Protocol Label Switching(MPLS)
Ns lecture3: Introduction to Multi Protocol Label Switching(MPLS) Aksum Institute of Technology(AIT, @Letsgo)
 
Ns lecture1: Introduction to Routing Protocol
Ns lecture1: Introduction to Routing ProtocolNs lecture1: Introduction to Routing Protocol
Ns lecture1: Introduction to Routing ProtocolAksum Institute of Technology(AIT, @Letsgo)
 
Ethernet - Networking presentation
Ethernet - Networking presentationEthernet - Networking presentation
Ethernet - Networking presentationViet Nguyen
 
Ethernet
EthernetEthernet
Ethernetsijil chacko
 
Ethernet networking
Ethernet networkingEthernet networking
Ethernet networkingRaghu nath
 
Local Area Network – Wired LAN
Local Area Network – Wired LANLocal Area Network – Wired LAN
Local Area Network – Wired LANRaj vardhan
 
IEEE 802 Standard for Computer Networks
IEEE 802 Standard for Computer NetworksIEEE 802 Standard for Computer Networks
IEEE 802 Standard for Computer NetworksPradeep Kumar TS
 
Networking Ethernet
Networking EthernetNetworking Ethernet
Networking EthernetSSG1631
 
Ieee 802 standard
Ieee 802 standardIeee 802 standard
Ieee 802 standardsantoshkumar3075
 
Ethernet - LAN
Ethernet - LANEthernet - LAN
Ethernet - LANAdeel Rasheed
 
Ethernet technology
Ethernet technologyEthernet technology
Ethernet technologyUniversity of Technology
 
5 IEEE standards
5 IEEE standards5 IEEE standards
5 IEEE standardsRodgers Moonde
 
ETHERNET
ETHERNETETHERNET
ETHERNETAKSHIT KOHLI
 
IEEE Standards
IEEE StandardsIEEE Standards
IEEE Standardsnareshkingster
 
Internet connectivity
Internet connectivityInternet connectivity
Internet connectivityFabMinds
 
Comprehensive survey on routing protocols for IoT
Comprehensive survey on routing protocols for IoTComprehensive survey on routing protocols for IoT
Comprehensive survey on routing protocols for IoTsulaiman_karim
 
Cn fundamentals of networks
Cn fundamentals of networksCn fundamentals of networks
Cn fundamentals of networksAravindh Saivaraju
 
FAST ETHERNET
FAST ETHERNET FAST ETHERNET
FAST ETHERNET Sujitha14
 
Ethernet and Token ring (Computer Networks)
Ethernet and Token ring (Computer Networks)Ethernet and Token ring (Computer Networks)
Ethernet and Token ring (Computer Networks)Shail Nakum
 
Mobile Broadband Wireless Access
Mobile Broadband Wireless AccessMobile Broadband Wireless Access
Mobile Broadband Wireless AccessBirju Tank
 
IEEE standards 802.3.&802.11
IEEE standards 802.3.&802.11IEEE standards 802.3.&802.11
IEEE standards 802.3.&802.11Keshav Maheshwari
 
Communication standards ieee 802 3
Communication standards ieee 802 3Communication standards ieee 802 3
Communication standards ieee 802 3thanhtrung_ys
 
OSI Physical Layer
OSI Physical LayerOSI Physical Layer
OSI Physical LayerSachii Dosti
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPTAIRTEL
 
Ethernet
EthernetEthernet
EthernetMihika Shah
 
Network layers
Network layersNetwork layers
Network layersGermaineGenove
 
somaya akter 1834902142
somaya akter 1834902142somaya akter 1834902142
somaya akter 1834902142somayaakter
 
networking tutorial
networking tutorialnetworking tutorial
networking tutorialRaj Alam
 

More Related Content

What's hot

IEEE 802 Standard for Computer Networks
IEEE 802 Standard for Computer NetworksIEEE 802 Standard for Computer Networks
IEEE 802 Standard for Computer NetworksPradeep Kumar TS
 
Networking Ethernet
Networking EthernetNetworking Ethernet
Networking EthernetSSG1631
 
Ethernet - LAN
Ethernet - LANEthernet - LAN
Ethernet - LANAdeel Rasheed
 
5 IEEE standards
5 IEEE standards5 IEEE standards
5 IEEE standardsRodgers Moonde
 
Internet connectivity
Internet connectivityInternet connectivity
Internet connectivityFabMinds
 
Comprehensive survey on routing protocols for IoT
Comprehensive survey on routing protocols for IoTComprehensive survey on routing protocols for IoT
Comprehensive survey on routing protocols for IoTsulaiman_karim
 
Cn fundamentals of networks
Cn fundamentals of networksCn fundamentals of networks
Cn fundamentals of networksAravindh Saivaraju
 
FAST ETHERNET
FAST ETHERNET FAST ETHERNET
FAST ETHERNET Sujitha14
 
Ethernet and Token ring (Computer Networks)
Ethernet and Token ring (Computer Networks)Ethernet and Token ring (Computer Networks)
Ethernet and Token ring (Computer Networks)Shail Nakum
 
Mobile Broadband Wireless Access
Mobile Broadband Wireless AccessMobile Broadband Wireless Access
Mobile Broadband Wireless AccessBirju Tank
 
IEEE standards 802.3.&802.11
IEEE standards 802.3.&802.11IEEE standards 802.3.&802.11
IEEE standards 802.3.&802.11Keshav Maheshwari
 
Communication standards ieee 802 3
Communication standards ieee 802 3Communication standards ieee 802 3
Communication standards ieee 802 3thanhtrung_ys
 
OSI Physical Layer
OSI Physical LayerOSI Physical Layer
OSI Physical LayerSachii Dosti
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPTAIRTEL
 

What's hot (20)

IEEE 802 Standard for Computer Networks
IEEE 802 Standard for Computer NetworksIEEE 802 Standard for Computer Networks
IEEE 802 Standard for Computer Networks
 
Networking Ethernet
Networking EthernetNetworking Ethernet
Networking Ethernet
 
Ieee 802 standard
Ieee 802 standardIeee 802 standard
Ieee 802 standard
 
Ethernet - LAN
Ethernet - LANEthernet - LAN
Ethernet - LAN
 
Ethernet technology
Ethernet technologyEthernet technology
Ethernet technology
 
5 IEEE standards
5 IEEE standards5 IEEE standards
5 IEEE standards
 
ETHERNET
ETHERNETETHERNET
ETHERNET
 
IEEE Standards
IEEE StandardsIEEE Standards
IEEE Standards
 
Internet connectivity
Internet connectivityInternet connectivity
Internet connectivity
 
Comprehensive survey on routing protocols for IoT
Comprehensive survey on routing protocols for IoTComprehensive survey on routing protocols for IoT
Comprehensive survey on routing protocols for IoT
 
Cn fundamentals of networks
Cn fundamentals of networksCn fundamentals of networks
Cn fundamentals of networks
 
FAST ETHERNET
FAST ETHERNET FAST ETHERNET
FAST ETHERNET
 
Ethernet and Token ring (Computer Networks)
Ethernet and Token ring (Computer Networks)Ethernet and Token ring (Computer Networks)
Ethernet and Token ring (Computer Networks)
 
Mobile Broadband Wireless Access
Mobile Broadband Wireless AccessMobile Broadband Wireless Access
Mobile Broadband Wireless Access
 
IEEE standards 802.3.&802.11
IEEE standards 802.3.&802.11IEEE standards 802.3.&802.11
IEEE standards 802.3.&802.11
 
Communication standards ieee 802 3
Communication standards ieee 802 3Communication standards ieee 802 3
Communication standards ieee 802 3
 
OSI Physical Layer
OSI Physical LayerOSI Physical Layer
OSI Physical Layer
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPT
 
Ethernet
EthernetEthernet
Ethernet
 
Network layers
Network layersNetwork layers
Network layers
 

Similar to Introduction to network security and lan technology

somaya akter 1834902142
somaya akter 1834902142somaya akter 1834902142
somaya akter 1834902142somayaakter
 
networking tutorial
networking tutorialnetworking tutorial
networking tutorialRaj Alam
 
Ethernet Computer network
Ethernet Computer networkEthernet Computer network
Ethernet Computer networkmiteshppt
 
Nt1310 Unit 8 Network Components
Nt1310 Unit 8 Network ComponentsNt1310 Unit 8 Network Components
Nt1310 Unit 8 Network ComponentsLisa Williams
 
Ethernet and LIFI
Ethernet and LIFIEthernet and LIFI
Ethernet and LIFIROHIT JADHAV
 
Basic networking hardware pre final 1
Basic networking hardware pre final 1Basic networking hardware pre final 1
Basic networking hardware pre final 1Sujee Antony
 
Network protocols
Network protocolsNetwork protocols
Network protocolsIT Tech
 
Infiniband and Ethernet
Infiniband and EthernetInfiniband and Ethernet
Infiniband and EthernetFarkhanda Kiran
 
Basic networking tutorial
Basic networking tutorialBasic networking tutorial
Basic networking tutorialreddydivakara
 
Data Communication and Computer Network Overview
Data Communication and Computer Network Overview Data Communication and Computer Network Overview
Data Communication and Computer Network Overview RANVIJAY GAUR
 
Network plus study guide N10-005
Network plus study guide N10-005 Network plus study guide N10-005
Network plus study guide N10-005 ramloganricki
 
Basic networking hardware: Switch : Router : Hub : Bridge : Gateway : Bus : C...
Basic networking hardware: Switch : Router : Hub : Bridge : Gateway : Bus : C...Basic networking hardware: Switch : Router : Hub : Bridge : Gateway : Bus : C...
Basic networking hardware: Switch : Router : Hub : Bridge : Gateway : Bus : C...Soumen Santra
 
COMPUTER NETWORKS
COMPUTER NETWORKSCOMPUTER NETWORKS
COMPUTER NETWORKSabiramiabi21
 

Similar to Introduction to network security and lan technology (20)

somaya akter 1834902142
somaya akter 1834902142somaya akter 1834902142
somaya akter 1834902142
 
networking tutorial
networking tutorialnetworking tutorial
networking tutorial
 
Lan
LanLan
Lan
 
I017554954
I017554954I017554954
I017554954
 
Ethernet Computer network
Ethernet Computer networkEthernet Computer network
Ethernet Computer network
 
Pub00138 r2 cip_adv_tech_series_ethernetip
Pub00138 r2 cip_adv_tech_series_ethernetipPub00138 r2 cip_adv_tech_series_ethernetip
Pub00138 r2 cip_adv_tech_series_ethernetip
 
Pub00138 r2 cip_adv_tech_series_ethernetip
Pub00138 r2 cip_adv_tech_series_ethernetipPub00138 r2 cip_adv_tech_series_ethernetip
Pub00138 r2 cip_adv_tech_series_ethernetip
 
Technical Ethernet
Technical EthernetTechnical Ethernet
Technical Ethernet
 
Nt1310 Unit 8 Network Components
Nt1310 Unit 8 Network ComponentsNt1310 Unit 8 Network Components
Nt1310 Unit 8 Network Components
 
Ethernet and LIFI
Ethernet and LIFIEthernet and LIFI
Ethernet and LIFI
 
Basic networking hardware pre final 1
Basic networking hardware pre final 1Basic networking hardware pre final 1
Basic networking hardware pre final 1
 
Network protocols
Network protocolsNetwork protocols
Network protocols
 
NET1.PPT
NET1.PPTNET1.PPT
NET1.PPT
 
Infiniband and Ethernet
Infiniband and EthernetInfiniband and Ethernet
Infiniband and Ethernet
 
Basic networking tutorial
Basic networking tutorialBasic networking tutorial
Basic networking tutorial
 
Data Communication and Computer Network Overview
Data Communication and Computer Network Overview Data Communication and Computer Network Overview
Data Communication and Computer Network Overview
 
Network plus study guide N10-005
Network plus study guide N10-005 Network plus study guide N10-005
Network plus study guide N10-005
 
Basic networking hardware: Switch : Router : Hub : Bridge : Gateway : Bus : C...
Basic networking hardware: Switch : Router : Hub : Bridge : Gateway : Bus : C...Basic networking hardware: Switch : Router : Hub : Bridge : Gateway : Bus : C...
Basic networking hardware: Switch : Router : Hub : Bridge : Gateway : Bus : C...
 
Computer Networks
Computer NetworksComputer Networks
Computer Networks
 
COMPUTER NETWORKS
COMPUTER NETWORKSCOMPUTER NETWORKS
COMPUTER NETWORKS
 

More from Aksum Institute of Technology(AIT, @Letsgo)

Weather Forecasting using Deep Learning A lgorithm for the Ethiopian Context
Weather Forecasting using Deep Learning A lgorithm for the Ethiopian ContextWeather Forecasting using Deep Learning A lgorithm for the Ethiopian Context
Weather Forecasting using Deep Learning A lgorithm for the Ethiopian ContextAksum Institute of Technology(AIT, @Letsgo)
 

More from Aksum Institute of Technology(AIT, @Letsgo) (9)

Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.
 
Logic Simulation, Modeling, and Testing
Logic Simulation, Modeling, and TestingLogic Simulation, Modeling, and Testing
Logic Simulation, Modeling, and Testing
 
Introduction to VHDL
Introduction to VHDLIntroduction to VHDL
Introduction to VHDL
 
ASIC vs FPGA
ASIC vs FPGAASIC vs FPGA
ASIC vs FPGA
 
Asic design
Asic designAsic design
Asic design
 
Basic Computer Organization and Design
Basic Computer Organization and DesignBasic Computer Organization and Design
Basic Computer Organization and Design
 
Weather Forecasting using Deep Learning A lgorithm for the Ethiopian Context
Weather Forecasting using Deep Learning A lgorithm for the Ethiopian ContextWeather Forecasting using Deep Learning A lgorithm for the Ethiopian Context
Weather Forecasting using Deep Learning A lgorithm for the Ethiopian Context
 
Globus and Gridbus
Globus and GridbusGlobus and Gridbus
Globus and Gridbus
 
Globus ppt
Globus pptGlobus ppt
Globus ppt
 

Recently uploaded

Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........LeaCamillePacle
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayMakMakNepo
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 

Recently uploaded (20)

OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up Friday
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 

Introduction to network security and lan technology

  • 1. Compiled By Haftom A. Aksum University(AKU) Page 1 Chapter Two (Part-One) Introduction to Network Security and LAN Technology The term LAN refers to a local network or a group of interconnected network that are under the same administrative control. In the early days of networking, LANS are defined as small networks that existed in a single physical location. While LANs can be a single network installed in a home or small office, the definition of LAN has evolved to include interconnected local networks consisting of many hundreds of hosts, installed in multiple buildings and locations. The LAN technology will assist the devices on the network communicate with each other. These LAN technology is the special combinations of software and hardware which makes the network perform at a specific speed and in the certain way. It may serve 2 or 3 users to as many thousands of users. The connection among the devices could wired or wireless. Ethernet, Token Ring and Wireless LAN using IEEE 802.11 are examples of standard LAN technologies. Types of LAN Technologies: A. Ethernet: Ethernet is the most popular physical layer LAN technology in use today. It defines the number of conductors that are required for a connection, the performance thresholds that can be expected, and provides the framework for data transmission. A standard Ethernet network can transmit data at a rate up to 10 Megabits per second (10 Mbps). Other LAN types include Token Ring, Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, Fiber Distributed Data Interface (FDDI), Asynchronous Transfer Mode (ATM) and LocalTalk. Ethernet is popular because it strikes a good balance between speed, cost and ease of installation. These benefits, combined with wide acceptance in the computer marketplace and the ability to support virtually all popular network protocols, make Ethernet an ideal networking technology for most computer users today. The Institute for Electrical and Electronic Engineers developed an Ethernet standard known as IEEE Standard 802.3. This standard defines rules for configuring an Ethernet network and also specifies how the elements in an Ethernet network interact with one another. By adhering to the IEEE standard, network equipment and network protocols can communicate efficiently. B. Fast Ethernet: The Fast Ethernet standard (IEEE 802.3u) has been established for Ethernet networks that need higher transmission speeds. This standard raises the Ethernet speed limit from 10 Mbps to 100
  • 2. Compiled By Haftom A. Aksum University(AKU) Page 2 Mbps with only minimal changes to the existing cable structure. Fast Ethernet provides faster throughput for video, multimedia, graphics, Internet surfing and stronger error detection and correction. There are three types of Fast Ethernet: 100BASE-TX for use with level 5 UTP cable; 100BASE- FX for use with fiber-optic cable; and 100BASE-T4 which utilizes an extra two wires for use with level 3 UTP cable. The 100BASE-TX standard has become the most popular due to its close compatibility with the 10BASE-T Ethernet standard. Network managers who want to incorporate Fast Ethernet into an existing configuration are required to make many decisions. The number of users in each site on the network that need the higher throughput must be determined; which segments of the backbone need to be reconfigured specifically for 100BASE-T; plus what hardware is necessary in order to connect the 100BASE- T segments with existing 10BASE-T segments. Gigabit Ethernet is a future technology that promises a migration path beyond Fast Ethernet so the next generation of networks will support even higher data transfer speeds. C. Gigabit Ethernet: Gigabit Ethernet was developed to meet the need for faster communication networks with applications such as multimedia and Voice over IP (VoIP). Also known as “gigabit-Ethernet- over-copper” or 1000Base-T, GigE is a version of Ethernet that runs at speeds 10 times faster than 100Base-T. It is defined in the IEEE 802.3 standard and is currently used as an enterprise backbone. Existing Ethernet LANs with 10 and 100 Mbps cards can feed into a Gigabit Ethernet backbone to interconnect high performance switches, routers and servers. From the data link layer of the OSI model upward, the look and implementation of Gigabit Ethernet is identical to that of Ethernet. The most important differences between Gigabit Ethernet and Fast Ethernet include the additional support of full duplex operation in the MAC layer and the data rates. D. 10 Gigabit Ethernet: 10 Gigabit Ethernet is the fastest and most recent of the Ethernet standards. IEEE 802.3ae defines a version of Ethernet with a nominal rate of 10Gbits/s that makes it 10 times faster than Gigabit Ethernet. Unlike other Ethernet systems, 10 Gigabit Ethernet is based entirely on the use of optical fiber connections. This developing standard is moving away from a LAN design that broadcasts to all
  • 3. Compiled By Haftom A. Aksum University(AKU) Page 3 nodes, toward a system which includes some elements of wide area routing. As it is still very new, which of the standards will gain commercial acceptance has yet to be determined. E. Asynchronous Transfer Mode (ATM) ATM is a cell-based fast-packet communication technique that can support data-transfer rates from sub-T1 speeds to 10 Gbps. ATM achieves its high speeds in part by transmitting data in fixed-size cells and dispensing with error-correction protocols. It relies on the inherent integrity of digital lines to ensure data integrity. ATM can be integrated into an existing network as needed without having to update the entire network. Its fixed-length cell-relay operation is the signaling technology of the future and offers more predictable performance than variable length frames. Networks are extremely versatile and an ATM network can connect points in a building, or across the country, and still be treated as a single network. F. Power over Ethernet (PoE) PoE is a solution in which an electrical current is run to networking hardware over the Ethernet Category 5 cable or higher. This solution does not require an extra AC power cord at the product location. This minimizes the amount of cable needed as well as eliminates the difficulties and cost of installing extra outlets. LAN Technology Specifications Name IEEE tandard Data Rate Media Type Maximum Distance Ethernet 802.3 10 Mbps 10Base-T 100 meters Fast Ethernet/ 100Base-T 802.3u 100 Mbps 100Base-TX 100Base-FX 100 meters 2000 meters Gigabit Ethernet/ GigE 802.3z 1000 Mbps 1000Base-T 1000Base-SX 1000Base-LX 100 meters 275/550 meters 550/5000 meters 10 Gigabit IEEE 802.3ae 10 Gbps 10GBase-SR 300 meters
  • 4. Compiled By Haftom A. Aksum University(AKU) Page 4 Ethernet 10GBase-LX4 10GBase-LR/ER 10GBase- SW/LW/EW 300m MMF/ 10km SMF 10km/40km 300m/10km/40km G. Token Ring Token Ring is another form of network configuration. It differs from Ethernet in that all messages are transferred in one direction along the ring at all times. Token Ring networks sequentially pass a “token” to each connected device. When the token arrives at a particular computer (or device), the recipient is allowed to transmit data onto the network. Since only one device may be transmitting at any given time, no data collisions occur. Access to the network is guaranteed, and time-sensitive applications can be supported. However, these benefits come at a price. Component costs are usually higher, and the networks themselves are considered to be more complex and difficult to implement. Various PC vendors have been proponents of Token Ring networks. Networking and Ethernet Basics Protocols: After a physical connection has been established, network protocols define the standards that allow computers to communicate. A protocol establishes the rules and encoding specifications for sending data. This defines how computers identify one another on a network, the form that the data should take in transit, and how this information is processed once it reaches its final destination. Protocols also define procedures for determining the type of error checking that will be used, the data compression method, if one is needed, how the sending device will indicate that it has finished sending a message, how the receiving device will indicate that it has received a message, and the handling of lost or damaged transmissions or “packets”. The main types of network protocols in use today are: TCP/IP (for UNIX, Windows NT, Windows 95 and other platforms); IPX (for Novell NetWare); DECnet (for networking Digital Equipment Corp. computers); AppleTalk (for Macintosh computers), and NetBIOS/NetBEUI (for LAN Manager and Windows NT networks). Although each network protocol is different, they all share the same physical cabling. This common method of accessing the physical network allows multiple protocols to peacefully
  • 5. Compiled By Haftom A. Aksum University(AKU) Page 5 coexist over the network media, and allows the builder of a network to use common hardware for a variety of protocols. This concept is known as “protocol independence,” which means that devices which are compatible at the physical and data link layers allow the user to run many different protocols over the same medium. The Open System Interconnection Model: The Open System Interconnection (OSI) model specifies how dissimilar computing devices such as Network Interface Cards (NICs), bridges and routers exchange data over a network by offering a networking framework for implementing protocols in seven layers. Beginning at the application layer, control is passed from one layer to the next. The following describes the seven layers as defined by the OSI model, shown in the order they occur whenever a user transmits information. Layer 7: Application This layer supports the application and end-user processes. Within this layer, user privacy is considered and communication partners, service and constraints are all identified. File transfers, email, Telnet and FTP applications are all provided within this layer. Layer 6: Presentation (Syntax) Within this layer, information is translated back and forth between application and network formats. This translation transforms the information into data the application layer and network recognize regardless of encryption and formatting. Layer 5: Session Within this layer, connections between applications are made, managed and terminated as needed to allow for data exchanges between applications at each end of a dialogue. Layer 4: Transport Complete data transfer is ensured as information is transferred transparently between systems in this layer. The transport layer also assures appropriate flow control and end-to-end error recovery. Layer 3: Network Using switching and routing technologies, this layer is responsible for creating virtual circuits to transmit information from node to node. Other functions include routing, forwarding, addressing, internet working, error and congestion control, and packet sequencing. Layer 2: Data Link
  • 6. Compiled By Haftom A. Aksum University(AKU) Page 6 Information in data packets are encoded and decoded into bits within this layer. Errors from the physical layer flow control and frame synchronization are corrected here utilizing transmission protocol knowledge and management. This layer consists of two sub layers: the Media Access Control (MAC) layer, which controls the way networked computers gain access to data and transmit it, and the Logical Link Control (LLC) layer, which controls frame synchronization, flow control and error checking. Layer 1: Physical This layer enables hardware to send and receive data over a carrier such as cabling, a card or other physical means. It conveys the bitstream through the network at the electrical and mechanical level. Fast Ethernet, RS232, and ATM are all protocols with physical layer components. This order is then reversed as information is received, so that the physical layer is the first and application layer is the final layer that information passes through. Standard Ethernet Code In order to understand standard Ethernet code, one must understand what each digit means. Following is a guide: Guide to Ethernet Coding 10 at the beginning means the network operates at 10Mbps. BASE means the type of signaling used is baseband. 2 or 5 at the end indicates the maximum cable length in meters. T the end stands for twisted-pair cable. X at the end stands for full duplex-capable cable. FL at the end stands for fiber optic cable. For example: 100BASE-TX indicates a Fast Ethernet connection (100 Mbps) that uses a twisted pair cable capable of full-duplex transmissions. Media
  • 7. Compiled By Haftom A. Aksum University(AKU) Page 7 An important part of designing and installing an Ethernet is selecting the appropriate Ethernet medium. There are four major types of media in use today: Thickwire for 10BASE5 networks; thin coax for 10BASE2 networks; unshielded twisted pair (UTP) for 10BASE-T networks; and fiber optic for 10BASE-FL or Fiber-Optic Inter-Repeater Link (FOIRL) networks. This wide variety of media reflects the evolution of Ethernet and also points to the technology’s flexibility. Thickwire was one of the first cabling systems used in Ethernet, but it was expensive and difficult to use. This evolved to thin coax, which is easier to work with and less expensive. It is important to note that each type of Ethernet, Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, has its own preferred media types. The most popular wiring schemes are 10BASE-T and 100BASE-TX, which use unshielded twisted pair (UTP) cable. This is similar to telephone cable and comes in a variety of grades, with each higher grade offering better performance. Level 5 cable is the highest, most expensive grade, offering support for transmission rates of up to 100 Mbps. Level 4 and level 3 cable are less expensive, but cannot support the same data throughput speeds; level 4 cable can support speeds of up to 20 Mbps; level 3 up to 16 Mbps. The 100BASE-T4 standard allows for support of 100 Mbps Ethernet over level 3 cables, but at the expense of adding another pair of wires (4 pair instead of the 2 pair used for 10BASE-T). For most users, this is an awkward scheme and therefore 100BASE-T4 has seen little popularity. Level 2 and level 1 cables are not used in the design of 10BASE-T networks. For specialized applications, fiber-optic, or 10BASE-FL, Ethernet segments are popular. Fiber- optic cable is more expensive, but it is invaluable in situations where electronic emissions and environmental hazards are a concern. Fiber-optic cable is often used in inter-building applications to insulate networking equipment from electrical damage caused by lightning. Because it does not conduct electricity, fiber-optic cable can also be useful in areas where heavy electromagnetic interference is present, such as on a factory floor. The Ethernet standard allows for fiber-optic cable segments up to two kilometers long, making fiber-optic Ethernet perfect for connecting nodes and buildings that are otherwise not reachable with copper media.
  • 8. Compiled By Haftom A. Aksum University(AKU) Page 8 Cable Grade Capabilities Cable Name Makeup Frequency Support Data Rate Network Compatibility Cat-5 4 twisted pairs of copper wire — terminated by RJ45 connectors 100 MHz Up to 1000Mbps ATM, Token Ring,1000Base-T, 100Base-TX, 10Base-T Cat-5e 4 twisted pairs of copper wire — terminated by RJ45 connectors 100 MHz Up to 1000Mbps 10Base-T, 100Base- TX, 1000Base-T Cat-6 4 twisted pairs of copper wire — terminated by RJ45 connectors 250 MHz 1000Mbps 10Base-T, 100Base- TX, 1000Base-T Wireless Standards - 802.11b 802.11a 802.11g and 802.11n 802.11a: • Pros of 802.11a - fast maximum speed; regulated frequencies prevent signal interference from other devices • Cons of 802.11a - highest cost; shorter range signal that is more easily obstructed 802.11b: • Pros of 802.11b - lowest cost; signal range is good and not easily obstructed • Cons of 802.11b - slowest maximum speed; home appliances may interfere on the unregulated frequency band
  • 9. Compiled By Haftom A. Aksum University(AKU) Page 9 802.11g: • Pros of 802.11g - fast maximum speed; signal range is good and not easily obstructed • Cons of 802.11g - costs more than 802.11b; appliances may interfere on the unregulated signal frequency. 802.11n: • Pros of 802.11n - fastest maximum speed and best signal range; more resistant to signal interference from outside sources • Cons of 802.11n - standard is not yet finalized; costs more than 802.11g; the use of multiple signals may greatly interfere with nearby 802.11b/g based networks. Summary 10BaseT: It is one among the several adaptations of standard Ethernet for the local LAN's. This 10BaseT is also known as twisted pair Ethernet because it uses the twisted pair cable and carries 10 Mbps throughout the distance of 100 m maximum length. This cable more flexible and thinner when compared to the coaxial cable used in the 10Base5 or 10Base2 standard. 100BaseT: It functions at a rate of 100mbps speed. It is also known as fast Ethernet. This implies that the designation refers to both the fiber and copper based Ethernet versions. It meets the growing industry standard with its high speed. It is supported by most of the vendors such as Adaptec, Hewlett, Cisco, IBM, Bay Networks, 3Com, Adaptec and mostly endorsed by IEEE802.3u standards. This network uses the star topology provides data frame compatibility with the IEEE as well as Ethernet. It supports all network design topologies and rules of 10BaseT Ethernet networks. It allows the organization to use the existing category 5 cables and network infrastructure while upgrading to the higher level transmission speeds. Like Ethernet, 100Base T is based on the CSMA/CD LAN access method. 1000BaseT: It is a cheaper version of the Gigabit Ethernet, which is used in the IEEE802.3ab standard. This 802.3ab is especially designed to use CAT 6, 5e or 5 types. It allows businesses to make use of the Gigabit Ethernet on its current installations. It has the capacity to reach up to 100 meters on the CAT5 cable, however CAT5e is always recommended for the twisted pair type gigabit
  • 10. Compiled By Haftom A. Aksum University(AKU) Page 10 Ethernet and its implementations. Here 1 Gigabit is equal to 1000 megabits per second. It uses 4 pairs of category 5 unshielded twisted pair to accomplish the Gigabit data rate. 100BaseTX: The 100Base TX supports the transmission at the rate of 100Mbps through 2 wire cabling. It mostly uses 1 pair of wire for transmitting the data and another pair for receiving the data. Generally, 2 pairs of wires will be bundled as a single cable with an additional pair of wires. This 100Base TX is not designed to tolerate the crosstalk which will occur when the cable is shared with the other signals. It is a predominant form of the fast Ethernet since, it belongs to category 5 cable which comprises of 4 pairs, it can also support 2 100Base TX links with the help of wiring adaptor. 100BaseFX: This version of the fast internet is proposed and to be used for fiber optic cable. It was introduced while 100BaseTX at the same time 100BaseFX introduced. Part of the IEEE 802.3y standard can be used either in full duplex mode or in half duplex mode. It produces 100 Mbps in all the usage modes. This 100 Base FX uses 100Base -X PHY with the FX PMD to support the 100 Mbps transmission rate through 2 fiber optical cable. 1000BaseX: The first 1 Gigabit or 1000 megabit Ethernet standard has to be released which is also called Gigabit Ethernet. This is proposed for the use with fiber optical cables. There is a large base installed category 5 unshielded balanced twisted pair wiring and also the engineers designing this Gigabit Ethernet believed that it was an important thing to create an implementation which could run across the 100m lengths of category 5 high quality cabling terminated by the RJ -45 connectors. 10GBaseSR: The 10GBase-SR is the short range. In the endless quest for the faster data transmission rate, network standard is pushed to the next levels. The 10 Gigabit Ethernet is also known as 10GbE. It has the capacity to offer data transmission up to 10 Gigabits/second rate. Which is 100 times or 10,000Mbps faster when compared to the modern LAN implementations. Most of the hardware, networking manufactures or markets 10GbE equipments. The 10 Gigabit IEEE 802.3ae Ethernet specification like serial interface which is designed for transmission on the Multimode fiber. The 10Gbase SR is proposed for MAN or LAN implementation with the maximum 300 meters
  • 11. Compiled By Haftom A. Aksum University(AKU) Page 11 distance with the help of 50 microns multicode fiber cable. It can also implement with multicode fiber cabling of 62.5microns but it is limited to the 33 meters. This type is designed for the use over the dark fiber. 10GBaseLR: This standard provides greater distance with the help of single mode fiber of multicode fiber. It is proposed to be used through a longer wavelength of single mode fiber, it provides a potential range of transmission from 40 kilometers to 2 meters. This range makes standards available to the WAN, MAN and LAN deployments. It was long range single mode fiber. This 10Base LR type is proposed for the use over the dark fiber. 10GBaseER: It is a port type uses 1550nm lasers and for the single mode fiber. It has a reach of nearly 40 kilometers through an engineered links as well as 30 km over the standard links. Its physicality coding is defined in IEEE 802.3 clause 49 and physical medium dependent in clause 52. It provides serialized data at 10.3125 Gbits per second line rate. This transmitter is implemented with EML- externally modulated laser. It is the mode of 10Base E is supporting which has link length up to 40km on the single mode fiber and it is designed for the use over dark fiber. 10GBaseSW: It is defined for the use with a WAN PHY. This will drive the maximum link distances nearly up to 80km depends on the fiber standard employed. This adds the WAN interface sublayer (WIS) . It is used to generate the Ethernet data streams which may be mapped directly to the SONET/SDH streams at physical level without any need of higher level processing or MAC. 10GBaseLW: It is the largest base which uses WAN PHY like 10BaseSW. The 10Base-LW is not compatible with the SDH or SONET interface since it didn't conform to the electrical, logical and optical requirements which is specified by the SDH or SONET. It supports 10Base supporting L with the link length of 10 kilometers on a single standard mode fiber. This type is designed to connect the SONET equipments. 10GBaseEW: The 10Base EW is the model of 10Base-E supporting the link length up to 40 kilometers on the single mode fiber with the help of optical wavelength 1550nm. This media type is required to connect the SONET equipment.
  • 12. Compiled By Haftom A. Aksum University(AKU) Page 12 10GBaseT: It works on a standard of IEEE 802.3. It runs over 4 wires which consist of 2 twisted pairs in the category 5 or category 3 cable. An active switch or hub takes the middle and have a port on each of the nodes. This configuration is also used for the Gigabit Ethernet and 100Base T. it uses unshielded twisted pair type wiring or STP cables. Properties: CSMA/CD: It is most commonly used in the wired environments. Ethernet is the one which transfer data on the network through CSMA/CD- carrier sense multiple access along with collision detection. It detects the activity on the wire and reacts for collisions. CSMA/CA: It is especially geared towards the wireless environments. CSMA indicates that the computers wait until the ether is free. At that time, no electrical signal denotes when an ether is free. Here the signal is the only carrier of the ether and also act of waiting for the opportunity to send on an ether is the carrier sense. Broadcast: The computer sends data through the network by moving the data frame to all the computers which directly connects with the local network. Ethernet is one of the broadcast based network technologies. It is the one which send data throughout the entire local network. This broadband carries multiple signals on a single line. It is designed for every device on the subnet. Collision: The 2 different types of data frames from 2 different computers will interfere with each other due to they released the network at the same time. Since most of the networks are not an instant, it is always possible for 2 stations to find the ether, deem it essential time to send and also both the send will take place at the same time. When this collision occurs, then the sender has to stop the transmission immediately and has to wait for some random length of time, and starts transmission again. Bonding: Bonding works like a disk striping in the RAID setup and offers redundancy for the network connections. Bonding will use 2 or more channels, NIC's or connections to allow the data via
  • 13. Compiled By Haftom A. Aksum University(AKU) Page 13 instead of simply one. Bonding combines physical links to create a faster logical link aggregation of IEEE 802.3ad. Speed: It is referred as a network speed, throughput or bandwidth. It helps to measure the amount of data moved via the network in the assigned time duration. It is measured in Gbps- Gigabits per second, tbps - Terabits per second, kbps- kilobits per second, Mbps- megabits per second. The specific connection or any actual network speed can also be measured by using some latest techniques and methods. The potential speed of the connection or network is generally stated as a speed when buying the network technologies and services, you are getting potential speed and not the actual speed. Distance: Distance is the one how far away the data can travel to receive from one point on the network to the other. When it comes to the media, this distance is referred as how far the data has to travel before that requires to be rebuilt by a switch. Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) Confidentiality: Confidentiality is the concealment of information or resources. The need for keeping information secret arises from the use of computers in sensitive fields such as government and industry. For example, military and civilian institutions in the government often restrict access to information to those who need that information. The first formal work in computer security was motivated by the military's attempt to implement controls to enforce a "need to know" principle. This principle also applies to industrial firms, which keep their proprietary designs secure lest their competitors try to steal the designs. As a further example, all types of institutions keep personnel records secret. Access control mechanisms support confidentiality. One access control mechanism for preserving confidentiality is cryptography, which scrambles data to make it incomprehensible. A cryptographic key controls access to the unscrambled data, but then the cryptographic key itself becomes another datum to be protected. Ex: Enciphering an income tax return will prevent anyone from reading it. If the owner needs to see the return, it must be deciphered. Only the possessor of the cryptographic key can enter it
  • 14. Compiled By Haftom A. Aksum University(AKU) Page 14 into a deciphering program. However, if someone else can read the key when it is entered into the program, the confidentiality of the tax return has been compromised. All the mechanisms that enforce confidentiality require supporting services from the system. The assumption is that the security services can rely on the kernel, and other agents, to supply correct data. Thus, assumptions and trust underlie confidentiality mechanisms. Integrity: refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change. Integrity includes data integrity (the content of the information) and origin integrity (the source of the data, often called authentication). The source of the information may bear on its accuracy and credibility and on the trust that people place in the information. This dichotomy illustrates the principle that the aspect of integrity known as credibility is central to the proper functioning of a system. We will return to this issue when discussing malicious logic. EX: A newspaper may print information obtained from a leak at the White House but attribute it to the wrong source. The information is printed as received (preserving data integrity), but its source is incorrect (corrupting origin integrity). Availability: Availability of information refers to ensuring that authorized parties are able to access the information when needed. Information only has value if the right people can access it at the right times. Denying access to information has become a very common attack nowadays. Almost every week you can find news about high profile websites being taken down by DDoS attacks. The primary aim of DDoS attacks is to deny users of the website access to the resources of the website. Such downtime can be very costly. Other factors that could lead to lack of availability to important information may include accidents such as power outages or natural disasters such as floods. How does one ensure data availability? Backup is key. Regularly doing off-site backups can limit the damage caused by damage to hard drives or natural disasters. For information services that is highly critical, redundancy might be appropriate. Having a off-site location ready to restore services in case anything happens to your primary data centers will heavily reduce the downtime in case of anything happens. EXAMPLE: Suppose Anne has compromised a bank's secondary system server, which supplies bank account balances. When anyone else asks that server for information, Anne can supply any
  • 15. Compiled By Haftom A. Aksum University(AKU) Page 15 information she desires. Merchants validate checks by contacting the bank's primary balance server. If a merchant gets no response, the secondary server will be asked to supply the data. Anne's colleague prevents merchants from contacting the primary balance server, so all merchant queries go to the secondary server. Anne will never have a check turned down, regardless of her actual account balance. Notice that if the bank had only one server (the primary one), this scheme would not work. The merchant would be unable to validate the check. Attempts to block availability, called denial of service attacks, can be the most difficult to detect, because the analyst must determine if the unusual access patterns are attributable to deliberate manipulation of resources or of environment. Complicating this determination is the nature of statistical models. Network Threats and attacks Threat: a threat is a potential violation of security. The violation need not actually occur for there to be a threat. The fact that the violation might occur means that those actions that could cause it to occur must be guarded against (or prepared for). Those actions are called attacks. Those who execute such actions, or cause them to be executed, are called attackers. The three security services—confidentiality, integrity, and availability—counter threats to the security of a system. Attack: There are two types of attacks in general, either they are passive, meaning information is being screened and monitored ; other attacks are active, which means that the information is altered with the intent to modify or destroy the data or the network itself. The three goals of security—confidentiality, integrity and availability—can be threatened by security attacks. Below Figure relates the taxonomy of attack types to security goals.
  • 16. Compiled By Haftom A. Aksum University(AKU) Page 16  Snooping, the unauthorized interception of information is a form of disclosure. It is passive, suggesting simply that some entity is listening to (or reading) communications or browsing through files or system information. Wiretapping, or passive wiretapping, is a form of snooping in which a network is monitored. Confidentiality services counter this threat.  Modification or alteration, an unauthorized change of information, covers three classes of threats. The goal may be deception, in which some entity relies on the modified data to determine which action to take, or in which incorrect information is accepted as correct and is released. If the modified data controls the operation of the system, the threats of disruption and usurpation arise.  Masquerading or spoofing, an impersonation of one entity by another, is a form of both deception and usurpation. It lures a victim into believing that the entity with which it is communicating is a different entity. For example, if a user tries to log into a computer across the Internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. Similarly, if a user tries to read a file, but an attacker has
  • 17. Compiled By Haftom A. Aksum University(AKU) Page 17 arranged for the user to be given a different file, another spoof has taken place. This may be a passive attack (in which the user does not attempt to authenticate the recipient, but merely accesses it), but it is usually an active attack (in which the masquerader issues responses to mislead the user about its identity).  Repudiation of origin, a false denial that an entity sent (or created) something, is a form of deception. For example, suppose a customer sends a letter to a vendor agreeing to pay a large amount of money for a product. The vendor ships the product and then demands payment. The customer denies having ordered the product and by law is therefore entitled to keep the unsolicited shipment without payment. The customer has repudiated the origin of the letter. If the vendor cannot prove that the letter came from the customer, the attack succeeds. A variant of this is denial by a user that he created specific information or entities such as files. Integrity mechanisms cope with this threat.  Denial of receipt, a false denial that an entity received some information or message, is a form of deception. Suppose a customer orders an expensive product, but the vendor demands payment before shipment. The customer pays, and the vendor ships the product. The customer then asks the vendor when he will receive the product. If the customer has already received the product, the question constitutes a denial of receipt attack. The vendor can defend against this attack only by proving that the customer did, despite his denials, receive the product. Integrity and availability mechanisms guard against these attacks.  Denial of service, a long-term inhibition of service, is a form of usurpation, although it is often used with other mechanisms to deceive. The attacker prevents a server from providing a service. The denial may occur at the source (by preventing the server from obtaining the resources needed to perform its function), at the destination (by blocking the communications from the server), or along the intermediate path (by discarding messages from either the client or the server, or both). Denial of service poses the same threat as an infinite delay. Availability mechanisms counter this threat.  Denial of service or delay may result from direct attacks or from non-security-related problems. From our point of view, the cause and result are important; the intention
  • 18. Compiled By Haftom A. Aksum University(AKU) Page 18 underlying them is not. If delay or denial of service compromises system security, or is part of a sequence of events leading to the compromise of a system, then we view it as an attempt to breach system security. But the attempt may not be deliberate; indeed, it may be the product of environmental characteristics rather than specific actions of an attacker.