Upload
carmel-wood
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
Networking and Security Issues in Digital Library
Dr. R. Radhakrishna Pillai
IIM Kozhikode
What is the Internet?• The largest computer network in the world (a
network of networks)• Information exchange is seamless using open, non-
proprietary standards and protocols, within interconnected networks
• Spirit of information sharing and open access underlies the Internet.
• Hosts (end Systems)
• Server
• Packet Switch/Router
• Modem
• Mobile
• Base Station
• Satellite link
Networking Components
• The rule for exchanging information between two
computers
Networking Protocol
• The communication always takes place
between two end systems (hosts)
End-to-end Communication
• The network core comprises of switches
or routers
Network Core
• In Circuit Switching the network resources (e.g., capacity/bandwidth) are
reserved for communication
Circuit Switching
• In Circuit Switching the network resources (e.g., capacity/bandwidth) are
reserved for communication
Circuit Switching
• In Packet Switching the network resources (e.g., capacity/bandwidth) are
NOT reserved for communication. Packets between various hosts
share common resources
Packet Switching
• Packet switched networks have “Efficient” utilization
of resources (e.g. The Internet) compared to
circuit switched networks (e.g., The Telephone
Network)
Classification of Networks
• Access networks connect the end-systems to the core
network. Different technologies are used for
access
Access Networks
• Access networks connect the end-systems to the core
network. Different technologies are used for access (e.g. Hybrid fiber-
coaxial access)
Access Networks
• Access networks connect the end-systems to the core
network. Different technologies are used for
access (e.g. Home Network)
Access Networks
• Various components of packet delay include
– Nodal processing delay
– Queueing delay
– Transmission delay
– Propagation delay
Delays in Networks
• Dependence of Queueing delay on traffic intensity
Delays in Networks
• Smaller sized packets result in smaller end-to-end
delays
Delays in Networks
• Layers of functions with standardised interface
between them
Protocol Stack
• Layers of functions with standardised interface between them
Protocol Stack
Storage Area Networks (SAN)
• Storage use is growing explosively Storage use is growing explosively • Managing locally attached storage is difficultManaging locally attached storage is difficult
– Backup Backup – Access by multiple serversAccess by multiple servers
• Combines the best of storage and networking Combines the best of storage and networking technologies to provide low latency, high technologies to provide low latency, high bandwidth, high availability interconnectbandwidth, high availability interconnect
• ComponentsComponents– ServersServers– Storage FabricStorage Fabric
Storage Area Networks (SAN)• SAN enables storage resources and server SAN enables storage resources and server
resources to grow independentlyresources to grow independently • Storage on a given server can be increased or
decreased as needed without complex reconfiguring or re-cabling of devices.
• Enforcing security policies for access rights to a given device is a core part of the infrastructure
• Data can be transferred directly from device to device without server intervention
• The primary technology used in storage area networks today is Fibre Channel.
Fibre Channel Technologies
• Arbitrated LoopArbitrated Loop
Host A Host B
DeviceE
DeviceC
DeviceD
The Infrastructure of the Internet
• An application that uses the Internet transport functions
• A system with universally accepted standards for storing, retrieving, formatting, and displaying information via a client/server architecture
• Based on HTML - standard hypertext language used in Web
• Handles text, hypermedia, graphics, and sound
Internet Services – World Wide Web
Internet Challenges• Internet Regulation
– Technical organizations (e.g., World Wide Web Consortium) develop standards governing the Internet’s functionality
– These organizations are not formally charged in any legal or operational sense with responsibility for the Internet
– How to control controversial content on the Web?
Internet Challenges (continued)• Internet Expansion
– Tremendous Internet traffic growth has strained some elements of the network
• Slower retrieval times
• Unreliable data transmission
• Denial of service by overloaded servers
– Approaches to overcoming this congestion include• Improved hardware technology
• Improved Web management software
Internet Challenges (continued)• Internet Privacy - Web sites collect information with and
without consumers’ knowledge– Cookie - small data file placed on users’ hard drives when a
site is first visited. Collects data on pages visited and content viewed.
– Three potential approaches to the privacy issue• Government lets groups develop voluntary privacy standards;
does not take any action now unless real problems arise• Government recommends privacy standards for the Internet;
does not pass laws at this time• Government passes laws now for how personal information can
be collected and used on the Internet
– Financial transaction security also a concern
Intranets• A private network that uses Internet
software and TCP/IP protocols– Provide employees with easy access to
corporate information– Used to deploy corporate applications
• Examples – policies and procedures manuals; human resource forms; product catalogs
– Security is a concern• Security measures include – public key security,
encryption, digital certificates, firewalls
Extranets• An extension of an intranet to selected outside
business partners, such as suppliers, distributors, and key customers– Provide business partners with easy access to corporate
information and easy collaboration
• Security– Critical to prevent unwanted entry into internal systems– Virtual private networks (VPNs) are often used to add
security to Internet communication
Operational Characteristics of Internet
• Internetworking technologies are based on open standards
• Internetworking technologies operate asynchronously
• Internet communications have inherent latency
• Naturally decentralised• Scalable
The rise of Internetworking: Business Implications
• Network becomes a computer• Quicker realization of economic value• Emergence of real-time infrastructure: Better data
better decisions, improved process visibility, Improved process efficiency, From make-to-sell to sense-and-respond
• Broader exposure to operational threats• New models of service delivery• Managing legacies
Future Internet Initiatives• Internet2
– A collaboration among more than 180 U.S. universities to develop leading-edge networking and advanced applications for learning and research.
– A group of very high bandwidth networks on the Internet.
– Partnership between universities, industry, and government.
• Next Generation Internet (NGI)– Federal government led initiative to advance Internet
technology and applications.
Securing Infrastructure against Malicious Threats
• Threats: – External attacks – DoS attacks, DDoS,
Spoofing– Intrusion– Viruses and Worms
DoS/DDoS
• Easy to execute, difficult to defend against
• Abrupt termination of conversation
• Attack from different sites – monitoring difficult
• Degradation of service attack
Chapter 6 Figure 6-6
Normal and DoS Handshakes
WebUser’s PC
WebsiteServer
WebsiteServer
WebUser’s PC
SYN: User’s PC says “hello”
ACK-SYN: Server says “Do you want to talk”
ACK: User’s PC says “Yes, let’s talk”
Normal Handshake
DoS Handshake
SYN: User’s PC says “hello” repeatedly
ACK-SYN: Server says “Do you want to talk” repeatedly
No Response: User’s PC waits for server to “timeout”
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
Chapter 6 Figure 6-7
A Distributed Denial of Service Attack
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
W ebsiteServer
Attacker 1
Attacker 3
Attacker 2
Attacker 5
Attacker 4
Attacker 6
Attacker 7
Attacker 8
Attack Leader
Attack Leader facilitates SYN floods from multiple sources.
Chapter 6 Figure 6-8
“Spoofing”
Source: Austin, Robert D. "The iPremier Company, The (A), (B), and (C): Denial of Service Attack." Harvard Business School Teaching Note 602-033.
A ttacker
A ddress: 12345
T arget
A ddress: 54321
Inform ation Packets
N orm al
“Spoofing”
90817 54321
5432112345
SenderA ddress
D estinationA ddress
Target server correctly interprets sender address
Target server incorrectly interprets sender address
Intrusion
• Get access to company’s internal IT infrastructure– User name, password– Sniffer software– Vulnerabilities left in the software
• Difficult to figure out what intruders might have done inside
Viruses and Worms
• Replicate and spread themselves (worms)
• Virus needs assistance to replicate
• The Code Red Worm (2001)
Securing Infrastructure against Malicious Threats
• Defensive Measures– Security Policies– Firewalls– Authentication– Encryption– Patching and Change management– Intrusion detection and network monitoring
Securing Infrastructure against Malicious Threats
A HOLISTIC APPROACH IS THE NEED OF THE DAY
Thank You