Computer Networking and security

Shital Tadas Sweta Matale

Abstract
A computer network is a group of computers that shares information across wireless or
wired technology. This paper introduce the history of computer networks, the different types of
networking methods i.e. Local Area Networks (LAN) , Metropolitan Area Networks, Wide Area
Networks (WAN) and wireless networks (WWAN). The network topology defines the way in which
computers, printers, and other devices are connected, physically and logically. A network topology
which describes the layout of the wire and devices as well as the paths used by data transmissions and
some commonly use network topologies (Bus, Star, Tree, Linear, Ring, Mesh).
Security means Freedom from danger, fear or ensuring safety. Measures adopted to
prevent the authorized use, misuse modification or denial of use of knowledge or facts, data or
capabilities. Network security is an issue of great significance today where a single problem can
change the fate of companies and organization. A single layer of security cannot ensure good security.
Effective security is achieved by the combination of all security disciplines. Computer security is
critical in almost any technology-driven industry which operates on computer systems. Computer
security can also be referred to as computer safety. The issues of computer based systems and
addressing their countless vulnerabilities are an integral part of maintaining an operational industry.
The prominent security technologies and product categories used today are anti-virus software,
firewalls, smart cards, biometrics, intrusion detection, policy management, vulnerability scanning,
encryption etc.
This paper introduces Cryptography Techniques. Cryptography is “The science of
protecting data” & Network Security “keeping information private and Secure from unauthorized
Users”. This paper gives the Fundamental Requirements for the Data Transmission, the security
attacks like Interruption, Interception and Modification of the data Transmission. The Cryptographic
Process explaining through a generalized function is discussed through which encryption and
decryption is done by the various algorithms like RSA algorithm, Hash Functions and many
cryptographic algorithms.

Introduction:
Computer networking is the engineering discipline concerned with communication between
computer systems or devices. Networking, routers, routing protocols, and networking over
the public Internet have their specifications defined in documents called RFCs. Computer
networking is sometimes considered a sub-discipline of telecommunications, computer
science, information technology and/or computer engineering. Computer networks rely
heavily upon the theoretical and practical application of these scientific and engineering
disciplines. There are three types of networks: 1.Internet. 2. Intranet 3.Extranet. A computer
network is any set of computers or devices connected to each other with the ability to
exchange data. Examples of different networks are:
• Local area network (LAN), which is usually a small network constrained to a small
geographic area. An example of a LAN would be a computer network within a
building.
• Metropolitan area network (MAN), which is used for medium size area. Examples for
a city or a state.
• Wide area network (WAN) that is usually a larger network that covers a large
geographic area.
• Wireless LANs and WANs (WLAN & WWAN) are the wireless equivalent of the
LAN and WAN.
All networks are interconnected to allow communication with a variety of different kinds of
media, including twisted-pair copper wire cable, coaxial cable, optical fiber, power lines and
various wireless technologies. The devices can be separated by a few meters (e.g. via
Bluetooth) or nearly unlimited distances (e.g. via the interconnections of the Internet).

Fig. Computer networking

History of Computer Networks

Before the advent of computer networks that were based upon some type of
telecommunications system, communication between calculation machines and history of
computer hardware early computers was performed by human users by carrying instructions
between them. Many of the social behavior seen in today's Internet were demonstrably
present in nineteenth-century and arguably in even earlier networks using visual signals.
In September 1940 George Stibitz used a teletype machine to send instructions for a problem
set from his Model at Dartmouth College in New Hampshire to his Complex Number
Calculator in New York and received results back by the same means. Linking output
systems like teletypes to computers was an interest at the Advanced Research Projects
Agency (ARPA) when, in 1962, J.C.R. Licklider was hired and developed a working group
he called the "Intergalactic Network", a precursor to the ARPANet.
Throughout the 1960s Leonard Kleinrock, Paul Baran and Donald Davies independently
conceptualized and developed network systems which used datagrams or Packet information
technology that could be used in a network between computer systems.
In 1969 the University of California at Los Angeles, SRI (in Stanford), University of
California at Santa Barbara, and the University of Utah were connected as the beginning of
the ARPANet network using 50 Kbit/s circuits. Commercial services using X.25 were
deployed in 1972, and later used as an underlying infrastructure for expanding TCP/IP
networks.
Now a day’s computer networks are the core of modern communication. All modern aspects
of the Public Switched Telephone Network (PSTN) are computer-controlled, and telephony
increasingly runs over the Internet Protocol, although not necessarily the public Internet. The
scope of communication has increased significantly in the past decade and this boom in
communications would not have been possible without the progressively advancing computer
network.
Views of networks
Users and network administrators often have different views of their networks. Often, users
who share printers and some servers form a workgroup, which usually means they are in the
same geographic location and are on the same LAN. A community of interest has less of a
connection of being in a local area, and should be thought of as a set of arbitrarily located
users who share a set of servers, and possibly also communicate via peer-to-peer
technologies.
Network administrators see networks from both physical and logical perspectives. The
physical perspective involves geographic locations, physical cabling, and the network
elements (e.g., routers, bridges and application layer gateways that interconnect the physical
media. Logical networks, called, in the TCP/IP architecture, subnets, map onto one or more
physical media. For example, a common practice in a campus of buildings is to make a set of
LAN cables in each building appear to be a common subnet, using virtual LAN (VLAN)
technology.
Both users and administrators will be aware, to varying extents, of the trust and scope
characteristics of a network. Again using TCP/IP architectural terminology, an intranet is a
community of interest under private administration usually by an enterprise, and is only
accessible by authorized users. Intranets do not have to be connected to the Internet, but
generally have a limited connection. An extranet is an extension of an intranet that allows
secure communications to users outside of the intranet.
Informally, the Internet is the set of users, enterprises, and content providers that are
interconnected by Internet Service Providers (ISP). From an engineering standpoint, the
Internet is the set of subnets, and aggregates of subnets, which share the registered IP address
space and exchange information about the reach ability of those IP addresses using the
Border Gateway Protocol. Typically, the human-readable names of servers are translated to
IP addresses, transparently to users, via the directory function of the Domain Name System
(DNS).
The ISO/OSI Reference Model
The International Standards Organization (ISO) Open Systems Interconnect (OSI) Reference Model
defines seven layers of communications types, and the interfaces among them. Each layer depends on
the services provided by the layer below it, all the way down to the physical network hardware, such
as the computer's network interface card, and the wires that connect the cards together.

An easy way to look at this is to compare this model with something we use daily: the
telephone. In order for you and I to talk when we're out of earshot, we need a device like a
telephone. (In the ISO/OSI model, this is at the application layer.) The telephones, of course,
are useless unless they have the ability to translate the sound into electronic pulses that can be
transferred over wire and back again. (These functions are provided in layers below the
application layer.) Finally, we get down to the physical connection: both must be plugged
into an outlet that is connected to a switch that's part of the telephone system's network of
switches.
If I place a call to you, I pick up the receiver, and dial your number. This number specifies
which central office to which to send my request, and then which phone from that central
office to ring. Once you answer the phone, we begin talking, and our session has begun.
Conceptually, computer networks function exactly the same way.
It isn't important for you to memorize the ISO/OSI Reference Model's layers; but it's useful to
know that they exist, and that each layer cannot work without the services provided by the
layer below it.

Figure 1: The ISO/OSI

Reference Model
Networking methods
One way to categorize computer networks is by their geographic scope, although many real-
world networks interconnect Local Area Networks (LAN) via Wide Area Networks (WAN)
and wireless networks (WWAN). These three (broad) types are:
Local area network (LAN)
A local area network is a network that spans a relatively small space and provides services to
a small number of people.
A peer-to-peer or client-server method of networking may be used. A peer-to-peer network is
where each client shares their resources with other workstations in the network. Examples of
peer-to-peer networks are: Small office networks where resource use is minimal and a home
network. A client-server network is where every client is connected to the server and each
other. Client-server networks use servers in different capacities. These can be classified into
two types:
1. Single-service servers
2. Print server
The server performs one task such as file server, while other servers can not only perform in
the capacity of file servers and print servers, but also can conduct calculations and use them
to provide information to clients (Web/Intranet Server). Computers may be connected in
many different ways, including Ethernet cables, Wireless networks, or other types of wires
such as power lines or phone lines.
The ITU-T G.hn standard is an example of a technology that provides high-speed (up to 1
Gbit/s) local area networking over existing home wiring (power lines, phone lines and coaxial
cables).
Wide area network (WAN)
A wide area network is a network where a wide variety of resources are deployed across a
large domestic area or internationally. An example of this is a multinational business that
uses a WAN to interconnect their offices in different countries. The largest and best example
of a WAN is the Internet, which is a network composed of many smaller networks. The
Internet is considered the largest network in the world.[6]. The PSTN (Public Switched
Telephone Network) also is an extremely large network that is converging to use Internet
technologies, although not necessarily through the public Internet.
A Wide Area Network involves communication through the use of a wide range of different
technologies. These technologies include Point-to-Point WANs such as Point-to-Point
Protocol (PPP) and High-Level Data Link Control (HDLC), Frame Relay, ATM
(Asynchronous Transfer Mode) and Sonet (Synchronous Optical Network). The difference
between the WAN technologies is based on the switching capabilities they perform and the
speed at which sending and receiving bits of information (data) occur.
Metropolitan area network (MAN)
A metropolitan network is a network that is too large for even the largest of LAN's but is not
on the scale of a WAN. It also integrates two or more LAN networks over a specific
geographical area ( usually a city ) so as to increase the network and the flow of
communications. The LAN's in question would usually be connected via " backbone " lines.
For more information on WANs, see Frame Relay, ATM and Sonet.
Wireless networks (WLAN, WWAN)
A wireless network is basically the same as a LAN or a WAN but there are no wires between
hosts and servers. The data is transferred over sets of radio transceivers. These types of
networks are beneficial when it is too costly or inconvenient to run the necessary cables. For
more information, see Wireless LAN and Wireless wide area network. The media access
protocols for LANs come from the IEEE.
The most common IEEE 802.11 WLANs cover, depending on antennas, ranges from
hundreds of meters to a few kilometers. For larger areas, either communications satellites of
various types, cellular radio, or wireless local loop (IEEE 802.16) all have advantages and
disadvantages. Depending on the type of mobility needed, the relevant standards may come
from the IETF or the ITU.

Network topology
The network topology defines the way in which computers, printers, and other devices are
connected, physically and logically. A network topology describes the layout of the wire and
devices as well as the paths used by data transmissions.
Network topology has two types:
1. Physical
2. logical
Commonly used topologies include:
1. Bus

2. Star Topology
3. Ring topology

4. Mesh Topology
 1. Partially connected
2. Fully connected
The network topologies mentioned above are only a general representation of the kinds of
topologies used in computer network and are considered basic topologies.
As a matter of fact networking is defined by the standard of OSI (Open Systems
Interconnection) reference for communications. The OSI model consists of seven layers.
Each layer has its own function. The OSI model layers are Application, Presentation, Session,
Transport, Network, Data Link, and Physical. The upper layers (Application, Presentation,
and Session) of the OSI model concentrate on the application while the lower layers
(transport, network, data link, and physical) focus on signal flow of data from origin to
destination. The Application layer defines the medium that communications software and any
applications need to communicate to other computers. Layer 6 which is the presentation layer
focuses on defining data formats such as text, jpeg, gif, and binary. An example of this layer
would be displaying a picture that was received in an e-mail. The 5th Layer is the session
layer which establishes how to start, control, and end links or conversations. The transport
layer includes protocols that allow it to provide functions in many different areas such as:
error recovery, segmentation, and reassembly. The network layers primary job is the end to
end delivery of data packets. To do this, the network layer relies on logical addressing so that
the origin and destination point can both be recognized. An example of this would be, ip
running in a router’s job is to examine the destination address, compare the address to the ip
routing table, separate the packet into smaller chunks for transporting purposes, and then
deliver the packet to the correct receiver. Layer 2 is the data link layer, which sets the
standards for data being delivered across a link or medium. The 1st layer is the physical layer
which deals with the physical characteristics of the transmission of data such as the network
card and network cable type. An easy way to remember the layers of OSI is to remember All
People Seem to Need Data Processing (Layers 7 to 1).

Computer network security

Network security is a complicated subject, historically only tackled by well-trained and

experienced experts. However, as more and more people become ``wired'', an increasing
number of people need to understand the basics of security in a networked world. This
document was written with the basic computer user and information systems manager in
mind, explaining the concepts needed to read through the hype in the marketplace and
understand risks and how to deal with them.
Some history of networking is included, as well as an introduction to TCP/IP and
internetworking. We go on to consider risk management, network threats, firewalls, and more
special-purpose secure networking devices.

Risk Management:
It's very important to understand that in security, one simply cannot
say ``what's the best firewall?'' There are two extremes: absolute security and
absolute access. The closest we can get to an absolutely secure machine is one
unplugged from the network, power supply, locked in a safe, and thrown at the
bottom of the ocean. Unfortunately, it isn't terribly useful in this state. A machine
with absolute access is extremely convenient to use: it's simply there, and will do
whatever you tell it, without questions, authorization, passwords, or any other
mechanism. Unfortunately, this isn't terribly practical, either: the Internet is a
bad neighborhood now, and it isn't long before some bonehead will tell the
computer to do something like self-destruct, after which, it isn't terribly useful to
you.

Every organization needs to decide for itself where between the two extremes of total security
and total access they need to be. A policy needs to articulate this, and then define how that
will be enforced with practices and such. Everything that is done in the name of security,
then, must enforce that policy uniformly.

Types and Sources of Network Threats

Now, we've covered enough background information on networking that we can
actually get into the security aspects of all of this. First of all, we'll get into the
types of threats there are against networked computers, and then some things
that can be done to protect yourself against various threats.

Unauthorized Access
``Unauthorized access'' is a very high-level term that can refer to a number of
different sorts of attacks. The goal of these attacks is to access some resource
that your machine should not provide the attacker. For example, a host might be
a web server, and should provide anyone with requested web pages. However,
that host should not provide command shell access without being sure that the
person making such a request is someone who should get it, such as a local
administrator.

Executing Commands Illicitly

It's obviously undesirable for an unknown and untrusted person to be able to
execute commands on your server machines. There are two main classifications
of the severity of this problem: normal user access, and administrator access. A
normal user can do a number of things on a system (such as read files, mail
them to other people, etc.) that an attacker should not be able to do. This might,
then, be all the access that an attacker needs. On the other hand, an attacker
might wish to make configuration changes to a host (perhaps changing its IP
address, putting a start-up script in place to cause the machine to shut down
every time it's started or something similar). In this case, the attacker will need
to gain administrator privileges on the host.

Some precautions to be taken:

1: Hope you have backups
This isn't just a good idea from a security point of view. Operational
requirements should dictate the backup policy, and this should be closely
coordinated with a disaster recovery plan, such that if an airplane crashes into
your building one night, you'll be able to carry on your business from another
location. Similarly, these can be useful in recovering your data in the event of an
electronic disaster: a hardware failure, or a breakin that changes or otherwise
damages your data.

2: Don't put data where it doesn't need to be

Although this should go without saying, this doesn't occur to lots of folks. As a
result, information that doesn't need to be accessible from the outside world
sometimes is, and this can needlessly increase the severity of a break-in
dramatically.

3: Avoid systems with single points of failure

Any security system that can be broken by breaking through any one component
isn't really very strong. In security, a degree of redundancy is good, and can help
you protect your organization from a minor security breach becoming a
catastrophe.

3: Stay current with relevant operating system patches

Be sure that someone who knows what you've got is watching the vendors'
security advisories. Exploiting old bugs is still one of the most common (and
most effective!) means of breaking into systems.

4: Have someone on staff be familiar with security practices

Having at least one person who is charged with keeping abreast of security
developments is a good idea. This need not be a technical wizard, but could be
someone who is simply able to read advisories issued by various incident
response teams, and keep track of various problems that arise. Such a person
would then be a wise one to consult with on security related issues, as he'll be
the one who knows if web server software version such-and-such has any known
problems, etc.
Firewalls
In order to provide some level of separation between an organization's intranet and the
Internet, firewalls have been employed. A firewall is simply a group of components that
collectively form a barrier between two networks.
A number of terms specific to firewalls and networking are going to be used throughout this
section, so let's introduce them all together.
Types of Firewalls
There are three basic types of firewalls, and we'll consider each of them.

1: Application Gateways
The first firewalls were application gateways, and are sometimes known as proxy
gateways. These are made up of bastion hosts that run special software to act as
a proxy server. This software runs at the Application Layer of our old friend the
ISO/OSI Reference Model, hence the name. Clients behind the firewall must be
proxitized (that is, must know how to use the proxy, and be configured to do so)
in order to use Internet services. Traditionally, these have been the most secure,
because they don't allow anything to pass by default, but need to have the
programs written and turned on in order to begin passing traffic.

A sample application gateway

These are also typically the slowest, because more processes need to be started in order to
have a request serviced. Figure shows a application gateway.
2: Packet Filtering
Packet filtering is a technique whereby routers have ACLs (Access Control Lists)
turned on. By default, a router will pass all traffic sent it, and will do so without
any sort of restrictions. Employing ACLs is a method for enforcing your security
policy with regard to what sorts of access you allow the outside world to have to
your internal network, and vice versa.

There is less overhead in packet filtering than with an application gateway, because the
feature of access control is performed at a lower ISO/OSI layer (typically, the transport or
session layer). Due to the lower overhead and the fact that packet filtering is done with
routers, which are specialized computers optimized for tasks related to networking, a packet
filtering gateway is often much faster than its application layer cousins. Figure 6 shows a
packet filtering gateway.
Because we're working at a lower level, supporting new applications either comes
automatically, or is a simple matter of allowing a specific packet type to pass through the
gateway. (Not that the possibility of something automatically makes it a good idea; opening
things up this way might very well compromise your level of security below what your policy
allows.)
There are problems with this method, though. Remember, TCP/IP has absolutely no means of
guaranteeing that the source address is really what it claims to be. As a result, we have to use
layers of packet filters in order to localize the traffic. We can't get all the way down to the
actual host, but with two layers of packet filters, we can differentiate between a packet that
came from the Internet and one that came from our internal network. We can identify which
network the packet came from with certainty, but we can't get more specific than that.
3: Hybrid Systems
In an attempt to marry the security of the application layer gateways with the
flexibility and speed of packet filtering, some vendors have created systems that
use the principles of both.

A sample packet filtering gateway

In some of these systems, new connections must be authenticated and approved at the
application layer. Once this has been done, the remainder of the connection is passed down to
the session layer, where packet filters watch the connection to ensure that only packets that
are part of an ongoing (already authenticated and approved) conversation are being passed.
Other possibilities include using both packet filtering and application layer proxies. The
benefits here include providing a measure of protection against your machines that provide
services to the Internet (such as a public web server), as well as provide the security of an
application layer gateway to the internal network. Additionally, using this method, an
attacker, in order to get to services on the internal network, will have to break through the
access router, the bastion host, and the choke router.

Conclusion:

Examining the threats and managing them appropriately is very important for the
smooth running of any organization. Although the security techniques are indeed successful
and serve their purpose to a great extent, they are not completely fool proof. Every technique
does have its flaw. Man is very skilled at developing new security mechanisms, but an
equally destructive code can be written to foil the already existing mechanisms. Network
security does not guarantee the safety of any organization, information or computer systems.
Physical security must not be neglected at any cost. In spite of its minor drawbacks, network
security techniques do offer a great deal of safety and we cannot disregard the revolution
brought about by techniques like cryptography and authentication in the field of network
security.

Everyone has a different idea of what ``security'' is, and what levels of risk are
acceptable. The key for building a secure network is to define what security means to your
organization. Once that has been defined, everything that goes on with the network can be
evaluated with respect to that policy. Projects and systems can then be broken down into their
components, and it becomes much simpler to decide whether what is proposed will conflict
with your security policies and practices.

Many people pay great amounts of lip service to security, but do not want to be
bothered with it when it gets in their way. It's important to build systems and networks in
such a way that the user is not constantly reminded of the security system around him. Users
who find security policies and systems too restrictive will find ways around them. It's
important to get their feedback to understand what can be improved, and it's important to let
them know why what's been done has been, the sorts of risks that are deemed unacceptable,
and what has been done to minimize the organization's exposure to them.
Security is everybody's business, and only with everyone's cooperation, an intelligent policy,
and consistent practices, will it be achievable.

References
1. The Internet Standards Process -- Revision 3, RFC 2026, October 1996.
2. http://www.atis.org/tg2k/_computer_network.html Computer network definition
3. http://www.bellevuelinux.org/network.html Computer networks defined.
4. Interplanetary Internet, 2000 Third Annual International Symposium on Advanced
Radio Technologies, A. Hooke, September 2000
5. http://www.pcmag.com/encyclopedia_term/0,2542,t=internet&j=54184,00.asp
"internet" defined
• Andrew S. Tanenbaum, Computer Networks (ISBN 0-13-349945-6).
• Important publications in computer networks
• Vinton G. Cerf "Software: Global Infrastructure for the 21st Century"
• Meyers, Mike, "Mike Meyers' Certification Passport: Network+" ISBN:0072253487"
• Odom, Wendall, "CCNA Certification Guide"
• Network Communication Architecture and Protocols: OSI Network Architecture 7
Layers Model.