What Makes a Network Vulnerable?

Up to now, we have reviewed network concepts with very little discussion of their security implications. But our earlier discussion of threats and vulnerabilities, as well as outside articles and your own experiences, probably have you thinking about the many possible attacks against networks. This section describes some of the threats you have already hypothesized and perhaps presents you with some new ones. But the general thrust is the same: threats aimed to compromise confidentiality, integrity, or availability, applied against data, software, and hardware by nature, accidents, nonmalicious humans, and malicious attackers.

Anonymity. An attacker can mount an attack from thousands of miles away and never come into direct contact with the system, its administrators, or users. The potential attacker is thus safe behind an electronic shield. The attack can be passed through many other hosts in an effort to disguise the attack's origin. And computer-to-computer authentication is not the same for computers as it is for humans secure distributed authentication requires thought and attention to detail.

Many points of attack—both targets and origins. A simple computing system is a self-contained unit. Access controls on one machine preserve the confidentiality of data on that processor. However, when a file is stored in a network host remote from the user, the data or the file itself may pass through many hosts to get to the user. One host's administrator may enforce rigorous security policies, but that administrator has no control over other hosts in the network. Thus, the user must depend on the access control mechanisms in each of these systems. An attack can come from any host to any host, so that a large network offers many points of vulnerability.

Sharing. Because networks enable resource and workload sharing, more users have the potential to access networked systems than on single computers. Perhaps worse, access is afforded to more systems, so that access controls for single systems may be inadequate in networks.

Unknown perimeter. A network's expandability also implies uncertainty about the network boundary. One host may be a node on two different networks, so resources on one network are accessible to the users of the other network as well. Although wide accessibility is an advantage, this unknown or uncontrolled group of possibly malicious users is a security disadvantage. A similar problem occurs when new hosts can be added to the network. Every network node must be able to react to the possible presence of new, untreatable hosts

Advantages of a Network

A computer network is basically a connection of computers and resources like printers, scanners, etc. Here are some of the advantages

File Sharing: Networks offer a quick and easy way to share files directly. Instead of using a disk or USB key to carry files from one computer or office to another, you can share files directly using a network.

Software Cost and Management: Many popular software products are available for networks at a substantial savings in comparison to buying individually licensed copied for all of your computers. You can also load software on only the file server which saves time compared to installing and tracking files on independent computers. Upgrades are also easier because changes only have to be done once on the file server instead of on individual workstations.

Security: Specific directories can be password protected to limit access to authorized users. Also, files and programs on a network can be designated as "copy inhibit" so you don’t have to worry about the illegal copying of programs.

Resource Sharing: All computers in the network can share resources such as printers, fax machines, modems, and scanners.

Communication: Even outside of the internet, those on the network can communicate with each other via electronic mail over the network system. When connected to the internet, network users can communicate with people around the world via the network.

Flexible Access: Networks allow their users to access files from computers throughout the network. This means that a user can begin work on a project on one computer and finish up on another. Multiple users can also collaborate on the same project through the network.

Workgroup Computing: Workgroup software like Microsoft BackOffice enables many users to contribute to a document concurrently. This allows for interactive teamwork.

ISO Reference Model

Try to think of the seven layers as the assembly line in the computer and how it work. Lot of the people not knows how it runs At each layer, certain things happen to the data that prepare it for the next layer. The seven layers, which separate into two sets, are:

• Application Set
• Layer 7: Application - This is the layer that actually interacts with the operating system or application whenever the user chooses to transfer files, read messages or perform other network-related activities.
• Layer 6: Presentation - Layer 6 takes the data provided by the Application layer and converts it into a standard format that the other layers can understand.
• Layer 5: Session - Layer 5 establishes, maintains and ends communication with the receiving device.
• Transport Set
• Layer 4: Transport - This layer maintains flow control of data and provides for error checking and recovery of data between the devices. Flow control means that the Transport layer looks to see if data is coming from more than one application and integrates each application's data into a single stream for the physical network.
• Layer 3: Network - The way that the data will be sent to the recipient device is determined in this layer. Logical protocols, routing and addressing are handled here.
• Layer 2: Data - In this layer, the appropriate physical protocol is assigned to the data. Also, the type of network and the packet sequencing is defined.
• Layer 1: Physical - This is the level of the actual hardware. It defines the physical characteristics of the network such as connections, voltage levels and timing.

Computer Networks

A computer network is a group of computers that are connected to each other for the purpose of communication. Networks may be classified according to a wide variety of characteristics. This article provides a general overview of some types and categories and also presents the basic components of a network.

Network Architecture

Network architecture is the design of a communications network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation.

Network can provide

· Logical interface function

· Sending messages

· Receiving messages

· Executing program

· Obtaining status information

· Obtaining status information on other network users and their status

· LAN - Local Area Network

· WLAN - Wireless Local Area Network

· WAN - Wide Area Network

· MAN - Metropolitan Area Network

· SAN - Storage Area Network, System Area Network, Server Area Network, or sometimes Small Area Network

· CAN - Campus Area Network, Controller Area Network, or sometimes Cluster Area Network

· PAN - Personal Area Network

· DAN - Desk Area Network

Network Topology

Bus Topology

A bus network uses a multi-drop transmission medium, all node on the network share a common bus and thus share communication. This allows only one device to transmit at a time. A distributed access protocol determines which station is to transmit. Data frames contain source and destination addresses, where each station monitors the bus and copies frames addressed to itself. A bus topology connects each computer (nodes) to a single segment trunk (a communication line, typically coax cable that is referred to as the 'bus'. The signal travels from one end of the bus to the other. A terminator is required at each to absorb the signal so as it does not reflect back across the bus. A media access method called CSMA/MA is used to handle the collision that occurs when two signals placed on the wire at the same time. The bus topology is passive. In other words, the computers on the bus simply 'listen' for a signal; they are not responsible for moving the signal along.

Star Topology

Many home networks use the star topology. A star network features a central connection point called a "hub" that may be a hub, switch or router. Devices typically connect to the hub with Unshielded Twisted Pair (UTP) Ethernet. Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN.

Ring Topology

In a ring network, every device has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (either "clockwise" or "counterclockwise"). A failure in any cable or device breaks the loop and can take down the entire network. To implement a ring network, one typically uses FDDI, SONET, or Token Ring technology. Ring topologies are found in some office buildings or school campuses.

Mesh Topology

Mesh topologies involve the concept of routes. Unlike each of the previous topologies, messages sent on a mesh network can take any of several possible paths from source to destination. (Recall that even in a ring, although two cable paths exist, messages can only travel in one direction.) Some WANs, most notably the Internet, employ mesh routing. A mesh network in which every device connects to every other is called a full mesh. As shown in the illustration below, partial mesh networks also exist in which some devices connect only indirectly to others.