Teaching material accompanying chapter 2.1, 2.2 and 2.3 of Enterprise Knowledge Infrastructures...

Lehrstuhl für W irtschaftsin form atik,insbesondere betrieb-

liches Inform ations-m anagem ent

Wis

sens

man

age

men

t

IS -Führung

G eschä ftsprozesse

Info

rmat

ions

syst

eme

Teaching material accompanying chapter 2.1, 2.2 and 2.3 Teaching material accompanying chapter 2.1, 2.2 and 2.3 of Enterprise Knowledge Infrastructuresof Enterprise Knowledge Infrastructures

Networking and securityNetworking and security

Ronald Maier, Thomas Hädrich, René Peinl

Martin-Luther-University Halle-Wittenberg

Lehrstuhl für W irtschaftsinform atik,insbesondere betrieb-


Wis

sens

ma

na

gem

ent

IS -Führung

G eschä ftsprozesseIn

form

atio

nssy

stem

e

Classification of networksClassification of networks

• physical – according to the medium used (fiber, copper, radio, light)

• structural - according to the topology (ring, bus, star)

• geographic - according to the reach (PAN, LAN, MAN, WAN)

• organizational - according to the network owner: public vs. private (Internet, company networks, value added networks)

• user driven - according to the user group: Intranet, Extranet, Internet

• conceptual - according to the transmission algorithms (ATM, Token Ring, Ethernet)

• functional - according to the function/target group: end-user - front-end, server - back-end, network – backbone

• performance – according to bandwidth: low (e.g., up to 1 MBit/s), medium (e.g., up to 1 GBit/s), high speed (e.g., > 1 GBit/s)

source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 84





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Network topologies INetwork topologies I

• Peer-to-peer networks: there are separate transmission ways between data stations; single network nodes receive messages and forward them in case that they are not the final recipient– star network– loop network– tree network– mesh network

star network loop networktree network mesh network






Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Network topologies IINetwork topologies II

• Broadcast networks: all nodes are connected to the same physical transmission medium. Each node has access to every message– bus network– ring network

bus network ring network






Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Network classesNetwork classes

interprocessor distance

location examples, network for

1m work place

10 m conference room

100 m company building

1 km university campus

10 km city

100 km country

1.000 km continent

10.000 km planet

personal area network (PAN)

local area network (LAN)

metropolitan area network (MAN)

wide area network (WAN)

the Internet






Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

ISO OSI layered architectureISO OSI layered architecture

7

6

5

4

3

2

1

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

3

2

1

3

2

1

7

6

5

4

3

2

1

transmission medium transmission medium

Data Station A Data Station BMediator A Mediator B

Application Protocol

Presentation Protocol

Session Protocol

Transport Protocol

Network

Data Link

Physical

InternalProtocols

Protocol

Protocol

Protocol






Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Overview of network standardsOverview of network standards

cable-bound wireless

PAN USB, Firewire IrDA, Bluetooth

LAN Ethernet, Token Ring WLAN, DECT

WAN ATM, FDDI, X25

FrameRelay, Sonet/SDH

GSM, GPRS, EDGE, HSCSD, UMTS






Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Classification of transmission protocolsClassification of transmission protocols

0.01

0.1

1

10

100

1,000

10,000

wirelesscable bound

0.01 0.1 1 10 100 1000 distance [km]

USB 2.0Firewire

WANLANPAN

UMTS

UMTS UMTS

Bluetooth

transfer speed [MBit/s]

Fast Ethernet

Gigabit EthernetATM622

Token ring

WLAN 802.11g

ISDN

GSM

GPRS

MAN

IrDA

WLAN 802.11b

FDDI

10 GB EthernetSonet / SDH

DSL

ATM trials






Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Concrete network protocols and the OSI modelConcrete network protocols and the OSI model


Application

Transport

Network

Internet

Internetlayer

ISO/OSI layer

TCP UDP

IPv4, IPv6

Ethernet, ...

medium

HTTP FTPSMTP, POP3,IMAP

LDAP Telnet DNS SNMP DHCP

ARPICMP

WWW file transferemail directory

servicehost

sessionsname

resolutionnetwork

monitoringIP address assignment

copper fiber radio light

FDDI, ... WLAN, ... IrDA, ...

765

4

3

21

80 25, 110, 143 20/21 389 23 53 161/162 67/68

concrete implementations





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Network packetsNetwork packets

• A Packet consists of payload and header

• Every layer adds an additional header

• A packet on a higher layer becomes the payload on the next lower layer

Application

Transport

Internet

Network access

Application

Transport

Internet

Network access

MAC header CRC

payload

IP header

TCP payloadTCP header

data

IP payload

data

message

frame

packet

data

message

frame

packet

sender receiver






Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

• IP protocol (IPv4)– IP address = world-wide unique address to identify a network participant (at least

unique for public IP addresses)– Length: 32 Bit (4 octets)

– Network classes

– finer partition with a subnet mask possible since 1985– reserved addresses for private use:

• 0.0.0.0 - 10.255.255.255 (10 class A network ranges)• 172.16.0.0 - 172.31.255.255 (16 class B network ranges)• 192.168.0.0 - 192.168.255.255 (256 class C network ranges)

– localhost 127.0.0.1

137

Internet layerInternet layer

01000101 00011000 00000011 00010001

141 48 3 17

63 48 3 17

48 140 19

223 150 7 170

Class A

Class B

Class C

network address host address

network mask

255.0.0.0

255.255.0.0

255.255.255.0

possible hosts

16,7 million

65.536

256

binary

decimal





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Address translationAddress translation

• logical address (DNS): e.g., www.wiwi.uni-halle.de

• Internet address (IP): e.g., 141.48.204.242

• physical address (MAC): e.g., 00-00-39-4C-46-C9

ARP

DNS

MAC = Media Access Control, unique identification of a network card consists of 24 Bit manufacturer number and 24 Bit serial number e.g., 08-00-20-AE-FD-7E (or 080020AEFD7E)





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Demarcation between Internet, Intranet and ExtranetDemarcation between Internet, Intranet and Extranet

DMZ = DeMilitarized Zone

Intranet

Internet Extranet

authenticated users (employees)

authenticated users (partners, customers)

anonymous users (prospective buyers)

authenticated users(employees)

web server

web server

RAS server

web server

VPN server

firewall

com

pany

net

wor

kpu

blic

net

wor

kD

MZ

PSTN

firewall

PSTN = Public Switched Telephone Networksource: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 120





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Requirements for secure communicationRequirements for secure communication

• confidentialityMessage is not accessible for third persons

• authenticitySender of a message is uniquely identifiable

• integrityMessage has not been changed on its way to the receiver

• liabilitySender cannot deny authorship of the message,receiver cannot deny receipt of the message





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Potential security threatsPotential security threats

• Data loss: important data was intentionally deleted or lost by accident• Data manipulation: intentionally falsifying documents, e.g., balance

sheets or software code• Unauthorized access: business secrets get into the hands of third

parties• Abuse of ressources: hard- or software of a company gets used for

improper purposes, e.g., using the company Internet access to download private music files

• Downtime: infrastructural services that are needed permanently are not available so that financial (e.g., by loosing productive work time) or image damage occurs (e.g., through unavailability of the Web site)

• Concrete attacks: e.g., denial-of-service, viruses, spam

source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 127ff





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Conceptual comparison of PPTP and IP SecConceptual comparison of PPTP and IP Sec

authenticated

encrypted

IP Payload

IP Payload

PPTP Payload

TCP/IP Packets of the Internet

IP Header

VPN IP Header

IP Payload

Encapsulating Security Payload

IP Payload

ESP Header

IP Header

HMAC

VPN IP Header

TCP Header

TCP Payload

PPTP Header

TCP/IP Packets of the Internet

IPsecVPN TCP Header

TCP Payload

emulated IP

TCP Header

TCP Payload

source: Maier, Hädrich, Peinl: Enterprise Knowledge Infrastructures, p. 133ff





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Example of asymmetric encryptionExample of asymmetric encryption

message

public keyBob

private keyAlice

private keyBob

public keyAlice

encryption

message

signature

transmissioninsecuretransmission channel

0&§(1§/=1 0&§(1§/=1

message

comparison

message

decryption

Alice(sender)

Bob(receiver)

message is unchanged and

sent by Alice





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

5 send message

HPHP

Example: tasks of a certification authority (CA)Example: tasks of a certification authority (CA)

Alice(sender)

Bob(receiver)

1 apply for a certificate

2 issue certificate

4 write and sign the message

7 verify signature

8 verify certificate

6 download certificate

revocationlist

- ………….- ………….

3b put public key on home page

3a put private keyinto a safe place (key store)

certification authority

message is unchanged and sent by

Alice

certificate is valid and not

revoked





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Message- and channel-encryptionMessage- and channel-encryption

• To guarantee secure transmission of a message either the message itself or the transmission channel can be encrypted

• Message encryption with PGP:– Pretty Good Privacy (PGP) is a software program used to encrypt emails

– Since emails are transmitted over several relay stations without establishing an end-to-end connection from sender to receiver only message encryption is applicable

– An asymmetric encryption algorithm is used

• Channel encryption with SSL:– Secure Sockets Layer (SSL) is used to encrypt e.g., HTTP connections

(HTTP + SSL = HTTPS)

– HTTPS is used widely in the Internet to secure transaction for online banking and online shopping





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Abbreviations A-HAbbreviations A-H

• AES: Advanced Encryption Standard• ARP: Address Resolution Protocol• ATM: Asynchronous Transfer Mode• BAN: Body Area Network• DES: Data Encryption Standard• DHCP: Dynamic Host Configuration Protocol• DNS: Domain Name System• DSL: Digital Subscriber Line

(symmetric SDSL or asymmetric ADSL)• FDDI: Fiber Distributed Data Interface• FTP: File Transport Protocol• HTML: Hypertext Markup Language • HTTP: Hypertext Transport Protocol





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Abbreviations I-NAbbreviations I-N

• IMAP: Interactive Mail Access Protocol • IP: Internet Protocol• IPX: Internetwork Packet Exchange • IrDA: Infrared Data Association • ISDN: Integrated Service Digital Network• ISO: International Standardization Organization• LDAP: Lightweight Directory Access Protocol• LPD: Line Printer Demon (UNIX)• MAC: Media Access Control (-Address)• NAT: Network Address Translation• NetBEUI: NetBIOS Extended User Interface • NetBIOS: Network Basic Input/Output System• NIC: Network Interface Card• NLSP: NetWare Link Services Protocol (NW Link)• NNTP: Network News Transfer Protocol





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Abbreviations O-SAbbreviations O-S

• OSI: Open Systems Interconnection • OSPF: Open Shortest Path First Protocol• PAN: Personal Area Network• POP3: Post Office Protocol version 3• PPP: Point-to-Point Protocol• PPTP: Point-to-Point Tunneling Protocol• RIP: Routing Information Protocol• RSA: Encryption developed by Rivest, Shamir and Adleman• SGML: Standard Generalized Markup Language • (s)sh: (secure) shell• SMB: Server Message Blocks• SMTP: Simple Mail Transport Protocol• SNMP: Simple Network Management Protocol• SPX: Sequenced Packet Exchange • SSL: Secure Socket Layer





Wis

sens

ma

na

gem

ent

IS -Führung


form

atio

nssy

stem

e

Abbreviations T-ZAbbreviations T-Z

• TCP: Transport Control Protocol• UDP: User Datagram Protocol • USB: Universal Serial Bus

• URL: Uniform Resource Locator

• WEP: Wireless Encryption Protocol (for WLAN)

• WPA: Wi-Fi Protected Access

• WLAN: Wireless LAN

• WML: Wireless Markup Language• XML: eXtensible Markup Language

Teaching material accompanying chapter 2.1, 2.2 and 2.3 of Enterprise Knowledge Infrastructures...

Documents

Transcript of Teaching material accompanying chapter 2.1, 2.2 and 2.3 of Enterprise Knowledge Infrastructures...