Data Communications and Computer Networks: A Business User’s Approach, Sixth Edition
After reading this chapter, students should be able to:
• • • • • • • • • • • •
Recognize the basic forms of system attacks Recognize the concepts underlying physical protection measures Cite the techniques used to control access to computers and networks Discuss the strengths and weaknesses of passwords List the techniques used to make data secure Explain the difference between a substitution-based cipher and a transposition-based cipher Outline the basic features of public key cryptography, Advanced Encryption Standard, digital signatures, and the public key infrastructure Cite the techniques used to secure communications Describe the differences between the frequency hopping spread spectrum technique and the direct sequence spread spectrum technique Recognize the importance of a firewall and be able to describe the two basic types of firewall protection Recognize the techniques used to secure wireless communications List the advantages to a business of having a security policy
1. Introduction 2. Standard System Attacks 3. Physical Protection 4. Controlling Access a. Passwords and ID systems b. Access rights c. Auditing 5. Securing Data a. Basic encryption and decryption techniques
Spread Spectrum Technology b. Network Security In Action: Making Wireless LANs Secure 9. Security Policy Design Issues 8. has come a long way from the early days of computers. Sixth Edition
6. Securing Communications a. They hope that the system administrator has not properly secured the system and has left it vulnerable to attack. Surveillance can be used to monitor activity and deter theft. it is necessary to protect the hardware and software from theft. and malicious acts of vandalism. Network security. as well as operating system security. In e-mail bombing. then the sender is spoofing.Data Communications and Computer Networks: A Business User’s Approach. destruction. a user sends an excessive amount of unwanted e-mail to someone. The two leading methods of attacks have been exploiting known operating system vulnerabilities and exploiting known vulnerabilities in application software.
All computer systems need to be physically protected. If the email has a return address of someone other than the person sending the email. Summary
Computer network security has reached a point at which it can best be characterized by two seemingly conflicting statements: Never has network security been better than it is today. Another category of common system attacks is denial of service. Firewalls d.
. How both these statements can be true is an interesting paradox. Wireless security 7. Denial of service attacks bombard a computer site with so many messages that the site is incapable of performing its normal duties.
Standard System Attacks
Malicious computer users who try to break into a computer system often start with a standard set of system attacks. Guarding against viruses c. Whether the system is a simple personal computer in your home or a major computer network such as the Internet. and never have computer networks been more vulnerable than they are today.
certificate authorities. A company that adheres to the principles of PKI issues digital certificates to legitimate users and network servers. and public-key generation. supplies enrollment software to end-users.
Many times when storing data and when transferring data from one point to another in a computer network. software. Most computers and networks support some form of virus detection software in an attempt to identify and capture virus-laden messages. and management. renew. The idea behind spread spectrum transmission is to bounce the signal around on seemingly random frequencies rather than transmit the signal on one fixed frequency. it is possible to transmit either analog or digital data using an analog signal. Second. Sixth Edition
Controlling access to a computer network involves deciding and then limiting who can use the system and when the system can be used. Network administrators can control access rights. Cryptography is the study of creating and using encryption and decryption techniques. and revoke certificates. The term secure means two things. the practice of hiding bits of secret messages within other documents. Basic cryptography uses substitutionbased ciphers (that replace one or more characters with one or more characters) and transposition-based ciphers (that rearrange the order of the characters). it should not be possible for someone to intercept and copy an existing transmission. storage. and provides the tools necessary to manage. Public-key infrastructure (PKI) is the combination of encryption techniques. First. unlike other encoding and modulation techniques. and services that involves all the necessary pieces to support digital certificates. Using a spread spectrum transmission system. is also another approach to making data secure. only an intended receiver with the same type of transmission system can accept and decode the transmissions. it should not be possible for someone to insert false information into an existing transmission. and perform auditing. it is also necessary to secure the communications transmitted between computers. it is necessary to insure that the transmission is secure from anyone eavesdropping on the line. Anyone trying to eavesdrop will not be able to listen because the transmission frequencies are constantly changing. Steganography. enforce password and ID systems.
.Data Communications and Computer Networks: A Business User’s Approach. However.
Along with securing data.
badges. A firewall can limit users on the Internet from accessing certain portions of a corporate network.
. a number of questions should be answered. such as the Internet. or application level. face prints. to name a few 2. Hannah has to decide if she wants to add wireless capability to her local area network. The first question involves the company’s expected level of security. What are the different techniques you can use to authenticate a user? Passwords. She must consider all the protocols that support the LAN including security protocols.Data Communications and Computer Networks: A Business User’s Approach. finger prints. The two networks are usually an internal corporate network and an external network. Is the company trying to restrict all access to services not deemed essential to the business? Or does the company wish to allow all or most types of transactions. and can limit internal users from accessing various portions of the Internet. Firewalls come in two basic types: packet filter.
1. or network level. What are the two major forms of cryptography? Substitution-based ciphers and transposition-based ciphers 3. If the company is serious about restricting access to the corporate network through a link such as the Internet. voice prints.
Security Policy Design Issues
When designing a firewall system and its corresponding security policy. retina scan and iris print. will the company be equally serious about supporting security on any and all other links into the corporate network environment?
Network Security In Action: A Wireless LAN
The In Action example for this chapter returns to the example presented in chapters 7-9. thus asking the firewall system only to audit transactions and create an orderly request for transactions? A second question stems from the first decision: How much money is the company willing to invest in a firewall system? A third question relates to the company’s commitment to security. How can a digital certificate be used? It can be assigned to a document so that the owner can later verify ownership. and proxy servers. Sixth Edition
A firewall is a system or combination of systems that supports an access control policy between two networks.
show students a web site (such as www. storage. How do hackers exploit operating system vulnerabilities? By launching a virus that attacks something about the operating system.symantec. Can the U. Is this technology virtually unstoppable?
1. How does a denial of service attack work? It bombards a selected site with an overwhelming number of messages. government really stop advanced encryption techniques from falling into the hands of criminals? 5. and management
Solutions to Review Questions
1.Data Communications and Computer Networks: A Business User’s Approach. digital certificates.com/avcenter/hoax. When discussing viruses.html) which discusses virus hoaxes. The hackers that break into systems and disrupt web site services: are they criminals. What are some examples of video camera surveillance? Are any of these pushing the limits of privacy? 3. certificate authorities. List several uses of steganography. public key generation. 3.
.S. What are the basic ingredients of public key infrastructure? Encryption techniques. What is a Trojan horse? It is a malicious piece of code that is hidden in a normal piece of code. Sixth Edition
4. What parts of the body can be used for identification? Are any of these an infringement on privacy? 2. or are they heroes helping computer specialists discover faults within computer networks and systems? 4.
8. Sixth Edition
4. Protection from fire. Something in which one or more characters are replaced with one or more characters 13. Describe a simple example of a transposition-based cipher. append. 12. Anything that reassembles the text into a new position
.Data Communications and Computer Networks: A Business User’s Approach. and it can catch a criminal by tracing his transactions. What is spoofing and how does it apply to a denial of service attack? They substitute a fake IP address in the place of their IP address in the Source IP Address field of the IP header. 11. 6. 9. and to catch a criminal after the fact. group. 5. flooding. rename. and how does it apply to a denial of service attack? A ping storm is when a user uses the TCP/IP ping command to constantly bombard a site. Strengths: Easy to pick a difficult one and it can be changed easily and frequently. How can surveillance be used to improve network security? It can be used to deter crime. copy. heat. Describe a simple example of a substitution-based cipher. world. What is a ping storm. How does an intrusion detection system work? It watches for someone trying to attack a system and either alerts an administrator and/or begins to close-out portions of the system. How: read. List three forms of physical protection. What are the most common types of access rights? The most common are who and how. 10. and theft 7. How can auditing be used to protect a computer system from fraudulent use? It can be used to deter crime. system. write. delete. execute. print. Who: user or owner. What is the major weakness of a password? What is its major strength? Weakness: someone else can discover it.
Under what circumstances might a certificate be revoked? Normal expiration. nonpayment of fees. 15. such as e-mail transfers and storage of documents 20. How can public key cryptography make systems safer? You don’t have to give out your decryption key to allow someone to send you encrypted data. public key generation. Give a common example of an application that uses secure sockets layer. security breech
. Sixth Edition
14. or private. digital certificates. Private key. 19. certificate authorities. 21. Sending your credit card information over the Internet is very common. What kind of applications can benefit from Pretty Good Privacy? Basically anything. What is the Data Encryption Standard? A standard that applies a 56-bit key to 16 levels of encryption 17. you have to keep the one key secret. Encryption techniques. 16. How is the Advanced Encryption Standard different from the Data Encryption Standard? Uses a vastly superior encryption algorithm and a much larger key 18. Thus.Data Communications and Computer Networks: A Business User’s Approach. What kind of applications can benefit from Public Key Infrastructure? Any transaction that requires a secure transfer of information 23. storage. and management 22. Is Kerberos a public key encryption technique or a private key? Explain. List the basic elements of public key infrastructure. What is a digital signature? A digital signature is a hash of a document that has been encrypted with a private key. There is only one key used to both encode and decode. What kind of entity issues a certificate? A certificate authority 24.
25. management. What are the two basic types of firewalls? Packet filter and proxy server 31. stealth. 26. What are the different techniques used to locate and stop viruses? Signature based scanner. How is steganography used to hide secret messages? By taking a little bit of the secret message and hiding it somehow within another document or file. What are the advantages of having a security policy in place? Everyone. employees. moisture. This room is the same computer room that housed all the campus’ mainframe computers and supporting devices. What is the primary responsibility of a firewall? To keep out malicious attacks and to keep internal users from accessing certain outside services 30. theft
. polymorphic. pick up their jobs. What kinds of security problems might computer services encounter with a system such as this? Dirt. terminate-and-stay-resident antivirus software.Data Communications and Computer Networks: A Business User’s Approach. boot sector. and macro 28. and leave. A major university in Illinois used to place the computer output from student jobs on a table in the computer room. What is a computer virus and what are the major types of computer viruses? Parasitic. external users know the score. dust. Students would enter the room. multi-level generic software 29. smoke.
Suggested Solutions to Exercises
1. What are the two basic techniques used to create a spread spectrum signal? Direct sequence and frequency hopping 27.
the browser enters a secure connection. take the hash of the form. 4. browser encrypts its private key with server’s public key. so you call the help desk and ask them to retrieve your password. How do you apply the signature. encode the phrase “this is an interesting class. Apparently in this system they were not. you decrypt the hash and rehash the song.Data Communications and Computer Networks: A Business User’s Approach. After a few moments. Sixth Edition
2. Before you transfer your credit card number. your browser selects an algorithm and creates a private key. Create (on paper) a simple example of a substitution-based cipher. Using the transposition-based cipher from this chapter and the same key. Which means anyone might be able to find the password file and dump its contents. COMPUTER. Answers will vary. and apply a private key to the hash. You have forgotten your password. You want to write a song and apply a digital signature to it so that you can later prove it is your song. List three examples (other than those listed in the chapter) of everyday actions that might benefit from applying PKI. If someone questions ownership at a later date.” GLBOW JKAMG PSIOF XBJUT VNWL 6. encode the phrase “birthdays should only come once a year. What sequence of events created the secure connection? The server sends your browser a certificate.
. they tell you your forgotten password. convert it to a digital form. how do you prove the song is yours? You take the song. Then you save the encrypted hash. What has just happened and what is its significance? Normally passwords are stored in the computer in an undecipherable form.” BSNN ADEA RHYE ISLC TOCA YOOR DLME HUOY 7. 9. 3. You are using a web browser and want to purchase a music CD from an electronic retailer. Answers will vary. 5. comparing the hashes. Using the Vigenére Cipher and the key NETWORK. and later on. browser sends encrypted private key back to server. The retailer asks for your credit card number. 8. Create (on paper) a simple example of a transposition-based cipher.
000 computers.403 x 1038 combinations. large keys make it virtually impossible to guess.729 x 1013 seconds.000 computers are working together. while a port address would be the address of a particular application on a machine. insert a “fake” IP address. how long will it take to try all possible keys? What if 10. the harder it is (more possible combinations) to crack. or both? What is the difference? Both. school registrations. Can a firewall filter out requests to a particular IP address. That equals 548. 11.59 x 1027 years. other financial transactions. Sixth Edition
There are many possible answers here. How are you going to select the pixels? Will they be random or all in a row? And once a pixel is chosen. a port address. How does the size of a key affect the strengths and weaknesses of an encryption technique? Consider both a friendly use of the key and an unfriendly use of the key. Clearly. You want to hide a secret message inside an image file using steganography. Assume a key is 56 bits. 12. especially since you don’t want to place a key on paper. 13. How does this feature work? Do you think it would be effective? Firewall keeps a table of fake IP addresses. If it takes a computer 0. which bit are you going to replace with the bit from the secret message? Why? Random would be the hardest for anyone to find.Data Communications and Computer Networks: A Business User’s Approach. From a friendly point of view. The IP address would be the address of a device connected to the Internet. insurance applications. remove the real IP address. including banking. including the one that is supposed to find the message.000 computers are working together to try all keys? 256 equals 7.00024 seconds per combination. One feature of a firewall is its ability to stop an outgoing IP packet. pulls out real address and inserts a fake one. that is still 2. major purchases.8 years. At 0. So you would probably have to use a pseudo-random sequence – one that appears to be
. larger keys are harder to remember.206 x 1016 combinations. If 10. That equals 2. and send the packet on its way. You have decided to place one bit at a time from the message into the image’s pixels. times 0. the bigger the key.5 years. that comes down to 54.167 x 1034 seconds. equals 1. stock markets. With 10. 10. that equals 8. What are the answers to the questions in Exercise 13 if the key is 128 bits in length? 2128 equals 3. 14.59 x 1023 years! 15. This is usually an effective technique.00024 seconds to try each key.383. You might want to restrict all access to a particular machine or just restrict access to particular applications on a machine. From an unfriendly point of view.00024 seconds per combination.
but isn’t. including the good guys.Data Communications and Computer Networks: A Business User’s Approach. anti-virus software 5. 16. anti-spam. how are they managed?
. It is reasonable to consider. 4. Sixth Edition
random to an intruder. nobody would be able to follow it. If you select the right-most bit of a pixel (the least significant bit). Why can’t a truly random sequence be used in a frequency hopping spread spectrum system? If it was truly random.
Thinking Outside the Box
3. ID management involves the decision of password versus ID card versus biometric requirement etc. Set up a firewall to block illegal port access Turn on and use best encryption available on router Install anti-spyware. Then once the form of ID is decided. I would recommend hiring a third party company to support your PKI. you should cause the least effect to the image.