Upload
onydony
View
227
Download
0
Embed Size (px)
Citation preview
8/20/2019 Computer Communication and Security
1/44
Chapter 3
Computer Communication
and Security
8/20/2019 Computer Communication and Security
2/44
Chapter 3 Objectives
Communicationsand Network
terminology andapplications
Variouscommunicationsdevices, media,and procedures
Type of ComputerNetworks
Describe the typesof computer-
network & Internetsecurity risks
Identify ways tosafeguard againstNetwork-based
attacks
Techniques toprevent Network
Attacks
8/20/2019 Computer Communication and Security
3/44
Communications
• What are computer communications? • Process in which two or more computers or devices transfer data, instructions, and
information
8/20/2019 Computer Communication and Security
4/44
Communications
• What is needed for successful communications?
• Initiates instruction to transmit data, instructions, or information. Commonly in softwareforms
Sending device
• Connects the sending device to the communications channel
Communications device
• Media on which data, instructions, or information travel
Communications channel
• Connects the communications channel to the receiving device
Communications device
• Accepts transmission of data, instructions, or information
Receiving device
8/20/2019 Computer Communication and Security
5/44
Communication Software
• What is communications software?
Programs that help users
establish connection toInternet, other network,
or another computer Programs that help users
manage transmission of
data, instructions,
and information
Programs that provide aninterface for users to
communicate with one
another
8/20/2019 Computer Communication and Security
6/44
Communication Devices
• What are examples of communications
devices?
Common types are [dial-up modems, ISDN & DSLmodems, broadband/cable modems] For
Internet Communication, and [network cards,wireless access points, routers, and
hub/switches] for General Computer NetworkCommunications
8/20/2019 Computer Communication and Security
7/44
Communication Devices
• What is a modem?• Converts digital signals to analog signals and vice versa
• Notebook computers often use PC Card modem
Dial Up Modems
Cable and Wireless Broadband Modems
Faster Internet Connection
8/20/2019 Computer Communication and Security
8/44
Communications Devices
• What is a network card?
– Adapter card, PC Card, or
compact flash card that
enables computer ordevice to access network
– Sometimes called network
interface card (NIC)
8/20/2019 Computer Communication and Security
9/44
Communications Devices
• What is a wireless access
point?
– Central communications
device that allows
computers and devices to
transfer data wirelessly
among themselves or to
wired network
8/20/2019 Computer Communication and Security
10/44
Communications Devices
• What is a router?
– Connects computers and
transmits data to correct
destination on network
– Routers forward data on
Internet using fastest
available path
8/20/2019 Computer Communication and Security
11/44
Communications Devices
8/20/2019 Computer Communication and Security
12/44
Communications Devices
• What is a switch/hub?
– Device that provides
central point for cables in
network
8/20/2019 Computer Communication and Security
13/44
Communications Channel
• What is a channel?
– Transmission media on which data travels in
communications system
Transmission mediaare materials
capable of carryingone or more signals
Bandwidth isamount of datathat can travelover channel
8/20/2019 Computer Communication and Security
14/44
Transmission Media
Physical
• Optical Fiber
• Twisted Pair
Cables• Coaxial Cable
Wireless
• CommunicationsSattelite
• Microwave Radio• Cellular Radio (2G,
2,5G, 3G, etc)
• Broadcast Radio(Wi-fi, Bluetooth)
• Infrared
8/20/2019 Computer Communication and Security
15/44
Computer Network
• What is a network?
– Collection of computers
and devices connected
via communicationsdevices and
transmission
media
8/20/2019 Computer Communication and Security
16/44
Computer Network
• What is a local area
network (LAN)?
– Network in limited
geographical area suchas home or office
building
– Metropolitan area
network (MAN)connects LANs in city or
town
8/20/2019 Computer Communication and Security
17/44
Computer Network
• How to Join a computer into a LAN
IP address is a numerical label assigned to each device
(e.g., computer, printer) participating in a computer
network
8/20/2019 Computer Communication and Security
18/44
Computer Network
• What is a wide area
network (WAN)?
– Network that covers
large geographic areausing many types of
media
– Internet is world’s
largest WAN
8/20/2019 Computer Communication and Security
19/44
Computer Network
• What is a client/server
network?
– One or more computers act
as server and othercomputers, or clients, access
server
8/20/2019 Computer Communication and Security
20/44
Computer Network
• What is an Intranet?
Internal network that uses Internet technologies
Makes information accessible to employees
Typically includes connection to Internet
Extranet allows customers or suppliers to accesspart of company’s intranet
8/20/2019 Computer Communication and Security
21/44
Network Risks & Security
8/20/2019 Computer Communication and Security
22/44
Computer Security Risks
• What is a computer security risk?
– Action that causes loss of or damage to computer
system
– Mostly happened when computer connected into
a network
• Easier to access, more unpredictable than attacking
unattended computer
8/20/2019 Computer Communication and Security
23/44
Computer Viruses, Worms, and Trojan Horses
• What are viruses, worms, and Trojan horses?
Virus is a potentially
damaging
computerprogram
Worm copiesitself repeatedly,
using upresources
and possiblyshutting downcomputer or
network
Trojan horse hides
within
or looks likelegitimate program
until triggered
Payload
(destructive
event) that isdelivered when
you open file, run
infected program, or
boot computer with
infected disk
in disk driveCan spreadand
damage
files
Does not
replicate
itself on
other
computers
8/20/2019 Computer Communication and Security
24/44
• How can a virus spread through an e-mail
message?
Step 1. Unscrupulous
programmers create a virus
program. They hide the
virus in a Word document
and attach the Word
document to an e-mail
message.
Step 2. They use
the Internet to send
the e-mail message
to thousands of
users around the
world.
Step 3b. Other users do not
recognize the name of the
sender of the e-mail message.
These users do not open the
e-mail message. Instead they
delete the e-mail message.
These users’ computers are not
infected with the virus.
Step 3a. Some
users open the
attachment and
their computers
become infected
with the virus.
Computer Viruses, Worms, and Trojan Horses
8/20/2019 Computer Communication and Security
25/44
• What are some tips for preventing virus,
worm, and Trojan horse infections?
Install a personal
firewall program
If the antivirusprogram flags an
e-mail attachment
as infected, delete
the attachment
immediately
Never download or
install suspicious
software from
untrusted sources
Never open ane-mail attachment
unless you are
expecting it and
it is from a
trusted source
Install an antivirus
program on all of your
computers
Check alldownloaded
programs for
viruses, worms,
or Trojan horses
Computer Viruses, Worms, and Trojan Horses
8/20/2019 Computer Communication and Security
26/44
DOS & Backdoor
• What is a denial of service (DOS) attack and
back door?
A denial of service attack is an assault whichdisrupts computer access to an Internet service
such as the Web or e-mail
A back door is a program or set of instructionsin a program that allow users to bypass
security controls when accessing a computer
resource
8/20/2019 Computer Communication and Security
27/44
Spoofing
• What is spoofing?
Makes a
network
or InternetTransmission appear legitimate
IP spoofing occurs when an intruder
computer fools a network into believing
its IP address is from a trusted source
Perpetrators of IP spoofing trick their
victims into interacting
with a phony Web site
8/20/2019 Computer Communication and Security
28/44
Solutions
• Best way to prevent spoofing and DOS is tobuild a firewall
– Implemented on network or installed on host as software (personal firewall)
8/20/2019 Computer Communication and Security
29/44
Solutions
• What is firewall?
– Security system consisting of hardware and/or
software that prevents unauthorized intrusion
8/20/2019 Computer Communication and Security
30/44
Solutions
• What is personal firewall? – Program that protects personal computer and its data from
unauthorized intrusions
– Monitors transmissions to and from computer
– Informs you of attempted intrusion
8/20/2019 Computer Communication and Security
31/44
Unauthorized Access and Use
• Unauthorized Access
– Use of a computer or network withoutpermission.
–
By connecting to it and then logging in as alegitimate user.
– Do not cause damages.
– Merely access the data, valuable information or
programs in the computer. – In some manners, can be categorized as
Information theft
8/20/2019 Computer Communication and Security
32/44
• Unauthorized Use
– Use of a computer or its data for unapproved or
illegal activities.
– Ex: gaining access to a bank computer andperforming an unauthorized bank transfer etc.
Unauthorized Access and Use
8/20/2019 Computer Communication and Security
33/44
Solutions
• How to prevent unauthorized access and use?
– Make a good use of authorization control
8/20/2019 Computer Communication and Security
34/44
Solutions (Cont.)
• How to make good passwords?
GOOD
• Example:
@k|_|-@n@6-4L4Y
• Longer, alay-er, better
NEVER USE IT
•
Your birth-day• Your mother/dad/lover name
• Very predictable words
• Plain, not combinated
characters is weak against
brute-force attacks
8/20/2019 Computer Communication and Security
35/44
Solutions (Cont.)
• How to prevent unauthorized access and use?
– Disable file and printer sharing on Internet connection
– enable just
when you need it
File and
printer
sharing
turned off
8/20/2019 Computer Communication and Security
36/44
Solutions (Cont.)
• How to make information thief life’s much
harder?
– Use encryption
• Safeguards against information theft
• Process of converting plaintext (readable data) into
ciphertext (unreadable characters)
• Use key to generate cipherkey as combinations
• To read the data, the recipient must decrypt, or
decipher, the data
• See the demonstration
8/20/2019 Computer Communication and Security
37/44
Internet Security Risk
• Information Sniffing, How?
• H or L can get all sensitive un-encrypted informationpassed on network such as username and password
8/20/2019 Computer Communication and Security
38/44
Username,
Passwords,Credit card’s details
Internet Security Risk
• Website phising, How?
https://ib.bankmandiri.co.id/retail/Login.do?action=form https://ib.bangmandiri.co.id/retail/Login.do?action=form
Impersonated Login Page
Bank Mandiri’s
Server
Username,
Passwords,
Credit card’s details
Cracker’s Computer
Normal Login Page
8/20/2019 Computer Communication and Security
39/44
Internet Security Risk
• Website phising commonly
spread using emails and
social media
• Best implemented when
combined with social
engineering technique.
8/20/2019 Computer Communication and Security
40/44
Internet Security Risk
• Social engineering is an non-
technical, outside hacker's use
of psychological tricks on
legitimate users of a computer
system, in order to gain theinformation (usernames and
passwords) one needs to gain
access to the system.
• It utilizes two human weakness:
– no one wants to be consideredignorant
– human trust
8/20/2019 Computer Communication and Security
41/44
8/20/2019 Computer Communication and Security
42/44
8/20/2019 Computer Communication and Security
43/44
Solutions
• Protect yourselves from social engineering
– Be educated, aware, and a little bit paranoid.
– Never give out:
•
Usernames / ID numbers• Passwords / PIN numbers
• System information
• Credit card numbers
• Schedules
• Other Sensitive data
– Be aware of what is being asked
8/20/2019 Computer Communication and Security
44/44
End of Chapter 3