DATA COMMUNICATIONS

Computer Fundamentals
■ Data communications come in different forms depending on the
network setup. For example, users of the computer in a large
organization can send information to other users in the same
department. If necessary a user can also send information to
another user belonging to another department within the
company. This is an example of a network.
■ A network is computers connected with each other via network
cables.
■ Network topologies describe the ways in which the elements of a
network are connected. They describe the physical and logical
arrangement of network nodes.
■ There are different ways of connecting computers in the network as discussed below:
– 1. Bus Topology. Where there is a primary node and several secondary nodes. When the
secondary node wants to send information to another secondary node the information is first
sent to the primary node then sent to the targeted secondary node. For example, when
secondary node 2 will send a message to secondary node 5, the message will be sent to the
primary Node, the primary node will determine where the message is to be sent then send the
message to the intended receiver.
– Advantages
▸ It is easy to set up, handle, and implement.
▸ It is best-suited for small networks.
▸ It costs very less.
Disadvantages
▸ The cable length is limited. This limits the number of network nodes that can be connected.
▸ This network topology can perform well only for a limited number of nodes. When the number
of devices connected to the bus increases, the efficiency decreases.
▸ It is suitable for networks with low traffic. High traffic increases load on the bus, and the
network efficiency drops.
▸ It is heavily dependent on the central bus. A fault in the bus leads to network failure.
▸ It is not easy to isolate faults in the network nodes.
▸ Each device on the network "sees" all the data being transmitted, thus posing a security risk.
– 2. Star or Hub Topology. A primary node is the center of the network with secondary nodes
connected to it. When a message coming from a secondary node is being sent to another
secondary node the message will go to the primary node first before being sent to the targeted
node.
– Advantages
▸ Due to its centralized nature, the topology offers simplicity of operation.
▸ It also achieves isolation of each device in the network.
▸ Adding or removing network nodes is easy, and can be done without affecting the entire
network.
▸ Due to the centralized nature, it is easy to detect faults in the network devices.
▸ As the analysis of traffic is easy, the topology poses lesser security risk.
▸ Data packets do not have to pass through many nodes, like in the case of a ring network.
Thus, with the use of a high-capacity central hub, traffic load can be handled at fairly decent
speeds.
Disadvantages
▸ Network operation depends on the functioning of the central hub. Hence, central hub failure
leads to failure of the entire network.
▸ Also, the number of nodes that can be added, depends on the capacity of the central hub.
▸ The setup cost is quite high.
– 3. Ring Topology. In this setup there is no primary node and all the computers are peer stations. When a message
is sent by one station to another the message will be sent to one station to another until the targeted recipient is
found. Messages are sent in one direction only. The main problem of the design is when one station is not
working the message might not reach the intended receiver. The problem can be solved by employing a dual ring
system. In a dual ring system traffic can flow in both directions. When a message is sent by station 5 to station 3
with station 4 as non-functioning, station 4 will be taken out of the ring. The message will be sent in the opposite
direction until it reaches station 3.
– Advantages
▸ The data being transmitted between two nodes passes through all the intermediate nodes. A central server is
not required for the management of this topology.
▸ The traffic is unidirectional and the data transmission is high-speed.
▸ In comparison to a bus, a ring is better at handling load.
▸ The adding or removing of network nodes is easy, as the process requires changing only two connections.
▸ The configuration makes it easy to identify faults in network nodes.
▸ In this topology, each node has the opportunity to transmit data. Thus, it is a very organized network topology.
▸ It is less costly than a star topology.
Disadvantages
▸ The failure of a single node in the network can cause the entire network to fail.
▸ The movement or changes made to network nodes affect the entire network's performance.
▸ Data sent from one node to another has to pass through all the intermediate nodes. This makes the
transmission slower in comparison to that in a star topology. The transmission speed drops with an increase in the
number of nodes.
▸ There is heavy dependency on the wire connecting the network nodes in the ring.
■ 4. Mesh Topology. A mesh network is a network topology in which each node relays data for the
network. All mesh nodes cooperate in the distribution of data in the network. Mesh networks can
relay messages using either a flooding technique or a routing technique.
■ Advantages
▸ The arrangement of the network nodes is such that it is possible to transmit data from one node
to many other nodes at the same time.
▸ The failure of a single node does not cause the entire network to fail as there are alternate paths
for data transmission.
▸ It can handle heavy traffic, as there are dedicated paths between any two network nodes.
▸ Point-to-point contact between every pair of nodes, makes it easy to identify faults.
Disadvantages
▸ The arrangement wherein every network node is connected to every other node of the network,
many connections serve no major purpose. This leads to redundancy of many network connections.
▸ A lot of cabling is required. Thus, the costs incurred in setup and maintenance are high.
▸ Owing to its complexity, the administration of a mesh network is difficult.
5. Hybrid Topology
A hybrid topology combines two or more topologies and is meant to reap their advantages.
Obviously, the advantages and disadvantages of a hybrid topology are a combination of the merits
and demerits of the topologies used to structure it.
Types of Network
■ 1. Local Area Network (LAN). A group of computers located in a small
are connected by a communications link to be able to interact within
the group. The first LAN called ETHERNET connected mainframes and
computers in the entire building. In this setup people in the
organization can send information to different people in different
parts of the organization.
■ 2. Wide Area Network (WAN). The network is now extended outside of
the building to different locations but within the country.
■ 3. Global Area Network. (GAN). The network is extended to different
countries.
■ 4. Wireless Network. A wireless network uses frequency emitted by
the router to connect to the network.
 Wireless Telecommunications Networks
■ personal area network (PAN)
A wireless telecommunications network for device-to-device
connections within a very short range
■ Bluetooth
A set of telecommunications standards that enables wireless
devices to communicate with each other over short distances

9-9
Wireless Telecommunications Networks

■ Wireless Local Area Networks and Wi-fi

– wireless local area network (WLAN)
A telecommunications network that enables
users to make short-range wireless
connections to the Internet or another network
– Wi-Fi
The common name used to describe the IEEE
802.11 standard used on most WLANs

9-10
Wireless Telecommunications Networks

– wireless access point

An antenna that connects a mobile device to a wired
LAN
– hotspot
An area or point where a wireless device can make a
connection to a wireless local area network (using Wi-Fi)

9-11
 Wireless Telecommunications Networks

■ Municipal Wi-fi Networks

– WiMax
A wireless standard (IEEE 802.16) for making broadband network
connections over a medium size area such as a city
– wireless metropolitan area network (WMAN)
A telecommunications network that enables users to make
medium-range wireless connections to the Internet or another
network

9-12
Wireless Ad Hoc Sensor Networks
A wireless ad hoc sensor network consists of a number of sensors spread across a
geographical area. Each sensor has wireless communication capability and some
level of intelligence for signal processing and networking of the data. Some
examples of wireless ad hoc sensor networks are the following:
■ Military sensor networks to detect and gain as much information as possible about
enemy movements, explosions, and other phenomena of interest.

■ Sensor networks to detect and characterize Chemical, Biological, Radiological,

Nuclear, and Explosive (CBRNE) attacks and material.

■ Sensor networks to detect and monitor environmental changes in plains, forests,

oceans, etc.
Wireless Ad Hoc Sensor Networks
 Cloud computing
■ Cloud computing is a informal expression used to describe a
variety of different types of computing concepts that involve
a large number of computers that are connected through a
real-time communication network
 femtocell
■ A femtocell is a wireless access point that improves
cellular reception inside a home or office building.
■ The device, which resembles a wireless router,
essentially acts as a repeater. The device
communicates with the mobile phone and converts
voice calls into voice over IP (VoIP) packets. The
packets are then transmitted over a broadband
connection to the mobile operator's servers.
femtocell
Deep Space Network

■ a world-wide network of large antennas and communication

facilities that supports interplanetary spacecraft missions. It
also performs radio and radar astronomy observations for
the exploration of the solar system and the universe, and
supports selected Earth-orbiting missions.
 VPN
■ A virtual private network (VPN) extends a private network across a public
network, such as the Internet. It enables a computer to send and receive data
across shared or public networks as if it were directly connected to the private
network, while benefitting from the functionality, security and management
policies of the private network.
 MPLS

■ Multiprotocol Label Switching (MPLS) is a mechanism in

high-performance telecommunications networks that directs
data from one network node to the next based on short path
labels rather than long network addresses, avoiding
complex lookups in a routing table.
 IPv6
■ Internet Protocol version 6 (IPv6) is the latest
revision of the Internet Protocol (IP), the
communications protocol that provides an
identification and location system for computers on
networks and routes traffic across the Internet.
Fiber Optics
■ Networks are usually connected to mainframes and/or services in.
■ Mainframe computers, sometimes called supercomputers perform
various computations.
■ Servers on the other hand provide information to users.
■ There is also some equipment needed to be able to connect to
networks:
– 1. Network Interface Card (NIC). An NIC is usually inserted in a
slot in the motherboard. This is to allow the unshielded twisted-
pair (UTP) connection to the computer for connection to the
network.
– 2. Routers. Are used to connect computers to the same network
or other network.
– 3. Modem. This equipment that convert digital signal transmitted
by the sender produced by a computer to analog signal and will
be converted back to digital signal by the modem on the
receiver’s end.
Internet
■ The internet connects different individuals and organizations throughout the world for the
exchange of information. In the 1969, the Advanced Research Projects Agency (ARPA) of the
US Department of Defense entered into a contract with Bolt, Baraulk and Newman (BBN) to
develop a packet-switched network and used internet protocol (IP).
■ The Advanced Projects Agency Network (ARPANET) was to connect to University of California
(UCLA), Stanford Research Institute and the University of Utah for research development. In
1972, the ARPANET was connected to 37 different locations.
■ In 1974, Vinton Cerf and Robert Kahn developed the Transmission Control Protocol (TCP) to
increase the use of ARPANET and became Transmission Control Protocol and Internet Protocol
(TCP/IP) in 1976.
■ In 1975, the ARPANET later on had a controlling department called the Defense Advanced
Research Projects Agency (DARPA), which placed a limit on the access to ARPANET.
■ In 1983, TCP/IP was adopted as the standard network protocol.
■ In 1984, the domain name service was developed to convert numerical addresses into text.
■ In 1990, the European Center for Nuclear Research (CERN) started the concept of web pages
and the World Wide Web (WWW).
■ The Hypertext Markup Language (HTML) was developed in 1992 to create web pages.
 Uses of Internet
■ 1. Electronic Mail (E-mail). This can send and receive mail type communication. Files can also
be attached as part of the mail. Common e-mail service providers include yahoo, gmail and
Hotmail.
■ 2. Research. Various sources are available for different topics being searched in the internet.
■ 3. Entertainment. Entertainment comes in different forms. From watching videos, listening to
music and games.
■ 4. File Download and Upload. When a file is being uploaded or downloaded the file transfer
protocol (FTP) is used.
■ 5. Electronic Commerce (E-commerce). Business transactions can now be made by using the
internet. Transaction inquiry, purchasing and ordering can now be done using e-commerce
systems.
■ 6.Chat. Communication via text or voice can be used.
 Internet of Things

■ The Internet of Things refers to uniquely identifiable objects

and their virtual representations in an Internet-like structure.

■ Radio-frequency identification (RFID) is often seen as a

prerequisite for the Internet of Things. If all objects and
people in daily life were equipped with identifiers, they could
be managed and inventoried by computers.
Google loon

http://www.france24.com/en/20130618-google-balloons-internet-new-zealand-web-loon
Google Glass
■ Internet connections are provided by internet service
providers (ISP). The ISPs assign internet address to
users. Internet address are usually typed in text form
then converted to numeric form. For example, the
internet address typed by the user is
http://www.school.educ.ph. The internet address in text
form is converted to numeric form like 192.175.34.213.
internet addresses are known as universal resource
locators (URL).

■ http://www.school.edu.ph
The following are the different parts that compromise the internet
address:
■ 1. Hypertext Transfer protocol (http). This controls the access to different websites.
■ 2. World Wide Web (www). A form of communication to gain access to information, do business
transactions and to communicate with other individuals when connecting through the internet.
■ 3. Domain Name. in the example above school is the domain name. it is the name assigned to the
web site owner (individual or organization).
■ 4. Domain Top. This determines the type of organization that owns the website. There are different
types of domain top mainly:
– A. .com for commercial sites
– B. .gov for government sites
– C. .org for organizations
– D. .edu for education like schools, colleges and universities.
– E. .tv for television network sites
5. Country code. Country code are sometimes specified as to distinguish the web site from others.
Network Security

■ Network security tries to prevent damage,

destruction or theft of data in the computer
system from different threats coming from the
internet or within the network.
 Importance of network security
■ Computer networks have grown in size and
importance.
– If the security of the network is compromised, there
could be serious consequences
■ Loss of privacy
■ Information theft
■ Legal liabilities
Increasing threat to security
■ Over the years, threat tools and methods have evolved.
■ Some of the common terms are:
– White hat - An individual who looks for vulnerabilities in systems and reports these so
that they can be fixed (ethical hacker).
– Black hat - An individual who use his knowledge to break into systems that he is not
authorized to use.
– Hacker - An individual that attempts to gain unauthorized access to network with
malicious intent.
– Cracker - Someone who tries to gain unauthorized access to network resources with
malicious intent.
– Phreaker - Individual who manipulates a phone network, through a payphone, to make
free long distance calls.
– Spammer - An individual who sends large quantities of unsolicited e-mail messages.
– Phisher - Uses e-mail or other means to trick others into providing information, such as
credit card numbers.
Think like an attacker
 Many attackers use a seven-step process to gain information and start an attack.
– Footprint analysis (reconnaissance).
■ Company webpage can lead to information, such as the IP addresses of servers.
– Enumeration of information.
■ An attacker can expand on the footprint by monitoring network traffic with a packet sniffer
such as Wireshark, finding information such as version of servers.
– Manipulation of users to gain access.
■ Sometimes employees choose passwords that are easily cracked or broken.
– Escalation of privileges.
■ After attackers gain basic access, they use their skills to increase privileges.
• Gathering of additional passwords and secrets.
• With improved privileges, attackers gain access to sensitive information.
– Installing backdoors.
■ Backdoors provide the attacker to enter the system without being detected.
– Leveraging a compromised system.
■ After a system is compromised, attacker uses it to attack others in the network.
 Computer crime
 The most commonly reported acts of computer crime that have network security implications
are listed.
• Insider abuse of network access • System penetration
• Virus • Financial fraud
• Mobile device theft • Password sniffing
• Phishing where an organization is • Key logging
fraudulently represented as the sender
• Website defacement
• Instant messaging misuse
• Misuse of a public web application
• Denial of service
• Theft of proprietary information
• Unauthorized access to information
• Bots within the organization • Exploiting the DNS server of an organization
• Theft of customer or employee data • Telecom fraud
• Abuse of wireless network • Sabotage
Security development
 The first step an organization should take to protect its data
and is to develop a security policy.
 A security policy must:
– Inform users, staff, and managers of their requirements
for protecting information assets
– Specify the mechanisms through which these
requirements can be achieved
– Provide a baseline from which to acquire, configure, and
audit computer systems for compliance
Security development (con’t)
 Assembling a security policy can be daunting. The ISO and IEC have published a security
standard document called ISO/IEC 27002. The document consists of 12 sections:
1. Risk assessment
2. Security policy in collaboration with corporate management
3. Organization of information security
4. Asset management
5. Human resources security
6. Physical and environmental security
7. Communications and operations management
8. Access control
9. Information systems acquisition, development, and maintenance
10.Information security incident management
11.Business continuity management
12.Compliance
Enterprise security policy
 Security Policy definition?
– A security policy is a set of guidelines established to safeguard the network from
attacks, both from inside and outside the company.
 A security policy benefits the organization in several ways:
– Provides a means to audit existing network security and compare the requirements to
what is in place.
– Plan security improvements, including equipment, software, and procedures.
– Defines the roles and responsibilities of the company executives, administrators, and
users.
– Defines which behavior is and is not allowed.
– Defines a process for handling network security incidents.
– Creates a basis for legal action if necessary.
 A security policy is a living document
– The document is never finished and is continuously updated as technology and
employee requirements change.
Functions of a security policy
 FUNCTIONS OF A SECURITY POLICY
–PROTECTS PEOPLE AND INFORMATION
–SETS THE RULES FOR EXPECTED BEHAVIOR BY USERS,
SYSTEM ADMINISTRATORS, MANAGEMENT AND SECURITY
PERSONNEL
–AUTHORIZES SECURITY PERSONNEL TO MONITOR, PROBE,
AND INVESTIGATE
–DEFINES AND AUTHORIZES SECURITY PERSONNEL TO
MONITOR, PROBE AND INVESTIGATE
–DEFINES AND AUTHORIZES THE CONSEQUENCES OF
VIOLATIONS
vulnerabilities
 When discussing network security, three primary elements to be considered
are:
– Vulnerability
– The degree of weakness which is inherent in every network and
device.
– Routers, switches, desktops, and servers.
– Threats
– The people interested in taking advantage of each security
weakness.
– Attack
– Threats use a variety of tools, and programs to launch attacks
against network vulnerabilities.
vulnerabilities
 There are 3 primary vulnerabilities:
– Security policy weaknesses
■ Security risks to the network exist if users do not follow the security
policy or if the policy does not adequately address vulnerabilities.
– Technological weaknesses
■ Computer and network technologies have intrinsic security
weaknesses. These include operating systems, applications, and
network equipment.
– Configuration weaknesses
■ Network administrators must learn of and address configuration
weaknesses.
Physical threats
 An attacker can deny the use of network resources if those resources can
be physically compromised.
 The four classes of physical threats are:
– Hardware threats - Physical damage to servers, routers, switches,
cabling plant, and workstations
– Environmental threats - Temperature extremes (too hot or too cold) or
humidity extremes (too wet or too dry)
– Electrical threats - Voltage spikes, insufficient supply voltage
(brownouts), unconditioned power (noise), and total power loss
– Maintenance threats - Poor handling of key electrical components
(electrostatic discharge), lack of critical spare parts, poor cabling, and
poor labeling
 Physical Security – Very Important - not to be overlooked!
Threats to networks
■ Classes of threats to networks:
 Unstructured Threats
– Unstructured threats consist of inexperienced individuals using easily available
hacking tools, such as shell scripts and password crackers.
 Structured Threats
– Structured threats arise from individuals or groups that are highly motivated
and technically competent to break into business computers to commit fraud,
destroy or alter records, or simply to create havoc.
 External Threats
– External threats can arise from individuals or organizations working outside of
a company who do not have authorized access to the computer systems or
network.
 Internal Threats
– Internal threats occur when someone has authorized access to the network
with either an account or physical access.
Network attacks
 Reconnaissance
– Reconnaissance is the discovery and mapping of systems,
services, or vulnerabilities (aka information gathering).
– Similar to a burglar observing a neighborhood for vulnerable
homes to break into.
 Access
– System access is the ability for an intruder to gain access to a
device for which the intruder does not have password.
Network attacks (con’t)
 Denial of Service
–Denial of service (DoS) occurs when an attacker disables
or corrupts networks, systems, with the intent to deny
services to intended users. DoS attacks are the most
feared.
 Worms, Viruses, and Trojan Horses
–Malicious software can be inserted onto a host to
damage or corrupt a system, replicate itself, or deny
access to networks, systems, or services.
Reconnaissance attacks
 Reconnaissance attacks may consist of:
•Internet information queries
• External attackers can use Internet tools, such as the nslookup , nmap, and
whois utilities, to easily determine the IP address space assigned to a given
corporation or entity.
•Ping sweeps
• After the IP address space is determined, an attacker can then ping the publicly
available IP addresses to identify the addresses that are active.
• An attacker may use a ping sweep tool, such as fping or gping, pings all
network addresses in a given subnet.
Reconnaissance attacks (con’t)
 Reconnaissance attacks can consist of:
–Port scans
• When the active IP addresses are identified, the intruder uses a
port scanner to determine which network services or ports are
active on the live IP addresses.
• A port scanner is software, such as Nmap or Superscan, which
is designed to search a host for open ports.
–The port scanner queries the ports to determine the
application and version, as well as the version of OS.
 RECONNAISSANCE ATTACKS (CON’T)

 Packet sniffers: Internal attackers may attempt to "eavesdrop" on network

traffic.
– Two common uses of eavesdropping are as follows:
•Information gathering - Network intruders can identify usernames,
passwords, or information carried in a packet.
•Information theft - The network intruder can steal data from
networked computers by gaining unauthorized access.
– A common method for eavesdropping is to capture TCP/IP or other
protocol packets and decode the contents.
•An example program is Wireshark.
•It can capture usernames and passwords as they cross network.
 RECONNAISSANCE ATTACKS (CON’T)

 Some effective methods for counteracting eavesdropping

are listed as follows:
– Use switched networks instead of hubs so that traffic is not
broadcast to all endpoints or network hosts.
– Use encryption that meets the data security needs without
imposing an excessive burden on system resources or users.
– Forbid the use of protocols with known susceptibilities to
eavesdropping.
• An example is SNMP versions prior to 3.
•Version 3 can encrypt community strings.
Access attacks
 Access attacks exploit vulnerabilities in authentication, FTP,
web and others to gain entry to accounts, confidential, and
sensitive information.
 Password Attacks
– Password attacks usually refer to repeated attempts to log in to a
server, to identify a user account and password.
– These repeated attempts are called dictionary attacks or brute-
force attacks.
• Password attacks can be mitigated by educating users to use long,
complex passwords.
– To conduct a dictionary attack, attackers can use tools such as
L0phtCrack , Cain, or rainbow tables.
 DOS ATTACKS (CON’T)
Malicious code attacks
 The primary vulnerabilities for end-user workstations are worm,
virus, and Trojan horse attacks.
– A worm executes code and installs copies of itself in the
infected computer, which can infect other hosts.
• A worm installs itself by exploiting known vulnerabilities in
systems, such as naive end users who open unverified
executable attachments in e-mails
– A virus is malicious software that is attached to another
program for the purpose of executing a particular unwanted
function on a workstation.
• An example is a program that is attached to command.com
and deletes files and infects any other versions of
command.com.
 DOS ATTACKS (CON’T)
Malicious code attacks
 A Trojan horse is an application that was written to look like
something else, when in fact it is an attack tool.
–Example of a Trojan horse is software that runs a game. While the user is
occupied with the game, the Trojan horse mails a copy of itself to every address in
the user's address book or installs key loggers, etc.

 This kind of attack can be contained through the effective use

of antivirus software at the user level, and potentially at the
network level.
Source: McAfee Labs Threats Report, August
2015