Understanding Computer Networks: Trends, Technologies, and Security

Posted on May 4, 2024 in Computers

Chapter 7: Networking and Communication Trends

Current Trends

  • Convergence: Telephone and computer networks are merging into a single digital network using Internet standards.
  • Broadband: The majority of U.S. Internet users now have broadband access.
  • Broadband Wireless: Voice and data communication are increasingly taking place over broadband wireless platforms.

What is a Computer Network?

  • A computer network consists of two or more connected computers.
  • Major components include client and server computers, network interfaces (NICs), connection medium, network operating system (NOS), hubs, switches, and routers.
  • Software-defined networking (SDN): Functions of switches and routers are managed by a central program.

Networks in Large Companies

  • Numerous local area networks (LANs) are linked to a firm-wide corporate network.
  • Powerful servers support websites, corporate intranets, extranets, and backend systems.
  • Mobile wireless LANs (Wi-Fi networks) and videoconferencing systems are common.
  • Telephone networks and wireless cell phones are integrated.

Key Digital Networking Technologies

  • Client/server computing: A distributed computing model where clients are linked through a network controlled by a network server computer. The Internet is the largest implementation of client/server computing.
  • Packet switching: A method of slicing digital messages into packets, sending them along different communication paths, and reassembling them at the destination. This is more efficient than circuit-switched networks.
  • TCP/IP and connectivity: Transmission Control Protocol/Internet Protocol (TCP/IP) is the common worldwide standard for the Internet. The Department of Defense reference model for TCP/IP has four layers: Application, Transport, Internet, and Network Interface.

Types of Networks

  • Signals: Networks can use digital or analog signals. Modems translate between the two.
  • Types of networks:
    • Local area networks (LANs): Ethernet, client/server, peer-to-peer
    • Wide area networks (WANs)
    • Metropolitan area networks (MANs)
    • Campus area networks (CANs)

Transmission Media and Transmission Speed

  • Physical transmission media: Twisted pair wire (CAT5), coaxial cable, fiber optics cable, and wireless transmission media (satellites, cellular systems).
  • Transmission speed: Measured in bits per second (bps), Hertz, and bandwidth.

What is the Internet?

  • The Internet is the world’s most extensive network.
  • Internet service providers (ISPs) provide connections to the Internet.

Internet Addressing and Architecture

  • Each device on the Internet is assigned a unique 32-bit Internet Protocol (IP) address.
  • The Domain Name System (DNS) converts IP addresses to domain names.

Internet Architecture and Governance

  • Network service providers own trunk lines (high-speed backbone networks).
  • Regional telephone and cable TV companies provide regional and local access.
  • Professional organizations and government bodies (IAB, ICANN, W3C) establish Internet standards.

The Future Internet: IPv6 and Internet2

  • IPv6: A new addressing scheme that will provide more than a quadrillion new IP addresses.
  • Internet2: An advanced networking consortium developing and testing leading-edge Internet technologies.

Internet Services and Communication Tools

  • Internet services: Email, chatting, instant messaging, newsgroups, Telnet, FTP, World Wide Web.
  • Voice over IP (VoIP): Digital voice communication using IP and packet switching.
  • Unified communications: Systems that integrate voice, data, email, and conferencing.
  • Virtual private network (VPN): A secure, encrypted, private network run over the Internet.

The Web

  • Hypertext: Text with links to other documents.
  • Hypertext Markup Language (HTML): The language used to create web pages.
  • Hypertext Transfer Protocol (HTTP): The protocol used to transfer web pages.
  • Uniform resource locator (URL): The address of a web page.
  • Web servers: Software for locating and managing web pages.

Searching for Information on the Web

  • Search engines: Tools for finding information on the web.
  • Mobile search, semantic search, social search, visual search: Specialized search techniques.
  • Intelligent agent shopping bots: Automated tools for finding products and comparing prices.
  • Search engine marketing (SEM) and search engine optimization (SEO): Techniques for improving website visibility in search results.

Web 2.0

  • Second-generation web services that enable collaboration, information sharing, and the creation of new services online.
  • Features include interactivity, real-time user control, social participation, and user-generated content.
  • Blogs: Chronological, informal websites created by individuals.
  • Wikis: Collaborative websites where visitors can add, delete, or modify content.
  • Social networking sites: Platforms for building communities and sharing information.

Web 3.0 and the Future Web

  • Tools for making sense of the vast amount of information on the Internet.
  • Pervasive web, Internet of Things, App Internet: Trends towards a more connected and integrated web experience.
  • Increased cloud computing and SaaS: Reliance on remote computing resources and software services.
  • Ubiquitous mobile connectivity: Access to the web from anywhere at any time.
  • Greater seamlessness: A more integrated and user-friendly web experience.

Cellular Systems

  • Competing standards: CDMA (United States) and GSM (rest of the world).
  • Third generation (3G) networks: Suitable for email and web browsing.
  • Fourth generation (4G) networks: Suitable for Internet video.

Radio Frequency Identification (RFID)

  • Uses tiny tags with microchips to track items and their location.
  • Common uses include automated toll collection and supply chain management.
  • Near field communication (NFC): A short-range wireless technology used for contactless payments and data exchange.

Wireless Sensor Networks (WSNs)

  • Networks of interconnected wireless devices used for monitoring and data collection.
  • Applications include building security, environmental monitoring, traffic monitoring, and military surveillance.
  • WSNs are a major source of “big data” and fuel the “Internet of Things.”

Chapter 8: Why Systems are Vulnerable

Security and Controls

  • Security: Policies, procedures, and technical measures to prevent unauthorized access, alteration, theft, or damage to information systems.
  • Controls: Methods, policies, and procedures that ensure the safety of assets, accuracy of records, and adherence to management standards.

Sources of Vulnerability

  • Accessibility of networks
  • Hardware problems
  • Software problems
  • Disasters
  • Use of external networks/computers
  • Loss and theft of portable devices

Internet Vulnerabilities

  • Openness of the Internet
  • Size and impact of abuses
  • Fixed Internet addresses
  • Unencrypted VoIP
  • Email, P2P, and IM vulnerabilities

Wireless Security Challenges

  • Easy to scan radio frequency bands
  • Vulnerable SSIDs (service set identifiers)
  • War driving
  • Rogue access points

Malicious Software

  • Malware: Malicious software designed to harm computer systems.
  • Viruses: Programs that replicate themselves and infect other files.
  • Worms: Programs that spread over networks without human intervention.
  • Trojan horses: Programs that appear legitimate but contain malicious code.
  • Spyware: Software that secretly gathers information about users.
  • Ransomware: Malware that encrypts files and demands payment for decryption.

Hackers and Computer Crime

  • Hackers vs. crackers: Hackers explore systems, while crackers break into systems with malicious intent.
  • Activities: System intrusion, system damage, cybervandalism.
  • Spoofing and sniffing: Techniques for intercepting and stealing data.
  • Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS): Attacks that disrupt service by overwhelming systems with traffic.
  • Botnets: Networks of infected computers used to launch attacks.
  • Spam: Unsolicited bulk email.
  • Computer crime: Crimes that target or use computers.
  • Identity theft: Stealing someone’s personal information for fraudulent purposes.
  • Phishing, evil twins, pharming: Techniques for tricking users into revealing personal information.
  • Click fraud: Generating fraudulent clicks on online ads.
  • Cyberterrorism and cyberwarfare: Using computers to attack critical infrastructure or disrupt operations.

Internal Threats: Employees

  • Employees with inside knowledge and access can pose significant security risks.
  • Sloppy security procedures and social engineering can be exploited by attackers.

Software Vulnerability

  • Commercial software often contains flaws that create security vulnerabilities.
  • Zero-day vulnerabilities: Flaws that are unknown to the software vendor.
  • Patches: Small pieces of software that repair flaws.
  • Patch management: The process of applying patches to systems.

Business Value of Security and Control

  • Failed computer systems can lead to significant business losses.
  • Security breaches can damage a firm’s market value and reputation.
  • Inadequate security and controls can result in legal liabilities.

Legal and Regulatory Requirements

  • HIPAA: Medical security and privacy rules.
  • Gramm-Leach-Bliley Act: Requires financial institutions to protect customer data.
  • Sarbanes-Oxley Act: Requires companies to safeguard financial information.

Electronic Evidence and Computer Forensics

  • Electronic evidence: Evidence in digital form used in legal proceedings.
  • Computer forensics: The scientific collection, examination, and analysis of digital evidence.

Information Systems Controls

  • General controls: Govern the design, security, and use of computer programs and data files.
  • Application controls: Controls specific to each computerized application.

Risk Assessment

  • Determines the level of risk to the firm if specific activities or processes are not properly controlled.

Security Policy

  • Ranks information risks, identifies security goals, and defines mechanisms for achieving those goals.
  • Acceptable use policy (AUP): Defines acceptable uses of information resources and computing equipment.
  • Identity management: Identifying valid users and controlling access.

The Role of Auditing

  • Information systems audit: Examines the firm’s overall security environment and controls.
  • Security audits: Review technologies, procedures, documentation, training, and personnel.

Tools and Technologies for Safeguarding Information Systems

  • Identity management software: Automates user tracking, authentication, and access control.
  • Authentication methods: Passwords, tokens, smart cards, biometric authentication, two-factor authentication.
  • Firewall: Prevents unauthorized access to private networks.
  • Intrusion detection system: Monitors networks for suspicious activity.
  • Antivirus and antispyware software: Detects and removes malware.
  • Unified threat management (UTM) systems: Combine multiple security functions into a single appliance.

Securing Wireless Networks

  • WEP security: An older, less secure encryption standard.
  • WPA2 specification: A stronger encryption standard with continually changing keys.

Encryption and Public Key Infrastructure

  • Encryption: Transforming data into a format that cannot be read by unauthorized parties.
  • Secure Sockets Layer (SSL) and Transport Layer Security (TLS): Protocols for secure communication over networks.
  • Secure Hypertext Transfer Protocol (S-HTTP): A secure version of HTTP.
  • Symmetric key encryption: Uses a single, shared key for encryption and decryption.
  • Public key encryption: Uses a pair of keys (public and private) for encryption and decryption.
  • Digital certificate: A data file that establishes the identity of users and electronic assets.
  • Public key infrastructure (PKI): A system for managing digital certificates and public key encryption.

Ensuring System Availability

  • Fault-tolerant computer systems: Systems with redundant components to ensure continuous service.
  • Deep packet inspection: A technique for examining the contents of network packets.
  • Security outsourcing: Using managed security service providers (MSSPs) to manage security functions.

Security Issues for Cloud Computing and Mobile Platforms

  • Security in the cloud: Companies must ensure that cloud providers offer adequate security measures.
  • Securing mobile platforms: Security policies and mobile device management tools are essential for protecting mobile devices.

Ensuring Software Quality

  • Software metrics: Objective assessments of system performance and quality.
  • Early and regular testing: Identifying and fixing software defects early in the development process.
  • Walkthroughs and debugging: Techniques for reviewing and improving software quality.