Computer Network Security

A:

Internetworking (i.e., the interconnection of two or more individual networks) is a complex task.

The communication process is judging as successful if the transmitted message has been delivered at the authorized destination(s) in a reliable and secure fashion and the meaning understood by the destination matches the meaning intended by the source.

Before the communicating parties starting to communicate, they have to define the several communication functions required for successful communication (i.e., flow control, error detection and correction, congestion control, addressing, routing, message formatting, etc.), and establish rules, conventions, and agreements, that govern these functions. These rules or protocols have to be followed by the communicating entities in order to ensure the success of the communication process.

In network communications, there are three basic agents:

• Applications running at hosts that want to communicate.
• Hosts that want to communicate (sources and destinations).
• Subnetworks where these hosts belong.

So, to accomplish communication, we have to provide both physical connectivity between the hosts (this includes the definition of the cabling, the connectors, the physical topology, etc.), as well as logical connectivity (this includes software processes as the addressing and the routing).

In general, we want to accomplish:

1. Reliable communication between applications running at different hosts.
2. Best-effort delivery of messages between hosts locating at different networks.
3. Access of a host to a network.

As you can understand, some of the communication functions are used to accomplish task (1), some others are used to accomplish task (2), and some others are used to accomplish task (3). So, these functions are forming logical groupings called layers.

We can visualize these layers as a stack. Each layer communicates with the others via a well-defined interface. Each layer has well-defined communication functions, which are concerned with one of the above communication tasks (1, 2, or 3). These functions are governed by associated protocols (that is why this layered network architecture also called protocol stack). Each layer is concerned with its own task, and provides services to the upper layer in a transparent fashion. Each layer "trusts" the other layers and depends on them working properly in order to accomplish successful communication.

The International Standards Organization (ISO)established a seven-layer internetworking model called Open System Interconnection (OSI) to serve as a blueprint for internetworking. It is an open model, that is, a model which defines the layers, their functions, and the associated protocols, but not the actual way to accomplish these functions. That gives more flexibility to vendors to use the technological solution they believe that best fits to their needs.

OSI is a reference model (not used so much in practise, because is very abstract) that is used to:

• Simplify the networking concept, dividing a complex task to several simpler tasks.
• Allow the interconnection of equipment from different vendors.

The layers of the OSI model from top-to-bottom are:

• Application layer (layer 7): Requires network resources and provides services to the end user. Examples of protocols include HTTP, FTP, etc.
• Presentation layer (layer 6): Concerned with the syntax of the data. Encryption, coding, and formatting are the functions of this layer. Very theoretical layer. Example of protocols include JPEG, MPEG, etc.
• Session layer (layer 5): Concerned with the communication between different applications. In other words, establish and terminates sessions. Very theoretical layer. Example of protocol include Xwindow.
• Transport layer (layer 4): Concerned with reliable end-to-end transfer of messages. Two major protocols: TCP (reliable or connection-oriented) and UDP (unreliable or connectionless).
• Network layer (layer 3): Best-effort (unreliable) transport of messages between different networks. Other tasks include Quality of Service (QoS), etc. Example of protocols include IPv4, IPv6, IPX, ICMP, etc.
• Data Link layer (layer 2): Concerned with the accessing of the information onto the media (media-dependent layer) and the detection (not correction) of errors. Many technologies are associated with this layer (e.g., PPP, Ethernet, HDLC, etc.). Consists of two sublayers, Logical Link Control (LLC) sublayer - the upper sublayer -, used for framing and communication with the upper layers, and Medium Access Control (MAC) - the lower sublayer -, used for accessing the media.
• Physical layer (layer 1): Concerned with the electrical and mechanical characteristics of the media. Includes cables and connectors types, message formatting (i.e., voltage values, frequencies, bit patterns, data rates, etc.), and physical topology (the way the devices are physically connected).

From layer 7 to layer 4 we have end-to-end communication. Layers 2 and 1 concerned with host-to-network communication(i.e., network access). Layer 3 has a flavor of both.

Layers 7 to LLC sublayer are implemented in software. MAC sublayer and physical layer are implemented in hardware.

Repeaters and hubs (multi-port repeaters) operate on layer 1. Switches operates on layer 2. Routers operate on layer 3 (connect different networks).

At the communication process between two hosts, data are passing from all the layers of the protocol stack (from top to bottom). Each layer at the source device adds a header (data link also adds a trailer or tail) which contains control information in order to accomplish its functions. This process is called encapsulation.

This header with the data of the upper layer forms a Protocol Data Unit (PDU). The PDU of layers 7 to 5 is referred as data. Layer 4 PDU is referred as segment (when TCP is used) or datagram (when UDP is used). Layer 3 PDU is referred as packet. Layer 2 PDU is referred as frame. Layer 1 PDU is referred as bit stream.

At the destination, the information goes through the protocol stack from bottom to the top. Each layer staps-off the header and moves up the PDU. This is called decapsulation.

The "virtual" communication between the same layers at the source and the destination devices is called peer communication (and these layers are called peer layers).

You have to understand that a network model is a theoretical approach to the networking function that helps us to simplify and understand the overall process.

Kotsos

In Server 2003 domian security policy helps you to set Password Protection.. 1)Password length 2)Password Complexity 3)Password Age (min age & max age) In Server 2003 domian security policy helps you to set Password Protection.. 1)Password length 2)Password Complexity 3)Password Age (min age & max age)Default and Recommended Password Policy Settings

=============================================== Policy Default Recommended Comments

Enforce password history

24 passwords remembered

(No change) Prevents users from reusing passwords.

Maximum password age

42 days

(No change)

N/A

Minimum password age

1 day

(No change)

Prevents users from cycling through their password history to reuse passwords.

Minimum password length

7 characters

(No change)

Sets minimum password length.

Password must meet complexity requirements

Enabled

(No change)

For the definition of a complex password, see "Creating a Strong Administrator Password" in the Establishing Secure Domain Controller Build Practices section.

Store password using reversible encryption

Disabled

(No change)

N/A

Default and Recommended Account Lockout Policy Settings

====================================================== Policy Default Recommended Reason

Account lockout duration

Not defined

0 minutes

The value 0 means that after account lockout an Administrator is required to reenable the account before account lockout reset has expired.

Account lockout threshold

0 invalid logon attempts

20 invalid logon attempts

The value 0 means that failed password tries never cause account lockout. Because an account lockout duration of 0 minutes (administrator reset) is recommended, a small number for this setting can result in frequent administrator interventions.

Reset account lockout counter after

Not defined

30 minutes

This setting protects against a sustained dictionary attack by imposing a nontrivial delay after 20 unsuccessful attempts.

Default and Recommended Kerberos Policy Settings

================================================ Policy Default Recommended Comments

Enforce user logon restrictions

Enabled

(No change)

N/A

Maximum lifetime for service ticket

600 minutes

(No change)

N/A

Maximum lifetime for user ticket

10 hours

(No change)

N/A

Maximum lifetime for user ticket renewal

7 days

(No change)

N/A

Maximum tolerance for computer clock synchronization

5 minutes

(No change)

Maximum tolerance between the client's and server's clocks.

Note: If you want to more information so you can visit http://www.iyogibusiness.com/

Web-of-trust

Answer Explanation: The web-of-trust model is very simple, and is most often associated with Pretty Good Privacy (PGP). This model operates without a central authority. Individuals create and sign certificates for people who are known and trusted. The decision of whether to trust another individual is left with the user.

1. Security algorithms like, WEP (Wired Equivalent Privacy) and WPA/WPA2 (WiFi Protected Access) are used for securing Wireless networks.

2.Creating a hidden network is also a good choice because ordinary computer users cannot see hidden networks.It adds an extra layer of protection.