Information Systems

Infrastructure
Network and Security
Sumeet Gupta
Professor of IT and Systems
Indian Institute of Management Raipur
Outline
• Networking Infrastructure
• Network Security
• Case: Boss, I Think Someone Stole our Customer Data
• Technology Solutions
Networking Infrastructure
Internet
• Roots date back to 1957 in the US’s attempt to technical advance beyond US, ARPA was created
• In 1969 ARPA NET went online to connect computers at UCLA, Stanford, University of California
and University of Utah
• In 1971, additional DARPA contractors (Including Harvard and MIT) were added to ARPANET
• In 1973, Ray Tomlinson of BBN wrote first email program inventing the @ sign for email addresses
• The term ‘Internet’ was introduced in 1974 to describe the growing network of computers
• In 1983, TCP/IP protocol was designed to standardize communications
• In 1990, first commercial Partial Internet Access started to private customers
• In 1992, full access to Internet was granted
Network - Basics
• A network is simply a collection of computers linked by a transmission medium
according to a data-transmission protocol
• Transmission media is provided usually by telephone companies
• Network allows computers, each called a node, to share information (e.g.,
databases), resources (e.g., printer or a disk drive), applications and sometimes
even processing power with one another
• LAN: Two or more computers connected in a close proximity
• WAN: Connects computers over a significant geographical dispersion
Network – Basics
Simple Architecture
Network – Basics
Enterprise Network

An Enterprise Network is Composed of LANs and WANS

Network – Basics
Enterprise Network
Today’s corporate network infrastructure is a
collection of many networks from the public
switched telephone network to the Internet to
corporate local area networks linking
workgroups, departments, or office floors.
 Key Networking Technologies

Client/Server Computing Packet Switching TCP/IP Connectivity

Key Networking Technologies
Simple Client-Server Network
Key Networking Technologies
Packet Switching
Key Networking Technologies
TCP/IP and OSI Protocol

Network Protocols for Digital Data Communications

Connectivity between two computers is done using

Open Systems Interconnection (OSI) Model or TCP/IP
Model
Key Networking Technologies
TCP/IP and OSI Protocol
Key Networking Technologies
TCP/IP and OSI Protocol

Steps in Sending and Receiving E-Mail through the Seven Layer Network Protocol
Key Networking Technologies
TCP/IP and OSI Protocol
Network – Basics
Connectivity Layers
Network – Basics
Connectivity Layers
Types of Networks
Digital Vs Analog Signals

A Modem is a Hardware Device that Converts between Digital and Analog Signals
Types of Networks
Types of Networks
Simple LAN
Types of Networks
Simple WAN
Network – Topology
Star

Star Network Topology

Network – Topology
Bus

Bus Network Topology

Network – Topology
Ring

Ring Network Topology

Network – Basics
Devices
• Network Interface Card – Allows computers to communicate over the
network. Has a unique Mac ID
• Repeater – Receives signals and removes unnecessary noise and prepares it
to travel long distances
• Hub – Allows computers to share data packets within a network
• Bridge – Connects multiple network segments at the data link layer of the
OSI model
• Switch – Forwards and filters OSI layer 2 datagrams between connected
cables according to the MAC addresses in the packets
• Router – Forwards packets between networks by processing information
found in the datagram
Network – Basics
Devices
Transmission Media
Network – Basics
Transmission Media
Network – Basics
Transmission Speed
Internet
The Internet backbone connects to
regional networks, which in turn provide
access to Internet service providers, large
firms, and government institutions.
Network access points (NAPs) and
metropolitan area exchanges (MAEs) are
hubs where the backbone intersects
regional and local networks and where
backbone owners connect with one
another.
Network Security
Various Online Threats
Basics of DDoS
Dimensions of e-Security
• Integrity: ability to ensure that information being displayed on a Web site or transmitted/received
over the Internet has not been altered in any way by an unauthorized party
• Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online
actions
• Authenticity: ability to identify the identity of a person or entity with whom you are dealing on
the Internet
• Confidentiality: ability to ensure that messages and data are available only to those authorized to
view them
• Privacy: ability to control use of information a customer provides about himself or herself to
merchant
• Availability: ability to ensure that an e-commerce site continues to function as intended
Security Threats
• Network Attacks
• Intrusions
• Malicious Code
Security Threats in E-Commerce
Most Common Threats
• Malicious Code
• Hacking and Cybervandalism
• Credit Card fraud / theft
• Spoofing
• Denial of Service Attacks
• Sniffing
• Insider Jobs
Viruses
• Viruses: computer program that as ability to replicate and spread to
other files; most also deliver a “payload” of some sort (may be
destructive or benign); SQL
Injection

• Worms: designed to spread from computer to computer

• Trojan horse: appears to be benign, but then does something other
than expected
• Bad applets (malicious mobile code): malicious Java applets or
ActiveX controls that may be downloaded onto client and activated
merely by surfing to a Web site
Hacking and Cybervandalism
• Hacker: Individual who intends to gain unauthorized access to a computer
systems
• Cracker: Used to denote hacker with criminal intent (two terms often used
interchangeably)
• Cybervandalism: Intentionally disrupting, defacing or destroying a Web site
• Types of hackers include:
• White hats – Members of “tiger teams” used by corporate security departments to
test their own security measures
• Black hats – Act with the intention of causing harm
• Grey hats – Believe they are pursuing some greater good by breaking in and
revealing system flaws
Credit Card Fraud
• Fear that credit card information will be stolen deters online
purchases
• Hackers target credit card files and other customer information files on
merchant servers; use stolen data to establish credit under false identity
• One solution: New identity verification mechanisms
Other Attacks
• Spoofing: Misrepresenting oneself by using fake e-mail addresses or
masquerading as someone else
• Phishing:
Other Attacks
Other Attacks
Other Attacks
Other Attacks
• Denial of Service Attack
• Hackers flood website with useless traffic to inundate and overwhelm
network
• Distributed denial of service attack: hackers use numerous computers to
attack target network from numerous launch points
• Sniffing:
• Type of eavesdropping program that monitors information traveling over a
network; enables hackers to steal proprietary information from anywhere on
a network
• Insider Jobs
• Accessing confidential information of users (by employees) is one of the
largest financial threat
Other Attacks
Basics of DDoS
DDos
Attack
Tutorial

• Distributed Denial of Service Attack

Basics of DDoS
DDos
Attack
Tutorial
Spoofing
DDoS Attack
Case: Boss, I Think Someone
Stole our Customer Data
Discussion Questions – Part A
• What is the security breach that has happened in the case? What could be the
reasons for such a security breach?
• Is Flayton at fault for the security breach?
• Which of the three options that Sally presents Brett with to deal with the crisis
would you go for:
• Holding a press conference and informing about the situation
• Inform customers by letter about the breach and that the situation was being addressed
• Do nothing until law enforcement was ready to go public
• Why? Please explain your choice.
Managing during the crisis
• Avoid perceptual biases in making decisions
• Emotional responses, including confusions, denial, fear, panic
• Wishful thinking
• Groupthink
• Political maneuvering, diving for cover, ducking responsibility
• Leaping to hypothesis on conclusions about what is happening
• Perceptual bias in favor of evidence that confirms currently held hypothesis
• Understand your priorities
Managing during the crisis
• Principles / Recommendations
• Know your priorities
• See all the data and make data driven decisions
• Make decisions at appropriate times
• Take actions that produce more information, if possible, conduct experiments
• Avoid wishful thinking, groupthink, panic etc.
• Consult others
Technology Solutions
Unified Threat Management
Firewalls
Secure Channels of Communication
Technology Solutions: Encryption
• Encryption: Transforming plain text or data into cipher text that
cannot be read by anyone other than sender and receiver
• Purpose
• Secure stored information
• Secure information transmission
• Provides
• Message integrity
• Nonrepudiation
• Authentication
• Confidentiality
Technology Solutions: Encryption
• Cipher (Key): Any method for transforming plain text to cipher
• Easiest Way
• Substitution
• Transposition
• More Complex
• Symmetric key encryption
• Public key encryption
Technology Solutions: Encryption
• Symmetric / Secret Key Encryption
• Both the sender and the receiver use the same digital key to encrypt and
decrypt message
• Requires a different set of keys for each transaction
• Data Encryption Standard (DES)
• Most widely used symmetric key encryption today; uses 56-bit encryption
key; other types use 128-bit keys up through 2048 bits
Technology Solutions: Encryption
• Public Key cryptography solves symmetric key encryption problem of
having to exchange secret key
• Uses two mathematically related digital keys – public key (widely
disseminated) and private key (kept secret by owner)
• One key is used to encrypt message; the other key is used to decrypt
message.
Public Key Infrastructure
• Certification Authority (CA)
• A trusted party that issues digital certificates
• Digital Certificate Contains
• Name of subject / Company
• Subject’s public key
• Digital Certificate Serial Number
• Expiration Date
• Digital signature of CA
• Other identifying information
Public Key Infrastructure
Securing Channels of Communication
• Secure sockets layers (SSL)
• Secure hypertext transfer protocol (S-HTTP)
• Virtual Private Networks (VPN)
Protecting Networks
• Firewall and Proxy Server
• OS Controls
• Anti-virus software
Concluding Thoughts
• Various ways to counter DDoS
• Shutting down the system
• Having mirror servers
• Third party filters and detectors
• Two-way Encryption
• Dealing with panic is difficult during such circumstances
• Issues of public furor need to be dealt with