Topology
• Topology refers to physical arrangement of network
components and media or layout of connected
devices/nodes on a network.
• It is usually a schematic description of the arrangement of a
network, including its nodes and connecting lines.
• Topologies are either physical or logical.
– Physical Topology
• The way that the workstations are connected to the network
through the actual cables that transmit data.
– Logical topology
• The way that the signals act on the network media, or the way
that the data passes through the network from one device to the
next without regard to the physical interconnection of the
devices.
25-Aug-2017
CSIT1002
4 of 160

Few common Topologies
25-Aug-2017
CSIT1002
5 of 160

Considerations for choosing Topology
• Money
– Bus network is the least expensive way to install a network.
• Length-of cable needed
– Linear Bus network uses shorter lengths of cable.
• Future growth (adding new devices)
– Network expansion is easily done with Tree topology.
• Cable type
– Twisted pair cable is most commonly used with star topology in
commercial organizations.
• Best Topology
– Full mesh topology is the best theoretically since all devices are
connected to all other device, maximizing speed and security.
– Tree topology (basically a connection of star) is best.
25-Aug-2017
CSIT1002
6 of 160

Bus Topology (1/3)
• Simplest way to create a physical network. All computers are
attached to a single continuous cable that is terminated at
both ends.
• A bus topology is multipoint. Here one long cable act as a
backbone to link all the devices are connected to the
backbone by drop lines and taps.
25-Aug-2017
CSIT1002
– Drop line: Connection
between the devices
and the cable.
– Tap: The splitter that
cut the main link.
7 of 160

Bus Topology (2/3)
• Permits only one device to transmit at a time.
• A device want to communicate with other devices on the
network sends a broadcast message onto the wire that other
devices can see.
• But only the intended devices accepts and process the
message.
• Commonly implemented by IEEE 802.3 (Ethernet) networks.
25-Aug-2017
CSIT1002
8 of 160

Bus Topology (3/3)
• Advantage
– Inexpensive: Does not require additional hardware to
interconnect the attached devices.
– Flexible: New devices can be added by simply installing a new
‘T’ connector.
– Requires less cable length than a star topology
• Disadvantage
– If any fault in backbone can stops all transmission.
25-Aug-2017
CSIT1002
9 of 160

Star Topology (1/2)
• Each device has a dedicated point-to-point link to the central
controller called “Hub” or Switch (acts as an Exchange).
– There is no direct traffic between devices. The transmission
are occurred only through the central “hub”.
• When device-1 wants to send data to device-2 - Send the data to
the Hub - Hub passes the data to the other connected devices.
25-Aug-2017
CSIT1002
10 of 160

Star Topology (2/2)
• Advantages
– Installation and configuration are easy.
– Robustness (if one link fails, only that link is affected. All other
links remain active).
– Easy fault identification & removal of parts.
– No disruptions to the network when connecting or removing
devices.
• Disadvantages
– More cabling required. Hence cost factor is bit higher.
– Single point of Failure & Dependency (The whole network is
dependent on one single point i.e. hub. When hub goes down
the whole system is dead).
25-Aug-2017
CSIT1002
11 of 160

Ring Topology (1/3)
• A single closed loop formed by uni-directional transmission
links formed by series of repeaters which will be linked to
each other.
– Each device has a dedicated connection with two devices on
either side.
– A repeater in the network connects each station to network.
• The signal is passed from device to device until it reaches the
destination and each device has a repeater.
– When one device received signals instead of intended another
device, its repeater then regenerates the data and passes them.
– Data is transmitted around a ring using token passing method.
The token is passed from computer to computer until it gets to
a computer that has data to send.
• Example: Token Ring25-Aug-2017
CSIT1002
12 of 160

Ring Topology (2/3)
25-Aug-2017
CSIT1002
13 of 160

Ring Topology (3/3)
• Advantages
– The transmission of data is relatively simple as packets travel
in one direction only.
– Adding additional nodes has very little impact on bandwidth.
– All devices have equal access.
• Disadvantages
– A break in the cable results in the disruption of the entire
network.
– Since the data travels only clockwise, say, if machine A wants
to communicate with machine D, data can not be transferred if
there is a break in the loop.
25-Aug-2017
CSIT1002
14 of 160

Mesh Topology (1/2)
• Every device has a point to point link to every other device.
– i.e. Node-1 node must be connected with n-1 nodes.
• A fully connected mesh can have
– n(n-1)/2 physical channels to link ‘n’ devices.
– Ports: Each device must have (n-1) I/O ports.
25-Aug-2017
CSIT1002
15 of 160

Mesh Topology (2/2)
• Advantages
– They use dedicated links so each link can only carry its own
data load. So traffic problem can be avoided.
– It is robust. If any one link get damaged it cannot affect others.
– It gives privacy and security. Message travels along a dedicated
link.
• Disadvantages
– The amount of cabling & the number of I/O ports required are
very large since every device is connected to each devices
through dedicated links.
– Hardware required to connect each device is highly expensive.
25-Aug-2017
CSIT1002
16 of 160

Tree Topology (1/2)
• Alternatively referred to as a Star Bus topology.
• Tree topology is one of the most common network setups
that is similar to a bus topology and a star topology.
• A tree topology connects multiple star networks to other
star networks.
25-Aug-2017
CSIT1002
17 of 160

Tree Topology (2/2)
• Advantages:
– Less cabling required to connect large number of devices,
hence cost effective.
– Error detection and correction is easy.
– Each segment is provided with dedicated point-to-point wiring
to the central hub.
– If one segment is damaged, other segments are not affected.
• Disadvantages:
– Because of its basic structure, tree topology relies heavily on
the main bus cable, if it breaks whole network is crippled.
– As more and more nodes and segments are added, the
maintenance becomes difficult.
– Scalability of the network depends on the type of cable used.
25-Aug-2017
CSIT1002
18 of 160

History
• Computer security borrowed the term firewall from
firefighting and fire prevention, where a firewall is a barrier
established to prevent the spread of fire.
• Digital Equipment Corporation (DEC) shipped the first
commercial firewall (DEC SEAL in 1992) and firewall
technology has since evolved to combat the increasing
sophistication of cyberattacks.
25-Aug-2017
CSIT1002
20 of 160

How does a Firewall work?
• Firewall is used to protect an internal network from attacks
and unauthorized access (Proxy Server is used for anonymity
and to bypass restrictions).
• All messages entering or leaving the LAN pass through the
firewall, which examines each message and blocks those
that do not meet the specified security criteria.
25-Aug-2017
CSIT1002
21 of 160

Categories of Firewall
• Firewalls can be implemented in both hardware and
software.
• Firewalls are often categorized as
– Network Firewalls
• The Firewall filters traffic between two or more networks; they
are either software appliances running on general purpose
hardware, or hardware-based firewall computer appliances.
– Host-based Firewalls
• The Firewall provides a layer of software on one host that
controls network traffic in and out of that single machine.
25-Aug-2017
CSIT1002
22 of 160

Types of Firewall
• Packet filter Firewalls
• Stateful Firewalls
• Application layer Firewalls
• Proxy Firewall
25-Aug-2017
CSIT1002
23 of 160

Packet Filter Firewalls (1/2)
• Traditionally, firewalls functioned as packet filters.
• How do they operate?
– (1) Firewalls inspect the packets that are transferred between
computers on the Internet.
– (2) A packet’s source and destination address, protocol and
destination port number are checked against the firewall's rule
set.
– (3) Any packets that are not specifically allowed onto the
network are dropped (i.e., not forwarded to their destination).
25-Aug-2017
CSIT1002
24 of 160

Packet Filter Firewalls (2/2)
• Example:
– A firewall is configured with a rule to block Telnet access.
Then, the firewall would drop packets destined for TCP port
number 23, the port where a Telnet server application would
be listening.
– Note: Port Numbers?
• 16-bit unsigned number which identifies the ports for each
protocol (application/service) & IP address combination.
• Classification: Ports 0–1023 (System or well-known ports), Ports
1024–49151 (user or registered ports), Ports >49151 (dynamic /
private ports)
• USC/ISI (upto 1988), ICANN (1988 to 21-Mar-2001), IANA (recent)
25-Aug-2017
CSIT1002
25 of 160

Stateful Firewalls (1/2)
• First introduced in 1994 by Check Point Software in its
FireWall-1 product, and by the late 1990s, it was a common
firewall product feature.
• Firewalls are made Connection Aware with Stateful packet
inspection (SPI), also referred to as Dynamic packet filtering -
a security feature often included in business networks.
• Note: A stateless firewall
– It treats each network frame or packet individually.
– Operate at the OSI Network Layer (layer 3)
– Function more efficiently as they only look at packet header.
– Note suited for applications like FTP to a protected network.
25-Aug-2017
CSIT1002
26 of 160

State-full Firewalls (2/2)
• How do they operate?
– (1) Traffic is first matched against a firewall rules list/set.
– (2) Firewall records all connections (Stores packet's history in
the state table) passing through it to ensure that it has enough
information to assess a packet.
– (3) If the packet type is allowed through the firewall, then the
stateful part (recognize a packet's connection state) of the
process begins. A packet's connection state provides insight on
whether a packet is either
• Start of a new connection (or)
• Part of an existing connection (or)
– Packets can be allowed through without further analysis.
• Does not match an existing connection or any other connection.
– Evaluate packet according to the rule set for new connections.
25-Aug-2017
CSIT1002
27 of 160

Application Layer Firewalls (1/2)
• As attacks against Web servers became more common, so
too did the need for a firewall that could protect servers and
the applications running on them, not merely the network
resources behind them.
• Application-layer firewall technology first emerged in 1999,
enabling firewalls to inspect and filter packets on any OSI
layer up to the application layer.
• The key benefit of application-layer filtering is the ability to
block specific content (such as known malware or certain
websites) and recognize when certain applications and
protocols (such as HTTP, FTP and DNS) are being misused.
– Malware: Software which is specifically designed to disrupt,
damage or gain authorized access to a computer system.
25-Aug-2017
CSIT1002
28 of 160

Application Layer Firewalls (2/2)
• Firewall technology is now incorporated into a variety of
devices
– Many routers that pass data between networks contain
firewall components
– Most home computer OS include software-based firewalls.
• Many hardware-based firewalls also provide additional
functionality like basic routing to the internal network they
protect.
25-Aug-2017
CSIT1002
29 of 160

Proxy Firewall
• Firewall proxy servers also operate at the firewall's
application layer, acting as an intermediary for requests from
one network to another for a specific network application.
• A proxy service must be run for each type of Internet
application the firewall will support, such as an HTTP proxy
for Web services.
• A proxy firewall prevents direct connections between either
sides of the firewall; both sides are forced to conduct the
session through the proxy, which can block or allow traffic
based on its rule set.
25-Aug-2017
CSIT1002
30 of 160

Security Zones (1/3)
• Internet (Uncontrolled Zone)
– Vulnerable zone of global Internet lying outside organization
boundary prone to security breaches.
– No controls in place to block the intrusions.
• Intranet (Controlled Zone)
– Zone behind one or more firewall
– Policies are in place (controlled) to ensure that network traffic
does not have any serious effect.
25-Aug-2017
CSIT1002
31 of 160

• Internet DMZ (Controlled Zone)
– Provide a buffer between uncontrolled Internet & Internal
Networks.
– A secure approach is to use two firewalls to create a DMZ. This
is considered more secure since two devices would need to be
compromised before an attacker could access the internal LAN.
• First firewall (Perimeter firewall) is configured to allow traffic
destined to the DMZ only.
• Second/Internal firewall only allows traffic from the DMZ to the
Internal network.
• Clients communicate with the Internet through components of
the Internet DMZ (Demilitarized Zone).
– Access Control Software (E.g. Access management server) are
deployed in DMZ - Monitors and controls user access to
restricted resources & other controlled zones
25-Aug-2017
CSIT1002
32 of 160

• Production Network (Restricted Zone)
– Denies direct access from uncontrolled network. Supports
functions which strictly control access.
– Bound by one or more firewalls.
– Place Access management server & Back-end servers.
– Large Enterprises have several network zones designated as
restricted zones.
• Management Network (Secured Zone)
– Only few authorized users are given access
– Tightly controlled
25-Aug-2017
CSIT1002
33 of 160

Data Communication (1/2)
• Layered set of protocols/rules required to govern data
communication
• Example of Protocol Suites: OSI & TCP/IP
25-Aug-2017
CSIT1002
35 of 160

Data Communication (2/2)
25-Aug-2017
CSIT1002
36 of 160

Routing (1/5)
• Case study: Traditional routing
– Early bridges and routers were often implemented in software
which runs on a special-purpose processing platform (such as a
PC with two NICs and software to route data between each
NIC).
– The early days of routing involved a computer and two NIC
cards, not unlike two people having a conversation, but having
to go through a third person to do so.
• (1) The workstation would send its traffic across the wire to the
routing computer
• (2) The routing computer would receive it on one NIC – checks
the other NIC and sends the traffic out through the other NIC.
– Note: Wire speed devices (routers) replaced the routing
computer.
25-Aug-2017
CSIT1002
37 of 160

Routing (2/5)
• The processing done by the Router (as network element) to
facilitate data communication can be termed as routing.
• To route, a router needs to do the following:
– Know the destination address
• Routers look into the IP address (Destination and Source IP) of
the network header of the packet & decide whether to deliver to
a network or forward from a network to another.
– Discover possible routes & Select the best route
• Path/Route is determined by router using various metrics.
• Metrics of Routing: Load on the link between devices, delay,
bandwidth and reliability, hop count.
– Maintain and verify the routing information in Routing table
25-Aug-2017
CSIT1002
38 of 160

Routing (3/5)
25-Aug-2017
CSIT1002
Data  TCP Segment 
IP Packet  Ethernet
Frame  Bits
39 of 160

Routing (4/5)
• TCP & IP Headers
25-Aug-2017
CSIT1002
TCP Header
IP Header
40 of 160

Routing (5/5)
• Functions of Routers
– Scales to very large networks and increase routing efficiency
by determining the destination using IP address. Routing Table
is maintained for Filtering & Forwarding mechanism.
• ARP table (Translation between IP address and MAC address)
– Path determination to reach destination
• Protocols like RIP, OSPF are used
– Manufactures
• Includes CISCO, 3Com and Juniper
25-Aug-2017
CSIT1002
– Can connect different
networks, interpret layer-3
addressing, decide a best path
for the data and also reroute
traffic.
41 of 160

Types of Routing (1/2)
• Static Routing or Non-adaptive routing
– The Routing table contains the mappings before the beginning
of routing. These mappings do not change unless the network
administrator alters them.
– Routing decisions in these algorithms are not based on current
topology or traffic and cannot react to network changes.
– Suitable for environments where network traffic is relatively
predictable and where network design is relatively simple.
– Unsuitable for large, constantly changing networks.
– Algorithms that use static routes are simple to design.
25-Aug-2017
CSIT1002
42 of 160

Types of Routing (2/2)
• Dynamic Routing or Adaptive routing
– The Routing table contains the static mappings before the
beginning of routing. These mappings are updated to changing
network circumstances by analyzing incoming routing update
messages.
• If the message indicates that a network change has occurred, the
routing software recalculates routes and sends out new routing
update messages.
• These messages permeate the network, stimulating routers to
rerun their algorithms and change their routing tables
accordingly.
25-Aug-2017
CSIT1002
43 of 160

Switching (1/7)
• The processing done by the Switch (as network element) to
facilitate data communication can be termed as switching.
• A Switch is a Layer-2 Device that support full duplex
communications by joining multiple computers together
within one LAN.
25-Aug-2017
CSIT1002
44 of 160

Switching (2/7)
• A switch (or multiport bridge) breaks up collision domains.
– Collision domain is a part of a network where packet collisions
can occur (when two devices send a packet at the same time
on the shared network segment).
• The packets collide and both devices must send the packets
again, which reduces network efficiency.
– An independent bandwidth is provided on each port of the
switch in order to create dedicated collision domains.
• Vs. Hub
– Collisions are often in a hub environment. Each port on a hub is in
the same collision domain.
– By contrast, each port on a bridge, a switch or a router is in a
separate collision domain.
25-Aug-2017
CSIT1002
45 of 160

Switching (3/7)
• Layer 2 switches are faster than routers as they do not look
for the network layer header information and just looks for
the frame’s hardware addresses to decide whether to
forward, flood, or drop the frame.
25-Aug-2017
CSIT1002
46 of 160

Switching (4/7)
• Switch can Filters/Forwards packets between LAN segments.
• Switch keeps a record of the MAC addresses of all the devices
connected to it.
– Application-Specific ICs (ASICs) are used in switches to maintain
and build their filter tables.
– With this information, a switch can identify which system is
connected to which port.
– So when a frame is received, it knows exactly which port to
send it to – so as to reach the appropriate system.
25-Aug-2017
CSIT1002
47 of 160

Switching (5/7)
25-Aug-2017
CSIT1002
48 of 160

Switching (6/7)
25-Aug-2017
CSIT1002
49 of 160

Switching (7/7)
• Layer 2 switching provides the following:
– Hardware-based (ASIC)
– Wire speed
• Few functions which were implemented in software traditionally
can be moved into the hardware. This would increase
performance and enable manufacturers to build reasonably priced
switches. Example: Switches which support high speed ports.
– Low latency
– Low cost
• Functions
– Address Learning
– Forward/ Filter Decisions
– Loop Avoidance
25-Aug-2017
CSIT1002
50 of 160

Switching Methods
• Store-and-Forward Switching
– Error checking is performed against the frame, and any frame
with errors is discarded.
• Cut-through Switching
– No error checking is performed against the frame, which
makes forwarding the frame through the switch faster than
store-and-forward switches.
• Fragment-free Switching
25-Aug-2017
CSIT1002
51 of 160

Store-and-Forward Switching (1/5)
• Operation
– (1) LAN switch copies each complete frame into the switch
memory buffers and computes a CRC for errors.
– (2) If a CRC error is found, the frame is discarded.
25-Aug-2017
CSIT1002
52 of 160

• Operation
– (3) If the frame does not contain any errors, the switch checks
for frame length.
– (4) If the frame is not a runt or a giant, the LAN switch looks up
the destination address in its forwarding or switching table
and determines the outgoing interface/port.
– (5) It then forwards the frame toward its intended destination.
25-Aug-2017
CSIT1002
53 of 160

25-Aug-2017
CSIT1002
54 of 160

• Cyclic Redundancy Check (CRC)
– It is an error-checking method that uses a mathematical
formula, based on the number of bits (1s) in the frame, to
determine whether the received frame is with errors.
• Runt & Giant
– An Ethernet frame is discarded if it is a runt (frame is smaller
than 64B in length), or a giant (frame is larger than 1518B in
length).
• Note
– Some switches can be configured to carry giant or jumbo
frames.
25-Aug-2017
CSIT1002
55 of 160

• Drawbacks
– Decrease in Performance
• The switch has to store the entire data frame before checking for
errors and forwarding. This error checking results in high switch
latency (delay). If multiple switches are connected, with the data
being checked at each switch point, total network performance
can suffer as a result.
– The switch requires more memory and CPU cycles to perform
the detailed inspection of each frame than that of cut-through
or fragment-free switching.
25-Aug-2017
CSIT1002
56 of 160

Cut-Through Switching (1/3)
• Operation
– (1) The LAN switch copies the destination MAC address into its
memory, which is located in the first 6 bytes of the frame
following the preamble.
– (2) The switch looks up the destination MAC address in its
switching table, determines the outgoing interface port, and
forwards the frame on to its destination through the
designated switch port.
• Vs. Store-and-Forward Switching
– A cut-through switch reduces delay because the switch begins
to forward the frame as soon as it reads the destination MAC
address and determines the outgoing switch port.
25-Aug-2017
CSIT1002
57 of 160

• Drawback
– Waste of Bandwidth
• If the frame was corrupted in transit, the switch still forwards the
bad frame. The destination receives this bad frame, checks the
frame's CRC, and discards it, forcing the source to resend the
frame. This process wastes bandwidth and, if it occurs too often,
network users experience a significant slowdown on network.
25-Aug-2017
CSIT1002
58 of 160

• Store-and-forward vs. Cut-through Switching
– Store-and-forward switching drops frames with errors and
provides for QoS managing network traffic flow.
– Today's switches are better suited for a store-and-forward
environment as they do not suffer with latency as compared to
the legacy switches.
– If network is broken down into workgroups, the likelihood of
bad frames or collisions might be minimized, in turn making
cut-through switching a good choice for the network.
– Cut-through switching is best for the network core where
errors are fewer, and speed is of utmost importance.
– Store-and-forward is best at the network access layer where
most network problems and users are located.
25-Aug-2017
CSIT1002
59 of 160

Fragment-free switching (1/4)
• It is a hybrid of cut-through & store-and-forward switching
and also known as runtless switching.
• Fragment-free switching was developed to solve the late-
collision problem.
– Collision: When two systems transmit at the same time, the
result is a collision. Collisions are a part of Ethernet
communications and do not imply any error condition.
– A late collision indicates that another system attempted to
transmit after a host has transmitted at least the first 64 bytes
of its frame (as most network errors and collisions occur
during the first 64 bytes of a frame).
• A late collision is similar to an Ethernet collision, except that it
occurs after all hosts on the network should have been able to
notice that a host was already transmitting.
25-Aug-2017
CSIT1002
60 of 160

• Causes of Late collisions
– Ethernet LAN is too large
• Late collision can be controlled by LAN segmentation.
– Faulty network devices on the segment.
– Duplex (half-duplex/full-duplex) mismatches between
connected devices.
• Operation
– A switch in fragment-free mode stores the first 64 bytes of the
frame before forwarding.
25-Aug-2017
CSIT1002
61 of 160

• Layer-3 Switching
– Layer-3 Switching is an example of Fragment-free switching.
– Layer-3 Switches can be considered as Routers or Intelligent
Switches.
• Layer 3 switches make decisions based on the port-level IP
addresses, whereas actual Routers make decisions based on a
map of the Layer 3 network (maintained in a routing table).
• Multilayer switching
– A switching technique using which the switches can operate at
both the data link (OSI Layer 2) & network (OSI Layer 3) layers.
– To enable multilayer switching, LAN switches must use store-
and-forward techniques because the switch must receive the
entire frame before it performs any protocol layer operations.
25-Aug-2017
CSIT1002
62 of 160

• Multi-layer Switching (contd.)
– Operation
• (1) The switch pulls the entire received frame into its memory
• (2) Calculates its CRC to determines whether the frame is good or
bad.
– (2.1) If the CRC calculated matches the CRC available in the frame,
the destination address is read and the frame is forwarded out the
correct switch port.
– (2.2) If the CRC does not match, the frame is discarded.
– Note
• As this type of switching waits for the entire frame to be received
before forwarding, port latency times can become high, which
can result in some latency, or delay, of network traffic.
25-Aug-2017
CSIT1002
63 of 160

VLAN (1/11)
• Virtual LANs (VLANs) allow network administrators to
logically group hosts together even if the hosts are not
directly connected to the same network switch.
– Without VLANs
• Users are assigned to networks based on geography and are
limited by physical topologies and distances.
• Grouping hosts according to their resource needs necessitates
the labor of relocating nodes or rewiring data links.
– VLANs allow networks and devices that must be kept separate
to share the same physical cabling without interacting
improving simplicity, security, traffic management, or
economy.
• Because VLAN membership can be configured through software,
this can greatly simplify network design and deployment.
25-Aug-2017
CSIT1002
65 of 160

VLAN (2/11)
• VLAN is any broadcast domain that is partitioned and
isolated in a computer network at the data link layer (OSI
layer 2).
– VLANs are data link layer (OSI layer 2) constructs, analogous to
Internet Protocol (IP) subnets, which are network layer (OSI
layer 3) constructs.
25-Aug-2017
CSIT1002
66 of 160

VLAN (3/11)
• Router connects two broadcast domains
25-Aug-2017
CSIT1002
67 of 160

VLAN (4/11)
• Making VLANs by splitting the Broadcast Domain
25-Aug-2017
CSIT1002
68 of 160

VLAN (5/11)
• Router are required to move traffic between VLANs
25-Aug-2017
CSIT1002
69 of 160

VLAN (6/11)
• Management VLAN
– Also known as default VLAN
– Cannot be deleted
– Every port is on VLAN 1 by default
25-Aug-2017
CSIT1002
70 of 160

VLAN (7/11)
• VLANs can keep network applications separate despite being
connected to the same physical network, and without
requiring multiple sets of cabling and networking devices to
be deployed.
• VLAN standardization
– Trunking protocols
• IEEE 802.1Q
• Inter-Switch link (ISL) for Cisco.
25-Aug-2017
CSIT1002
71 of 160

VLAN (8/11)
• Frame Tagging (IEEE 802.1Q)
– Technique used to identify the VLAN to which the packet
belongs with a tag.
25-Aug-2017
CSIT1002
72 of 160

VLAN (9/11)
• Frame Tagging Procedure
– (1) Switch is aware of the VLAN memberships.
– (2) Switch places a VLAN Frame tag on the Ethernet frame which
arrives from a host to an access port.
– (3) A switch can find VLAN to which the tagged Ethernet frame
belongs to.
• (3.1) Frame Filtering: If the destination MAC address is known and
listed in the table, the switch removes the VLAN tag before
directing the frame to it VLAN access port. VLAN membership
information is hence transparent to the end devices.
• (3.2) Else, switch forwards the frame to another switch or router
through its VLAN trunk port. The tagged frame passes through the
trunk link.
25-Aug-2017
CSIT1002
73 of 160

VLAN (10/11)
• Trunk Link
– The link that connects two switches (or) a router and a switch
– It carries multiple VLAN traffic from/to a Trunk port.
25-Aug-2017
CSIT1002
74 of 160

VLAN (11/11)
• Trunk Port
– It receives multiple VLAN traffic.
25-Aug-2017
CSIT1002
75 of 160

VLAN Configuration
• Configuration depends on the needs of the VLAN
• Types
– Static VLANs
– Dynamic VLANs
• Static VLANs
– Configured port-by-port and called as port-based VLANs.
– If users change the access port to the VLAN, the port should be
configured again. Thus not suited for larger networks.
25-Aug-2017
CSIT1002
76 of 160

Dynamic VLAN (1/3)
• Configuration is much flexible and is often created using
software or protocol.
• According to the information passed through switch ports,
administrators can assign switch port to VLAN dynamically
with a VMPS (VLAN Management Policy Server).
• Ports automatically learn their VLAN assignment.
• Classified in three categories
– MAC-based VLAN
– IP subnet based VLAN
– User-based VLAN
25-Aug-2017
CSIT1002
77 of 160

Dynamic VLAN (2/3)
• MAC-based VLAN
– An entry corresponding to the MAC to VLAN mapping should
be configured in the MAC to VLAN table in the switch. An entry
is specified using a source MAC address and the appropriate
VLAN ID.
– The switch assigns the incoming untagged packets to a VLAN
when the corresponding entries are available in the table.
• i.e. Classifies traffic based on the source MAC address of the
packet.
25-Aug-2017
CSIT1002
78 of 160

Dynamic VLAN (3/3)
• IP subnet based VLAN
– IP subnet VLANs are based on Layer-3 information from packet
headers. All the end workstations in an IP subnet are assigned
to the same VLAN.
– The switch makes use of the network-layer address (E.g.
Subnet address for TCP/IP networks) in determining VLAN
membership. If a packet is untagged, the switch associates the
packet with the matching IP subnet classification.
– Users can move their workstations without reconfiguring their
network addresses.
25-Aug-2017
CSIT1002
79 of 160

Benefits & Drawbacks of VLAN
• Benefits
– Easier to add and move stations on the LAN.
– Easier to reconfigure the LAN.
– Provide the flexibility to adapt to changes in network
requirements.
– Allow for simplified administration.
– Better traffic control.
– Increased security.
• Drawbacks
– Management of VLAN is very complex.
– It has possible problems in interoperability.
– Port constraint’s are possible.
– Number of devices are limited.
25-Aug-2017
CSIT1002
80 of 160

Security & Terminologies (1/2)
• Security: The protection of computer hardware & software
from accidental or malicious access, use, modification,
destruction or disclosure.
• The advent of Internet has made security an important
aspect in today’s world.
• Vulnerability
– Weakness that makes target susceptible to an attack.
• Threat
– A scenario which causes harm to the operational system.
– A threat is a possible danger that might exploit a vulnerability.
• A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach
security and cause harm.
25-Aug-2017
CSIT1002
82 of 160

Security & Terminologies (2/2)
• Attack
– An assault on system security that derives from an intelligent
threat/act which is deliberately done (especially in the sense
of a method or technique) to evade security services and
violate the security policy of a system.
– Classifications
• Phishing
– Fraudulent practice of sending emails purporting to be from
reputable companies in order to induce individuals to reveal
personal information (such as passwords & credit card details).
25-Aug-2017
CSIT1002
83 of 160

Components of Security (1/2)
• CIA’s of Security
• Confidentiality (C)
– Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and
proprietary information.
– A loss of confidentiality is the unauthorized disclosure of
information.
• Integrity (I)
– Guarding against improper information modification or
destruction, including ensuring information nonrepudiation
and authenticity.
– A loss of integrity is the unauthorized modification or
destruction of information.
25-Aug-2017
CSIT1002
84 of 160

Components of Security (2/2)
• Availability (A)
– Ensuring timely and reliable access to and use of information.
– A loss of availability is the disruption of access to or use of
information or an information system.
25-Aug-2017
CSIT1002
85 of 160

Security Attacks (1/10)
• Active Vs. Passive Attack
– Active attacks involve some modification of the data stream or
the creation of a false stream.
– Passive attacks are in the nature of eavesdropping on, or
monitoring of transmissions. The goal of the opponent is to
obtain information that is being transmitted.
25-Aug-2017
CSIT1002
Security Attacks
Active Attack
Masquerade
Modification of
messages
Denial of
Service
Passive Attack
Release of message
contents
Traffic
analysis
86 of 160

25-Aug-2017
CSIT1002
87 of 160

BASIS FOR COMPARISON ACTIVE ATTACK PASSIVE ATTACK
Basic
Active attack tries to
change the system
resources or affect their
operation.
Passive attack tries to read or
make use of information from
the system but does not affect
system resources.
Modification in the
information
Occurs does not take place
Harm to the system
Always causes damage to
the system.
Do not cause any harm.
Threat to Integrity and availability Confidentiality
Attack awareness
The entity (victim) gets
informed about the attack.
The entity is unaware of the
attack.
Task performed by the
attacker
Gains physical control of a
portion of the link to insert
and capture transmission.
Just need to observe the
transmission.
Emphasis is on Detection Prevention
25-Aug-2017
CSIT1002
88 of 160

• Passive attacks are very difficult to detect, because they do
not involve any alteration of the data.
– Typically, the message traffic is sent and received in an
apparently normal fashion, and neither the sender nor
receiver is aware that a third party has read the messages or
observed the traffic pattern.
• The emphasis in dealing with passive attacks is on
prevention (by means of encryption) rather than detection.
25-Aug-2017
CSIT1002
89 of 160

• Some of the things that needs to be protected are
– Active Attack
• Masquerade / Impersonation
• Modification of messages / Loss of Integrity
• Denial of Service
– Passive Attack
• Release of message contents / Loss of Privacy
• Traffic Analysis
25-Aug-2017
CSIT1002
90 of 160

• Impersonation/ Masquerade - Fabrication
25-Aug-2017
CSIT1002
91 of 160

• Loss of Integrity
25-Aug-2017
CSIT1002
92 of 160

• Denial of Service
25-Aug-2017
CSIT1002
93 of 160

25-Aug-2017
CSIT1002
• Release of message contents (Interception)
– A telephone conversation, an electronic mail message, and a
transferred file may contain sensitive or confidential
information. An opponent should be unable to learn the
contents of these transmissions.
• Traffic analysis
– Even when the encryption protection is in place, an opponent
might still be able to observe the pattern of these messages.
– The opponent could determine
• The location and identity of communicating hosts
• Observe the frequency and length of messages being exchanged.
– This information might be useful in guessing the nature of the
communication that was taking place.
94 of 160

• Loss of Privacy/Release of message content (Interception)
25-Aug-2017
CSIT1002
95 of 160

Terminologies (1/4)
• Cryptology
– Science concerned with data communication and storage in
secure and usually secret form.
– It encompasses both cryptography and cryptanalysis.
• Cryptography
– The word cryptography in Greek means “secret writing.”
• Secret (crypto-) writing (-graphy)
– The term today refers to the science and art of transforming
messages to make them secure and immune to attacks.
• Cryptanalysis
– The study of principles and methods of transforming an
unintelligible message back into an intelligible message
without knowledge of the key. Also called Codebreaking.
25-Aug-2017
CSIT1002
97 of 160

Terminologies (2/4)
• Encipher/Encode/Encryption
– The process of converting plaintext (original intelligible
message) to ciphertext (transformed message).
• Decipher /Decode/Decryption
– The process of converting ciphertext back into plaintext
• Cipher
– An algorithm for transforming an intelligible message
(Plaintext) into unintelligible (ciphertext) by transposition
and/or substitution
25-Aug-2017
CSIT1002
98 of 160

Terminologies (3/4)
• Cryptanalytic attacks
– Attacks that rely on the nature of the algorithm & some
knowledge of the general characteristics of the plaintext or
even some sample plaintext–ciphertext pairs.
– This type of attack exploits the characteristics of the algorithm
to attempt to deduce a specific plaintext or to deduce the key
being used.
• Brute-force attack
– The attacker tries every possible key on a piece of ciphertext
until an intelligible translation into plaintext is obtained.
– On average, half of all possible keys must be tried to achieve
success.
25-Aug-2017
CSIT1002
99 of 160

Terminologies (4/4)
• Key
– Some critical information used by the cipher (algorithm), known
only to the sender & receiver.
– Random string of characters.
– The key is used by the cipher on the original data’s bits to
generate a unique data block i.e., Cipher text.
– Longer keys make it more difficult to decrypt.
– Hackers may attempt to crack a key by using brute force attack.
– Keys are randomly generated by the encryption software.
• Types of Cryptography
– Symmetric Key Cryptography
– Asymmetric Key Cryptography or Public Key Cryptography
25-Aug-2017
CSIT1002
100 of 160

Symmetric Key Cryptography (1/4)
• Encryption and decryption is done using the same key.
• Data encrypted using single key, that only sender and
receiver know.
• Few Symmetric key encryption algorithms: AES, DES, 3DES.
– Data Encryption Standard (DES): 56-bit key
– Triple DES (3DES): Weaves 56-bit key through data three
times/rounds.
– Advanced Encryption Standard (AES): weaves 128/192/256-bit
keys through data multiple times i.e, 10, 12 or 14 rounds
respectively.
• Used in military communication.
25-Aug-2017
CSIT1002
101 of 160

25-Aug-2017
CSIT1002
102 of 160

• Operational Procedure
25-Aug-2017
CSIT1002
103 of 160

• Operational Procedure (contd.)
25-Aug-2017
CSIT1002
104 of 160

Asymmetric Key Cryptography (1/8)
• The Public key may be freely distributed, while its paired
private key must remain secret.
• The public key is used for encryption, while the private key is
used for decryption.
• Public key server
– Publicly accessible host that freely provides list of users’ public
keys.
• Key pair
– Public key & Private key pair.
25-Aug-2017
CSIT1002
105 of 160

25-Aug-2017
CSIT1002
106 of 127

25-Aug-2017
CSIT1002
107 of 160

• Just an example:
– Public Key = 4, Private Key = 1/4, message (M) = 5
– Encryption: Ciphertext (C) = M x Public Key
• C = 5 x 4 = 20
– Decryption: Plaintext (M) = C x Private Key
• 20 x ¼ = 5
25-Aug-2017
CSIT1002
108 of 160

• Some Public key encryption algorithms are:
– RSA (Ronald Rivest, Adi Shamir, and Len Adleman )
– ElGamal Encryption
– Elliptic Curve
– Digital Certificate or Public key certificate
25-Aug-2017
CSIT1002
109 of 160

• Public Key Infrastructure (PKI)
– A system that uses public-key encryption & digital certificates
to achieve secure Internet services.
– Four major parts in PKI
• Certification Authority (CA)
• A Directory Service
• Services, Banks, Web servers
• Business Users
25-Aug-2017
CSIT1002
110 of 160

• Key services provided by PKI
– Authentication (Digital Certificate)
– Integrity (Encryption)
– Confidentiality (Encryption)
– Access control
– Non-repudiation (Digital Signature)
• Ensure that the sender or receiver does not deny that the
message is sent or received by them.
• A timestamp can be used to give the details of the time when the
message was sent by the sender and when it was received by the
receiver.
25-Aug-2017
CSIT1002
111 of 160

• Symmetric vs. Asymmetric Encryption
25-Aug-2017
CSIT1002
112 of 160

Digital Certificate (1/2)
• An attachment to an electronic message used to verify that a
user who sends a message is who he or she claims to be, and
to provide the receiver with the means to encode a reply.
• It is a data with digital signature from a trusted Certification
Authority which provides foundation for
– Identification
– Authentication
– Non-repudiation
• Certification Authority (CA)
– A trusted agent who certifies public keys for general use
(Corporation or Bank).
– User has to decide which CAs can be trusted.
25-Aug-2017
CSIT1002
113 of 160

Digital Certificate (2/2)
– The applicant (individual wishing to send an encrypted
message) requests a CA for a Digital Certificate.
– CA issues an encrypted Digital Certificate containing the
applicant's public key and a variety of other identification
information.
– CA makes its own public key readily available through print
publicity or perhaps on the Internet.
– The recipient of an encrypted message uses the CA's public key
to decode the digital certificate attached to the message,
verifies it as issued by the CA and then obtains the public key
and identification information held within the certificate.
– With this information, the recipient can send an encrypted
reply.
25-Aug-2017
CSIT1002
114 of 160

Diffie-Hellman Key Exchange (1/4)
• Key Exchange (also known as "key establishment")
algorithms are used to establish a shared secret between
two parties.
• Diffie-Hellman Key Exchange Algorithm is primarily used as a
method of exchanging cryptography keys (private key) for
use in Symmetric encryption algorithms like AES.
– This shared key is later used to exchange information between
two parties across an insecure channel.
25-Aug-2017
CSIT1002
115 of 160

25-Aug-2017
CSIT1002
116 of 160

• Example
– Step 1: Alice & Bob share prime number P = 23 & an integer G = 7
– Step 2: Alice & Bob select their private key (a & b) which is <P
• Alice: A = 4, Bob: B = 3
– Step 3: Alice & Bob compute public values
• Alice: X = G
A
mod P = (7
4
mod 23) = (2401 mod 23) = 9
• Bob: Y = G
B
mod P = (7
3
mod 23) = (343 mod 23) = 21
– Step 4: Alice & Bob exchange public numbers
– Step 5: Alice & Bob receive each others public key
• Alice gets Y = 21, Bob gets X = 9
– Step 6: Alice & Bob compute the shared Symmetric key
• Alice: kA = Y
A
mod P = 21
4
mod 23 = 194481 mod 23 = 16
• Bob: kB = X
B
mod P = 9
3
mod 23 = 729 mod 23 = 16
– Step 7: 16 is the shared secret key of Alice and Bob.
25-Aug-2017
CSIT1002
Primitive root of P
117 of 160

• Man-in-the-middle Attack
25-Aug-2017
CSIT1002
118 of 160

Secure Messaging
• It is used to protect the document from eavesdropping and
not altered during the transmission to assure that there is
Integrity.
• Encryption alone is not sufficient to ensure the integrity of
the document. Integrity can be ensured with some
techniques in addition to encryption.
– Message Digest
– Digital Signature
25-Aug-2017
CSIT1002
120 of 160

Message Digest (1/2)
– Sender: Performs a hash function on the document and
computes the message digest (hash value based on the
document) to ensure that the document is not altered during
transmission.
• Hashing is one-way & hashing uses a one-to-one function.
– Sender: The Message together with Message Digest is
encrypted before sending it to Receiver.
– Receiver: Decrypts the message and performs the same hash
function on the document.
– Receiver: The digest calculated is compared with the received
digest to ensure the integrity of the contents. i.e. not altered
during transmission.
25-Aug-2017
CSIT1002
121 of 160

Message Digest (2/2)
• Common Hash functions
– MD5 (Message Digest 5)
• MD5 produces 120-bit hash value
– SHA-1 (Secure Hash Algorithm)
• SHA-1 produces 160-bit hash value.
25-Aug-2017
CSIT1002
122 of 160

Digital Signature (1/4)
• Digital signature ensures the authenticity of the sender and
integrity of the document.
• Using a digital signature means applying the sender’s private
key to the message or to the message digest. This process is
known as signing.
25-Aug-2017
CSIT1002
123 of 160

• Operational Procedure of Data Communication with an
Asymmetric Cipher, Message Digest & Digital Signature.
– Assumptions:
• Sender (A) wants to sent Data (D) to Receiver (B).
• A & B had made their Public key (PubA & PubB) available in the
Common Public Key Server.
• A & B have the corresponding private keys (PrivA & PrivB).
• A & B have a decided on the Hash function (HF).
– A’s Side
• Computes Message Digest (MDA) from ‘D’ using HF.
• Computes Digital Signature (SignA) from MDA with PrivA using a
Signature Algorithm.
• Computes Cipher text from ‘D’ and SignA with PubB using an
Encryption Algorithm.
• Send Cipher text to B.25-Aug-2017
CSIT1002
124 of 160

– B’s Side
• Receive the Cipher text sent by A.
• Decrypt the Cipher text with PrivB and extracts ‘D’ & SignA.
• Computes MDA from SignA with PubA using a Verification
Algorithm.
• Compute MDA1 from ‘D’ using the same HF.
• Compare MDA and MDA1. If they are same then A is an authentic
sender and Integrity of ‘D’ is also ensured.
25-Aug-2017
CSIT1002
125 of 160

• Summary
25-Aug-2017
CSIT1002
126 of 160

Identity & Access Management
• IAM technology initiates, captures, records and manages
identity of the user and automates their access permission.
– i.e. A process which facilitates the management of electronic
identities of a business for any kind of access.
• It ensures that all individuals and services are properly
authenticated and authorized.
25-Aug-2017
CSIT1002
127 of 160

Data Security (1/2)
• Data
– Raw information stored in Network Servers, PCs & Databases.
• Data Security
– The practice of keeping data protected from unauthorized
access, corruption and ensuring privacy in protecting personal
or corporate data.
– Data security ensures the security of data from data loss or
data theft.
• Internet has made data security important.
• Example
– Bank account details are stolen or a system administrator who
looses the client information in their database.
25-Aug-2017
CSIT1002
129 of 160

Data Security (2/2)
• Essential steps to protect sensitive information
– Encryption
• Encryption uses different algorithms and mathematical schemes
to scramble the data and makes it unreadable. Decrypting or
decoding the data would require an associated key.
– Strong User Authentication
• Authentication is similar to the email or blog account sign-in
process, wherein a single sign-on allows access to log into
computer system and the applications, files, folders until logging
out. It is called as a single session.
• In some cases, systems cancel a session if the machine is idle for
a certain amount of time and a re-log is required to prove the
authentication to gain access again.
• A password, OTP, fingerprint are some of the factors which the
individuals are asked during log in for authentication.
25-Aug-2017
CSIT1002
130 of 160

Authentication Protocols (1/2)
• An authentication protocol is a type of computer
communications protocol or cryptographic protocol specifically
designed for transfer of authenticated data between two
entities.
• A first step in establishing a remote access connection is
authenticating the user to the server.
• Examples
– PAP - Password Authentication Protocol
– CHAP - Challenge-handshake authentication protocol
– EAP - Extensible Authentication Protocol
– IMAP- Internet Message Access Protocol
25-Aug-2017
CSIT1002
131 of 160

Authentication Protocols (2/2)
25-Aug-2017
CSIT1002
132 of 160

Storage Security (1/2)
• The security with regards to the backup data or stored data.
• Some of the threats include in storage security are:
– Unauthorized access from outside/outside the network.
– Accidental modification, disclosure or destruction of data by
authorized users.
– Destruction of data.
– Loss or theft of the physical media (drives, tapes, servers,
other storage devices).
– Data lost due to hardware/software failure or physical
destruction of the media (natural disaster, fire, etc.).
25-Aug-2017
CSIT1002
133 of 160

Storage Security (2/2)
• Data Storage Technologies
– Varies from small business (using File Servers) to an enterprise
(using Data Warehouse).
– Common Storage Technologies
• Direct Attached Storage (DAS)
• Network Attached Storage (NAS)
• Storage Area Networks (SAN)
• Common protection technologies to protect stored data
– Data encryption technologies
– Auditing/Monitoring technologies
– Access control technologies
– Backup and disaster recovery technologies
– Secure data destruction technologies
25-Aug-2017
CSIT1002
134 of 160

Network Security (1/2)
• Activities designed to protect the reliability, integrity,
usability and the safety of the data in the network.
• Some common threats that are spread over the internet:
– Identity theft
– Virus, Worms and Trojan horse
– Spy ware, ad ware
– Zero-hour attacks
– Denial of service attacks
– Data interception and theft.
25-Aug-2017
CSIT1002
136 of 160

Network Security (2/2)
• Multi-Layered Security
• Network security components (Work together to minimize
maintenance & improve security) include
– Secured websites
– Required password authentication
– Telephone or email-based confirmation methods with regard
to online purchases
– Firewall
– Anti-Virus & Anti-Spyware
– Intrusion Prevention System (Identifies fast spreading threats)
– Virtual Private Networks (Provide remote secure access)
25-Aug-2017
CSIT1002
137 of 160

Identity Theft
• Identity theft (Identity fraud) is a crime in which an attacker
obtains key pieces of personally identifiable information in
order to impersonate someone else.
• Identity theft is categorized two ways
– True name identity theft
• The thief uses personal information to open new accounts.
– Account-takeover identity theft
• The imposter uses personal information to gain access to the
person's existing accounts.
25-Aug-2017
CSIT1002
138 of 160

Virus
• A computer virus attaches itself to a program or file enabling
it to spread from one computer to another, leaving
infections as it travels.
• Almost all viruses are attached to an executable file, which
means the virus may exist on your computer but it actually
cannot infect your computer unless you run or open the
malicious program.
• Because a virus is spread by human action, people will
unknowingly continue the spread of a computer virus by
sharing infecting files or sending emails with viruses
as attachments in the email.
25-Aug-2017
CSIT1002
139 of 160

Worms
• A worm is similar to a virus by design and is considered to be
a sub-class of a virus.
• Worms spread from computer to computer, but unlike a
virus, it has the capability to travel without any human
action.
• The biggest danger with a worm is its capability to replicate
itself on your system, so rather than your computer sending
out a single worm, it could send out hundreds or thousands
of copies of itself, creating a huge devastating effect.
25-Aug-2017
CSIT1002
140 of 160

Trojan Horse
• A Trojan Horse is full of as much trickery as the mythological
Trojan Horse it was named after.
• Trojans are also known to create a backdoor on your
computer that gives malicious users access to your system,
possibly allowing confidential or personal information to be
compromised.
• Vs. viruses and worms
– Trojans do not reproduce by infecting other files nor do they
self-replicate.
25-Aug-2017
CSIT1002
141 of 160

Spy ware & Ad ware
• Spyware
– Spyware is considered a malicious program and is similar to
a Trojan Horse in that users unwittingly install the product
when they install something else.
• Adware
– A program that generates pop-ups on your computer or
displays advertisements. These advertisements may hide some
harmful codes. After clicking on that advertisement some
harmful code is installed on your computer.
25-Aug-2017
CSIT1002
142 of 160

Zero Hour Attack (1/2)
• A zero-day threat is also known as a zero-hour attack or day-
zero attack.
• By discovering a software vulnerability before the software's
developers do, a hacker can make a worm or virus that can
be used to exploit the vulnerability and harm computers.
• Typically, the zero-day attack exploits a bug that neither
developers, nor the users, know about.
25-Aug-2017
CSIT1002
143 of 160

Zero Hour Attack (2/2)
• Not all zero-day attacks actually take place before the
software developers discover the vulnerability.
– In certain cases, the developers discover and understand the
vulnerability; however, it may take some time to develop the
patch to fix it.
– Also, software makers may occasionally postpone a patch
release to avoid flooding users with several individual updates.
– If the developers find that the vulnerability is not extremely
dangerous, they may decide to postpone the patch release
until a number of patches are collected together.
– Once these patches are collected, they are released as a
package. However, this strategy is risky because could invite a
zero-day attack.
25-Aug-2017
CSIT1002
144 of 160

Data Interception and Theft
• When packets travel across a network, they are susceptible
to being read or modified.
• An attacker monitors data streams to or from a target, in
order to gather sensitive information.
• The tool that is used for data interception is called packet
analyzer or packet sniffer.
25-Aug-2017
CSIT1002
145 of 160

Intrusion Detection System (1/2)
• A system which detects any abnormal events in the network
and informs to the concerned person.
• Some of the symptoms are as follows:
– Identifying repeated attempts to log in from remote locations.
– Abnormal increase in bandwidth consumptions suddenly.
• Some precautions that the network security administrator
must perform to prevent attacks:
– Frequent updating of Anti-Virus.
– Configuring the Firewall to filter an intruder’s IP address.
– Indicating the threat via a beep.
25-Aug-2017
CSIT1002
146 of 160

Intrusion Detection System (2/2)
25-Aug-2017
CSIT1002
147 of 160

Intrusion Prevention System (1/2)
• Vs. IDS
– IDS creates a database of irregularities occurring inside the
internal network executed by any malicious hacker and
informs the abnormality to the concerned person but is not
able to block that particular attack. i.e. IDS is a passive system
that scans traffic and reports back on threats
– The Intrusion Prevention System (IPS) instead detects this
activity and blocks the access to its target network. i.e. IPS
actively analyses and takes automated actions on all traffic
flows that enter the network.
• IPS often sits directly behind the Firewall and it provides a
complementary layer of analysis that selects the dangerous
content.
25-Aug-2017
CSIT1002
148 of 160

Intrusion Prevention System (2/2)
• Actions taken by IPS include
– Sending an alarm to the administrator (as would be seen in an
IDS)
– Dropping the malicious packets
– Resetting the connection
• The IPS must also detect and respond accurately, so as to
eliminate threats and false positives (legitimate packets
misread as threats).
25-Aug-2017
CSIT1002
149 of 160

Configuration Management
• The Configuration Management shows the information of
the hardware and software of the enterprise by recording
and updating it.
– The versions and updates that are applied to the software
packages installed, the locations and network addresses of
hardware devices are some of the information that are
maintained and monitored in a CM.
• Any system hardware or software upgradation would
require an administrator to access the configuration
management program’s database to know the current
installed configuration which gives the administrator a clear
information about the current situation and helps him in
making decisions regarding any upgrade.
25-Aug-2017
CSIT1002
150 of 160

Patch Management
• A patch management involves testing, acquiring and
installing multiple code changes or patches to an
administered system.
• Some of the patch management tasks are:
– Deciding on the appropriate patches for particular systems
– Ensuring proper installation of the patches
– Testing process after installation
– Documentation of the procedures and maintaining current
knowledge of available patches
25-Aug-2017
CSIT1002
151 of 160

Security Operations Center (1/3)
• A security operations center (SOC) is a centralized unit that
deals with security issues on an organizational and technical
level.
• Malicious activities should be managed by engaging the
technical security activities and actions has to be
recommended based on the review of the activities as well
as the reports.
• The client control environment has to be monitored to make
sure that breaches in the procedures, or any malicious
activity are identified and reported.
25-Aug-2017
CSIT1002
152 of 160

• The SOC focuses on monitoring the critical systems
24*7*365, for any indication of malicious activity from
intruders which can paralyze the core business.
• The SOC alerts the client company immediately on any
potential security breach that can have a devastating effect
on the integrity of their network and also provide remedies.
• Daily and monthly reports are provided with the
documentation on the detection of any threatening anomaly
and the action taken on such threats.
25-Aug-2017
CSIT1002
153 of 160

• Some of the services of SOC include:
– Vulnerability assessments
– Penetration testing
– Compliance audits
– Ethical Hacking
25-Aug-2017
CSIT1002
154 of 160

Physical Security (1/2)
• Physical security is the protection of personnel, hardware,
software, networks and data from physical actions and
events that could cause serious loss or damage to an
enterprise, agency or institution.
– This includes protection from fire, flood, natural disasters,
burglary, theft and vandalism.
• Physical security has three important components:
– Access control
– Surveillance
– Testing
25-Aug-2017
CSIT1002
155 of 160

Physical Security (2/2)
• Operation
– (1) Obstacles should be placed in the way of potential
attackers and physical sites should be hardened against
accidents, attacks or environmental disasters.
• Such hardening measures include fencing, locks, access control
cards, biometric access control systems and fire suppression
systems.
– (2) Physical locations should be monitored using surveillance
cameras and notification systems, such as intrusion detection
sensors, heat sensors and smoke detectors.
– (3) Disaster recovery policies and procedures should be tested
on a regular basis to ensure safety and to reduce the time it
takes to recover from disruptive man-made or natural
disasters.
25-Aug-2017
CSIT1002
156 of 160

Perimeters and Access Control
• The access point of the building (boundary between the
private and public area) is called perimeter area and should
be secure.
• Investment should be made on good quality access controls.
• Some of these are:
– Strongly constructed doors, windows, gates with very high
locking mechanism
– Magnetic swipe identification cards or proximity cards
– Robust fencing and walls to protect against any intrusions or
major attacks with security lights, Perimeter Intrusion
Detection System (PIDS) and CCTVs.
– Guards with proper weapons to handle any rough situations
– Virtualization Security
25-Aug-2017
CSIT1002
157 of 160

Virtualization Security
• Server virtualization is today’s most widely deployed
technologies.
• Many organizations are into virtualization for the reasons
like cost efficiency, ease of deployment and management of
the systems.
• Virtualization security is the collective measures, procedures
and processes that ensure the protection of a virtualization
infrastructure / environment.
• Many potential threats target the virtualization technology
as it connects to the network and storage infrastructure.
25-Aug-2017
CSIT1002
158 of 160

Peep into the next Module
• Application and Middleware Overview
– Introduction to Common Messaging System
– Web Tier Deployment, Application Servers & Clustered Deployment
– Email
– Data Warehousing
25-Aug-2017
CSIT1002
159 of 160

Network security

More Related Content

What's hot

Similar to Network security

More from Christalin Nelson

Recently uploaded

Network security