Introduction to-ict

Introduction to ICT
Krishantha Dinesh
http://www.krishantha.com
https://www.linkedin.com/in/krish-/
https://youtube.com/krish
lets talk about web - www.krishantha.com

* http://www.krishantha.com * https://www.youtube.com/krish * https://www.linkedin.com/in/krish-/
Objectives
• Not to teach everything
• Not to teach nothing
• Help to open your mind
• Give the basic understanding about technologies

What you should do
• Question your self.
• Don’t understand the way you want
• But understand the “how It is”
• You always see what you want to see ??

What we discuss
• Email
• ARP
• How web work
• DNS concept
• SSL
• Social media
• How stay safe on web

Email

How postal mail worked

How email work
• User log in to his mail account
• Type mail and send
• Its goes to receiver mail server and store
• Receiver receive and read it

Reality

• A ) Sender creates and sends an email
• The originating sender creates an email in their Mail User Agent (MUA) and clicks 'Send'. The MUA is the
application the originating sender uses to compose and read email, such as Outlook, etc.
• B) Sender's MDA/MTA routes the email
• The sender's MUA transfers the email to a Mail Delivery Agent (MDA). Frequently, the sender's MTA also
handles the responsibilities of an MDA. Several of the most common MTAs do this, including sendmail and
qmail
• The MDA/MTA accepts the email, then routes it to local mailboxes or forwards it if it isn't locally addressed.
• In our diagram, an MDA forwards the email to an MTA and it enters the first of a series of "network clouds,"
labeled as a "Company Network" cloud.

• C) cloud
• An email can encounter a network cloud within a large company or ISP, or the largest network cloud in
existence: the Internet.
• Email service providers and other companies that process a large volume of email often have their own, private
network clouds. These organizations commonly have multiple mail servers, and route all email through a
central gateway server (i.e., mail hub) that redistributes mail to whichever MTA is available.
• D) Queue
• The email in the diagram is addressed to someone at another company, so it enters an email queue with other
outgoing email messages. If there is a high volume of mail in the queue—either because there are many
messages or the messages are unusually large, or both—the message will be delayed in the queue until the
MTA processes the messages ahead of it.

• E) MTA to MTA Transfer
• When transferring an email, the sending MTA handles all aspects of mail delivery until the message has
been either accepted or rejected by the receiving MTA.
• Each MTA in the Internet network cloud needs to "stop and ask directions" from the Domain Name
System (DNS) in order to identify the next MTA in the delivery chain. The exact route depends partly on
server availability and mostly on which MTA can be found to accept email for the domain specified in
the address.
• To find the recipient's IP address and mailbox, the MTA must drill down through the Domain Name
System (DNS)

How you browse internet

ARP

Broadcasting all over

One decide he has requested address

Building reply

Update own cache

Unicast reply to requester

Update ARP cache

Find DNS to reach internet servers

What is ARP?
• The ARP protocol was designed out of necessity to facilitate the translation of addresses between the
second and third layers of the OSI model.
• Each layer has its own addressing scheme, and they must work together in order to make network
communication happen
• For above requirement ARP was created with RFC 826, “An Ethernet Address Resolution Protocol”.

How ARP works

How ARP works cont.…
• ARP operation is centered around two packets, an ARP request and an ARP reply
• Purpose of the request and reply are to locate the hardware MAC address associated with a given IP
address
• When 10.0.81.85 needs to contact 10.0.81.82 it send broadcast message as “who has 10.0.81.82
tell 10.0.81.85”
• 10.0.81.82 will respond as “10.0.81.82 is at 1C-3E-84-8D-9C-53”

ARP Demo

How this compromised?
• ARP cache poisoning takes advantage of the insecure nature of the ARP protocol
• devices using ARP will accept updates at any time
• This means that any device can send an ARP reply packet to another host and force that host to update
its ARP cache with the new value
• Sending an ARP reply when no request has been generated is called sending a gratuitous ARP
• When malicious intent is present the result of a few well placed gratuitous ARP packets used in this
manner can result in hosts who think they are communicating with one host, but in reality are
communicating with a listening attacker

Poisoned network

How to defend
• arp –a will give you arp cache. Check for duplication entry
• #avoid - Use static arp when possible [arp –s <IP> <MAC>
• #detect - IDS

Web Server

overview

How its work
• A person types in the URL of the internet website that he/she wants to visit. Let’s use
http://www.krishantha.com/index.php as an example.
• The client browser then splits the URL to three separate parts: the protocol (in this example it’s “http”),
the server address/server name (in this case it’s www.krishantha.com) and the part of the URL (i.e.the
file name) which you requested for (in this case it’s “index.php”).
• The browser then contacts the DNS (Domain Name Server) to translate the entered domain name into its
personal IP address. The DNS servers are basically very simple databases that work to connect domain
names to IP addresses.
• Once the address of the server is established, the browser then determines which protocol should be
used for communication. In order to load a basic website, the HTTP protocol is used.

• The next step for the browser is to send a special “GET” request to the web server in order to retrieve
the address and the page it has been provided. Simply speaking, the browser requests the server to
display the information contained at “index.php”. Unless there are any special security protocols
implemented, the server now responds to the request from the browser. It will verify the integrity of the
address, lookup the necessary files, run the appropriate scripts and finally returns the results to the
browser.
• The browser will translate all the data into the HTML format and render the result to the user on his/her
screen. If there are several types of files needed to show a web page (for example images or media files)
then the web browser needs to make additional requests in order to obtain each of these.

SSL

What it is

Overview

How can make sure we secured
• Do not accept warnings. ( can be victim of MTM)

Social Media

What is social media
• websites and applications that enable users to create and share content or to participate in social
networking.

Is it good?
Or
bad ?

Is this good ?

When get like this ?

If you do this?

When he has knife ?

Now problem with knife ?
Or
person how
use the knife ?

How can stay safe in social media
• Follow these step-by-step instructions to manage your Facebook security and privacy settings
• Change who can see stuff
• Change who can contact

• Block unwanted contacts
• Do not upload high quality photos directly from mobile.
• See how others see your profile

• Enable secondary verification
• Do not share contact details
• Do not share confidential or personal information via chat
• Be careful that what you have shared on public
• Do not click link which come via chat
• Do not copy and paste code given via chat or blog

What we should do

• Learn and make sure what you learnt is correct
• Question your self and then discuss
• Try to depends on updated resources as much as possible
• Try on practical work as much as possible
• Do not understand the way you want to understand

Q and A

Introduction to-ict

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Introduction to-ict

Similar to Introduction to-ict (20)

Recently uploaded

Recently uploaded (20)

Introduction to-ict

Editor's Notes