Lecture Notes Fit1047

lOMoARcPSD|3336559
Lecture Notes - FIT1047
Introduction to Computers, Networks and Security (Monash University)
StuDocu is not sponsored or endorsed by any college or university

Downloaded by fizz 2win ([email protected])
lOMoARcPSD|3336559
Week 1: Bits, bytes and words

ASCII – 7 bit alphabet
EXTENDED ASCII – 8 bit alphabet
UNICODE – 16 bit alphabet
Bit = single unit consisting of either 0 or 1
Byte = eight bits
Word = any collection of bits. Typical word length is 32 or 64 bit for computers
A word of size n, can represent the numbers from 0 to 2^n-1.

Binary = base 2 numbering system
Decimal = base 10 system
Hexadecimal = base 16 numbering system
A 4-bit binary code can represent hexadecimal as 2^3 = 16
Giga =10003, tera =10004 , peta =10005, kibi =1024, mebi =1024 2, gibi = 1024 3
HEX DECIMAL 4-BIT BINARY
0 0 0000
1 1 0001
F 15 1111
Tasks:
3.a Convert the base 16 number 123C9F to base 10 using both methods
Fast method = place base number, multiply by base, proceed to add next base
number, then multiply by base, until add final base number.
E.g. 1 * 16 5 + 2 * 16 4 + 3 * 16 3 + 12 * 16 2 + 9 * 161 + 15 * 16 0 = 1,195,167
Convert 1286 from base 10 to base 16

lOMoARcPSD|3336559
Division Result Remainder Base 16

number
1286/16 =80.375 .375 = 6 6
80/16 =5 0 0
5/16 =.3125 16*.3125 = 5 5
3.c Convert the hexadecimal (base 16) number AFC934B2D to binary without the
use of addition, subtraction, multiplication, or division
Simply convert every specific hexadecimal digit into a 4 line bit to solve.
Negative binary numbers
Sign and magnitude
Use one bit as the sign bit. The leftmost bit represents its sign, 0 means positive,
1 means negative. E.g. 8-bit number 11010110 is -86, as leftmost bit 1 is
negative, and the seven bits represent 86.
One’s complement
Simply by flipping all bit values. If leftmost bit is 0, the number is positive
Important rule with adding/subtracting, If the final carry (leftmost bit) is 1, carry it
to the end.
Adding in one’s complement is easy.

If you want to do 2 – 1, this can be done with 2 + (-1).
Which equals 010 + 110 = 1000
Final carry is 1, so carry it to end.
Answer is 001
Two’s complement
Simply by flipping all bit values then adding 1
Simple rule:
Table Overfows can Two positive number add up
Note that with 3 bits, we happen e.g. to negative = overfow E.g.
cannot represent 4, 3 + 2 = 5 = 101
3+2=5
Two negative number result
011 + 010 =
in positive = overfow E.g. -
101
4-3 = 100 + 101 = 1001,
However 101 ignoring carry bit is 001,
= -3 which is 1

lOMoARcPSD|3336559
because binary would be 100, and this would be represented as a negative

number.
Adding in Two’s complement is straightforward. Just ignore carry bits.
1. 2 + 1 = 3
010 + 001 = 011
2. 3 – 1 = 2
3 + (-1) = 2
011 + 111 = 010
3. 2 – 4 = -2
2 + (-4) = -2
010 + 100 = 110
Decimal One’s Complement Two’s Complement
0 000 000
1 001 001
2 010 010
3 011 011
-0 111 n.a
-1 110 111
-2 101 110
-3 100 101
-4 n.a 100
Floating Point Numbers

Scientific notation
X * base 10 of some exponent
E.g. 300,000 = 3 * 10^5
Scientific notation has precision issues.
1/3 in base 10 is 0.33333333333
2/3 in base 10 is 0.666666666666
But 1/3 + 2/3 = 1
Floating point representation = a x 2^b

lOMoARcPSD|3336559
Error Detection – Binary data is just strings of bits, if there is an error we need
to check
Methods:
Parity bits – adding a parity bit to binary data is to detect that one single bit has
changed. Usually at the end of a byte.
E.g. Electrical signal causes a byte data transmission to send wrong data.
1 1 0 0 1 1 0 1
= 205
1 1 1 0 1 1 0 1
= 237
In order for a computer to determine if a byte transmission is correct, it would
initiate an even parity check or an odd parity check
For an even parity check, the parity bit would be a zero
E.g. 00110110
For an odd parity check, the parity bit would be a one
E.g. 00111011
This allows so that any distortion in the byte will immediately notify the computer
that its wrong. However, if two bit’s have been altered, then the computer
recognizes it’s the same even/odd result, hence a problem.
Checksum – Counting the number of bits
A specific number is agreed upon.
Example for a checksum (16 is the agreed number):
43 52 43 30 31 30
Add up all numbers 43+52+43+30+31+30=229 and divide by the agreed number:

229/16=14 with a remainder 5. Thus, the message including the checksum looks
like this:
43 52 43 30 31 30 5

lOMoARcPSD|3336559
Errors can be detected easily by any change e.g.
43 52 43 29 31 30 5 = 228/16 = 14 remainder 4
There is a small problem however as there can be a chance that multiple errors
can cancel each other out e.g.
43 54 43 28 31 30 5 = 229/16 = 14 remainder 5
Cyclic Redundancy Check (CRC) – Concatenates the entire sequence of

numbers e.g. 43 54 43 28 31 30 becomes 435443283130
And divides by a agreed number. E.g. 16
Remainder = 10
So when messages are transmitted the Remainder should be 10 otherwise there

is a problem.

lOMoARcPSD|3336559
Week 2 From logic to algebra

Boolean logic – The simplest possible logic based on TRUE and FALSE.
Usually TRUE = 1, FALSE = 0
1. A and B can be presented as A * B, or AB
4. A or B can be presented as A + B
5. NOT A can be presented as A’ or A with a line above it.
AND Table
A B A*B
0 0 0
0 1 0
1 0 0
1 1 1
OR Table
A B A+B
0 0 0
0 1 1
1 0 1
1 1 1
NOT Table
A ¬A
0 1
1 0
Computer Gate Symbols

lOMoARcPSD|3336559
Universal gates:
NAND gates
´ .
NAND is AB
NOR gates
A B ´B.
A+
0 0 1
0 1 0
1 0 0
1 1 0
Boolean algebra Laws

 Identity Law
AND Form OR Form
1*A=A 0+A=A
 Null Law
AND Form OR Form
0*A=0 1+A=1
 Idempotent Law
AND Form OR Form
A*A=A A+A=A
 Complement Law
AND Form OR Form
A ∗ Á = 0 A+ Á = 1

lOMoARcPSD|3336559
 Commutative Law
AND Form OR Form
A*B=B*A A+B=B+A
 Associative Law
AND Form OR Form
(AB)C = A(BC) A+(B+C) = (A+B)+C
 Distributive Law
AND Form OR Form
A+(BC) = (A+B)(A+C) A(B+C) = AB+AC
 Absorption Law
AND Form OR Form
A(A+B) = A A + AB = A
 DeMorgans Law
AND Form OR Form
A´. B = Á+ B́ ´ B ) = Á ∗ B́
( A+
 Double complement Law: Two nots = positive, NOT(NOT A) = A

Karnaugh maps
A way to minimize the solution to a Boolean function.
E.g. for 3 variable map (A+B) C
A B C X
0 0 0 0
0 0 1 0
0 1 1 1
0 1 0 1
1 0 0 1
1 0 1 0
1 1 1 1
1 1 0 1

lOMoARcPSD|3336559
A K-Map can simplify the above into

00 01 11 10
0 0 0 1 1
1 1 0 1 1
There is one large group with 4 1s that is covering the complete space for A=1
There is another group for the two 1’s, where C = 1 and B = 0
Hence we can simplify the function to F(A,B,C) = A + B́C
Rules of K-Maps:
1. No group can contain 0
2. Groups must be horizontal/vertical/square but never diagonal
3. Groups must be in power of 2’s
4. Groups must be as large as possible
5. Groups can overlap
6. Groups can overlap around the map

lOMoARcPSD|3336559
Week 3 + 4: Von Neumann Architecture + Memory & I/O
Basis for a modern CPU,
consists CPU, memory,
input/output devices.
CPU can be devided into
the Arithmetic Logic Unit
(ALU), a number of
registers, and the Control
Unit (CU).
Registers – store temporary results and move instructions and data around
ALU – performs calculations in the CPU
CU – manages execution of program instructions by fetching instructions from
memory.
CPU's
6. Built out of logic gates
7. Executes instructions
8. Connected to memory and I/O devices

lOMoARcPSD|3336559
Compilers
CPU’s are unable to execute/interpret high-level languages. CPUs can only
execute machine code. A compiler takes a program and translates it into a lower
level language. C++ translates into machine code. Java translates into byte code.
Interpreters
A program that executes high-level languages. Advantage is that can be run
everywhere. Disadvantage is that slower to execute than compilers.
Machine code
A very low-level programming language. Program is a sequence of individual
instructions, each line being just a sequence of bits. The program is stored in
memory.
Each line in machine code is a 16-bit word, e.g.
0001000000000100
0001000000000100
A protocol that a CPU uses to understand machine code is called the Instruction
Set Architecture (ISA). Different CPUs have different ISA’s. A CPU must be able
to do 3 things:
 Perform math’s (add, subtract, multiply, compare)
 Move data between memory, CPU and I/O devices
 Execute conditionals and loops

lOMoARcPSD|3336559
CPU COMPONENTS
Memory
Main memory is like a sequence of locations, each of which can store one value.
Each value has a fixed width, a fixed number of bits. A program can read the
value stored in the location, and change it. In order to determine that, programs
need to be able to know which memory location they want to read or change.
That is why each location gets an address, by labelling the locations, starting
from 0. One memory location stores one byte, this is byte-addressable memory.
In MARIE, one memory location stores one word. In order to address 2n memory
locations, we always need n bits for the addresses.
Registers
A very fast memory location inside the CPU. Can only store a single word. There
are general-purpose registers used by programmers and special purpose
registers used by the CPU. Two special purpose registers are the
 Program Counter – continually stores the address of the next instruction to
execute from CPU
 Instruction Register – Stores the current instruction that the CPU is
executing

lOMoARcPSD|3336559
ALU, Control Unit and the Bus
Arithmetic logic unit (ALU) – Responsible for performing basic computations like
addition and multiplication, as well as Boolean logic operations like AND and OR.
Control Unit (CU) – Responsible for coordinating all components of the CPU. E.g.
it can switch the memory into “read” or “write” mode, select a certain register for
reading or writing, and tell the ALU what kind of operation to perform. All this is
based on the current instruction in the IR.
Fetch, Decode, Execute Cycle
The process in the Control unit:
1. Fetch – CU transfers instructions from main memory into the IR, then
increments the PC by one, taking one sequence each time
2. Decode – CU looks at instructions in IR and decode what it “means”
3. Execute – CU performs instructions after decoding instructions
4. Repeat – Starts fetching next instruction from the PC (program counter)
Bus(s) – Responsible for connecting the components inside the CPU, as well as
to I/O devices.

lOMoARcPSD|3336559
The MARIE architecture
1. 16 bit words
2. Only 16 instructions
3. One single general-purpose register
4. Instructions are one 16-bit word, composed of a 4-bit opcode and a 12-bit
address
Registers
 AC –The only general-purpose register
 MAR (Memory Address Register)– Holds a memory address of a word
that needs to be read or written to memory
 MBR (Memory Buffer Register)– Holds the data read from or written to
memory
 IR (Instruction Register) – Contains the instructions that is currently being
executed
 PC (Program Counter)– Contains the address of the next instruction
Instructions
Each instruction in MARIE is a 16-bit word. The leftmost 4 bits represents the
opcode, which tells us what kind of instruction it is. The remaining 12 bits
contains an address of a memory location the instruction should work with.
E.g., the opcode 0001 means “Load the value stored at the address mentioned in
the remaining 12 bits of the register

lOMoARcPSD|3336559
OPCODE MNEMONIC EXPLANATION
0001 Load X Load value from locationXintoAC
Jns X Jumps to location X+1 and stores next address
below Jns into value of X
Jump I X is used to exit subroutine
0010 Store X Store value fromACinto locationX
0011 Add X Add value stored at locationXto current value inAC
0100 Subt X Subtractvalue stored at locationXfrom current value
inAC
0101 Input Read user input intoAC
0110 Output Output current value ofAC
0111 Halt Stop execution
1010 Clear SetACto0
Notice how instructions use the AC register as temporary storage. Now we can
write a simple program.

lOMoARcPSD|3336559
Load number from memory address 4 into AC register

Add number from memory address 5 to AC register
Store result from AC register into memory address 6
Stop execution
=
Load 4
Add 5
Store 6
Halt
Two more special Opcode’s are used to perform stronger programming. They
allow jumping to different parts of the program depending on certain conditions.
1000 SkipCond X Skip next instruction under certain condition
(depends on X)
1001 Jump X Continue execution at location X
The jump instruction sets the PC register number to X.
SkipCond is a conditional instruction:
 SkipCond 000: If the value in AC is smaller than 0, then skip the next
instruction.
 SkipCond 400: If the value in AC is equal to 0, then skip the next
instruction.
 SkipCond 800: If the value in AC is greater than 0, then skip the next
instruction.

lOMoARcPSD|3336559
In most cases, we want to use a combination of SkipCond and Jump to
implement conditional code. To implement a if-then-else construct, we do:
SkipCond skips the next instruction if the condition is true, so ‘else’ part should
go right after the skipCond, and the ‘then’ part comes after.
Input / Get user input into AC

SkipCond 800 / Skip next instruction if AC>0
Halt / Halt (if AC not greater than 0!)
Output / Output AC
Jump 0 / Jump back to beginning of the program
Indirect addressing
Instead of accessing the value stored at location x, we can use the value stored
at x as the address at which the actual value we want to use is stored. E.g.
ADDRESS VALUE
Now a Load 102 instruction = look into
100 3 address 102, find the value 100, and load the
value into the AC.

101 2
But the instruction Load I 102, would look
102 100
into address 102, use the value of 100 there
103 101 as an address, then looks into the address
100, and loads the value of 3 into the AC.

lOMoARcPSD|3336559
1011 Add I X Add value pointed to by X to AC
1100 Jump I X Continue execution at location pointed to by X
1101 Load I X Load from address pointed to by X into AC
1110 Store I X Store AC into address pointed to by X
From Instructions to Circuits
Data Paths- Describes how all functional units are connected together
Blue data bus – Transports words of data

between the memory, registers, and ALU. The
MBR is required to transfer data between
memory and register.
Green address bus – Connects the memory

with the MAR. Responsible for selecting the
memory address that the CPU reads or writes
to. E.g., Load 005 puts value 005 into MAR,

lOMoARcPSD|3336559
Register Transfer Language- A type of language that defines an even lower-
level language used for the fetch-decode-execute cycle.
Process Steps Description RTL
Fetch 1 Address stored in PC copies into the MAR ← PC
MAR
2 Address stored in MAR copies into MBR ← M[MAR]
MBR
3 Address stored in MBR copies into IR IR ← MBR
4 PC increments by 1 PC ← PC+1
Decode 5 CU looks at instruction in IR and MAR ← X
performs action
6 If instruction needs to read, then data is MBR ← M[MAR]
read from memory into the MBR
7 This instruction depends on the task
being executed

lOMoARcPSD|3336559
Final step 7 execute RTL
instructions in RTL
Load X 7. AC ← MBR
Store X 6. MBR ← AC
7. M[MAR] ← MBR
Add X 7. AC ← AC + MBR
Subt X 7. AC ← AC – MBR
SkipCond X 6. If MAR = 0x800 and AC>0 then PC ← PC + 1
If MAR = 0x400 and AC=0 then PC ← PC + 1
If MAR = 0x000 and AC<0 then PC ← PC + 1
Jump X 6. PC ← MBR
Clear 5. AC ← 0
AddI X 7. MAR ← MBR
8. MBR ← M[MAR]
9. AC ← AC + MBR
JumpI X 7. PC ← MBR
LoadI X 7. MAR ← MBR
8. MBR ← M[MAR]
9. AC ← MBR
StoreI X 7. MAR ← MBR
8. MBR ← AC
9. M[MAR] ← MBR
JnS X 6. MBR ← PC
7. AC ← MBR
8. AC ← MAR
9. PC ← AC + 1

lOMoARcPSD|3336559
Control Signals – An extra layer of information to the RTL, located on the

control bus through wires, it signals to the control unit what controls need to be
used for the current operation.
Signal Signal wires Number of bits Possible values

Register read P2P1P0 3 000 (None)
001 (MAR)
010 (PC)
011 (MBR)
100 (AC)
111 (IR)
Register write P5P4P3 3 000 (None)
001 (MAR)
010 (PC)
011 (MBR)
100 (AC)
111 (IR)
Memory read Mr 1 0 or 1
Memory write Mw 1 0 or 1
ALU operations A2A1A0 3 000 (nothing)
010 (add)
001 (subtract)
011 (clear)
100 (increment 1)
Combining both RTL and Control signals, The Add X instruction will look like this

lOMoARcPSD|3336559
Combinational Circuits
Circuits are collections of Boolean gates connected by wires. They include inputs
and outputs.
Adders - Adding two bits A and B.
A B Carr Resul
y t
0 0 0 0
0 1 0 1
1 0 0 1
AND GATE
1 1 1 0
XOR GATE
Half Adders – In order to construct a circuit that implements the function above
we look at the outputs. For Carry, we can see that it is 1 only when both inputs
are 1, hence an AND gate. For Result, we can see that it is 1 only if one of the
inputs is 1, hence an XOR gate.
Full Adders – A half adder is only half-useful. It can only add up two bits and
produce two new bits as output, so it cannot construct adders for larger numbers.

lOMoARcPSD|3336559
A B Carry-in Resul Carry-out
t
0 0 0 0 0
0 1 0 1 0
1 0 0 1 0
1 1 0 0 1
0 0 1 1 0
0 1 1 0 1
1 0 1 0 1
1 1 1 1 1
ALU
Inputs:
Two n-bit operands
Op-code (which operation?)
Outputs:
n-bit result and status flag (overflow? Error?)
Input/Output and the CPU

lOMoARcPSD|3336559
Memory-mapped I/O architecture – I/O registers are mapped into the address
space of the CPU
Instruction-based I/O architectures – CPU has special instructions to read from or
write to particular I/O devices
Programmed I/O
How does the program get notified that new input is available? Through a
process called polling
Program is used that goes through an infinite loop to check if the I/O registers
has new data to read, and if it does, it calls a subroutine to process the new data.
If polling is too fast, will waste computing power, if too slow, system will feel
laggy.
Disadvantage is that CPU has to constantly be running at 100% capacity.
Interrupts
Modern approach, makes the hardware notify the CPU when new data is
available. The CPU interrupts its current activity and jumps into a special
subroutine to process the I/O request.

lOMoARcPSD|3336559
Week 5: BIOS, UEFI, FIRMWARE
 Know the steps in a computer's start process

 Be able to explain the role of the different components in a computer
 Understand the difference between BIOS, UEFI, operating system,
drivers, etc.

lOMoARcPSD|3336559
Components of a computer
Computer start process ( BIOS STEPS)

Turn on power – power good signal
1. Initial software
 BIOS or UEFI controls start-up steps, providing system configuration like
power saving, security.
2. POST check:
 Check if system is OK
 System clock/timer is running
 Processor is okay
 BIOS is not corrupted
 Display is working
3. Video Card check – check if present, runs video card BIOS program to start it

lOMoARcPSD|3336559
4. Other hardware check – checks other devices ROM’s and starts it

5. Find Operating system
6. Boot sector – Boot sector takes over BIOS now.
BIOS vs UEFI
BIOS has very limited space, only 1024 kilobytes, and only works with specific
hard-drives up to 2.2 terabytes. Cannot work with future and current technology.
UEFI is Unified Extensible Firmware Interface, a programmable interface. It
works as a non-volatile memory, but is a software, acting as a BIOS.
OS- Operating system
1. Manages peripherals
2. Manages files
3. Manages Memory- Virtual and secondary
4. Manages interface

lOMoARcPSD|3336559
Week 6: Security
Learning Objectives:
 Introduction to Cryptography
 Symmetric vs public key cryptography
 Access control, passwords, user authentication
Cryptography: The encoding and decoding of secret messages
Symmetric Encryption: A cryptographic key is shared between 2 or more
principals.
The same key is used for encryption and decryption. Most symmetric algorithms
work with a mix of substitutions and permutations. Substitutions are defined by S-
boxes.
Public key cryptography (Asymstric Encryption): Utilizes a “hard” mathematical
problem and a large random number, a key-pair is generated, so that the private
key cannot be derived from the public key without solving the mathematical
problem. Every principal owns a unique pair of keys.

lOMoARcPSD|3336559
Example, RSA
Hash function for security:
S-boxes and permutations: Replacing a
hex number based on its position in an
array with first digit on side and second
digit on top. E.g. hex 31 will be replaced
by c7.
AES (Advanced Encryption Standard): The newest form of symmetric encryption
algorithm. Symmetric key recommended for 128 bits.
Disadvantages of Symmetric Cryptograhy:
 Key distribution – one needs to establish a shared secret
 Scalability – Each pair of sender and receiver needs a unique secret key.
With 12 participants, there needs 66 key. This grows exponentially.
Public Message Authentication Codes:
Piece of code used to authenticate a message, confirm that the message can
from the stated sender and has not been changed. Verifiers possess a secret key
to detect changes.

lOMoARcPSD|3336559
Cryptographic hash functions:
A algorithm that maps data of any size to a bit string of a fixed size which is
designed to be a one-way function, that is, a function which is infeasible to invert.
The only way to recreate the input data from a hash function's output is to
attempt a brute-force search of possible inputs to see if they produce a match.
They are used in digital signatures for storing and comparing passwords.
Ideal cryptographic hash functions should have the properties
 Computing hash value should be quick
 Deterministic, the same message always results in the same hash
 Infeasible to generate a message from its hash except by trying all
possible messages
 A small change to a message should change the hash value so much that
it does not look correlated at all with the old hash value
 Infeasible to find two different message with the same hash
Example hash functions:
 MD5
 SHA1 – not recommended anymore
 SHA-256 - recommended
 SHA-384
 SHA-512 - recommended

lOMoARcPSD|3336559
Week 7: Operating Systems
OS is a level of abstraction between hardware and software
Overview What does an OS do?
1. Process management (a process is a running program)
2. Memory management
3. I/O (it does more but that’s what we’ll cover)
The notion of process is quite important, and you need to know what the
difference is between a process and a program.
 A program is the code that you write, the sequence of instructions (and
possibly data). ∙
 A process is an instance of the program that is currently being executed
by a computer.
An important difference is that there can be multiple processes executing the
same program, e.g. some web browsers start a process for each open window.

lOMoARcPSD|3336559
Abstraction in OS
Virtualisation:
 Provide virtual form of each physical resource for each process.
This means you can code as if your program
 has the entire CPU to itself ∙
 has a large, contiguous memory just for itself
 can use system resources through library functions (e.g. keyboard,
graphics, disk, network)
The OS kernel
Modern operating systems have many different functions. The core functions is
controlled specifically by a part called the kernel.
The kernel implements process called ‘Timesharing’, this allows a single CPU to
run many processes. OS kernel switches between processes, Switching is so
fast it creates illusion that two process running at same time
Cooperative timesharing – OS gains control when user mode process makes a
system call. OS checks whether to switch process from A to B, if yes, put
process A into Ready state and switch B into Running state, else, just handle
system call and return to process A.

lOMoARcPSD|3336559
Preemptive timesharing - OS sets up timer interrupts. Interrupt switches to
kernel mode and calls interrupt handler in the OS. OS can then switch processes
or kill processes. E.g. in Windows task manager if program not responding, can
just kill it. You cannot do this in a cooperative timesharing system.
Managing processes
Mechanisms: virtualising the CPU
Processes: Created by loading code into memory. Can
be in one of 3 states
Challenges:
Performance:
1. CPU virtualisation should not create huge
overhead
Control:
1. OS must stay in control
2. Enable fair scheduling
3. Protect against malicious or buggy code
Requires hardware support!
Limited Direct Execution – Limiting access to the CPU as well as the I/O
devices, but not limiting access to memory.

lOMoARcPSD|3336559
But what is the main reason for virtualizing the memory in Limited Direct
Execution?
1. Enable protection of a process’s memory against malicious or buggy
processes
2. Make programming easier as programmer does not need to know exactly
how memory in target computer is organized
3. To enable processes to use more memory than is physically installed as
RAM, by using external storage as temporary memory.
When application code runs directly on the CPU. This creates problems like
“How to restrict what the program can do without affecting efficiency?” or “How to
stop a process and switch to another process?” The solution is process
switching. CPU has 2 modes.
Kernel mode: code is run without any restrictions. OS runs in kernel mode.
Interrupts trigger switch to kernel mode
User mode: Only a limited subset of instructions can be used, E.g. no I/O
instructions. Normal applications run in user mode.
Without I/O instructions, a process cannot simply access parts of the computer
e.g. the network, record sound, manipulate mouse, access hard disk.

lOMoARcPSD|3336559
System calls:
Special CPU instructions that let user mode call OS functions e.g.
 Perform file I/O
 Access the network interface
 Communicate with other processes
 Allocate memory
Software Interrupts
 Hardware triggers flag in CPU
 CPU jumps to special code and returns to running program
 Context switch makes sure program can continue as if no interrupt had
happened
Summary of mechanisms for process switching
1. CPU has user and kernel mode in order to control I/O and memory access
for applications, which use system calls in the OS to access privileged
operations
2. Interrupts cause the CPU to switch into kernel mode
3. These can be I/O interrupts, software interrupts (system calls), or timer
interrupts
4. The latter is preemptive timesharing, where the OS always regains
control of the system several times per second.

lOMoARcPSD|3336559
Process Scheduling
Policies that the OS uses in order to switch between processes. The OS needs
to decide how long each process gets to use the CPU before it switches to a
different process.
First-come first serve – Processes take turns, average turnaround time high, as
short process may need to wait in line for a long time
Shortest job first – More optimal schedule
Round-robin scheduling – fair schedule. During a certain time interval, all
processes get roughly equal access to the CPU. Problem however, some
processes may be more important than others and is more important, e.g.
playing a video.

lOMoARcPSD|3336559
Week 8: TCP/IP Basics and Application Layer
1. Name and describe the functions of the different layers of the Internet
Model
2. Identify different application architectures
3. Understand and analyze the HTTP and SMTP application layer protocols
Network Components:
1. Client – a device that enables users to access the network
2. Server – a device that provides services to clients. E.g. act as a storage,
printing server, web server
3. Switch – Device that connects multiple clients to form a LAN
4. Router – Device to connect different networks

lOMoARcPSD|3336559
Types of networks:
 LAN (Local Area Network) – A group of clients or servers that share a
local circuit, connected through switches and cables. Devices in a LAN
can communicate with each other without going through a router. Speed
usually 1Gbps (gigabit per second).
 BN (Backbone Network) – A network that connects multiple LAN’s using
routers. Usually does not contain clients or servers, it is used to transfer
network traffic between LAN’s, e.g. connect different floors, or campuses
of a building. Speed usually 10 Gbps.
 MAN (Metropolitan Area Network) – Large network that connects LANs
and BNs across locations, e.g. across a country. This network is usually
leased to a third-party company to handle the network connection.
 WAN (Wide Area Network) – Similar to MAN except that it connect
networks across large geographical locations. E.g. country to country.
Network application architectures:
In most cases, a client will communicate with a server, and they together provide
an application to the user. There are four main tasks application to perform:
 Presentation logic – application providing user interface
 Application logic – define how application behaves, e.g. what happens
when user performs a certain action
 Data access logic – how application manages its data. E.g. updating data
whenever user makes changes or retrieving information when user does
something

lOMoARcPSD|3336559
 Data storage – where data is kept.
In a server-based application architecture, almost all processing is done by the
server. The client is just a “dumb terminal”.
Client-based server, client does everything besides data storage
In a client-server based architecture, there is a central file storage facility,
allowing multiple users to work on the same files together. In this architecture,
the client performs the presentation and application logic, while the server
performs data access and storage.
A thin-client architecture is where the client performs only presentation logic,
while the server performs the rest. This is common is web applications where
webpages renders the page to users screens, but any action the user does is
handled by the server.
A multi-tier archictecture is where multiple servers are used to handle specific
tasks of the application.
A peer-to-peer architecture is where no server is used at all. Clients connect to
each other with each client implementing all aspects of the application.

lOMoARcPSD|3336559
Layers and protocols
The Internet Model:
1. Hardware layer - concerns with hardwire like cables, plugs sockets,
antennas. Specifies the signals that are transmitted
2. Data link layer - defines the interface between hardware and software.
Specifies how devices in a LAN can exchange packets.
3. Network layer – responsible for routing, decides which path a packet takes
through the network
4. Transport layer – establishes a logical connection between an application
sending a message and receiving application.
5. Application layer – Actual application software that a user interacts with.
Protocol Data Units – A formal language that defines how two applications talk to
each other during each layer.
 Hardware layer PDU is a bit
 Data link layer PDU is a frame
 Network layer PDU is a packet
 Transport layer PDU is a segment or a datagram
 Application layer its messages

lOMoARcPSD|3336559
The World Wide Web – The largest application layer besides electronic mail
URL – The address of a document of the WWW
HTTP – a standard set of commands that is understood by all web browsers and
servers
Request-response cycle
HTTP operates in this cycle
HTML – the document format for web pages
Electronic Mail
Client-server approach to email – two-tier client-server application
Simple Mail Transfer protocol (SMTP) – sender uses the protocol to send a
message to a mail server. This forwards to the recipients mail server. The
recipient then uses either the Post Office Protocol (POP) or the Internet Message
Access Protocol (IMAP) to access their emails on the server.

lOMoARcPSD|3336559
Week 9: TCP/IP Physical and Data link Layer
 Understand how messages can be transmitted over physical media such
as copper cables, optical fibres or radio waves
 Look at Media Access Control (Data Link layer): when is a device allowed
to transmit?
 Study the basic structure of Ethernet and Wi-Fi networks
Network interface card (NIC):
Implements physical and data
link layer:
 Includes unique data link
layer address (MAC
address)
 Provides physical connection to the network (socket or antenna)
 Implements protocols (error detection, construction of frames, modulation)
 Often built into motherboard
 Or connected via USB, PCI express

lOMoARcPSD|3336559
Network Cables:
UTP is the most common modern cable
Physical Layer:
We transmit information using physical signals via a medium e.g. electrical
signals (copper wires), radio waves (air), and light signals (optical fibre).
Digital data: Discrete values like 0 and 1, or alphabets. Steps from one symbol to
the next. Signal In the form of discrete states
Analog data: Range of possible values like temperature or air pressure.
Continuous variation over time. Signal continuous, like a sin wave.

lOMoARcPSD|3336559
Transmission types:
 Analog signal for analog data
Analog FM radio
 Digital signals for digital data
Old Ethernet, USB, bus in computer
 Analog signals for digital data
Modems, ADSL, Ethernet, Wi-Fi, 4G
Digital transmission:
Digital signals are typically transmitted through copper cables. It encodes 0s and
1s into different voltage levels on the cable, resulting in a square wave.
Unipolar encoding – Use only
positive voltage
Bipolar encoding – Use both positive and negative voltage to achieve bigger
difference in signal

lOMoARcPSD|3336559
Analog transmission:
Frequency = how many oscillations (waves) per second
Amplitude = volume
In order to transmit data using analog waves, we can simply modify each of
these parameters.
Frequency Modulation technique (FM): Using frequency to send a 1 or 0.
A high frequency
is interpreted as
‘1’ and low as ‘0’.
Amplitude modulation technique (AM): Using amplitude to send a 1 or 0. High
amplitude interpreted as ‘1’, low amplitude as ‘0’.

lOMoARcPSD|3336559
Multiple different amplitudes and phases allow for packing of more data. By using
four different amplitudes and two different phases, we can now encode a unit
number between 0 and 7 rather than just 0 or 1. E.g., the second-highest
amplitude combined with the downward phase represents the number 3.
Meaning we can now transmit four times the amount of data
Modems
The process of turning digital data into analog signals is called modulation, the
reverse process is demodulation. A device that does these tasks is called a
modem.

lOMoARcPSD|3336559
Data Link Layer:
 Controls access to the physical layer
 Encodes/decodes between frames and signals
 Implements error detection
 Interfaces to the network layer
Media Access Control
MAC tries to solve the problem that only one device is allowed to transmit at the
same time. There are two approaches to MAC.
1. Control access MAC
Only one device has permission to send at any time
 Central authority assigns permission to send
 Or the permission gets passed from device to device
2. Contention-based MAC
Any device can transmit at any time
 FIFO (First come first serve)
Collisions: two devices transmitting at the same time
Usually devices would avoid starting a transmission through carrier sensing.
 However it is inevitable that sometimes two devices may transmit at the
same time, this causes packet damage.

lOMoARcPSD|3336559
 Because of this, a social protocol is implemented, with the network self-
organizing whoever goes first.
Ethernet
Original Ethernet technology is implemented through a single large cable that all
devices were connected to. Nowadays Ethernet mostly uses UTP cables
connected to switches. LAN technology today utilizes MAC technology. MAC in
Ethernet is based on the CSMA/CD method:
 CS means carrier sense – A devices “listens” to the network and only
starts transmission when no other device is transmitting
 MA means multiple access – multiple devices share the same medium
(cable)
 CD means collision detection – While a device is sending, it will monitor
the network, if it detects any other signal other than its own signal, it
knows a collision has occurred. It then immediately stops transmission of
the frame and transmits a jam signal instead, telling all other devices that
a collision has happened. It then starts re-transmitting the frame.
To solve the problem of two devices both detecting a collision and start a signal
and starting a collision again, a randomizer effect is implemented so that a
device waits a random amount of time before re-transmitting, allowing the latter
to go first.
Ethernet as a Shared Bus

lOMoARcPSD|3336559
Original Ethernet LAN was implemented through a shared bus topology where all
devices share a single bus. A consequence of this approach is that all devices
receive all messages, even the ones that were not meant for them. Because of
this, each device needs a destination address, when all devices receive the
message, each device checks whether the destination address equals its own
address. Only the intended recipient will process the message and other devices
discard it. Each LAN would use a unique address, a MAC address, usually
written as six hexadecimals numbers separated by colons.
Shared bus topology is comparatively cheap, but maintenance is difficult, as if
something happens, the entire network would be affected, hence a star topology
is created. The central component was a hub. This made the network behave as
if all computers
were still
connected to a
shared cable. This
makes it so the
hub repeats any
signal it receives
via one socket to
all other sockets.
This create problems when computers start transmitting simultaneously.
Damaging frames.
Disadvantages of shared-bus Ethernet:

lOMoARcPSD|3336559
 Half-duplex, only one device can send at a time
 Network broadcasts all messages, all messages gets delivered to all
devices rather than specific destination
 Reliance on collision detection limits size of the network
Modern Ethernet networks work around these limitations by replacing hubs
with switches.
Switched Ethernet
Solution to hub-based Ethernet is to move from logical bus topology to logical
star topology, this mean that the circuit is no longer shared, and messages are
sent directly from one device to another, rather that broadcasting them to the
entire network. The device that enables this kind of networking is called a switch.
A switch is a true data link layer
device. It reads an incoming
frame, checks its destination
MAC address, and then sends
the frame to the correct port that
is connected to the device with
that address. To do this a switch
must know who to send it to. A switch works by first sending a broadcast
message to all ports, but before broadcasting the frame with the destination MAC
address, it also broadcasts the source MAC address. The switch stores this info

lOMoARcPSD|3336559
in a forwarding table and learns that A is connected to 0. If B replies to A’s
message, B delivers its source MAC address as well, allowing the switch to know
that B is connected to port 1. This way after a single frame from each connected
device, the switch has learnt all the MAC addresses and does not have to use
broadcasting anymore.
Wireless Local Area Networks
Radio waves are used to communicate, There are 2 main bands that WLAN
devices use, 2.4 GHz, and 5GHz. Higher frequencies mean higher transmission
rates, however that have stronger attenuation, meaning that they become weaker
with distance much more quickly than lower frequencies.
WLAN Topology
The simplest possible setup for a wireless network is just a number of devices
that can talk to each other; this is called an independent network, or an
independent Basic Service Set (BSS). An independent BSS behaves like an

lOMoARcPSD|3336559
original shared Ethernet besides having no central hub. A device sends a frame
into the network, and the receiver identifies the frame by checking the destination
MAC address. However most wireless networks use a central Access Point (AP):
This is an infrastructure BSS. The access point is connected to the rest of the
network using cable-based Ethernet. All communication is done through the AP.
This means if clients want to communicate, they have to send the frame to the
AP which then relays to the latter, like a hub. Still, all devices can hear all
messages, but they will only react to messages from AP.

lOMoARcPSD|3336559
We can connect multiple BSS to form an Extended Service Set (ESS). Multiple
access points work together. They are all connected to the same cable-based
network, and have been installed so that the areas that they cover overlap. They
also have the same identifier of the network (Wi-Fi name).
Each access point can cover an area of maybe 50x50 meters depending on the
technology, frequency used, material of walls etc. As soon as the signal is too
weak between an AP, the laptop will switch connections automatically. This
occurs entirely on the data link layer, meaning that higher layers wouldn’t even
realize anything has changed.

lOMoARcPSD|3336559
WLAN MAC
MAC in wireless LANs is
similar to MAC in a shared
Ethernet. We’re sharing a
common medium again,
except this time its radio
frequencies rather than a
shared cable. The laptop in
the top left sends a frame to
the AP in middle. The laptop
in the bottom detects the
carrier, and so waits with its
own transmission until the other transmission has finished. However, there is a
problem with this. If two laptops are on the opposite side, the AP in the middle
receives no problem, however the opposite laptop signal has become too weak
to carrier sense the other laptop

lOMoARcPSD|3336559
WLAN therefore needs to be a bit more proactive than Ethernet, Instead of
CSMA/CD; it uses CSMA/CA, where the CA stands for collision avoidance.
There are two different CA mechanisms:
 Automatic Repeat Request (ARQ): After sending a frame to the AP, a
WLAN device will wait for an acknowledgement from the AP that the frame
was received correctly. That way, if the AP doesn’t acknowledge a frame,
the device knows something has gone wrong. If both devices keep re-
colliding, with every unsuccessful transmission, they will wait a little
longer.
 Controlled access. The device can send a short request to send (RTS)
message to the AP, after getting a clear to send (CTS), the device will
start transmitting a frame.

lOMoARcPSD|3336559
Week 10: TCP/IP, network and transport layers, and the Internet
 Understand how messages can be transmitted over physical media such
as copper cables, optical fibres or radio waves
 Look at Media Access Control (Data Link layer): when is a device allowed
to transmit?
 Study the basic structure of Ethernet and Wi-Fi networks
The network layers function is to
 Enable routing
 Provide core functionality for building large networks
IP addresses
Every device that needs to send/receive or route messages require at least one
IP address for its NIC.
IPv4 addresses is version 4 of the internet protocol and is 32 bits long and
written in dotted-decimal notation as four decimals representing four bytes.
130.194.66.43 can be converted into 32 bits
10000010110000100100001000101011. IP addresses are organized. The first
two bytes identify a network. The next two bytes identify the subnet. Subnet
mask is a way to tell us how many bits of an IP address are used for the network
plus subnet identifier. E.g. for our example, 24 bits identify the network and
subnet, so we can write the AP including its subnet mask as 130.194.66/24. The

lOMoARcPSD|3336559
subnet mask tells us which part of an IP address identifies the network and
subnet, and which part identifies the device inside the subnet.
Subnets and LANs
In general, each subnet corresponds to a single LAN, meaning all devices inside
a LAN should belong to the same subnet. Let us assume that all the subnet
masks below are /24. If client 130.194.76.192 wants to send a packet to
130.194.76.191, it can see that the first 24 bits with the destination address is the
same, meaning they have the same subnet, in this case the client sends the
packet directly to the destination. A different case would be if 130.194.76.192
wants to send a packet to 130.194.66.42. The first 24 bits are different, the client
must then send the packet to a router in the .76 subnet, making it the routers job
to deliver the packet. This kind of network structure is very common, where
different
LAN’s are
connected
using
routers to a
backbone
network.

lOMoARcPSD|3336559
IPv4 addresses are not enough to hold the world’s addresses in the future, so
IPv6 are created and are 128 bits. The first 23 bits identify a Regional Internet
Registry, responsible for allocating address in a specific region.
When an ISP requires a new block of addresses, the RIR provides this. The ISP
has to use the first 32 bits (23+9) it was given, then it can freely choose the next
16 bits to identify a customer/organization. The next 16 bits can be used to
identify subnets within its organization. The complete second half of the address
is reserved to identify a device it its subnet.
Address Resolution
How do we map a higher-layer address to a lower-layer address? E.g. how to go
to www.google.com to find out the corresponding IP address? Or when a
computer needs to send a packet to its gateway router, how does it find out the
routers MAC address? Address Resolution in DNS.

lOMoARcPSD|3336559
The Domain Name System
An application layer protocol for address resolution. A large distributed database
responsible for mapping human-readable addresses to IP addresses. Does the
following sequences, a user sends a DNS request to a DNS server, basically
asking “What is the IP address for x.y.z?” and answers in options
 Error message if no IP address was found for the human-readable
address
 IP address of another DNS server that can handle the request
 IP address that was registered for the human-readable address query
Many root servers delegate requests to servers for every top-level domain like
(.edu, .au, .com)
Iterative DNS is a method where servers constantly push requests to another
server until one of them knows the answer or can tell us that the name does not
exist.
Mapping IP addresses to MAC addresses
This method is only required within a LAN. The MAC address is required
whenever we want to send a packet to a device inside our LAN. The Address
Resolution Protocol (ARP) comes in. The laptop sends an ARP request packet
as a broadcast; the router will then receive the packet and send a reply with its
MAC address.

lOMoARcPSD|3336559
Routing
The main function of the network layer. A router is a device that is connected to
multiple networks, and routing means to forward a packet from one network into
another. Without routers, internet would not function as there would just be a
huge collection of individual networks that cannot communicate with each other.
Interior routing – packets are transmitted inside an Autonomous system (single
network organization). Protocols can be different
Exterior routing – packets are transmitted outside an Autonomous system, must
use Border Gateway Protocol.
Routing Tables

lOMoARcPSD|3336559
Routers use routing tables to make the decisions where to send packets. A
routing table contains entries for different networks, and for each network it would
tell the router which other router can handle that network. Below is a network with
5 routers and their corresponding routing tables. Router A just contains a default
gateway, meaning it needs to send to gateway C for any packet whose location
is outside its own LAN. For A to send a packet to H, iterative DNS occurs where
C looks at its table for H, and passes to E, then so on until F passes to H.
Real routing tables cannot contain a list of all possible destination addresses (this
means routers would have to know EVERY single computer in the internet).
Instead, they map entire networks to destination routers. Routers use hierarchies
inside the IP addresses to make decisions. E.g. laptop has address
130.194.66.43. A router may check only the first two bytes 130.194.x.y and see
that any address with this 130.194 entry should be sent to router X. router X may

lOMoARcPSD|3336559
then look the next 8 bits and say any packet with prefix 130.194.66 should be
sent to router Y but 130.194.44 should be sent to router B.
Static routing - Mechanism set up by either human operator or remote
configuration protocol to create routing tables for routers.
Dynamic routing – mechanism where routers exchange information so that they
can accurately build up routing tables automatically, and change tables
dynamically when the network changes. There are two types of dynamic routing
protocol:
 Distance vector routing – routers exchange information about the distance
to a network and the target router for that network. Router chooses the
path with fewest ‘hops’ through other routers. Protocols include EIGRP
and BGP(Border gateway protocol)
 Link state routing – routers exchange distance plus quality of link of
network, measuring speed. So may choose path with more ‘hops’ but
faster network. Protocol include OSPF (open Shortest Path First).
Transport Layer
Transmission Control Protocol (TCP) provides a virtual circuit to create the
illusion of a reliable point-to-point connection between two applications. TCP
splits up application layer messages into short segments, making sure the
segments arrive correctly, and reassembles them in the correct order into the

lOMoARcPSD|3336559
original message at the destination. TCP is used by many major application layer
protocols like HTTP,SMTP,IMAP,SSH
Addressing applications
In order to distinguish between applications when sending a packet, there needs
to be an address at the transport layer too. Each application has a port number,
which together with the IP address, lets us uniquely identify a connection

lOMoARcPSD|3336559
between a server and a client. The client picks a random port number for its
browser. Fixed server port is used to identify a web server application e.g. 80
TCP error and session management
How does TCP set up a reliable channel, by splitting up large application layer
messages into short chunks and to make sure these packets arrive correctly?
The basic mechanism is Automatic Repeat Request (ARQ), used similarly in
Data Link Layer, meaning that the receiver must acknowledge every packet, and
if it is not acknowledged within a certain time-out, the sender will send it again.
A typical TCP session between a client and a server consists of three phases.
1. First in the “three-way handshake”, client and server exchange sequence
numbers to set up connection
2. Transmit actual data
3. Four-way handshake to cleanly lose down the connection

lOMoARcPSD|3336559
Client send a special SYN (synchronize) packet to the server with a completely
random sequence number, 3185 and an acknowledge number of 0. The server
replies with a special “SYN, ACK” (Synchronize and acknowledge) packet,
choosing its own random sequence number, 734 and the clients sequence
number +1. Finally, the 3-way handshake ends with client sending an ACK back
indicating it received it, and adding 1 to the server’s number. During the actual
transmission, both client and server can send data at any time.
Now the client sends 9 bits worth of data from 3186 and 3195. The server sends
an ACK packet when it received the 18 bytes, so it uses 3186+19 = 3204 as the
ACK number. The server knows it received all the data so sends a “thanks!”
message to the client, which is 7 bytes. The client acknowledges this by replying
ACK with 735+7 = 742 and sends FIN (finalize) packet. The server
acknowledges this by adding 1 to the FIN number, then replies with FIN packet
back, which the client acknowledges by adding 742+1 = 743.
The internet
The internet is a collection of all devices running the TCP/IP protocol connected
via routers. It is made up of autonomous systems (AS) which are networks
operated by a single organization.

lOMoARcPSD|3336559
Week 11-12: Security
 Be able to explain the role of TLS and HTTPS in the TCP/IP stack
 Understand the role, functionality and restrictions of a packet firewall
 Be able to correctly place a firewall in an enterprise network
 Know different ways how systems can be attacked
 Privacy and privacy enhancing technology
 Malware
Security Protocol
Every layer in the Internet model consists of a main protocol. There is a security
protocol layer above the transport layer.
Protocol Layer
HTTP Application
TLS- Transport Layer Security
TCP Transport
IP Network
Ethernet Data Link
Physical
SSL/TLS
Transport Layer Security (TLS), and its predecessor Secure Sockets Layer
(SSL), are cryptographic protocols that provide communications security over a
computer network. Main aim is to provide privacy and data integrity between
two communicators.

lOMoARcPSD|3336559
Performed through establishing a unique shared key (symmetric cryptography).
To create the shared key, process called “Diffie –Hellman key exchange” is used
Transport Layer Security Phases
1. TLS Handshake – authenticates server and client, results in a shared key
and session ID or session ticket
2. TLS Record – After exchange of messages, all traffic after is encrypted
3. TLS Alert – Closes session
Certificate-Based Authentication – New way to identify a user, matching or
device before granting access to a resource, network, application etc. The
certificate contains
 Owner of the private key
 Expiration date and time
 Subject name
 Issuer name

lOMoARcPSD|3336559
Trusted Certificates
Digitally signed by a known certification authority. Chrome, Firefox, Safari,
automatically reveals websites with these certificates when browsing the internet.
Problems with digital certificates
 Certification revocation
 Users are used to accept certificates with errors
 New policies are stricter, inefficient
VPN – Virtual Private Network
Logically connects a client to a
network via an encrypted channel.
VPN routes packets between
different networks. Tunnels are
established through VPN protocols
like TLS, IPsec.
IPSec – A protocol for IP packets
 Can authenticate and encrypt data for each IP packet
 Transport mode: IP packets are encrypted, integrity is protected
 Tunneling mode: IP packets are encrypted and contained in a new IP
packet with a new header.

lOMoARcPSD|3336559
Firewall – Form of security that filters traffic, defines what can get through and
what is blocked
Packet filter firewall – Operates on Network layer, filters traffic based on source
and destination IP addresses, protocols, ports, current stage of connection.
Works by inspecting the first few bytes TCP in an IP packet and identifies
application protocol and port.
Which traffic to permit?
 Depends on application/services running behind the firewall
 Different rules for existing connections and new connections
One needs to define the source IP address, destination IP address, and
destination port.
1. Source IP address – Any address should be able to connect to a web
server, however management access should be restricted to specific IP
address
2. Destination IP address – IP address of the server running a server should
be accessible. Never allow any IP address
3. Destination port – Specifies the service accessed via a particular port.
Never allow any port
Where to place a firewall?
In a home network, the router usually also acts as a firewall, in a company
network, proper placing is crucial

lOMoARcPSD|3336559
Simple company network should have:
1. Internal network with PCs, servers, printers etc.
2. Services such as mail server, webserver, VPN gateway
The internal network should not be directly accessible, but web server or mail
server needs to be accessible, hence
DMZ- demilitarized zone
Create a zone that is less
secure than the internal
network, but still protected
from direct access
Filtering traffic examples:
 Prevent malicious software
 Block IP spoofing (packets with a false source IP address, used by
attackers to hide their identity and gain trusted access)
 Block outbound traffic from critical areas or computers
 Only allow outbound http traffic through a proxy

lOMoARcPSD|3336559
Firewalls also provide
 Network and port-address translation (NAT) – Internal network uses
internal IP addresses not visible to the outside
 Proxies, can hide individual devices in the internal network
These are not direct security functions, but hides information from outside
attackers
Why firewalls are not sufficient
More and more applications connect internal networks to the internet
 Social networks
 Remote access (TeamViewer)
 Unified messaging (Skype, WeChat)
 Collaboration tools (Google Docs)
 Port hopping – Applications change their ports during a session
 Hiding in TLS encryption – TLS can mask application traffic
 Don’t use standard ports
 Tunnel in other services – E.g. P2P file-sharing
Firewalls do not help against internal attackers. Once an attack is successful,
firewalls cannot help.

lOMoARcPSD|3336559
New security tools
IDS and IPS
IDS – Intrusion Detection Sysytem
Monitors networks and system activities. Alert when potentially malicious activity
is found. Logs information about activities.
IPS – Intrusion Prevention System
IDS with additional active functionality. Attempts to block or stop malicious
activities
Monitoring examples
 Detect port scans
 Detect OS fingerprinting attempts
 Detect buffer overflow attacks (overflowing memory into a space)
 Find and block known malware
 Find anomalies
Reaction examples
 Drop malicious packets and send alarm
 Block traffic from some IP addresses
 Correct fragmentation in packet streams
 Raise alerts, trigger human intervention team

lOMoARcPSD|3336559
IDS/IPS should use anomaly-based detection as well as signature-based
detection. Signature-based is fast, generally less false alarms, and does not
need a learning phase. Anomaly-based can detect known attacks.
Next Generation Firewalls (NGFs)
 Promise of an integrated security approach
 Proxy for all traffic (even encrypted)
 Look at applications, roles, services, users
Potential issues of NGFs
 Policy rules get too complex
 Privacy issues
 Single point of attack with full access to decrypted data
Virus scanner/Anti-virus software
1. Can efficiently prevent infections with known malware.
2. But can also be manipulated by malware
3. Unable to detect new malware

Lecture Notes Fit1047

Uploaded by

Copyright:

Available Formats

Lecture Notes Fit1047

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lecture Notes Fit1047

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|3336559

Lecture Notes - FIT1047

Introduction to Computers, Networks and Security (Monash University)

StuDocu is not sponsored or endorsed by any college or university

Week 1: Bits, bytes and words

A word of size n, can represent the numbers from 0 to 2^n-1.

HEX DECIMAL 4-BIT BINARY

Downloaded by fizz 2win ([email protected])

Division Result Remainder Base 16

Adding in one’s complement is easy.

Downloaded by fizz 2win ([email protected])

because binary would be 100, and this would be represented as a negative

Floating Point Numbers

Downloaded by fizz 2win ([email protected])

Example for a checksum (16 is the agreed number):

Add up all numbers 43+52+43+30+31+30=229 and divide by the agreed number:

Downloaded by fizz 2win ([email protected])

Errors can be detected easily by any change e.g.

Cyclic Redundancy Check (CRC) – Concatenates the entire sequence of

And divides by a agreed number. E.g. 16

So when messages are transmitted the Remainder should be 10 otherwise there

Downloaded by fizz 2win ([email protected])

Week 2 From logic to algebra

Computer Gate Symbols

Downloaded by fizz 2win ([email protected])

Boolean algebra Laws

Downloaded by fizz 2win ([email protected])

 Double complement Law: Two nots = positive, NOT(NOT A) = A

Downloaded by fizz 2win ([email protected])

A K-Map can simplify the above into

Downloaded by fizz 2win ([email protected])

Week 3 + 4: Von Neumann Architecture + Memory & I/O

Basis for a modern CPU,

consists CPU, memory,

CPU can be devided into

the Arithmetic Logic Unit

registers, and the Control

ALU – performs calculations in the CPU

CU – manages execution of program instructions by fetching instructions from

6. Built out of logic gates

8. Connected to memory and I/O devices

Downloaded by fizz 2win ([email protected])

CPU’s are unable to execute/interpret high-level languages. CPUs can only

A program that executes high-level languages. Advantage is that can be run

everywhere. Disadvantage is that slower to execute than compilers.

A very low-level programming language. Program is a sequence of individual

Each line in machine code is a 16-bit word, e.g.

 Perform math’s (add, subtract, multiply, compare)

 Move data between memory, CPU and I/O devices

 Execute conditionals and loops

Downloaded by fizz 2win ([email protected])

locations, we always need n bits for the addresses.

are general-purpose registers used by programmers and special purpose

 Program Counter – continually stores the address of the next instruction to

execute from CPU

 Instruction Register – Stores the current instruction that the CPU is

Downloaded by fizz 2win ([email protected])

ALU, Control Unit and the Bus

based on the current instruction in the IR.

Fetch, Decode, Execute Cycle