Teaching material accompanying chapter 2.1, 2.2 and 2.3 of Enterprise Knowledge Infrastructures...
-
Upload
leo-melton -
Category
Documents
-
view
216 -
download
2
Transcript of Teaching material accompanying chapter 2.1, 2.2 and 2.3 of Enterprise Knowledge Infrastructures...
Lehrstuhl für W irtschaftsin form atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
man
age
men
t
IS -Führung
G eschä ftsprozesse
Info
rmat
ions
syst
eme
Teaching material accompanying chapter 2.1, 2.2 and 2.3 Teaching material accompanying chapter 2.1, 2.2 and 2.3 of Enterprise Knowledge Infrastructuresof Enterprise Knowledge Infrastructures
Networking and securityNetworking and security
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Classification of networksClassification of networks
• physical – according to the medium used (fiber, copper, radio, light)
• structural - according to the topology (ring, bus, star)
• geographic - according to the reach (PAN, LAN, MAN, WAN)
• organizational - according to the network owner: public vs. private (Internet, company networks, value added networks)
• user driven - according to the user group: Intranet, Extranet, Internet
• conceptual - according to the transmission algorithms (ATM, Token Ring, Ethernet)
• functional - according to the function/target group: end-user - front-end, server - back-end, network – backbone
• performance – according to bandwidth: low (e.g., up to 1 MBit/s), medium (e.g., up to 1 GBit/s), high speed (e.g., > 1 GBit/s)
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 84
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Network topologies INetwork topologies I
• Peer-to-peer networks: there are separate transmission ways between data stations; single network nodes receive messages and forward them in case that they are not the final recipient– star network– loop network– tree network– mesh network
star network loop networktree network mesh network
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 87
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Network topologies IINetwork topologies II
• Broadcast networks: all nodes are connected to the same physical transmission medium. Each node has access to every message– bus network– ring network
bus network ring network
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 86
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Network classesNetwork classes
interprocessor distance
location examples, network for
1m work place
10 m conference room
100 m company building
1 km university campus
10 km city
100 km country
1.000 km continent
10.000 km planet
personal area network (PAN)
local area network (LAN)
metropolitan area network (MAN)
wide area network (WAN)
the Internet
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 87
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
ISO OSI layered architectureISO OSI layered architecture
7
6
5
4
3
2
1
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
3
2
1
3
2
1
7
6
5
4
3
2
1
transmission medium transmission medium
Data Station A Data Station BMediator A Mediator B
Application Protocol
Presentation Protocol
Session Protocol
Transport Protocol
Network
Data Link
Physical
InternalProtocols
Protocol
Protocol
Protocol
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 89
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Overview of network standardsOverview of network standards
cable-bound wireless
PAN USB, Firewire IrDA, Bluetooth
LAN Ethernet, Token Ring WLAN, DECT
WAN ATM, FDDI, X25
FrameRelay, Sonet/SDH
GSM, GPRS, EDGE, HSCSD, UMTS
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 91
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Classification of transmission protocolsClassification of transmission protocols
0.01
0.1
1
10
100
1,000
10,000
wirelesscable bound
0.01 0.1 1 10 100 1000 distance [km]
USB 2.0Firewire
WANLANPAN
UMTS
UMTS UMTS
Bluetooth
transfer speed [MBit/s]
Fast Ethernet
Gigabit EthernetATM622
Token ring
WLAN 802.11g
ISDN
GSM
GPRS
MAN
IrDA
WLAN 802.11b
FDDI
10 GB EthernetSonet / SDH
DSL
ATM trials
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 99
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Concrete network protocols and the OSI modelConcrete network protocols and the OSI model
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 120
Application
Transport
Network
Internet
Internetlayer
ISO/OSI layer
TCP UDP
IPv4, IPv6
Ethernet, ...
medium
HTTP FTPSMTP, POP3,IMAP
LDAP Telnet DNS SNMP DHCP
ARPICMP
WWW file transferemail directory
servicehost
sessionsname
resolutionnetwork
monitoringIP address assignment
copper fiber radio light
FDDI, ... WLAN, ... IrDA, ...
765
4
3
21
80 25, 110, 143 20/21 389 23 53 161/162 67/68
concrete implementations
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Network packetsNetwork packets
• A Packet consists of payload and header
• Every layer adds an additional header
• A packet on a higher layer becomes the payload on the next lower layer
Application
Transport
Internet
Network access
Application
Transport
Internet
Network access
MAC header CRC
payload
IP header
TCP payloadTCP header
data
IP payload
data
message
frame
packet
data
message
frame
packet
sender receiver
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 104
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
• IP protocol (IPv4)– IP address = world-wide unique address to identify a network participant (at least
unique for public IP addresses)– Length: 32 Bit (4 octets)
– Network classes
– finer partition with a subnet mask possible since 1985– reserved addresses for private use:
• 0.0.0.0 - 10.255.255.255 (10 class A network ranges)• 172.16.0.0 - 172.31.255.255 (16 class B network ranges)• 192.168.0.0 - 192.168.255.255 (256 class C network ranges)
– localhost 127.0.0.1
137
Internet layerInternet layer
01000101 00011000 00000011 00010001
141 48 3 17
63 48 3 17
48 140 19
223 150 7 170
Class A
Class B
Class C
network address host address
network mask
255.0.0.0
255.255.0.0
255.255.255.0
possible hosts
16,7 million
65.536
256
binary
decimal
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Address translationAddress translation
• logical address (DNS): e.g., www.wiwi.uni-halle.de
• Internet address (IP): e.g., 141.48.204.242
• physical address (MAC): e.g., 00-00-39-4C-46-C9
ARP
DNS
MAC = Media Access Control, unique identification of a network card consists of 24 Bit manufacturer number and 24 Bit serial number e.g., 08-00-20-AE-FD-7E (or 080020AEFD7E)
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Demarcation between Internet, Intranet and ExtranetDemarcation between Internet, Intranet and Extranet
DMZ = DeMilitarized Zone
Intranet
Internet Extranet
authenticated users (employees)
authenticated users (partners, customers)
anonymous users (prospective buyers)
authenticated users(employees)
web server
web server
RAS server
web server
VPN server
firewall
com
pany
net
wor
kpu
blic
net
wor
kD
MZ
PSTN
firewall
PSTN = Public Switched Telephone Networksource: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 120
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Requirements for secure communicationRequirements for secure communication
• confidentialityMessage is not accessible for third persons
• authenticitySender of a message is uniquely identifiable
• integrityMessage has not been changed on its way to the receiver
• liabilitySender cannot deny authorship of the message,receiver cannot deny receipt of the message
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Potential security threatsPotential security threats
• Data loss: important data was intentionally deleted or lost by accident• Data manipulation: intentionally falsifying documents, e.g., balance
sheets or software code• Unauthorized access: business secrets get into the hands of third
parties• Abuse of ressources: hard- or software of a company gets used for
improper purposes, e.g., using the company Internet access to download private music files
• Downtime: infrastructural services that are needed permanently are not available so that financial (e.g., by loosing productive work time) or image damage occurs (e.g., through unavailability of the Web site)
• Concrete attacks: e.g., denial-of-service, viruses, spam
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 127ff
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Conceptual comparison of PPTP and IP SecConceptual comparison of PPTP and IP Sec
authenticated
encrypted
IP Payload
IP Payload
PPTP Payload
TCP/IP Packets of the Internet
IP Header
VPN IP Header
IP Payload
Encapsulating Security Payload
IP Payload
ESP Header
IP Header
HMAC
VPN IP Header
TCP Header
TCP Payload
PPTP Header
TCP/IP Packets of the Internet
IPsecVPN TCP Header
TCP Payload
emulated IP
TCP Header
TCP Payload
source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 133ff
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Example of asymmetric encryptionExample of asymmetric encryption
message
public keyBob
private keyAlice
private keyBob
public keyAlice
encryption
message
signature
transmissioninsecuretransmission channel
0&§(1§/=1 0&§(1§/=1
message
comparison
message
decryption
Alice(sender)
Bob(receiver)
message is unchanged and
sent by Alice
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
5 send message
HPHP
Example: tasks of a certification authority (CA)Example: tasks of a certification authority (CA)
Alice(sender)
Bob(receiver)
1 apply for a certificate
2 issue certificate
4 write and sign the message
7 verify signature
8 verify certificate
6 download certificate
revocationlist
- ………….- ………….
3b put public key on home page
3a put private keyinto a safe place (key store)
certification authority
message is unchanged and sent by
Alice
certificate is valid and not
revoked
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Message- and channel-encryptionMessage- and channel-encryption
• To guarantee secure transmission of a message either the message itself or the transmission channel can be encrypted
• Message encryption with PGP:– Pretty Good Privacy (PGP) is a software program used to encrypt emails
– Since emails are transmitted over several relay stations without establishing an end-to-end connection from sender to receiver only message encryption is applicable
– An asymmetric encryption algorithm is used
• Channel encryption with SSL:– Secure Sockets Layer (SSL) is used to encrypt e.g., HTTP connections
(HTTP + SSL = HTTPS)
– HTTPS is used widely in the Internet to secure transaction for online banking and online shopping
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Abbreviations A-HAbbreviations A-H
• AES: Advanced Encryption Standard• ARP: Address Resolution Protocol• ATM: Asynchronous Transfer Mode• BAN: Body Area Network• DES: Data Encryption Standard• DHCP: Dynamic Host Configuration Protocol• DNS: Domain Name System• DSL: Digital Subscriber Line
(symmetric SDSL or asymmetric ADSL)• FDDI: Fiber Distributed Data Interface• FTP: File Transport Protocol• HTML: Hypertext Markup Language • HTTP: Hypertext Transport Protocol
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Abbreviations I-NAbbreviations I-N
• IMAP: Interactive Mail Access Protocol • IP: Internet Protocol• IPX: Internetwork Packet Exchange • IrDA: Infrared Data Association • ISDN: Integrated Service Digital Network• ISO: International Standardization Organization• LDAP: Lightweight Directory Access Protocol• LPD: Line Printer Demon (UNIX)• MAC: Media Access Control (-Address)• NAT: Network Address Translation• NetBEUI: NetBIOS Extended User Interface • NetBIOS: Network Basic Input/Output System• NIC: Network Interface Card• NLSP: NetWare Link Services Protocol (NW Link)• NNTP: Network News Transfer Protocol
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Abbreviations O-SAbbreviations O-S
• OSI: Open Systems Interconnection • OSPF: Open Shortest Path First Protocol• PAN: Personal Area Network• POP3: Post Office Protocol version 3• PPP: Point-to-Point Protocol• PPTP: Point-to-Point Tunneling Protocol• RIP: Routing Information Protocol• RSA: Encryption developed by Rivest, Shamir and Adleman• SGML: Standard Generalized Markup Language • (s)sh: (secure) shell• SMB: Server Message Blocks• SMTP: Simple Mail Transport Protocol• SNMP: Simple Network Management Protocol• SPX: Sequenced Packet Exchange • SSL: Secure Socket Layer
Ronald Maier, Thomas Hädrich, René Peinl
Martin-Luther-University Halle-Wittenberg
Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-
liches Inform ations-m anagem ent
Wis
sens
ma
na
gem
ent
IS -Führung
G eschä ftsprozesseIn
form
atio
nssy
stem
e
Abbreviations T-ZAbbreviations T-Z
• TCP: Transport Control Protocol• UDP: User Datagram Protocol • USB: Universal Serial Bus
• URL: Uniform Resource Locator
• WEP: Wireless Encryption Protocol (for WLAN)
• WPA: Wi-Fi Protected Access
• WLAN: Wireless LAN
• WML: Wireless Markup Language• XML: eXtensible Markup Language