Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Questions? 1. What is a protocol? It is the special set of rules that end points in a telecommunication connection use when they communicate. 2. What is TCP/IP? TCP - which uses a set of rules to exchange messages with other Internet points at the information packet level IP - which uses a set of rules to send and receive messages at the Internet address level Questions? 3. What is SMTP used for? Simple mail transport protocol is used to deliver the messages 4. What are the two types of protocols that the incoming and outgoing mail servers use? POP and SMTP 5. What does the MIME standard provide? Multipurpose Internet Mail Extensions provide definitions for content types such as applications, images, and other multimedia files Question? 6. What is IMAP? Internet Message Access Protocol IMAP provides direct access to the messages that are stored on the server Image files Web browsers accept two types of image files: - .GIF and .JPG (or JPEG) GIF – Graphics Interchange Format JPEG – Joint Photographic Experts Group Sound files Three types of sound files are popular on the Web - .WAV - .MID - .MP3 - .AVI Voice Over IP Voice-over-IP (VoIP) is a method for sending voice data using the IP protocol VoIP interfaces with the public switched telephone network (PSTN) and attempts to provide the same quality of service Protocols used in VoIP are: - RTP (Real-Time Transfer Protocol) - RTCP (Real-Time Control Protocol) - RSVP ( Resources Reservation Protocol) Video The problems associated with network video are worse than for network audio Greater bandwidth is required and it is easy to visually spot problems with the video stream Same sets of protocols (as audio) are used to manage the information It is now affordable for any PC owner to purchase an expensive colour camera that connects to the printer port or USB port and allow real-time capture of video RTP handles reliable delivery of real-time data RTCP monitors the VoIP session to maintain the quality of service (QoS) RSVP manages network resources during the connection The voice processing and gateway/terminal operation are specified by the H.323 standard Virtual Private Networks (VPN) A virtual private network allows for remote private LANs to communicate securely through an un-trusted public network such as the Internet Citibank private LAN Washington D.C Citibank private LAN New York Internet Citibank private LAN network Boston VPNs Using VPNs, only authorized members of the network are allowed access to the data A VPN uses an IP tunneling protocol and security services that are transparent to the private network users Using a VPN, a private LAN connected to the Internet can be connected to other LANs using a combination of tunneling, encryption and authentication Tunneling means that data that is transferred through the public network in an encapsulated form All of the data, including the addresses of the sender and destination, are enclosed within a packet Packets that are protected by tunneling, encryption, and authentication offer the highest level of security VPNs The IP Security (IPSec) standards provide a security protocol for tunneling as well as for data privacy, integrity, and authentication, creating a truly secure VPN IPSec is a set of protocols developed by the Internet Engineering Task Force that adds additional security solutions to TCP/IP networking IPSec offers a solution to data privacy, integrity, and authentication that is network independent, application independent, and supports all IP services (e.g HTTP, FTP, etc.) Setting up a Web server One of the most popular Web server programs is the Apache Server from the Apache Software Foundation Two of the reasons why the Apache Server is the most popular are because it is free and fully featured To download an Apache Server free!! go to http://www.apache.org After the Web server is installed, it is necessary to update the configuration file to provide a server name, e-mail contact, and several other items Hypertext Transfer Protocol The protocol used for communication between a browser and a Web server or between intermediate machines and Web servers is known as HTTP Characteristics of HTTP: - Application Level: HTTP operates at the application level. It assumes a reliable connection-oriented transport protocol such as TCP but does not provide retransmission - Request/Response: Once a transport session has been established, one side (usually a browser) must send an HTTP request to which the other side responds - Stateless: Each HTTP request is self-contained; the server does not keep a history of previous requests or previous sessions HTTP characteristics Bi-directional transfer: In most cases, a browser requests a Web page, and the server transfers a copy to the browser Capability Negotiation: HTTP allows browsers and servers to negotiate details such as the character set to be used during transfers Support for Caching: To improve response time, a browser caches a copy of each Web page it retrieves Support for intermediaries: HTTP allows a machine along the path between a browser and a server to act as proxy server that caches Web pages and answers a browser’s request from its cache Internet Security and Firewall Design Internet Firewall A configuration of routers and networks placed between an organization’s internal Internet and a connection to an external Internet to provide security Internet Organization’s net Firewall used to protect organization Firewall If an organization has multiple Internet connections, a firewall must be placed at each, and all the organization’s firewalls must be configured to enforce the organization’s security policy A firewall must be secure. That is: - All traffic entering the organization passes through the firewall - All traffic leaving the organization passes through the firewall - The firewall implements the security policy and rejects any traffic that does not adhere to the policy - The firewall itself is immune to security attacks Firewall Firewalls are the most important security tool used to handle network connections between two organizations that do not trust each other By limiting access to a small set of computers, a firewall can prevent outsiders from probing all computers in an organization with unwanted traffic With a firewall a manager can restrict incoming packets to a small set of computers It is less expensive to install a firewall than to make all computer systems secure Internet Cookies An Internet cookie is a message given to a Web browser by a Web server The browsers stores the message in a text file called cookie.txt The saved message is sent back to the server each time the browser requests a page from the server (This allows the server to track the user access to pages on the web server) Cookies are also called persistent cookies because they typically stay in the browser for a long periods of time Having identified the client computer with a persistent name stored in the cookie file, server side applications(such as CGI scripts) can be used to both store and retrieve information from the client side of the connection Network Security Like the locks used to keep tangible property secure, computers and data networks need provision to keep information secure Security is required in every computer and protocol There are two fundamental internet security mechanisms - Perimeter security - Information Security Security Perimeter security allows an organization to determine the services and networks it will make available to outsiders and the extent to which outsiders can use internal resources Information security encompasses many aspects of protection: - Data integrity: A secure system must protect information from unauthorized change - Data availability: The system must guarantee that outsiders cannot prevent legitimate access to data - Privacy or confidentiality: The system must prevent outsiders from making copies of data as it passes across a network or understanding the contents of copies are available - Authorization: Although physical security often classifies people and resources into broad categories, security for information usually needs to be more restrictive - Authentication: The system must allow two communicating entities to validate each other’s identity - Replay avoidance: To prevent outsiders from capturing copies of packets and using them later, the system must prevent a retained copy of a packet from being accepted Encryption This ensures that your data was unable to be read or utilised by any party while in transit Your message is encrypted into an incomprehensible state before it leaves your computer It maintains its state during its transmission over the Internet It is not decrypted until the recipient receives it Because of the public key cryptography used only the recipient can decipher the received message, no one else can. Public Key Public Key is available to others for use when encrypting information that will be sent to an individual e.g people can use a person’s public key to encrypt information they want to send to that person. Similarly people can decrypt information sent by the person using his public key Private Key Private key is accessible only to the individual The individual can use the private key to decrypt any messages encrypted with the public key. Similarly, the individual can use the private key to encrypt messages, so that the messages can be decrypted with the corresponding public key Exchanging key is no longer a security concern. I have my public key and private key. I send my public key to anyone on the Internet. With that public key, they encrypt their email. Since the email was encrypted with public key, ONLY, I can decrypt that email with my private key If I want to encrypt my email to anyone else on the Internet, I need their public key Each individual involved needs their own public/private key combination How do you verify someone’s public key ? How do you TRUST the user is really who he says he is? - You use your digital certificate A digital certificate is a digital document that checks for the identity and key ownership of an individual, a computer system or an organization e.g A users certificate verifies that the user owns a particular public key Certificates are issued by certificate authorities These authorities are responsible for verifying the identity and key ownership of the individual before issuing the certificate e.g http://www.verisign.com Authentication This is digital verification of who you are, much in the same way your driver’s license proves your identity Using standard email, there is no way to verify who the sender is. With digital signatures and certificates, you digitally encode verifiable proof of your identity into the mail Integrity This is the verification that the data you sent has not been altered When information travels across the Internet, it is routed through various gateway (way stations) It is possible for people to capture, alter, then resend the message With digital certificates, your email cannot be altered without the recipient knowing Creating Digital Signatures When you email someone, your public/private key combination creates the digital signature Format: - The sender uses a message-digest algorithm to generate a short version (message digest) of the message that can be encrypted - The sender uses their private key to encrypt the message digest. - The sender transmits the message and the encrypted message digest to the recipient - Upon receiving the message the recipient decrypts the message digest - The recipient uses the hash function on the message to Creating Digital Signatures - The recipient compares the decrypted message digest against the newly generated message digest - If the message digests are identical, the recipient knows the message is from the correct source - If the message is wrong then the recipient knows that the message is from someone else or the message was modified during transmission - The encrypted message digest serves as a digital signature for the message The signature verifies the identity of the sender and the contents of the message If the message was modified during transmission the hash function will generate a different message digest when applied after the transmission Proxy Server A server that sits between the client application, such as a Web browser, and a real server It intercepts all requests to the real server to see if it can fulfil the requests itself. If not, it forwards the request to the real server Proxy servers have two main purposes - Improve Performance - Filter Requests Improve Performance Proxy servers can improve performance for groups of users Proxy servers saves the results of all requests for a certain amount of time Consider for example x and y access the WWW through a proxy server First user X requests a certain Web page 1. Sometime later user Y requests the same page. Instead of forwarding the request to the Web server where page 1 resides the proxy server returns the page 1 Since the proxy server is on the same network as the user, this is a much faster operation Real proxy servers support hundreds or thousands of users Major online services such as Compuserve and America Online employ an array of proxy servers Filter Requests Companies can use proxy servers to prevent its employees from accessing a specific set of Web sites Proxy server can be used to limit access to some of these undesirable sites A Proxy Server is a WWW server that acts as the sole web server for your entire domain or whatever clients you place behind the firewall, a logical block between your clients and the rest of the Internet The Proxy server usually sits on your firewall and intercepts all web requests coming from clients within the firewall If the requested URL is on the Proxy control list then the message “URL is not accessible” will appear Internet Security Internet security is difficult because datagrams travelling from source to destination often pass across many intermediate networks and through routers that are not owned or controlled by either the sender or the recipient Source authentication requires the server to examine the source IP address on each incoming datagram, and only accept requests from computers on an authorized list Source authentication is weak because it can be broken easily Secure Sockets The Secure Socket Layer (SSL) technology was originally developed by Netscape When a client uses SSL to contact a server, the SSL protocol allows each side to authenticate itself to the other The two sides then negotiate to select an encryption algorithm that they both support Finally SSL allows the two sides to establish an encrypted connection (i.e a connection that uses the chosen encryption algorithm to guarantee privacy) Monitoring and Logging Monitoring is the most important aspect of a firewall Unless a firewall reports incidents, a manager may be unaware of problems Monitoring can be active or passive In active monitoring, a firewall notifies a manager whenever an incident occurs The chief advantage of active monitoring is speed- a manager finds out about a potential problem immediately But the main disadvantage is that active monitoring produces so much information it is difficult for the manager to focus on major issues Monitoring In passive monitoring, a firewall logs a record of each incident in a file on disk A passive monitoring usually records information about normal traffic as well as datagrams that are filtered A chief advantage of passive monitoring arises from its record of events – a manager can consult the log to observe trends and when a security problem occur, review the history of events that led to the problem Internet Architecture How are networks interconnected to form an internet work ? Physically, two networks can only be connected by a computer that attaches to both of them. A physical attachment does not provide the interconnection we have in mind, however, because such a connection does not guarantee that the computer will cooperate with other machines that wish to communicate Computers that interconnect two networks and pass packets from one to the other are called internet gateways or internet routers Net 1 Net 2 R Router R connects to both network 1 and network 2 Each network can be LAN or WAN, and each may have many computers attached to them Interconnection through IP routers In an actual internet that includes many networks and routers, each router needs to know about the topology of the internet beyond the networks to which it connects Net 1 R1 Net 2 R2 Net 3 R1 must transfer from network 1 to 2 all packets destined for computers on either network 2 or network 3 Routers used with TCP/IP Internets are usually small computers They often have little disk storage and modest main memories If packet forwarding is based on networks, the amount of information that a router needs to keep is proportional to the number of networks in the Internet, not the number of computers The Users View A user views an internet as a single, virtual network to which all machines connect despite their physical connections Since application programs that communicate over the Internet do not know the details of underlying connections they can be run without change on any computer Because the details of each machine’s physical network connections are hidden in the Internet software, only the Internet software needs to change when new physical connections are added or existing software needs to change when new physical connections are added or existing connections are removed A second advantage of having communication at the network level is users do not have to understand, remember, or specify how networks connect or what traffic they carry Application programs can be written that communicate independent of underlying physical connectivity Network managers are free to change interior parts of the underlying internet architecture without changing application software in most computers attached to the Internet