Chapter Twelve
Network Security
Data Communications and Computer Networks: A Business User’s Approach
Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
Don't use plagiarized sources. Get Your Custom Essay on
601 Assignment 6 discussion 6
Just from $13/Page
*
After reading this chapter,
you should be able to:
Recognize the basic forms of system attacks
Recognize the concepts underlying physical protection measures
Cite the techniques used to control access to computers and networks
Discuss the strengths and weaknesses of passwords
List the techniques used to make data secure
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
After reading this chapter,
you should be able to (continued):
Explain the difference between a substitution-based cipher and a transposition-based cipher
Outline the basic features of public key cryptography, Advanced Encryption Standard, digital signatures, and the public key infrastructure
Cite the techniques used to secure communications
Describe the differences between the frequency hopping spread spectrum technique and the direct sequence spread spectrum technique
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
After reading this chapter,
you should be able to (continued):
Recognize the importance of a firewall and be able to describe the two basic types of firewall protection
Recognize the techniques used to secure wireless communications
List the advantages to a business of having a security policy
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Introduction
While computer systems today have some of the best security systems ever, they are more vulnerable than ever before
This vulnerability stems from the world-wide access to computer systems via the Internet
Computer and network security comes in many forms, including encryption algorithms, access to facilities, digital signatures, and using fingerprints and face scans as passwords
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks
Viruses
Computer virus – small program that alters the way a computer operates and often does various types of damage by deleting and corrupting data and program files, or by altering operating system components, so that computer operation is impaired or even halted
Many different types of viruses, such as parasitic, boot sector, stealth, polymorphic, and macro
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks (continued)
Worms
Computer worm – program that copies itself from one system to another over a network, without the assistance of a human being
Worms usually propagate themselves by transferring from computer to computer via e-mail
Typically, a virus or a worm is transported as a Trojan horse
In other words, hiding inside a harmless-looking piece of code such as an e-mail or an application macro
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks (continued)
Two popular forms of attacks:
Socially engineered attack – a bogus link in a web page that leads to no good
Exploiting known vulnerabilities in operating systems and application software
For both of these, software company issues a patch
Patch may fix it, or introduce even more holes
Either way, bad guys find new holes and exploit
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks (continued)
Very common way to attack vulnerability is via an e-mail attachment
You open the attachment and you launch the virus
Second common way to attack is to simply scan your computer ports while you are connected to the Internet (either dial-up or non-dial-up)
If you have an open port, hacker will download malicious software to your machine
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks (continued)
Other standard attacks
Denial of service attacks, or distributed denial of service attacks
Bombard computer site with so many messages that site is incapable of answering valid request
E-mail bombing
User sends an excessive amount of unwanted e-mail to someone
Botnets
Malicious programs that take over operations on a comprised computer
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks (continued)
Other standard attacks (continued)
Smurfing
Nasty technique in which a program attacks a network by exploiting IP broadcast addressing operations
Ping storm
Condition in which the Internet ping program is used to send a flood of packets to a server
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks (continued)
Other standard attacks (continued)
Spoofing
When a user creates a packet that appears to be something else or from someone else
Trojan Horse
Malicious piece of code hidden inside a seemingly harmless piece of code.
Stealing, guessing, and intercepting passwords is also a tried and true form of attack
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks (continued)
Other standard attacks (continued)
Phishing
Hackers create emails which look as if they are coming from a legit source when in reality the hacker is trying to get the user to give up ID and password info
Pharming
Hacker redirects unknowing user to bogus look-alike website
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Standard System Attacks (continued)
Other standard attacks (continued)
Rootkit
A program that has been installed deep within a user’s operating system; defies detection and takes over the user’s computer
Keylogger
A software system that secretly captures and records keystrokes made at a user’s keyboard
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Physical Protection
Protection from environmental damage such as floods, earthquakes, and heat
Physical security such as locking rooms, locking down computers, keyboards, and other devices
Electrical protection from power surges
Noise protection from placing computers away from devices that generate electromagnetic interference
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Physical Protection (continued)
Surveillance
Proper placement of security cameras can deter theft and vandalism
Cameras can also provide a record of activities
Intrusion detection is a field of study in which specialists try to prevent intrusion and try to determine if a computer system has been violated
Honeypot is an indirect form of surveillance
Network personnel create a trap, watching for unscrupulous activity
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Controlling Access
Deciding who has access to what
Limiting time of day access
Limiting day of week access
Limiting access from a location, such as not allowing a user to use a remote login during certain periods of time
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Controlling Access (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Passwords and ID Systems
Passwords are the most common form of security and the most abused
Simple rules help support safe passwords, including:
Change your password often
Pick a good, random password (minimum 8 characters, mixed symbols)
Don’t share passwords or write them down
Don’t select names and familiar objects as passwords
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Passwords and ID Systems (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Passwords and ID Systems (continued)
Many new forms of “passwords” are emerging (biometrics):
Fingerprints
Face prints
Retina scans and iris scans
Voice prints
Ear prints (?)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Access Rights
Two basic questions to access rights:
Who and how?
Who do you give access rights to?
No one, group of users, entire set of users?
How does a user or group of users have access?
Read, write, delete, print, copy, execute?
Most network operating systems have a powerful system for assigning access rights
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Access Rights (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Auditing
Creating a computer or paper audit can help detect wrongdoing
Auditing can also be used as a deterrent
Many network operating systems allow the administrator to audit most types of transactions
Many types of criminals have been caught because of computer-based audits
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Auditing (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Basic Encryption and Decryption Techniques
Cryptography – study of creating and using encryption and decryption techniques
Plaintext – data before any encryption has been performed
Ciphertext – data after encryption has been performed
The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Basic Encryption and Decryption Techniques (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Monoalphabetic Substitution-Based Ciphers
Monoalphabetic substitution-based ciphers replace a character or characters with a different character or characters, based upon some key
Replacing: abcdefghijklmnopqrstuvwxyz
with: POIUYTREWQLKJHGFDSAMNBVCXZ
The message: how about lunch at noon
encodes into: EGVPO GNMKN HIEPM HGGH
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Polyalphabetic Substitution-Based Ciphers
Similar to monoalphabetic ciphers except multiple alphabetic strings are used to encode the plaintext
Example – matrix of strings, 26 rows by 26 characters or columns can be used
A key such as COMPUTERSCIENCE is placed repeatedly over the plaintext
COMPUTERSCIENCECOMPUTERSCIENCECOMPUTER
thisclassondatacommunicationsisthebest
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Polyalphabetic Substitution-Based Ciphers (continued)
To encode the message, take the first letter of the plaintext, t, and the corresponding key character immediately above it, C
Go to row C column t in the 26×26 matrix and retrieve the ciphertext character V
Continue with the other characters in plaintext
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Polyalphabetic Substitution-Based Ciphers (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Transposition-Based Ciphers
In a transposition-based cipher, the order of the plaintext is not preserved
As a simple example, select a key such as COMPUTER
Number the letters of the word COMPUTER in the order they appear in the alphabet
1 4 3 5 8 7 2 6
C O M P U T E R
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Transposition-Based Ciphers (continued)
Now take the plaintext message and write it under the key
1 4 3 5 8 7 2 6
C O M P U T E R
t h i s i s t h
e b e s t c l a
s s i h a v e e
v e r t a k e n
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Transposition-Based Ciphers (continued)
Then read the ciphertext down the columns, starting with the column numbered 1, followed by column number 2
TESVTLEEIEIRHBSESSHTHAENSCVKITAA
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Public Key Cryptography
Very powerful encryption technique in which two keys are used
First key (the public key) encrypts the message
Second key (the private key) decrypts the message
Not possible to deduce one key from the other
Not possible to break code given public key
If you want someone to send you secure data, give them your public key, you keep the private key
Secure Sockets Layer on the Internet is a common example of public key cryptography
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Data Encryption Standard and Advanced Encryption Standard
Created in 1977 and in operation into the 1990s, the Data Encryption Standard took a 64-bit block of data and subjected it to 16 levels of encryption
The choice of encryption performed at each of the 16 levels depends on the 56-bit key applied
Even though 56 bits provides over 72 quadrillion combinations, a system using this standard has been cracked (in 1998 by Electronic Frontier Foundation in 3 days)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Data Encryption Standard and Advanced Encryption Standard (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Data Encryption Standard and Advanced Encryption Standard (continued)
Triple-DES
More powerful data encryption standard
Data is encrypted using DES three times:
First time by the first key
Second time by a second key
Third time by the first key again
Can also have 3 unique keys
While virtually unbreakable, triple-DES is CPU intensive
With more smart cards, cell phones, and PDAs, a faster (and smaller) piece of code is highly desirable
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Data Encryption Standard and Advanced Encryption Standard (continued)
Advanced Encryption Standard (AES)
Selected by the U.S. government to replace DES
National Institute of Standards and Technology selected the algorithm Rijndael (pronounced rain-doll) in October 2000 as the basis
Has more elegant mathematical formulas, requires only one pass, and was designed to be fast, unbreakable, and able to support even the smallest computing device
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Data Encryption Standard and Advanced Encryption Standard (continued)
Advanced Encryption Standard (AES) (continued)
Key size of AES: 128, 192, or 256 bits
Estimated time to crack (assuming a machine could crack a DES key in 1 second) : 149 trillion years
Very fast execution with very good use of resources
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Digital Signatures
Document to be signed is sent through a complex mathematical computation that generates a hash
Hash is encoded with owner’s private key then stored
To prove future ownership, stored hash is decoded using the owner’s public key and that hash is compared with a current hash of the document
If the two hashes agree, document belongs to the owner
U.S. accepts digitally signed documents as legal proof (for some types of documents)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
Pretty Good Privacy (PGP)
Encryption software created by Philip Zimmermann
Can be used to secure email and other data files
Employs public key cryptography and digital signatures
*
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
Kerberos
An authentication protocol designed to work on client/server networks
Employs both private key cryptography (one key both encrypts and decrypts) and public key cryptography (two separate keys)
Another free software for use in the U.S.
Many operating systems provide Kerberos for authentication of users and services
*
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
Public Key Infrastructure
Combination of encryption techniques, software, and services that involves all the necessary pieces to support digital certificates, certificate authorities, and public key generation, storage, and management
A certificate, or digital certificate, is an electronic document, similar to a passport, that establishes your credentials when you are performing transactions
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Public Key Infrastructure (continued)
A digital certificate contains your name, serial number, expiration dates, copy of your public key, and digital signature of certificate-issuing authority.
Certificates are usually kept in a registry so other users may check them for authenticity.
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Public Key Infrastructure (continued)
Certificates are issued by a certificate authority (CA)
A CA is either specialized software on a company network or a trusted third party
Let’s say you want to order something over the Internet
The Web site wants to make sure you are legit, so the Web server requests your browser to sign the order with your private key (obtained from your certificate)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Public Key Infrastructure (continued)
Let’s say you want to order something over the Internet (continued)
The Web server then requests your certificate from the third party CA, validates that certificate by verifying third party’s signature, then uses that certificate to validate the signature on your order
The user can do the same procedure to make sure the Web server is not a bogus operation
A certificate revocation list is used to “deactivate” a user’s certificate
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Public Key Infrastructure (continued)
Applications that could benefit from PKI:
Web transactions
Virtual private networks
Electronic mail
Client-server applications
Banking transactions
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Steganography
The art and science of hiding information inside other, seemingly ordinary messages or documents
Unlike sending an encrypted message, you do not know when steganography is hiding a secret message within a document
Examples include creating a watermark over an image or taking “random” pixels from an image and replacing them with the hidden data
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Securing Communications
So far we have examined standard system attacks, physical protection, controlling access, and securing data
Now let’s examine securing communications
One way to secure the transfer of data is to scramble the signal as it is being transmitted
This is called spread spectrum technology
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Spread Spectrum Technology
A secure encoding technique that uses multiple frequencies or codes to transmit data.
Two basic spread spectrum technologies:
Frequency hopping spread spectrum
Direct sequence spread spectrum
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Spread Spectrum Technology (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Spread Spectrum Technology (continued)
Direct sequence spread spectrum
This technology replaces each binary 0 and binary 1 with a unique pattern, or sequence, of 1s and 0s
For example, one transmitter may transmit the sequence 10010100 for each binary 1, and 11001010 for each binary 0
Another transmitter may transmit the sequence 11110000 for each binary 1, and 10101010 for each binary 0
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Spread Spectrum Technology (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Guarding Against Viruses
Signature-based scanners look for particular virus patterns or signatures and alert the user
Terminate-and-stay-resident programs run in the background constantly watching for viruses and their actions
Multi-level generic scanning is a combination of antivirus techniques including intelligent checksum analysis and expert system analysis
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Firewalls
A system or combination of systems that supports an access control policy between two networks
Can limit the types of transactions that enter a system, as well as the types of transactions that leave a system
Can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Three Basic Types of Firewalls
Packet filter firewall – essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers
Proxy server – more advanced firewall that acts as a doorman into a corporate network
Any external transaction that requests something from the corporate network must enter through the proxy server
Proxy servers are more advanced but make external accesses slower
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Three Basic Types of Firewalls (continued)
Application layer – inspects all packets coming into or leaving a connection using the application layer of the TCP/IP protocol suite
Goes beyond IP addresses and TCP port numbers and inspects packet to see to which application it belongs
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Firewalls (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Firewalls (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Wireless Security
How do you make a wireless LAN secure?
WEP (Wired Equivalency Protocol) was the first security protocol used with wireless LANs
It had weak 40-bit static keys and was too easy to break
WPA (Wi-Fi Protected Access) replaced WEP
Major improvement including dynamic key encryption and mutual authentication for wireless clients
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Wireless Security (continued)
Both of these should eventually give way to a new protocol created by the IEEE
IEEE 802.11i, or WPA2
WPA2 allows keys, encryption algorithms, and negotiation to be dynamically assigned
Also, AES encryption based on the Rijndael algorithm with 128-, 192-, or 256-bit keys is incorporated
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Security Policy Design Issues
What is the company’s desired level of security?
How much money is the company willing to invest in security?
If the company is serious about restricting access through an Internet link, what about restricting access through all other entry ways?
The company must have a well-designed security policy
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Network Security In Action:
Making Wireless LANs Secure
Recall Hannah the network administrator from Chapters Seven, Eight, and Nine – Now her company wants to add a wireless LAN to their system and make it secure
She needs to protect herself from war drivers
Should she use WEP?
What about Cisco’s LEAP (Lightweight Extensible Authentication Protocol)?
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Network Security In Action:
Making Wireless LANs Secure (continued)
What about WPA?
If she decides to use WPA, where does she have to install the WPA software?
In the user’s laptop?
At the wireless access point?
At the network server?
All the above?
What about WPA2?
Too new? Compatible software and hardware systems?
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Summary
Network security continues to be an increasingly important topic, particularly with increase in network interconnectivity
Two most common system attacks are:
Socially engineered attacks
Attacking known OS and application software vulnerabilities
Network personnel and users must take physical protection measures
Controlling access to computer system and its network is an essential aspect of network security
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Summary (continued)
Passwords and other ID systems are very common access-controlling security techniques
Passwords can be stolen and used by unscrupulous parties
Most computer systems apply access rights to resources of the system and users
Software that conducts continuous audit of network transactions creates electronic trail that companies can use when trying to catch malicious users
Providing security for system data is just as important as securing the system itself
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Summary (continued)
Public key cryptography uses two keys
One key to encode messages
Second key to decode messages
Data Encryption Standard was created in 1977 and uses a 56-bit key to encrypt data transmitted between two business locations
Digital signatures use public key cryptography and can be used to verify that a given document belongs to given person
Pretty Good Privacy is free encryption software that allows regular users as well as commercial users to encrypt and decrypt everyday transmissions
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Summary (continued)
Kerberos is public or private key encryption technique that can be used by commercial application programs to verify that a user is who he or she claims to be
Public key infrastructure uses public key cryptography, digital signatures, and digital certificates to enable secure passage of data over unsecured networks
Steganography is study of hiding secret data within an unrelated document, for example, hiding bits of a message within pixels of an image
Along with securing network data, it is imperative to secure network communications
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Summary (continued)
In order to secure communications, network administrators and users must be aware of standard computer attacks and viruses that can damage computer systems
Another means of securing communications is a firewall, a system or combination of systems that supports an access control policy between two networks
Securing wireless networks is a new and exciting field of study
A proper network security design helps corporate network staff by clearly delineating which network transactions are acceptable
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
Chapter Six
Errors, Error Detection, and Error Control
Data Communications and Computer Networks: A Business User’s Approach
Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
After reading this chapter,
you should be able to:
Identify the different types of noise commonly found in computer networks
Specify the different error-prevention techniques, and be able to apply an error-prevention technique to a type of noise
Compare the different error-detection techniques in terms of efficiency and efficacy
Perform simple parity and longitudinal parity calculations, and enumerate their strengths and weaknesses
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
After reading this chapter,
you should be able to (continued):
Cite the advantages of arithmetic checksum
Cite the advantages of cyclic redundancy checksum, and specify what types of errors cyclic redundancy checksum will detect
Differentiate between the basic forms of error control, and describe the circumstances under which each may be used
Follow an example of a Hamming self-correcting code
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Introduction
Noise is always present
If a communications line experiences too much noise, the signal will be lost or corrupted
Communication systems should check for transmission errors
Once an error is detected, a system may perform some action
Some systems perform no error control, but simply let the data in error be discarded
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
White Noise
Also known as thermal or Gaussian noise
Relatively constant and can be reduced
If white noise gets too strong, it can completely disrupt the signal
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
White Noise (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Impulse Noise
One of the most disruptive forms of noise
Random spikes of power that can destroy one or more bits of information
Difficult to remove from an analog signal because it may be hard to distinguish from the original signal
Impulse noise can damage more bits if the bits are closer together (transmitted at a faster rate)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Impulse Noise (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Impulse Noise (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
The bottom figure should show much more distortion, completely blowing out one or two bits of information.
*
Crosstalk
Unwanted coupling between two different signal paths
For example, hearing another conversation while talking on the telephone
Relatively constant and can be reduced with proper measures
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Crosstalk (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Echo
The reflective feedback of a transmitted signal as the signal moves through a medium
Most often occurs on coaxial cable
If echo bad enough, it could interfere with original signal
Relatively constant, and can be significantly reduced
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Echo (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Jitter
The result of small timing irregularities during the transmission of digital signals
Occurs when a digital signal is repeated over and over
If serious enough, jitter forces systems to slow down their transmission
Steps can be taken to reduce jitter
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Jitter (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Delay Distortion
Occurs because the velocity of propagation of a signal through a medium varies with the frequency of the signal
Can be reduced
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Attenuation
The continuous loss of a signal’s strength as it travels through a medium
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Error Prevention
To prevent errors from happening, several techniques may be applied:
Proper shielding of cables to reduce interference
Telephone line conditioning or equalization
Replacing older media and equipment with new, possibly digital components
Proper use of digital repeaters and analog amplifiers
Observe the stated capacities of the media
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Error Prevention (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Error Detection
Despite the best prevention techniques, errors may still happen
To detect an error, something extra has to be added to the data/signal
This extra is an error detection code
Three basic techniques for detecting errors: parity checking, arithmetic checksum, and cyclic redundancy checksum
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Parity Checks
Simple parity
If performing even parity, add a parity bit such that an even number of 1s are maintained
If performing odd parity, add a parity bit such that an odd number of 1s are maintained
For example, send 1001010 using even parity
For example, send 1001011 using even parity
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Parity Checks (continued)
Simple parity (continued)
What happens if the character 10010101 is sent and the first two 0s accidentally become two 1s?
Thus, the following character is received: 11110101
Will there be a parity error?
Problem: Simple parity only detects odd numbers of bits in error
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Parity Checks (continued)
Longitudinal parity
Adds a parity bit to each character then adds a row of parity bits after a block of characters
The row of parity bits is actually a parity bit for each “column” of characters
The row of parity bits plus the column parity bits add a great amount of redundancy to a block of characters
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Parity Checks (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Parity Checks (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Parity Checks (continued)
Both simple parity and longitudinal parity do not catch all errors
Simple parity only catches odd numbers of bit errors
Longitudinal parity is better at catching errors but requires too many check bits added to a block of data
We need a better error detection method
What about arithmetic checksum?
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Arithmetic Checksum
Used in TCP and IP on the Internet
Characters to be transmitted are converted to numeric form and summed
Sum is placed in some form at the end of the transmission
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Arithmetic Checksum
Simplified example:
56
72
34
48
210
Then bring 2 down and add to right-most position
10
2
12
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Arithmetic Checksum
Receiver performs same conversion and summing and compares new sum with sent sum
TCP and IP processes a little more complex but idea is the same
But even arithmetic checksum can let errors slip through. Is there something more powerful yet?
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Cyclic Redundancy Checksum
CRC error detection method treats the packet of data to be transmitted as a large polynomial
Transmitter takes the message polynomial and using polynomial arithmetic, divides it by a given generating polynomial
Quotient is discarded but the remainder is “attached” to the end of the message
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Cyclic Redundancy Checksum (continued)
The message (with the remainder) is transmitted to the receiver
The receiver divides the message and remainder by the same generating polynomial
If a remainder not equal to zero results, there was an error during transmission
If a remainder of zero results, there was no error during transmission
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Cyclic Redundancy Checksum (continued)
Some standard generating polynomials:
CRC-12: x12 + x11 + x3 + x2 + x + 1
CRC-16: x16 + x15 + x2 + 1
CRC-CCITT: x16 + x15 + x5 + 1
CRC-32: x32 + x26 + x23 + x22 + x16 + x12 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x + 1
ATM CRC: x8 + x2 + x + 1
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Cyclic Redundancy Checksum (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Error Control
Once an error is detected, what is the receiver going to do?
Do nothing (simply toss the frame or packet)
Return an error message to the transmitter
Fix the error with no further help from the transmitter
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Do Nothing (Toss the Frame/Packet)
Seems like a strange way to control errors but some lower-layer protocols such as frame relay perform this type of error control
For example, if frame relay detects an error, it simply tosses the frame
No message is returned
Frame relay assumes a higher protocol (such as TCP/IP) will detect the tossed frame and ask for retransmission
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Return A Message
Once an error is detected, an error message is returned to the transmitter
Two basic forms:
Stop-and-wait error control
Sliding window error control
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Stop-and-Wait Error Control
Stop-and-wait is the simplest of the error control protocols
A transmitter sends a frame then stops and waits for an acknowledgment
If a positive acknowledgment (ACK) is received, the next frame is sent
If a negative acknowledgment (NAK) is received, the same frame is transmitted again
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Stop-and-Wait Error Control (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control
These techniques assume that multiple frames are in transmission at one time
A sliding window protocol allows the transmitter to send a number of data packets at one time before receiving any acknowledgments
Depends on window size
When a receiver does acknowledge receipt, the returned ACK contains the number of the frame expected next
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
Older sliding window protocols numbered each frame or packet that was transmitted
More modern sliding window protocols number each byte within a frame
An example in which the packets are numbered, followed by an example in which the bytes are numbered:
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
Notice that an ACK is not always sent after each frame is received
It is more efficient to wait for a few received frames before returning an ACK
How long should you wait until you return an ACK?
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
Using TCP/IP, there are some basic rules concerning ACKs:
Rule 1: If a receiver just received data and wants to send its own data, piggyback an ACK along with that data
Rule 2: If a receiver has no data to return and has just ACKed the last packet, receiver waits 500 ms for another packet
If while waiting, another packet arrives, send the ACK immediately
Rule 3: If a receiver has no data to return and has just ACKed the last packet, receiver waits 500 ms
No packet, send ACK
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
What happens when a packet is lost?
As shown in the next slide, if a frame is lost, the following frame will be “out of sequence”
The receiver will hold the out of sequence bytes in a buffer and request the sender to retransmit the missing frame
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
What happens when an ACK is lost?
As shown in the next slide, if an ACK is lost, the sender will wait for the ACK to arrive and eventually time out
When the time-out occurs, the sender will resend the last frame
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Sliding Window Error Control (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Correct the Error
For a receiver to correct the error with no further help from the transmitter requires a large amount of redundant information to accompany the original data
This redundant information allows the receiver to determine the error and make corrections
This type of error control is often called forward error correction and involves codes called Hamming codes
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Correct the Error (continued)
Hamming codes add additional check bits to a character
These check bits perform parity checks on various bits
Example: One could create a Hamming code in which 4 check bits are added to an 8-bit character
We can number the check bits c8, c4, c2 and c1
We will number the data bits b12, b11, b10, b9, b7, b6, b5, and b3
Place the bits in the following order: b12, b11, b10, b9, c8, b7, b6, b5, c4, b3, c2, c1
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Correct the Error (continued)
Example (continued):
c8 will perform a parity check on bits b12, b11, b10, and b9
c4 will perform a parity check on bits b12, b7, b6 and b5
c2 will perform a parity check on bits b11, b10, b7, b6 and b3
c1 will perform a parity check on bits b11, b9, b7, b5, and b3
The next slide shows the check bits and their values
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Correct the Error (continued)
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Correct the Error (continued)
The sender will take the 8-bit character and generate the 4 check bits as described
The 4 check bits are then added to the 8 data bits in the sequence as shown and then transmitted
The receiver will perform the 4 parity checks using the 4 check bits
If no bits flipped during transmission, then there should be no parity errors
What happens if one of the bits flipped during transmission?
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Correct the Error (continued)
For example, what if bit b9 flips?
The c8 check bit checks bits b12, b11, b10, b9 and c8 (01000)
This would cause a parity error
The c4 check bit checks bits b12, b7, b6, b5 and c4 (00101)
This would not cause a parity error (even number of 1s)
The c2 check bit checks bits b11, b10, b7, b6, b3 and c2 (100111)
This would not cause a parity error
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Correct the Error (continued)
For example, what if bit b9 flips? (continued)
The c1 check bit checks b11, b9, b7, b5, b3 and c1 (100011)
This would cause a parity error
Writing the parity errors in sequence gives us 1001, which is binary for the value 9
Thus, the bit error occurred in the 9th position
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Error Detection In Action
FEC is used in transmission of radio signals, such as those used in transmission of digital television (Reed-Solomon and Trellis encoding) and 4D-PAM5 (Viterbi and Trellis encoding)
Some FEC is based on Hamming Codes
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Summary
Noise is always present in computer networks, and if the noise level is too high, errors will be introduced during the transmission of data
Types of noise include white noise, impulse noise, crosstalk, echo, jitter, and attenuation
Among the techniques for reducing noise are proper shielding of cables, telephone line conditioning or equalization, using modern digital equipment, using digital repeaters and analog amplifiers, and observing the stated capacities of media
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Summary (continued)
Three basic forms of error detection are parity, arithmetic checksum, and cyclic redundancy checksum
Cyclic redundancy checksum is a superior error-detection scheme with almost 100 percent capability of recognizing corrupted data packets
Once an error has been detected, there are three possible options: do nothing, return an error message, and correct the error
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
*
Summary (continued)
Stop-and-wait protocol allows only one packet to be sent at a time
Sliding window protocol allows multiple packets to be sent at one time
Error correction is a possibility if the transmitted data contains enough redundant information so that the receiver can properly correct the error without asking the transmitter for additional information
Data Communications and Computer Networks: A Business User’s Approach, Eighth Edition
© 2016. Cengage Learning. All Rights Reserved.
*
Subject: Telecommunication Systems and Management
601 Assignment 6
Assignment Description
· Describe the techniques used to secure wireless communications.
350+words APA format and two references please
601 Discussion 6
Discussion Topic
Discuss the advantages to a business of having a security policy?
200+ words, APA format, and one reference please
