The

1
Chapter 4 The Internet And Security www.prenha
ll.com/jessup
2
Learning Objectives

1. Understand the role of telecommunications in
   organizations
2. Describe the Internet and how it works
3. Describe the basic Internet services and the use
   of the World Wide Web
4. Explain what is meant by the term information
   systems security and describe various approaches
   for ensuring information systems security

3
Key Terms
Telecommunications Transmission of all forms of
communication including digital data, voice, fax,
sound, and video from one location to another
over some type of network
Networks A group of computers and peripheral
devices connected by a communication channel
capable of sharing information and other
resources among users
Bandwidth Is the carrying capacity of a
telecommunications network. (i.e. the size of the
telecommunications channel or the pipe)
4
Sample of Interpersonal Use of Telecommunications
5
Sample of Interpersonal Use of Telecommunications
6
Sample of Business Use of Telecommunications
7
Sample of Business Use of Telecommunications
8
History of the Internet

• ARPANET (Advanced Research Project Agency Network
• Created in the 1960s by DARPA (Defense Advance
  Research Projects Agency)
• Used by government and universities as a means of
  communicating for research purposes
• NSFNET (National Science Foundation Network)
• Created in 1986 by the National Science
  Foundation for connecting research institutions
• Connected to ARPANET and many others (BITNET,
  CSNET, etc) to become a major component of the
  Internet
• Internet Support
• Ongoing support comes from many universities,
  federal and state governments, and national
  international research institutions and industry

9
How the Internet Works Packet Switching

• Packet Switching
• Allows millions of users to send large and small
  chucks of data across the Internet concurrently
• Based on the concept of turn taking, packets from
  each user are alternated in the shared network
  (below)
• Networks connected to the Internet use this
  concept

10
How the Internet Works TCP/IP Routers
TCP/IP Approach

• TCP Transmission Control Protocol
• Breaks information into small chucks called data
  packets
• Manages the transfer of the packets from computer
  to computer
• Reassembles data packets into a message at the
  destination

• IP Internet Protocol
• Controls how data packets are formed
• Addresses each packet with the source and
  destination address
• A data packet conforming to the IP spec is called
  an IP datagram

• Routers
• Connect one network to another
• Identify each device on a network as unique using
  IP protocol
• Serve as the Traffic Cop directing packets to
  their destination

11
How the Internet Works Connecting Networks
Example Sending a message from Computer A to D
2
(Router) Reads IP Address of packet,
routes message to Network 2 and Computer D
1
3
(Computer A) TCP - Breaks message into
data packets IP - Adds address of destination
Computer D
(Computer D) TCP - Checks for missing
packets, reassembles message, discards
duplicate packets
12
How the Internet Works Connecting Multiple
Networks

• Backbone Network
• Manages the bulk of network
• Typically a higher speed protocol than individual
  LAN segments (e.g. uses fiber-optic cable which
  transfers data at 2 gigabits/second vs. LAN speed
  at 10 megabits/second)

13
How the Internet Works Web Addresses Domains

• Domain
• Identifies the Website (host)
• Comes in many suffixes such as
• .edu (educational institutions)
• .org (organizations non-profit)
• .mil (military)
• .net (network organizations)
• Example microsoft.com

• IP Address
• Each domain is associated with one or more IP
  addresses
• Format a 32-bit address written as 4 numbers
  (from 0-255) separated by periods
• Example 1.160.10.240

• (URL) Uniform Resource Locator
• Identifies particular Web pages within a domain
• Example http//www.microsoft.com/security/defaul
  t.mspx

14
How the Internet Works Managing the Internet

• Internet Registry
• Central repository of all Internet-related
  information
• Provides central allocation of all network system
  identifiers
• Managed by Internet Assigned Numbers Authority
  (IANA)

• Domain Name System (DNS)
• Maintained by the Internet Registry
• Used to associates hosts or domains with IP
  addresses
• Root DNS database is replicated across the
  Internet

• InterNic Registration Service
• Assigns Internet Domains and IP addresses
• Internet Corp. for Assigned Names and Number
  (ICANN) has responsibility for managing IP
  Addresses, domain names, and root server system
  management

15
How the Internet Works Connecting to the
Internet

• Modem (stands for Modulate/Demodulate)
• A modem convert signals back and forth from
  digital to analog for transmission and receipt
  between computers
• A computer requires a modem to get access to the
  Internet

• Internet Service Provider (ISP)
• These companies provides access to the Internet
  for a fee
• A computer is connected to an ISP through a modem
  to allow Internet access

• Network Access Points (NAPs)
• NAPs connect ISPs together
• They serve as Internet access points for the ISPs
  and serve as exchange points for Internet traffic

• Internet Backbone
• Collection of main network connections and
  telecommunications lines that make up the Internet

16
How the Internet Works Shows the Internet
Backbone
17
Network Connection Types

• POTS (Plain Old Telephone Service)
• Also called PSTN Public Switched Telephone
  Network
• Uses a dial-up modem and existing copper
  telephone wires
• Has the slowest transmission rates for access

• ISDN (Integrated Services Digital Network)
• A universal digital network standard used around
  the world
• Usually no modem required and uses existing
  copper wires
• Much faster than POTSrequires an exchange within
  22k ft.

• DSL (Digital Subscriber Line)
• Uses special modulation schemes to fit more data
  into existing telephone copper wires
• Up to 12x faster than ISDN with same distance
  requirements.
• Requires a modem but allows simultaneous phone
  service

18
Network Connection Types

• Cable Modem
• Uses cable television coaxial cable to transmit
  the signal and can be used while simultaneously
  watching TV
• Requires a modem and offers speeds comparable to
  DSL

• IoS (Internet over Satellite)
• Uses a satellite dish to connect a computer to
  the Internet
• IoS is usually slower than land-based options
  (DSL, Cable)
• Many times the only option in remote areas

• Wireless
• Fixed wireless access points allow computers with
  access cards to access ground-based networks
  (e.g. DSL, cable)
• Mobile wireless devices (e.g. phones, PDAs) can
  access networks using mobile wireless networks
  (e.g. cellular)

19
Network Connection Types

• T1/T3 (Trunk Level 1 or 3)
• Dedicated digital lines that are used for high
  volume traffic by large organizations who
  purchase from exchange carriers
• T1 is 28 times faster than POTS,T3 is 28 times
  faster than T1

• ATM (Asynchronous Transfer Mode)
• A method of transmitting voice, video, and data
  over high-speed LANS at very fast rates (28 times
  faster than T3)
• Packet-based method with the potential to
  eliminate routers, allocated bandwidth, and
  communications media contention

• SONET (Synchronous Optical Network)
• Not used for typical business activity
• Up to a 1000 times faster than T1
• Used in high volume transmission activities

20
Current State of the Internet
21
What are People Doing on the Internet
22
Internet2
Internet Research User Frustration After 1995,
increases in personal and business traffic began
congesting the network primarily used for research
Internet2 University Corporation for Advanced
Internet Development (UCAID) was formed to lead
the design and development of an private
high-speed alternative to the public Internet
Abilene network backbone A new network has been
developed connecting IS researchers by use of
GigaPop (Gigabit Point of Presence) network
access points to a high-speed private network
(currently operating at 10Gbps with a goal of
100Gbps)
23
World Wide Web

• Hypertext
• A Web page stored on a Web server
• Contains information and links to other related
  information (hyperlinks)
• HTML (Hypertext Markup Language)
• A standard method used to specify the format of
  Web pages
• Uses codes/tags which stipulate how the content
  should appear to the user
• Web Browser
• A software program used to locate and display Web
  pages
• Includes text, graphics, and multimedia content

Web Browser
24
World Wide Web

• HTTP (Hypertext Transfer Protocol)
• A protocol used to process user requests for
  displaying Web pages from a Web server
• Web Servers
• A special computer that is specifically designed
  to store and serve up Web pages
• This machine contains special hardware and
  software to perform its many specialized functions

25
World Wide Web - Architecture
26
How the Internet Works Connecting to the
Internet
Electronic Brochure A display-only site that
allows a company to disseminate sales and
marketing information
Online Ordering A function in addition to
Electronic Brochure that allow customers to order
and pay for products and service online
Electronic Marketplaces A mechanism to bring
together buyers and sellers providing a vehicle
for them to trade with each other (e.g. eBay)
Online Customer Service Used to enhance
traditional customer service but providing
information on the Website to help customers
resolve issues
27
Information System Security
IS Security Precautions taken to keep all aspects
of information systems safe from unauthorized use
access

• Managerial Methods
• Several techniques are commonly used to manage
  information systems security
• Risk Assessment
• Controlling Access
• Organizational Policies and Procedures
• Backups and Recovery

Security Resources A number of organizations
exist to raise awareness, research, develop
standards, and advise on solutions for Internet
security (e.g. CERT/CC, CSD, CSIT)
28
Information System Security Managerial
Techniques

• Assessing Risk
• Security Audit identifies all aspects of
  information systems and business processes that
  use them
• Risk Analysis assesses the value of assets being
  protected
• Alternatives based on Risk Analysis
• Risk Reduction implementing active counter
  measures to protect systems (e.g. firewalls)
• Risk Acceptance implementing no counter
  measures
• Risk Transference transferring riskbuying
  insurance

• Controlling Access
• Keeping information safe by only allowing access
  to those that require it to do their jobs
• Authentication verifying identity before
  granting access (e.g. passwords)
• Access Control Granting access to only those
  system areas where the user is authorized (e.g.
  accouting)

29
Information System Security Managerial
Techniques

• Organizational Policies and Procedures
• Acceptable Use Policies formally document how
  systems should be used, for what, and penalties
  for non-compliance

• Backups and Disaster Recovery
• Backups taking periodic snapshots of critical
  systems data and storing in a safe place or
  system (e.g. backup tape)
• Disaster Recovery Plans spell out detailed
  procedures to be used by the organization to
  restore access to critical business systems (e.g.
  viruses or fire)
• Disaster Recovery executing Disaster Recovery
  procedures using backups to restore the system to
  the last backup if it was totally lost

30
State of IS Security - Security Threats
Technologies

• Security Threats
• Today we hear about many security breaches that
  affect organizations and individuals. Some
  recently in the news
• Identity Theft gaining access to some ones
  personal information allowing them to imitate
  you (stolen laptop)
• Denial of Service attacks on websites using
  zombie computers that overwhelm the site and
  shuts it down
• Others Spyware, Spam, Wireless Access, Viruses

• Security Technologies
• Companies and research organizations continue to
  develop and refine technologies to prevent
  security breaches. Some Include
• Firewalls
• Biometrics
• VPN and Encryption

31
IS Security Technology
Firewalls A system of software, hardware or both
designed to detect intrusion and prevent
unauthorized access to or from a private network

• Firewall Techniques
• Packet Filter examine each packet entering and
  leaving network and accept/reject based on rules
• Application Level Control Performs certain
  security measures based on a specific application
  (e.g. file transfer)
• Circuit Level Control detects certain types of
  connections or circuits on either side of the
  firewall
• Proxy Server acts as, or appears as an
  alternative server that hides the true network
  addresses

32
Security Technology Firewall Architecture - Home
33
Security Technology Firewall Architecture - LAN
34
Security Technology Firewall Architecture
Enterprise
35
Security Threat Spyware, Spam, and Cookies

• Spyware
• Any software that covertly gathers information
  about a user through an Internet connection
  without the users knowledge
• Problems uses memory resources, uses bandwidth,
  and can cause system instability
• Prevention Firewalls and Spyware software

• Spam
• Electronic junk mail or junk newsgroup postings
  usually for purpose of advertising for some
  product and/or service
• Problems nuisance, wastes time deleting, uses
  storage
• Prevention Spam Blocker software

• Cookies
• A message passed to a browser from a Web server.
  Used by legitimate programs to store state and
  user information
• Problems can be used to track user activities
• Prevention browser settings, firewall

36
Security Technology Biometrics

• Biometrics
• A sophisticated authentication technique used to
  restrict access to systems, data and/or
  facilities
• Uses biological characteristics to identify
  individuals such as fingerprints, retinal
  patterns in the eye, etc. that are not easily
  counterfeited
• Has great promise in providing high security

37
Security Threat Access to Wireless

• Unauthorized Access to Wireless Networks
• With the prevalence in use of wireless networks
  this threat is increasing
• Problems - Drive-by hacking an attacker accesses
  the network, intercepts data from it, and can
  use network services and/or sends attack
  instructions without entering the building
• Prevention - Encryption between network and user
  devices

38
Security Technology VPN and Encryption

• VPN (Virtual Private Network)
• Called a secure tunnel
• Dynamically generated network connection to
  connect users or nodes
• This approach uses both authentication and
  encryption
• Used extensively for remote access by employees

• Encryption
• The process of encoding messages before they
  enter the network or airwaves, and then decoding
  at the receiving end
• Public Key - known and used to scramble messages
  (SSL)
• Private Key - not known and used by receiver to
  descramble
• Certificate Authority a third party that issues
  keys

39
How Encryption Works
40
Security Threat Viruses
Viruses Programs that can attack a computer
and/or a network and delete information, disable
software, use up all system resources, etc.
Prevention Steps AntiVirus software install
this software which is designed to block all
known viruses and offers automatic or manual
updates to virus patterns to block future
viruses No Disk Sharing Viruses can be
transferred to clean computers by inserting disks
containing infected files Delete Suspicious Email
Messages Do not open suspicious e-mail
messagesDelete Only! Report Viruses If you get
a virus, report it to you network administrator
immediately!