44
Chapter 3 Computer Communication and Security
Chapter 3
Computer Communication and Security
Chapter 3 Objectives
Communications and Network
terminology and applications
Various communications devices, media, and procedures
Type of Computer Networks
Describe the types of computer-
network & Internet security risks
Identify ways to safeguard against Network-based
attacks
Techniques to prevent Network
Attacks
Communications
• What are computer communications? • Process in which two or more computers or devices transfer data, instructions, and
information
Communications
• What is needed for successful communications?
• Initiates instruction to transmit data, instructions, or information. Commonly in software forms
Sending device
• Connects the sending device to the communications channel
Communications device
• Media on which data, instructions, or information travel
Communications channel
• Connects the communications channel to the receiving device
Communications device
• Accepts transmission of data, instructions, or information
Receiving device
Communication Software
• What is communications software?
Programs that help users establish connection to Internet, other network, or another computer Programs that help users
manage transmission of data, instructions, and information
Programs that provide an interface for users to communicate with one another
Communication Devices
• What are examples of communications devices?
Common types are [dial-up modems, ISDN & DSL modems, broadband/cable modems] For
Internet Communication, and [network cards, wireless access points, routers, and
hub/switches] for General Computer Network Communications
Communication Devices
• What is a modem? • Converts digital signals to analog signals and vice versa
• Notebook computers often use PC Card modem
Dial Up Modems
Cable and Wireless Broadband Modems Faster Internet Connection
Communications Devices
• What is a network card?
– Adapter card, PC Card, or compact flash card that enables computer or device to access network
– Sometimes called network interface card (NIC)
Communications Devices
• What is a wireless access point?
– Central communications device that allows computers and devices to transfer data wirelessly among themselves or to wired network
Communications Devices
• What is a router?
– Connects computers and transmits data to correct destination on network
– Routers forward data on Internet using fastest available path
Communications Devices
Communications Devices
• What is a switch/hub?
– Device that provides central point for cables in network
Communications Channel
• What is a channel?
– Transmission media on which data travels in communications system
Transmission media
are materials capable of carrying one or more signals
Bandwidth is amount of data that can travel over channel
Transmission Media
Physical
• Optical Fiber
• Twisted Pair Cables
• Coaxial Cable
Wireless
• Communications Sattelite
• Microwave Radio
• Cellular Radio (2G, 2,5G, 3G, etc)
• Broadcast Radio (Wi-fi, Bluetooth)
• Infrared
Computer Network
• What is a network? – Collection of computers
and devices connected via communications devices and transmission media
Computer Network
• What is a local area network (LAN)? – Network in limited
geographical area such as home or office building
– Metropolitan area network (MAN) connects LANs in city or town
Computer Network
• How to Join a computer into a LAN
IP address is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network
Computer Network
• What is a wide area network (WAN)? – Network that covers
large geographic area using many types of media
– Internet is world’s largest WAN
Computer Network
• What is a client/server network? – One or more computers act
as server and other computers, or clients, access server
Computer Network
• What is an Intranet?
Internal network that uses Internet technologies
Makes information accessible to employees
Typically includes connection to Internet
Extranet allows customers or suppliers to access part of company’s intranet
Network Risks & Security
Computer Security Risks
• What is a computer security risk?
– Action that causes loss of or damage to computer system
– Mostly happened when computer connected into a network
• Easier to access, more unpredictable than attacking unattended computer
Computer Viruses, Worms, and Trojan Horses
• What are viruses, worms, and Trojan horses?
Virus is a potentially damaging computer program
Worm copies itself repeatedly,
using up resources
and possibly shutting down computer or
network
Trojan horse hides within
or looks like legitimate program
until triggered
Payload (destructive
event) that is delivered when
you open file, run infected program, or boot computer with
infected disk in disk drive Can spread
and damage
files
Does not replicate itself on
other computers
• How can a virus spread through an e-mail message?
Step 1. Unscrupulous
programmers create a virus
program. They hide the
virus in a Word document
and attach the Word
document to an e-mail
message.
Step 2. They use
the Internet to send
the e-mail message
to thousands of
users around the
world.
Step 3b. Other users do not
recognize the name of the
sender of the e-mail message.
These users do not open the
e-mail message. Instead they
delete the e-mail message.
These users’ computers are not
infected with the virus.
Step 3a. Some
users open the
attachment and
their computers
become infected
with the virus.
Computer Viruses, Worms, and Trojan Horses
• What are some tips for preventing virus, worm, and Trojan horse infections?
Install a personal firewall program
If the antivirus program flags an
e-mail attachment as infected, delete
the attachment immediately
Never download or install suspicious
software from untrusted sources
Never open an e-mail attachment
unless you are expecting it and
it is from a trusted source
Install an antivirus program on all of your
computers
Check all downloaded programs for
viruses, worms, or Trojan horses
Computer Viruses, Worms, and Trojan Horses
DOS & Backdoor
• What is a denial of service (DOS) attack and back door?
A denial of service attack is an assault which disrupts computer access to an Internet service
such as the Web or e-mail
A back door is a program or set of instructions in a program that allow users to bypass
security controls when accessing a computer resource
Spoofing
• What is spoofing?
Makes a network
or Internet Transmission appear legitimate
IP spoofing occurs when an intruder computer fools a network into believing
its IP address is from a trusted source
Perpetrators of IP spoofing trick their victims into interacting
with a phony Web site
Solutions
• Best way to prevent spoofing and DOS is to build a firewall
– Implemented on network or installed on host as
software (personal firewall)
Solutions
• What is firewall?
– Security system consisting of hardware and/or software that prevents unauthorized intrusion
Solutions
• What is personal firewall? – Program that protects personal computer and its data from
unauthorized intrusions
– Monitors transmissions to and from computer
– Informs you of attempted intrusion
Unauthorized Access and Use
• Unauthorized Access – Use of a computer or network without
permission.
– By connecting to it and then logging in as a legitimate user.
– Do not cause damages.
– Merely access the data, valuable information or programs in the computer.
– In some manners, can be categorized as Information theft
• Unauthorized Use
– Use of a computer or its data for unapproved or illegal activities.
– Ex: gaining access to a bank computer and performing an unauthorized bank transfer etc.
Unauthorized Access and Use
Solutions
• How to prevent unauthorized access and use?
– Make a good use of authorization control
Solutions (Cont.)
• How to make good passwords?
GOOD
• Example: @k|_|-@n@6-4L4Y
• Longer, alay-er, better
NEVER USE IT
• Your birth-day • Your mother/dad/lover name • Very predictable words • Plain, not combinated
characters is weak against brute-force attacks
Solutions (Cont.)
• How to prevent unauthorized access and use?
– Disable file and printer sharing on Internet connection
– enable just when you need it
File and printer sharing
turned off
Solutions (Cont.)
• How to make information thief life’s much harder?
– Use encryption
• Safeguards against information theft
• Process of converting plaintext (readable data) into ciphertext (unreadable characters)
• Use key to generate cipherkey as combinations
• To read the data, the recipient must decrypt, or decipher, the data
• See the demonstration
Internet Security Risk
• Information Sniffing, How?
• H or L can get all sensitive un-encrypted information passed on network such as username and password
Username, Passwords, Credit card’s details
Internet Security Risk
• Website phising, How?
https://ib.bankmandiri.co.id/retail/Login.do?action=form https://ib.bangmandiri.co.id/retail/Login.do?action=form
Impersonated Login Page
Bank Mandiri’s Server
Username, Passwords, Credit card’s details
Cracker’s Computer
Normal Login Page
Internet Security Risk
• Website phising commonly spread using emails and social media
• Best implemented when combined with social engineering technique.
Internet Security Risk
• Social engineering is an non-technical, outside hacker's use of psychological tricks on legitimate users of a computer system, in order to gain the information (usernames and passwords) one needs to gain access to the system.
• It utilizes two human weakness:
– no one wants to be considered ignorant
– human trust
Solutions
• Web browsers provide secure data transmission
Many Web browsers use encryption
Secure site Choose Web site that
uses encryption to secure data
Valid Digital certificate
Guarantees Web site is legitimate
Solutions
• Provides encryption of all data that passes between client and Internet server
– Web addresses beginning with “https” indicate secure connections
Solutions
• Protect yourselves from social engineering
– Be educated, aware, and a little bit paranoid.
– Never give out:
• Usernames / ID numbers
• Passwords / PIN numbers
• System information
• Credit card numbers
• Schedules
• Other Sensitive data
– Be aware of what is being asked
End of Chapter 3
