Chapter 3
Computer Communication
and Security
�Chapter 3 Objectives
Communications
and Network
terminology and
applications
Various
communications
devices, media,
and procedures
Type of Computer
Networks
Describe the types
of computernetwork & Internet
security risks
Identify ways to
safeguard against
Network-based
attacks
Techniques to
prevent Network
Attacks
�Communications
What are computer communications?
Process in which two or more computers or devices transfer data, instructions, and
information
�Communications
What is needed for successful communications?
Sending device
Initiates instruction to transmit data, instructions, or information. Commonly in software
forms
Communications device
Connects the sending device to the communications channel
Communications channel
Media on which data, instructions, or information travel
Communications device
Connects the communications channel to the receiving device
Receiving device
Accepts transmission of data, instructions, or information
�Communication Software
What is communications software?
Programs that help users
establish connection to
Internet, other network,
or another computer
Programs that help users
manage transmission of
data, instructions,
and information
Programs that provide an
interface for users to
communicate with one
another
�Communication Devices
What are examples of communications
devices?
Common types are [dial-up modems, ISDN & DSL
modems, broadband/cable modems] For
Internet Communication, and [network cards,
wireless access points, routers, and
hub/switches] for General Computer Network
Communications
�Communication Devices
What is a modem?
Converts digital signals to analog signals and vice versa
Notebook computers often use PC Card modem
Dial Up Modems
Cable and Wireless Broadband Modems
Faster Internet Connection
�Communications Devices
What is a network card?
Adapter card, PC Card, or
compact flash card that
enables computer or
device to access network
Sometimes called network
interface card (NIC)
�Communications Devices
What is a wireless access
point?
Central communications
device that allows
computers and devices to
transfer data wirelessly
among themselves or to
wired network
�Communications Devices
What is a router?
Connects computers and
transmits data to correct
destination on network
Routers forward data on
Internet using fastest
available path
�Communications Devices
�Communications Devices
What is a switch/hub?
Device that provides
central point for cables in
network
�Communications Channel
What is a channel?
Transmission media on which data travels in
communications system
Transmission media
are materials
capable of carrying
one or more signals
Bandwidth is
amount of data
that can travel
over channel
�Transmission Media
Physical
Optical Fiber
Twisted Pair
Cables
Coaxial Cable
Wireless
Communications
Sattelite
Microwave Radio
Cellular Radio (2G,
2,5G, 3G, etc)
Broadcast Radio
(Wi-fi, Bluetooth)
Infrared
�Computer Network
What is a network?
Collection of computers
and devices connected
via communications
devices and
transmission
media
�Computer Network
What is a local area
network (LAN)?
Network in limited
geographical area such
as home or office
building
Metropolitan area
network (MAN)
connects LANs in city or
town
�Computer Network
How to Join a computer into a LAN
IP address is a numerical label assigned to each device
(e.g., computer, printer) participating in a computer
network
�Computer Network
What is a wide area
network (WAN)?
Network that covers
large geographic area
using many types of
media
Internet is worlds
largest WAN
�Computer Network
What is a client/server
network?
One or more computers act
as server and other
computers, or clients, access
server
�Computer Network
What is an Intranet?
Internal network that uses Internet technologies
Makes information accessible to employees
Typically includes connection to Internet
Extranet allows customers or suppliers to access
part of companys intranet
�Network Risks & Security
�Computer Security Risks
What is a computer security risk?
Action that causes loss of or damage to computer
system
Mostly happened when computer connected into
a network
Easier to access, more unpredictable than attacking
unattended computer
�Computer Viruses, Worms, and Trojan Horses
What are viruses, worms, and Trojan horses?
Virus is a potentially
damaging
computer
program
Can spread
and
damage
files
Worm copies
itself repeatedly,
using up
resources
and possibly
shutting down
computer or
network
Trojan horse hides
within
or looks like
legitimate program
until triggered
Does not
replicate
itself on
other
computers
Payload
(destructive
event) that is
delivered when
you open file, run
infected program, or
boot computer with
infected disk
in disk drive
�Computer Viruses, Worms, and Trojan Horses
How can a virus spread through an e-mail
message?
Step 1. Unscrupulous
Step 2. They use
programmers create a virus
program. They hide the
virus in a Word document
and attach the Word
document to an e-mail
message.
the Internet to send
the e-mail message
to thousands of
users around the
world.
Step 3a. Some
Step 3b. Other users do not
users open the
attachment and
their computers
become infected
with the virus.
recognize the name of the
sender of the e-mail message.
These users do not open the
e-mail message. Instead they
delete the e-mail message.
These users computers are not
infected with the virus.
�Computer Viruses, Worms, and Trojan Horses
What are some tips for preventing virus,
worm, and Trojan horse infections?
Never download or
install suspicious
software from
untrusted sources
If the antivirus
program flags an
e-mail attachment
as infected, delete
the attachment
immediately
Install an antivirus
program on all of your
computers
Check all
downloaded
programs for
viruses, worms,
or Trojan horses
Never open an
e-mail attachment
unless you are
expecting it and
it is from a
trusted source
Install a personal
firewall program
�DOS & Backdoor
What is a denial of service (DOS) attack and
back door?
A denial of service attack is an assault which
disrupts computer access to an Internet service
such as the Web or e-mail
A back door is a program or set of instructions
in a program that allow users to bypass
security controls when accessing a computer
resource
�Spoofing
What is spoofing?
Makes a
network
or Internet
Transmission appear legitimate
IP spoofing occurs when an intruder
computer fools a network into believing
its IP address is from a trusted source
Perpetrators of IP spoofing trick their
victims into interacting
with a phony Web site
�Solutions
Best way to prevent spoofing and DOS is to
build a firewall
Implemented on network or installed on host as
software (personal firewall)
�Solutions
What is firewall?
Security system consisting of hardware and/or
software that prevents unauthorized intrusion
�Solutions
What is personal firewall?
Program that protects personal computer and its data from
unauthorized intrusions
Monitors transmissions to and from computer
Informs you of attempted intrusion
�Unauthorized Access and Use
Unauthorized Access
Use of a computer or network without
permission.
By connecting to it and then logging in as a
legitimate user.
Do not cause damages.
Merely access the data, valuable information or
programs in the computer.
In some manners, can be categorized as
Information theft
�Unauthorized Access and Use
Unauthorized Use
Use of a computer or its data for unapproved or
illegal activities.
Ex: gaining access to a bank computer and
performing an unauthorized bank transfer etc.
�Solutions
How to prevent unauthorized access and use?
Make a good use of authorization control
�Solutions (Cont.)
How to make good passwords?
GOOD
Example:
@k|_|-@n@6-4L4Y
Longer, alay-er, better
NEVER USE IT
Your birth-day
Your mother/dad/lover name
Very predictable words
Plain, not combinated
characters is weak against
brute-force attacks
�Solutions (Cont.)
How to prevent unauthorized access and use?
Disable file and printer sharing on Internet connection
File and
printer
sharing
turned off
enable just
when you need it
�Solutions (Cont.)
How to make information thief lifes much
harder?
Use encryption
Safeguards against information theft
Process of converting plaintext (readable data) into
ciphertext (unreadable characters)
Use key to generate cipherkey as combinations
To read the data, the recipient must decrypt, or
decipher, the data
See the demonstration
�Internet Security Risk
Information Sniffing, How?
H or L can get all sensitive un-encrypted information
passed on network such as username and password
�Internet Security Risk
Website phising, How?
Impersonated Login Page
Username,
Passwords,
Credit cards details
https://ib.bankmandiri.co.id/retail/Login.do?action=form
https://ib.bangmandiri.co.id/retail/Login.do?action=form
Username,
Passwords,
Credit cards details
Normal Login Page
Bank Mandiris
Server
Crackers Computer
�Internet Security Risk
Website phising commonly
spread using emails and
social media
Best implemented when
combined with social
engineering technique.
�Internet Security Risk
Social engineering is an nontechnical, outside hacker's use
of psychological tricks on
legitimate users of a computer
system, in order to gain the
information (usernames and
passwords) one needs to gain
access to the system.
It utilizes two human weakness:
no one wants to be considered
ignorant
human trust
�Solutions
Web browsers provide secure data
transmission
Many Web browsers
use encryption
Secure site
Choose Web site that
uses encryption to
secure data
Valid Digital
certificate
Guarantees Web site
is legitimate
�Solutions
Provides encryption of
all data that passes
between client and
Internet server
Web addresses
beginning with https
indicate secure
connections
�Solutions
Protect yourselves from social engineering
Be educated, aware, and a little bit paranoid.
Never give out:
Usernames / ID numbers
Passwords / PIN numbers
System information
Credit card numbers
Schedules
Other Sensitive data
Be aware of what is being asked
�End of Chapter 3
