Computer Communication and Security

8/20/2019 Computer Communication and Security

1/44

Chapter 3

Computer Communication

and Security


2/44

Chapter 3 Objectives

Communicationsand Network

terminology andapplications

Variouscommunicationsdevices, media,and procedures

Type of ComputerNetworks

Describe the typesof computer-

network & Internetsecurity risks

Identify ways tosafeguard againstNetwork-based

attacks

Techniques toprevent Network

Attacks


3/44

Communications

• What are computer communications? • Process in which two or more computers or devices transfer data, instructions, and

information


4/44

Communications

• What is needed for successful communications?

• Initiates instruction to transmit data, instructions, or information. Commonly in softwareforms

Sending device

• Connects the sending device to the communications channel

Communications device

• Media on which data, instructions, or information travel

Communications channel

• Connects the communications channel to the receiving device

Communications device

• Accepts transmission of data, instructions, or information

Receiving device


5/44

Communication Software

• What is communications software?

Programs that help users

establish connection toInternet, other network,

or another computer Programs that help users

manage transmission of

data, instructions,

and information

Programs that provide aninterface for users to

communicate with one

another


6/44

Communication Devices

• What are examples of communications

devices?

Common types are [dial-up modems, ISDN & DSLmodems, broadband/cable modems] For

Internet Communication, and [network cards,wireless access points, routers, and

hub/switches] for General Computer NetworkCommunications


7/44

Communication Devices

• What is a modem?• Converts digital signals to analog signals and vice versa

• Notebook computers often use PC Card modem

Dial Up Modems

Cable and Wireless Broadband Modems

Faster Internet Connection


8/44

Communications Devices

• What is a network card?

– Adapter card, PC Card, or

compact flash card that

enables computer ordevice to access network

– Sometimes called network

interface card (NIC)


9/44


• What is a wireless access

point?

– Central communications

device that allows

computers and devices to

transfer data wirelessly

among themselves or to

wired network


10/44


• What is a router?

– Connects computers and

transmits data to correct

destination on network

– Routers forward data on

Internet using fastest

available path


11/44



12/44


• What is a switch/hub?

– Device that provides

central point for cables in

network


13/44

Communications Channel

• What is a channel?

– Transmission media on which data travels in

communications system

Transmission mediaare materials

capable of carryingone or more signals

Bandwidth isamount of datathat can travelover channel


14/44

Transmission Media

Physical

• Optical Fiber

• Twisted Pair

Cables• Coaxial Cable

Wireless

• CommunicationsSattelite

• Microwave Radio• Cellular Radio (2G,

2,5G, 3G, etc)

• Broadcast Radio(Wi-fi, Bluetooth)

• Infrared


15/44

Computer Network

• What is a network?

– Collection of computers

and devices connected

via communicationsdevices and

transmission

media


16/44

Computer Network

• What is a local area

network (LAN)?

– Network in limited

geographical area suchas home or office

building

– Metropolitan area

network (MAN)connects LANs in city or

town


17/44

Computer Network

• How to Join a computer into a LAN

IP address is a numerical label assigned to each device

(e.g., computer, printer) participating in a computer

network


18/44

Computer Network

• What is a wide area

network (WAN)?

– Network that covers

large geographic areausing many types of

media

– Internet is world’s

largest WAN


19/44

Computer Network

• What is a client/server

network?

– One or more computers act

as server and othercomputers, or clients, access

server


20/44

Computer Network

• What is an Intranet?

Internal network that uses Internet technologies

Makes information accessible to employees

Typically includes connection to Internet

Extranet allows customers or suppliers to accesspart of company’s intranet


21/44

Network Risks & Security


22/44

Computer Security Risks

• What is a computer security risk?

– Action that causes loss of or damage to computer

system

– Mostly happened when computer connected into

a network

• Easier to access, more unpredictable than attacking

unattended computer


23/44

Computer Viruses, Worms, and Trojan Horses

• What are viruses, worms, and Trojan horses?

Virus is a potentially

damaging

computerprogram

Worm copiesitself repeatedly,

using upresources

and possiblyshutting downcomputer or

network

Trojan horse hides

within

or looks likelegitimate program

until triggered

Payload

(destructive

event) that isdelivered when

you open file, run

infected program, or

boot computer with

infected disk

in disk driveCan spreadand

damage

files

Does not

replicate

itself on

other

computers


24/44

• How can a virus spread through an e-mail

message?

Step 1. Unscrupulous

programmers create a virus

program. They hide the

virus in a Word document

and attach the Word

document to an e-mail

message.

Step 2. They use

the Internet to send

the e-mail message

to thousands of

users around the

world.

Step 3b. Other users do not

recognize the name of the

sender of the e-mail message.

These users do not open the

e-mail message. Instead they

delete the e-mail message.

These users’ computers are not

infected with the virus.

Step 3a. Some

users open the

attachment and

their computers

become infected

with the virus.



25/44

• What are some tips for preventing virus,

worm, and Trojan horse infections?

Install a personal

firewall program

If the antivirusprogram flags an

e-mail attachment

as infected, delete

the attachment

immediately

Never download or

install suspicious

software from

untrusted sources

Never open ane-mail attachment

unless you are

expecting it and

it is from a

trusted source

Install an antivirus

program on all of your

computers

Check alldownloaded

programs for

viruses, worms,

or Trojan horses



26/44

DOS & Backdoor

• What is a denial of service (DOS) attack and

back door?

A denial of service attack is an assault whichdisrupts computer access to an Internet service

such as the Web or e-mail

A back door is a program or set of instructionsin a program that allow users to bypass

security controls when accessing a computer

resource


27/44

Spoofing

• What is spoofing?

Makes a

network

or InternetTransmission appear legitimate

IP spoofing occurs when an intruder

computer fools a network into believing

its IP address is from a trusted source

Perpetrators of IP spoofing trick their

victims into interacting

with a phony Web site


28/44

Solutions

• Best way to prevent spoofing and DOS is tobuild a firewall

– Implemented on network or installed on host as software (personal firewall)


29/44

Solutions

• What is firewall?

– Security system consisting of hardware and/or

software that prevents unauthorized intrusion


30/44

Solutions

• What is personal firewall? – Program that protects personal computer and its data from

unauthorized intrusions

– Monitors transmissions to and from computer

– Informs you of attempted intrusion


31/44

Unauthorized Access and Use

• Unauthorized Access

– Use of a computer or network withoutpermission.

–

By connecting to it and then logging in as alegitimate user.

– Do not cause damages.

– Merely access the data, valuable information or

programs in the computer. – In some manners, can be categorized as

Information theft


32/44

• Unauthorized Use

– Use of a computer or its data for unapproved or

illegal activities.

– Ex: gaining access to a bank computer andperforming an unauthorized bank transfer etc.

Unauthorized Access and Use


33/44

Solutions

• How to prevent unauthorized access and use?

– Make a good use of authorization control


34/44

Solutions (Cont.)

• How to make good passwords?

GOOD

• Example:

@k|_|-@n@6-4L4Y

• Longer, alay-er, better

NEVER USE IT

•

Your birth-day• Your mother/dad/lover name

• Very predictable words

• Plain, not combinated

characters is weak against

brute-force attacks


35/44

Solutions (Cont.)

• How to prevent unauthorized access and use?

– Disable file and printer sharing on Internet connection

– enable just

when you need it

File and

printer

sharing

turned off


36/44

Solutions (Cont.)

• How to make information thief life’s much

harder?

– Use encryption

• Safeguards against information theft

• Process of converting plaintext (readable data) into

ciphertext (unreadable characters)

• Use key to generate cipherkey as combinations

• To read the data, the recipient must decrypt, or

decipher, the data

• See the demonstration


37/44

Internet Security Risk

• Information Sniffing, How?

• H or L can get all sensitive un-encrypted informationpassed on network such as username and password


38/44

Username,

Passwords,Credit card’s details


• Website phising, How?

https://ib.bankmandiri.co.id/retail/Login.do?action=form https://ib.bangmandiri.co.id/retail/Login.do?action=form

Impersonated Login Page

Bank Mandiri’s

Server

Username,

Passwords,

Credit card’s details

Cracker’s Computer

Normal Login Page


39/44


• Website phising commonly

spread using emails and

social media

• Best implemented when

combined with social

engineering technique.


40/44


• Social engineering is an non-

technical, outside hacker's use

of psychological tricks on

legitimate users of a computer

system, in order to gain theinformation (usernames and

passwords) one needs to gain

access to the system.

• It utilizes two human weakness:

– no one wants to be consideredignorant

– human trust


41/44


42/44


43/44

Solutions

• Protect yourselves from social engineering

– Be educated, aware, and a little bit paranoid.

– Never give out:

•

Usernames / ID numbers• Passwords / PIN numbers

• System information

• Credit card numbers

• Schedules

• Other Sensitive data

– Be aware of what is being asked


44/44

End of Chapter 3

Computer Communication and Security

Documents

Transcript of Computer Communication and Security