What are networks?

What is a Network?

A ``network'' has been defined[1] as ``any set of interlinking lines resembling a net, a network of roads || an interconnected system, a network of alliances.'' This definition suits our purpose well: a computer network is simply a system of interconnected computers. How they're connected is irrelevant, and as we'll soon see, there are a number of ways to do this.

Intro to Networks

• Computer networks do indeed run this world we live in. From banks, to schools, to businesses, virtually every system or process in today's world is affected, or run by a computer network.

Computer networks can be set up to meet whatever requirements a business or organization may need. Today's networks organize and manage information for people in all walks of life.

Why Networks?

Once connected to a network, computers can share and exchange information as well as resources. For most small business networks there is one or more server computers coordinating the network's activities. Some servers do require a specific type of operating system, though the larger servers can typically work with most operating systems

3 Types of Networks

There are three primary types of computer networks. 

• Peer to peer

• LAN (Local Area Networks)

• WAN (Wide Area Networks)

Peer to Peer Networks

Peer-to-peer networks don't necessarily require a server computer. Rather, each computer, or station, serves a different purpose with some "serving" data while others receive data. Oftentimes a local area network (LAN) will be set up as peer-to-peer. These are small networks like one you would set up in your home, or in a small business.

LAN

Client server networks are made up of one computer that acts as the main information hub. It sends and receives information to other computers (clients) in the network. Servers act as storage areas for files and databases, and are equipped with larger disk drives, more memory capacity, and more powerful central processors than the client stations. These are large networks, but can also function as LANs as well. 

WAN

Wide area networks(WAN) are made up of computers spread across a large geographic area. The Internet is a WAN, made up of smaller local area networks. The equipment needed to run a wide area network is extensive, and costly.

Function

Today's computer networks transmit through either cable or wireless connections. Cable transmissions run along cable or fiber-optic wires, whereas wireless transmissions use radio and/or microwave frequencies. Wireless networks are the most popular.

Cable vs. Wireless

Though cable networks have physical limitations in terms of connecting cables, and fixed areas, they are more stable and reliable overall. Wireless networks are more prone to radio interferences, interference from other wireless devices, and physical obstructions such as buildings, or walls can disrupt their signal.

Protocol: Information Transfer

Computer networks all follow certain rules of communication when sending information back and forth. These are called network protocols. Information is sent in bundles, or in packet form. Different network protocols utilize specific packet transmissions, or packet switching.

Protocols: ID

Network protocols also provide the means by which computers can identify each other on a network. The size and purpose of the network will determine what type of network protocol is used.

Application Layer

Network protocols are used by servers as well as the computers they manage. Certain software applications, like web browsers, are designed to accommodate these protocols.

Risk Management: The Game of Security

It's very important to understand that in security, one simply cannot say ``what's the best firewall?'' There are two extremes: absolute security and absolute access. The closest we can get to an absolutely secure machine is one unplugged from the network, power supply, locked in a safe, and thrown at the bottom of the ocean. Unfortunately, it isn't terribly useful in this state. A machine with absolute access is extremely convenient to use: it's simply there, and will do whatever you tell it, without questions, authorization, passwords, or any other mechanism. Unfortunately, this isn't terribly practical, either: the Internet is a bad neighborhood now, and it isn't long before some bonehead will tell the computer to do something like self-destruct, after which, it isn't terribly useful to you

Types And Sources Of Network Threats

• Denial-of-Service

• Unauthorized Access

• Confidentiality Breaches

• Destructive Behavior

Denial-of-ServiceDoS (Denial-of-Service) attacks are probably the nastiest, and most

difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for service.

The premise of a DoS attack is simple: send more requests to the machine than it can handle. There are toolkits available in the underground community that make this a simple matter of running a program and telling it which host to blast with requests. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests (hits on the web site running there, for example).

Unauthorized Access

“Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks. The goal of these attacks is to access some resource that your machine should not provide the attacker. For example, a host might be a web server, and should provide anyone with requested web pages. However, that host should not provide command shell access without being sure that the person making such a request is someone who should get it, such as a local administrator.

Executing Commands Illicitly

It's obviously undesirable for an unknown and untrusted person to be able to execute commands on your server machines. There are two main classifications of the severity of this problem: normal user access, and administrator access. A normal user can do a number of things on a system (such as read files, mail them to other people, etc.) that an attacker should not be able to do. This might, then, be all the access that an attacker needs. On the other hand, an attacker might wish to make configuration changes to a host (perhaps changing its IP address, putting a start-up script in place to cause the machine to shut down every time it's started, or something similar). In this case, the attacker will need to gain administrator privileges on the host.

Confidentiality Breaches

We need to examine the threat model: what is it that you're trying to protect yourself against? There is certain information that could be quite damaging if it fell into the hands of a competitor, an enemy, or the public. In these cases, it's possible that compromise of a normal user's account on the machine can be enough to cause damage (perhaps in the form of PR, or obtaining information that can be used against the company, etc.)While many of the perpetrators of these sorts of break-ins are merely thrill-seekers interested in nothing more than to see a shell prompt for your computer on their screen, there are those who are more malicious, as we'll consider next. (Additionally, keep in mind that it's possible that someone who is normally interested in nothing more than the thrill could be persuaded to do more: perhaps an unscrupulous competitor is willing to hire such a person to hurt you.)

Destructive Behavior

• Among the destructive sorts of break-ins and attacks, there are two major categories.• Data Diddling.• The data diddler is likely the worst sort, since the fact of a break-in might not be

immediately obvious. Perhaps he's toying with the numbers in your spreadsheets, or changing the dates in your projections and plans. Maybe he's changing the account numbers for the auto-deposit of certain paychecks. In any case, rare is the case when you'll come in to work one day, and simply know that something is wrong. An accounting procedure might turn up a discrepancy in the books three or four months after the fact. Trying to track the problem down will certainly be difficult, and once that problem is discovered, how can any of your numbers from that time period be trusted? How far back do you have to go before you think that your data is safe?

• Data Destruction.• Some of those perpetrate attacks are simply twisted jerks who like to delete things. In

these cases, the impact on your computing capability -- and consequently your business -- can be nothing less than if a fire or other disaster caused your computing equipment to be completely destroyed.

Network Security

If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.

Firewalls

Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next

Hardware/ Software?

• Some operating systems come with a firewall built in. Otherwise, a software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet.

• Hardware firewalls are incredibly secure and not very expensive. Home versions that include a router, firewall and Ethernet hub for broadband connections can be found for well under $100.

What Firewall Software Does

A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

Firewalls: control network flow

A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network.

How Firewalls Work• Firewalls use one or more of three methods to control traffic flowing in and

out of the network:

• Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.

• Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.

• Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

Firewall filters• Firewall Configuration: Firewalls are customizable. This means that you can add or remove

filters based on several conditions. Some of these are:

• IP addresses - A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.

• Domain names -. A company might block all access to certain domain names, or allow access only to specific domain names.

• Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The http in the Web's protocol. Some common protocols that you can set firewall filters for include (next slide):

• Ports - Any server machine makes its services available to the Internet using numberedports, one for each service that is available on the server. For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.

• Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter.

Common Protocols• IP (Internet Protocol) - the main delivery system for information over the

Internet• TCP (Transmission Control Protocol) - used to break apart and rebuild

information that travels over the Internet• HTTP (Hyper Text Transfer Protocol) - used for Web pages• FTP (File Transfer Protocol) - used to download and upload files• UDP (User Datagram Protocol) - used for information that requires no

response, such as streaming audio and video• ICMP (Internet Control Message Protocol) - used by a router to exchange

the information with other routers• SMTP (Simple Mail Transport Protocol) - used to send text-based

information (e-mail)• SNMP (Simple Network Management Protocol) - used to collect system

information from a remote computer• Telnet - used to perform commands on a remote compute