Lecture Overview - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Lecture Overview

Description:

Lecture 2: Network Layers, platforms, protocols ... Registrant: Columbia University 612 West 115th Street New York, NY 10025 UNITED STATES ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 31
Provided by: peopleDbm
Category:

less

Transcript and Presenter's Notes

Title: Lecture Overview


1
Lecture Overview
  • Lecture 1 Concepts of architecture
  • Lecture 2 Network Layers, platforms, protocols
  • Lecture 3 Services Naming, Directory, Web and
    Security
  • Lecture 4 Biomedical services and systems
  • To accomplish the task of
  • How to model and build biomedical systems in
    5 hours !

2
Naming Domain Name Services
  • Internet Assigned Numbers Authority (IANA)/
    Internet Corporation For Assigned Names and
    Numbers
  • Country Code Top Level Domains (ccTLD)
  • .uk, .md, .tv, .us
  • Generic Top Level Domains (Generic TLD)
  • .aero, .biz, .com, .coop, .info, .museum, .name,
    .net, .org, .pro, .gov, .edu, .mil, .int
  • Registries whois.educause.net,
    www.internic.net/whois.html, http//www.uwhois.com
    /cgi/domains.cgi?UserNoAds
  • www.icann.irg

3
DNS
  • Ask whois.educause.net (top 13 Root Domain
    Servers) about columbia.edu
  • Domain Name COLUMBIA.EDU
  • Registrant Columbia University 612 West 115th
    Street New York, NY 10025 UNITED STATES
  • Administrative Contact Columbia University
    Computer Operations Columbia University 612 West
    115th Street New York, NY 10025 UNITED STATES
    (212) 854-2652 net-trouble_at_columbia.edu
  • Technical Contact Columbia University Hostmaster
    Columbia University 612 West 115th Street New
    York, NY 10025 UNITED STATES (212) 854-1919
    hostmaster_at_columbia.edu
  • Name Servers SAELL.CC.COLUMBIA.EDU 128.59.59.218
    DNS2.ITD.UMICH.EDU 141.211.125.15
    ADNS1.BERKELEY.EDU 128.32.136.3
    ADNS2.BERKELEY.EDU 128.32.136.14 AD4.LSE.AC.UK
  • Domain record activated 05-Jul-1985
  • Domain record last updated 02-Oct-2003

Note domain specific Domain name servers
4
DNS
  • nslookup -saell.cc.columbia.edu
  • gt set typeSOA
  • gt cpmc.columbia.edu
  • Server dns1.cpmc.columbia.edu
  • Address 156.111.60.150
  • cpmc.columbia.edu
  • origin dns1.cpmc.columbia.edu
  • mail address unixadm.nova.cpmc.columbia.
    edu
  • serial 184818
  • refresh 3600 (1H)
  • retry 1800 (30M)
  • expire 3600000 (5w6d16h)
  • minimum ttl 3600 (1H)
  • cpmc.columbia.edu nameserver
    dns1.cpmc.columbia.edu
  • cpmc.columbia.edu nameserver
    dns2.cpmc.columbia.edu
  • cpmc.columbia.edu nameserver
    saell.cc.columbia.edu
  • cpmc.columbia.edu nameserver
    dns2.itd.umich.edu

Note domain servers For cpmc.columbia.edu
5
DNS
  • nslookup
  • Default Server dns1.cpmc.columbia.edu
  • Address 156.111.60.150
  • gt flux.cpmc.columbia.edu
  • Name flux.cpmc.columbia.edu
  • Address 156.145.134.99
  • gt 156.111.60.93
  • Name io.dmi.columbia.edu
  • Address 156.111.60.93
  • Name to address, Address to name
  • Check out http//home.att.net/marjie1/Webtools.h
    tm

6
DNS
  • nslookup
  • gt set typemx
  • gt dbmi.columbia.edu
  • dbmi.columbia.edu preference 100, mail
    exchanger external-smtp-multi-vif.cc.columbia.ed
    u
  • dbmi.columbia.edu preference 10, mail
    exchanger postal.dbmi.columbia.edu
  • external-smtp-multi-vif.cc.columbia.edu internet
    address 128.59.48.6
  • postal.dbmi.columbia.edu internet address
    156.145.134.8
  • gt
  • Domain name to Mail Exchanger IP address

7
DNS
  • Imagine a request for www.foo.bar.com
  • DNS resolver asks local DNS Server for address of
    www.foo.bar.com
  • DNS Server looks in local cache, and returns IP
    if valid entry found, otherwise
  • Local DNS asks root server for IP Address of
    top-level DNS server for .com addresses
  • Local DNS asks top-level domain server for
    address of second-level domain server for bar.com
  • Local DNS asks second level domain server for
    bar.com for address of www.foo.bar.com

8
DNS
  • DNS has changed and used in other ways
  • Round Robin High Availability
  • Same name, different IP addresses
  • It is a replicated database
  • Dynamic DNS (instead of static definitions)
  • DHCP assigns a dynamic IP address, DDNS generates
    a dunamic name, and propagates it.

DDNS Server
DDNS Server
DHCP Server
Laptop
DDNS Server
Primary
Secondary
9
Directory LDAP
  • X.500 standard. CCITT 1988
  • Refer ISO 9594 X.500-X.521 of 1990

10
LDAP
  • Used to access and update information in a
    directory built on the X.500 model
  • Protocol defines the content of messages between
    the client and the server
  • Information storage structure is specific to a
    directory service
  • Naming refers to how information organized and
    searched

11
LDAP
  • An Object/Entry is a collection of Attributes
    decided by Objectclass
  • Each object gets a distinguised name (dn)
  • Attributes are Name Value pairs, with type
    definition for Values c(ase)i(nsensitive)s(tring)
    , bin(ary), tel(ephone), etc.
  • single-valued vs. multi-valued

12
LDAP
  • ldapsearch -b "oColumbia University, cUS" -h
    ldap.columbia.edu uniss29
  • dn uniss29, oColumbia University, cUS
  • objectclass person
  • cn Soumitra Sengupta
  • givenname Soumitra
  • sn Sengupta
  • uni ss29
  • title Asst Clin Prof
  • ou Dept Of Biomedical Informatics
  • userlist sen_at_cunix.cc.columbia.edu
  • userlist ss29_at_
  • fax 1 212-305-3302
  • mail sen_at_columbia.edu
  • address Vanderbilt Clinic Vc 5, 622 W 168Th St
  • telephonenumber 1 212-305-7035
  • maildelivery ss29_at_columbia.edu
  • Another dn cnJohn Smith, ouAustin, oIBM, cUS

13
LDAP Operations
  • Authentication
  • BIND/UNBIND (single sign on)
  • Query (90)
  • Search
  • Update (10)
  • Add an entry
  • Delete an entry (Only Leaf nodes, no aliases)
  • Modify an entry, Modify DN/RDN
  • Secure Sockets Layer (encryption)

14
LDAP Operations
  • Authentication
  • BIND/UNBIND (single sign on)
  • Query (90)
  • Search
  • ldap//ldap.columbia.edu/oColumbia20University,c
    us??sub?(uniss29)
  • Update (10)
  • Add an entry
  • Delete an entry (Only Leaf nodes, no aliases)
  • Modify an entry, Modify DN/RDN
  • Secure Sockets Layer (encryption)

15
LDAP Use
  • User identification and attributes
  • Authentication (single sign on, password mgmt,
    confidentiality)
  • Privilege definition
  • nypapppriv WebCIS,copptypeall
  • nypapppriv WebCIS,codall1formswideatel_clin,
    wberrie_diab,wdefault_notes
  • ,wbone_dens,wemg_note,whosp_att_forms,wresiden
    t_formsoprtwsignoutw
  • clinnotewpresw
  • nypapppriv NYP_SunriseXA
  • nypvpn vpn,all1
  • Synchronizing identities across Cornell, NYP,
    Columbia
  • Products
  • Microsoft Active Directory, Novell E-directory,
    Sun One Directory Server, CA, IBM
  • OpenLDAP

16
World Wide Web
  • Derived from gopher, WAIS, SGML, Apple
    Hyperlink, MIME, Public and Private Key
    cryptography, NeXTStep, etc.
  • Features
  • Links (URL, Ability to leverage independent
    publishers, functionality)
  • Multimedia (text, graphics, audio, video, forms,
    etc. - functionality)
  • Platform independent rendition (flexibility,
    simplicity)
  • Mark Up Language (HTML, XML, ASCII/Unicode,
    simplicity)
  • Dynamic computing (Common Gateway Interface,
    Javascript, Applets, Servlets, Extensibility)
  • Security (Authentication, SSL Encryption)
  • MIME-type Plug-in (extensibility)
  • And it continues to grow (Web Services)
  • http//www.boutell.com/newfaq/definitions/

17
World Wide Web - HTTP
  • telnet io.dbmi.columbia.edu 80
  • Trying...
  • Connected to io.dmi.columbia.edu.
  • Escape character is ''.
  • GET / HTTP/1.0 (ltenter twicegt)
  • HTTP/1.1 200 OK
  • Date Tue, 29 Mar 2005 162402 GMT
  • Server Apache/2.0.46 (Unix) mod_ssl/2.0.46
    OpenSSL/0.9.7b mod_jk/1.2.1 PHP/4.3.3
  • Last-Modified Tue, 22 Mar 2005 155049 GMT
  • ETag "f77-21e0-cefaa840"
  • Accept-Ranges bytes
  • Content-Length 8672
  • Connection close
  • Content-Type text/html charsetISO-8859-1
  • ltHTMLgt
  • ..
  • lt/HTMLgt
  • Connection closed.

18
Detour SMTP
  • telnet flux.cpmc.columbia.edu 25
  • Trying...
  • Connected to flux.cpmc.columbia.edu.
  • Escape character is ''.
  • 220 flux.cpmc.columbia.edu ESMTP Sendmail
    AIX5.1/8.11.6p2/8.9.3 Tue, 29 Mar 2005 112830
    -0500
  • HELO mymachine
  • 250 flux.cpmc.columbia.edu Hello
    flux.cpmc.columbia.edu 156.145.134.99, pleased
    to meet you
  • MAIL FROM sen_at_columbia.edu
  • 250 2.1.0 sen_at_columbia.edu... Sender ok
  • RCPT TO sengupt
  • 250 2.1.5 sengupt... Recipient ok
  • DATA
  • 354 Enter mail, end with "." on a line by itself
  • .Boy, do I have a deal for you.
  • .
  • 250 2.0.0 j2TGUbg101036 Message accepted for
    delivery
  • --------------------------------------------------
    -----------------------

19
Detour /var/spool/mail/sengupt
  • From sen_at_columbia.edu Tue Mar 29 113116 2005
  • Received from mymachine (flux.cpmc.columbia.edu
    156.145.134.99)
  • by flux.cpmc.columbia.edu
    (AIX5.1/8.11.6p2/8.9.3) with SMTP id
    j2TGUbg101036
  • for sengupt Tue, 29 Mar 2005 113101
    -0500
  • Date Tue, 29 Mar 2005 113101 -0500
  • From sen_at_columbia.edu
  • Message-Id lt200503291631.j2TGUbg101036_at_flux.cpmc.
    columbia.edugt
  • Status RO
  • X-Status
  • X-Keywords
  • X-UID 124590
  • .Boy, do I have a deal for you.

20
World Wide Web - Naming
  • Uniform Resource Locator (URL)/ Web Address
  • Protocol http, https, ftp, file, mailto
  • FQDN www.dbmi.columbia.edu (or IP address)
  • Optional port number www.dbmi.columbia.edu80
  • Path /educ/curriculum/curriculum.html
  • Many other protocols, and different meanings of
    Path

21
World Wide Web - CGI
22
Security
  • Protect
  • Confidentiality
  • Integrity
  • Availability
  • Define and quantify
  • Assets
  • Threats
  • Controls
  • Vulnerabilities
  • Risk
  • Incidents

23
Risk Management Objects Relationships
Assets
value
have
Controls
costs
Threats
if incomplete or not current, yield
Vulnerabilities
when realized,instantiate
potentiallyadd
potentiallyreduce
Risks
Incidents
quantify and evaluate
Resolution
Measurement
re-evaluation(retroactively improve)
criteria
may lead to
not acceptable(proactively improve)
Sanctions
acceptable
24
Security Controls
  • Authentication
  • Something you are (Userid, Biometrics)
  • Something you know (Password, and should be a
    good one)
  • Something you have (Cards, Tokens)
  • Authorization
  • Global flags for start and termination
  • Group membership driven authority
  • Audit Logs
  • Possibility of log consolidation for
    investigations
  • Performance measurements
  • Encryption
  • Easy encryption of files
  • Encryption of transmitted messages
  • Ssh, sftp, imaps, pops, smtps, VPN, IPsec, HTTPS,
    etc.

25
Security Controls
  • Assets - Network
  • External threat Firewalls, Intrusion Detection,
    Intrusion Prevention
  • Secure Access Authenticated, and Encrypted
  • Assets Servers and workstations
  • Malicious software Anti virus, Anti-spyware
  • Patch Management
  • Personal firewalls (XP SP2), integrity enforcers
    (Tripwire)
  • Monitoring Tools (Log tools, Bandwidth)
  • New issues Voice over IP, Video-conferencing,
    Devices (Biomedical), Wireless, etc.

26
Security Cryptography
  • Symmetric or Private Key
  • Single Key k
  • Encryption is M ? Ek (M)
  • Decryption is M Dk ( Ek (M))
  • Efficient algorithms 3DES, AES
  • Problem
  • Key distribution through trusted parties
  • Pairwise key large number of keys

27
Security Cryptography
  • Asymmetric or Public Key
  • A pair of keys per person- Public (k1), Private
    (k2)
  • Property M Dk1 (Ek2 (M)) Dk2 (Ek1 (M))
  • Message from Alice to Bob
  • Encryption is M ? EBk1 (M)
  • Decryption is M DBk2 ( EBk1 (M))
  • Digital Signature is M ? EAk2 (M)
  • Signature verification is M DAk1 ( EAk2 (M))
  • Algorithms RSA, El Gamal, Diffie Hellman
  • Problem
  • How do you trust ones public key third party
    Slow
  • Key revocation problem

28
Security HTTPS security
  • Create a public/private keypair for the server
  • Send public key to Trusted third party Verisign
  • Verisign creates a certificate using its
    private key to encrypt (sign) the Server public
    key, and returns the cert to the server
  • When a browser comes through https, server sends
    cert to browser, which has a hardcoded Verisign
    public key, and uses it to extract Server public
    key from the cert.

29
Security HTTP Server security
  • Browser chooses a symmetric key for actual
    traffic encryption, and encrypts it with Server
    public key, and returns to Server
  • Server decrypts the chosen symmetric key using
    its private key, and then uses the symmetric key
    to encrypt all traffic to the client
  • Client uses the symmetric key to encrypt all
    traffic to the server

30
Security HTTP Server security
  • On IE, go to URL https//webcis.cpmc.columbia.edu,
    double-click on the closed lock, and see the
    certificate definition.
  • Right click on the page, select properties, to
    see the choice of encryptionSSL 3.0, RC4 with
    128 bit encryption (High) RSA with 1024 bit
    exchange
  • Use Control Panel, Internet Options, Content Tab,
    Certificates, Trusted Root Certification
    Authorities to see hardcoded public key certs.
    Doubleclick to see the cert contents.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Lecture Overview" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!