Computer Network Security & Threats

The computer network security is a key issue to promote the development of trade in all areas.

Computer Network Security

One word ‘security’ covers many different aspects, both technical, organizational and legal. Latitude users against security problems is often irrational, which does not help to simplify the discussion. The safety of paying by credit card over the Internet is part of controversial topics. In 1996 our experimental platform Info way, we asked our 10,000 users to pay a participation fee for access. All means of payment were available on the server from the secure online credit card, send the card number by fax or check. Contrary to popular belief, approximately 60% of users chose the secure online payment, 30% and 10% check preferred to send the credit card number by fax which even provided a PIN! The perception of safety is an important element to consider in developing these systems.

From a technical perspective, safety covers both access to information on workstations, servers and network data transport. In this short paper, we focus on the problems of information security in trade through public or private networks. Internet, the network of networks, is a tool that allows all computers regardless of their type to communicate with each other. Technology (TCP / IP) has simplified the creation of networks, thus reducing the cost of telecommunications. However, the security features are not addressed by this protocol.

Securing data is secure:

  • The mutual authentication of correspondents to be sure of his interlocutor
  • The integrity of transmitted data to be sure they have not been changed accidentally or intentionally.
  • Confidentiality to prevent data from being read by systems or unauthorized
  • Non-repudiation to prevent a challenge by the transmitter sending data

One way to ensure data security is to physically protect the access to the equipment. It is possible in a room or building. It is impossible when the network is physically extended. For a very long time, researchers have worked on these topics. In all countries, the military has developed techniques to ensure confidentiality. Gradually, these techniques have become necessary for many economic activities and their use has spread, fostered by the diffusion of high performance computing at low prices. Today, a system has emerged in many variants. Is the dual key system, one public and one private, invented in 1977 by three researchers: Rivest, Shamir and Adleman.

To understand

To understand just the dual-key, just know that only one key code can decode the other and vice verse.

Knowing one key does not help find another. The mathematical theory of asymmetric encryption is quite simple since it is now taught in classes of higher mathematics. System security is based on the computation time required for significant most powerful machines to find the prime factors of numbers of several hundred digits. The keys typically used include 1024 or 2048 bits, which guarantees the inviolability principle, at least in the present state of mathematical knowledge.

Most cards that are used to ensure the security functions operate on the principle of dual-key system. Each map contains in its memory the 2 keys, one public freely read by computer applications, one private that can not be used until the supply of the 4-digit PIN of the user.

Let’s see how the security functions are performed by this technique.
Users have access to a directory of public keys of their correspondents.
All operations described below are performed automatically by programs.

Authentication is simply to ask the user’s machine to encode a word chosen at random with his private key. If the decoding with the public key renders the word, is “sure” that this is the right card pair (private key) and a good user (4 digit code) which led to this operation. Note the importance of keeping the card in a safe place and keep the 4-digit confidential.

Data integrity is achieved by the automatic addition of a message derived from the data sent. This message is encoded with the private key of the issuer. The receiver decodes the message with the sender’s public key available in the directory. Any change intentional or accidental data or message integrity is detected by the message recipient.

Confidentiality is achieved by encrypting the entire message with the recipient’s public key. He alone can decode the message with his private key after providing the 4-digit code.

Non-repudiation is guaranteed by requiring the issuer to sign with its private key. He alone can do and all recipients can verify with his public key.

This system is very simple in principle, is complicated quickly.

  • How to deal with multiple recipients? In fact, for this reason and for reasons of performance, is encoded with the public key and private key simpler (40 or 56 bits) used to encode the message and is used only once.
  • How can I be sure that the public key was not changed by an intermediary? Just ask the CA whose public key is known to sign with its private key. Everyone will then verify the integrity of the key.
  • What happens if there are several certification authorities?
  • If a card is stolen or lost, how to revoke the public key?
  • How to limit the lifespan of certification for security reasons?

To respond adequately to all these questions, we must establish an organization to manage security which naturally raises new security problems. It is especially important that the devices are proportionate to the issues to avoid the temptation to hire only very safe, whose door is always open.

This brief overview of issues related to computer network security shows that technology now allow known and controlled to ensure secure transmission of information on public or private infrastructures. But to succeed, we must also win the confidence of users. Internet as in the city, rumors spread relayed by unsuspecting users or ignorant. The example of false “virus alerts” is well known. The use of these devices introduces security constraints. These will only be accepted if they are understood and proportionate to the issues while remaining simple to use.

Wi-Fi Is It Dangerous to The Health of Children?

This topic is not directly subject to the site. However, I am asked more often the question: Wi-Fi or mobile phone are dangerous to health especially children?

So I decided to address this issue by providing the scientific facts that will help you form an opinion. It is impossible to prove that a particular product is not dangerous. However, it is possible to measure the effects and to deduce levels of risk.

The common feature of Wi-Fi or mobile phone is to receive and emit radio waves. This is not new since radio, television and most telecommunications systems use these waves for a hundred years. What is new is the proliferation of these devices that are installed by tens of millions of users nearby. To assess the level of dangerousness, we must understand the nature of radio waves or radio frequency (RF) and their action on the human body.

Small breviary radio waves or radio frequency (RF)

Radio waves or radio frequency (RF) are created by the movement of electrical charges in antennas. These waves consist of an electric field and magnetic fields that radiate into space from the antenna. Their propagation speed is the speed of light. What differentiates the waves is their frequency-the number of cycles per second wave-which we can deduce the wavelength of the light-speed divided by frequency, which is the distance traveled by a wave. Frequency expressed in Hz (hertz), kHz, MHz (1 million) or GHz (one billion). To give current values, the frequencies of FM radio stations are between 88 and 108 MHz, television between 300 and 600 MHz, the mobile phone 900 or 1800 MHz and 2400 MHz Wi-Fi (2.4GHz).

What are the biological effects of radio waves?

Do not confuse the effects of radio waves with those of ionizing electromagnetic radiation such as ultraviolet, X-rays or gamma rays. Ionizing radiation is produced by photons of high energies, about millions or billions of times more than those of radio waves. Such radiation can extract electrons from atoms or molecules and cause permanent damage to biological tissues such as DNA which can cause cancers.

In contrast, the photon energy of radio waves is not sufficient to ionize the atoms or molecules of biological tissues. Other types of non-ionizing radiation is the infrared (heat) and visible light (fortunately). The only effect of these radio waves is a warm body on the cross. It’s that heat that is used in microwave ovens for cooking. To date, the only health effect of RF fields established in scientific studies has been an increase in body temperature (> 1 ° C) when exposed to fields of high intensity that can only be found in industry, as with high frequency heating systems for example.

Levels of RF exposure from mobile stations of wireless networks are so low that the temperature increase is insignificant and has no effect on human health. You have to give some figures. The power of a base station Wi-Fi is limited to 0.1 Watt and that of a mobile phone at 2 Watts. A tiny fraction of this power is absorbed by the body. In comparison, microwave ovens operating in the same frequency band as Wi-Fi have powers from 500 to 1000 Watts or 5000 to 10 000 times more than Wi-Fi transmitter While radio waves Ovens Microwaves are theoretically confined but after a few years, there must be lots of leaks.

In fact, at levels similar RF exposure, the body absorbs five times more signals from FM radio and television stations as telephone or wireless is because the radio frequencies FM (around 100 MHz) and TV (around 400 MHz) are lower than those of mobile phones (900 MHz and 1800 MHz) and because the size of the human being is an efficient antenna reception at these frequencies. In addition, the stations broadcast radio and television work for at least 50 years of power much greater (from 10 kW to 2000 kW for the issuer to allocate France Inter in Big Waves) without its we have found adverse effects on the health of nearby populations.

Basically, except for an increase unmeasurable tissue temperature, there are no other known effects. Proximity to a laptop that gives off heat to cool the microprocessor is much more noticeable.

What should we think of all the alarmist news circulating on the subject?

As always we must ask the question where do the information. The political supporters of the precautionary principle misunderstood he must be afraid of any of his shadow-react more to please a customer than on scientific studies. However, we often see studies that find that in a particular subset of the population, the rate of a given disease is above average. This is normal and it means that another subset rate is below average. Compared to an average, regardless of the subset, we will always find a gap. The real questions begin:

  • Does this difference is significant or is it a coincidence? It’s a bit more complicated to calculate a simple count.
  • Y there a cause and effect? A correlation does not imply a causal relationship.

Intranet: For What Services?

The introduction of the Intranet within the company allows both to install new applications quickly and increase the capabilities of existing applications by making them communicate. The new possibilities offered by the intranet within the company are many. Improving communication, the sharing of geographically dispersed resources to accomplish a task, the possibility of combining both a local presence by taking advantage of access to global expertise of the company, the creation of virtual teams without increasing overheads, the ability to provide service 24 hours a day 24 a new beginning each time in the world.

The first services to implement an Intranet are naturally those who have made the success of the public Internet and the first email. A recent survey by Gartner Group survey of 500 companies provided the top 5 applications Intranet:

  1. Email
  2. Access to public Internet
  3. Access to corporate data
  4. The distribution and publication of information
  5. Records management.

The installation of an e-mail or connecting the local mail with the rest of the world via the Internet is the operation priority. The savings are immediate. An electronic message is from three to ten times cheaper than a fax in the distance. Its asynchronous nature, email adapts to jetlag. Attachments of all types reduce photocopying and allow modification and reuse of materials. One constraint: it must be used personally.

The establishment of an intranet with email is inseparable from the constitution and the provision of all a business directory that maintains information about employees, services or applications available and the controls of access. Such directory services are available on the network. Users will find information such as phone numbers and email addresses. Administrators manage access to services, applications also have direct access to this information. These directories, when they existed, were closed and proprietary. A recent standard (LDAP) directory will allow them to communicate and to exchange electronic business cards.

Access to the public Internet is the second feature that attracts businesses, either to disseminate information, exchange with customers and suppliers or sell. The presence on the Internet is virtually free media. Same individuals do not hesitate to publish their “home page”. The PC that is on my desk contains a small web server available worldwide. Internet therefore provides all businesses, regardless of their size, the same visibility in the global market of millions of Internet users. The fierce competition between the dwarf and giant Netscape Microsoft for dominance of “Browsers” Internet would not have been possible without the existence of the Internet as an information and as a distribution channel. Manage the editorial content of these servers is a difficulty not to be underestimated. I will not detail aspects of electronic commerce that are covered in another article in this issue Internet.

Access to corporate data is the third function of an intranet. For thirty years, companies have accumulated data vital to their operation. But each system and each technology has generated few blocks communicating with each other. Access to this information and any change is wired complex. Intranet technologies provide global interconnection. All users can access all applications if there are of course allowed. Technical constraints disappear. This interconnection allows the creation of virtual work groups (groupware) that evolve naturally and disappear depending on the life of the company. The data can then circulate and dynamic routing, orchestrated by workflow technologies, which adapt in real time to changes in the structure and procedures of the company.

The distribution and publication of information, records management functions are provided at low cost by the Intranet. In these areas, the savings are often difficult to quantify in front of some costs. Many companies (we belonged) had been reluctant to implement such services. With Intranet technologies, information that mostly already exist in electronic form can be made readily available to the community by the producers themselves. The distribution costs disappear. If the information is not yet in electronic format conversion operations, however, can still constitute a major obstacle.

Understanding IPv6

An IPv6 address is much longer than IPv4 address. This is one reason to use the new protocol. The number of addresses is virtually infinite. Each machine (node ​​in IPv6 terminology) connected to the network can use a global IPv6 address or addresses. No more complications NAT and port forwarding. Again all the machines can communicate directly.

An IPv6 address is represented by 128 bits (32 in IPv4) that is written in 8 suites with 4 hexadecimal characters (0-9, af) separated by colons:

2a01: 05d8: 52eb: be1d: F053: 2abf: ef7d: 6c89

The notation of IPv6 addresses

The notation has 39 characters. It can be simplified by removing the leading zeros and replacing a sequence of zero. The following addresses are all equivalent.

2001:0 db8: ab 0000:0000:0000:0000:1428:57
2001:0 db8: 0000:0000:0000:: 1428:57 ab
2001:0 db8: ab 0:0:0:0:1428:57
2001:0 db8: 0:0:: 1428:57 ab
2001:0 db8:: 1428:57 ab
2001: db8:: 1428:57 ab

Addresses 2001: db8:: / 32 as above are used for examples and are not routed.
URL notation

IPv6 addresses in URLs are written in [] that adds a port number if necessary.

http:// [2a01: 5d8: 52eb: be1d: F053: 2abf: ef7d: 6c89]: 81 /

Scoring Network

This is the CIDR format that is used in IPv6. It shows the number of bits that are identical in all places of the network. Example
2a01: 5d8: 52eb:: / 48 represents the network address range from which
2a01: 5d8: 52eb: 0:0:0:0:0 to
2a01: 5d8: 52eb: ffff: ffff: ffff: ffff: ffff

This is different from the concept of class used in IPv4. The goal is to simplify the routing tables.

Address Types

There are 3 types of addresses that are identified by their bits

Multicast
ff00:: / 8 This prefix denotes a set of addresses within the network and the packets are sent to every address in this network
Anycast
The hotel is designed for routers, is not unique and the packet is sent to the interface in principle earlier. Nothing distinguishes them from unicast addresses
Unicast: packets are sent to the designated address is that of a network interface. Unicast address types are distributed as follows
link-local addresses [link local]
:: 1 / 128 is the local loopback address [localhost] equivalent to 127.0.0.1 in IPv4
fe80:: / 10 prefix is ​​the local network. These addresses enable communication between nodes on the LAN. The mask IPv4 is useless.
Global Address
The Internet addresses are identified by IPv6 2000:: / 3. They begin every 2 or 3. For simplicity, the address is split into 2 parts: 64 bits for the address on the local link and 64-bit address whose first 48 are assigned to the ISP and the next 16 to address subnets.

The routing is simple since the IPv6 address contains the routing address.
The same physical network interface may receive multiple IPv6 addresses. To eliminate ambiguity, iface% is added at the end of the IPv6 address. Windows is a number iface%% 1,% 2 … Linux is often a name like eth0%.
Autoconfiguration of IPv6 addresses

The mechanism of IPv6 stateless auto-configuration external site [stateless autoconfiguration] addresses is a considerable simplification compared to IPv4. Each node builds its or its IPv6 addresses without prior configuration, without additional server (DHCP over!) And virtually no configuration of routers.
Each node for each network interface built an IPv6 address by combining locally available information (64-bit below) and the global network address provided by the router (64-bit high). If there is no router, the machine built only a link local address.

It is the IEEE EUI-64 is usually used to build the 64-bit down from a 48-bit MAC address. Is interposed between the 24 bits (vendor identification) and 24 bits (the serial number of equipment) the 16 bits FFFE.
For example, a network interface with MAC address 00-50-56-C0-00-08 automatically assign itself a link-local address fe80:: 250:56 ff: fec0: 8
IPv6 network tools

Windows or Ubuntu, use ping6 instead of ping and tracert tracert6 instead of the traceroute.

To install IPv6 in Windows XP, type in a command window
ipv6 install
then
ipv6 if
to see the list of interfaces
DNS [Domain Name System]

It is simply an extension of IPv4 DNS. DNS must provide IPv4 and IPv6, it is interrogated in IPv4 or IPv6.
IPv6 addresses are listed in records of type AAAA (type A for IPv4).

A special domain name IP6. ARPA is used to find the name of a field from the IPv6 address. It’s the equivalent of field-ADDR.ARPA for IPv4 addresses used.
For example recording the address 2a01: 05d8: 52eb: be1d: F053: 2abf: ef7d: 6c89 becomes
9.8.c.6.d.7.fefba2.3.5.0.fd1.ebbe2.5.8.d.5.0.1.0.a.2.IP6.ARPA.

The transition to IPv6

IPv4 and IPv6 systems are not compatible. They must be able to coexist for a long period. Several mechanisms are used

Double Stack [dual stack]
It’s like the gradual transition from COM1 and LPT1 to USB ports on PCs. The chosen solution is the coexistence. Each network interface supports IPv4 and IPv6.
6to4
This method of transmitting IPv6 packets using IPv4 networks.
We start by assigning IPv6 addresses to every IPv4 global address using the prefix 2002:: / 16 and by concatenating the 32 bit IPv4 address.
The network prefix is ​​the 194.2.94.9 address 2002: C202: 5e09: / 48
It is then possible to send 280 knots behind each IPv4 address. Then IPv6 packets are encapsulated in IPv4 packets and then transmitted to routers that interface between IPv6 and IPv4 networks.

Benefits of IPv6

An almost infinite number of global IP addresses: the main advantage, which led him to migrate. This is necessary for new applications such as mobility. The complexity of systems like NAT will disappear.

The stateless autoconfiguration of IPv6 addresses: configuration issues that complicate the deployment of IPv4 networks disappear. Each machine computes its local link address of the router and gets the parameters of the global network layer.

The fixed addresses on the local network: interfaces IPv6 link-local addresses have fixed that never change and more global addresses used by applications. This simplifies the design of protocols and routing configuration.

Multicast: Multicast is integrated as standard in the base protocol.

Jumbograms: IPv4 packets are limited to 64 K. This limit is 4 GB in IPv6 when link quality permits.

Simplification of routing: routing tables small and no error checking at the headers of packets should reduce the transit time of packets in routers.

Security at the Network Layer: IPsec layer security (authentication and encryption) between routers is included in the basic protocol.

 

Should We Move to IPv6 Now?

A short guide to understanding IPv6

Since January 2008 Free has deployed IPv6 in its offer public. It is the culmination of a long walk. The project IPv6 [Internet Protocol version 6] was launched in 1990 and adopted as standard by the IETF to replace IPv4 in 1998.

Today the Internet works primarily with the IPv4 protocol, which has more than twenty years of age. IPv4 has the fantastic growth of the Internet with a few modifications like NAT. In 2008, the 4 billion of public IPv4 addresses are nearly all attributed as the number of devices connected to the Internet in particular mobile phones is growing strongly. The transition to IPv6 that provides virtually unlimited address space (1038) is inevitable. IPv6 also brings benefits such as improved routing performance and simplifying the auto network configuration. However, IPv6 is not compatible with IPv4. He has to manage a transition, which is never easy. The aim of this paper is to serve as a practical guide to become familiar with IPv6 at home, not to replace the reference document or external website to thousands of articles that detail the characteristics of this protocol.

How to switch to IPv6 at home

You need a Free unbundled access. In the management interface of the Freebox, check IPv6 Support and restart the Freebox.

If you have an Ubuntu Linux machine, there is nothing to do. IPv6 is enabled by default.  Windows XP SP2, you must first install protocol “Microsoft TCP / IP version 6″ over the “Internet Protocol (TCP / IP) that supports IPv4 (type ipv6 install in a command window).
Windows Vista, IPv6 is enabled by default.

IPv6 addresses are assigned automatically. In fact, you keep your IPv4 addresses that coexist side by side, with IPv6 addresses.

IP Telephony, How Does It Work?

First a brief return to traditional telephony. The positions of traditional phones are connected directly to the public for private branch exchanges or PBXs through in business. It provides for the exchange line during the unit’s power. The transmitted signal is an analog signal.

The public switches are interconnected by specialized networks for voice transmission. The telephone number corresponds physically to a telephone line on the switch designated. To make a call, it is necessary to establish a connection, a circuit between the calling line and the line drawn through these exchanges. Fifty years ago, these switches were made with extraordinarily large complex electromechanical systems. It had huge rooms to install them. In the early 1970s, these systems have gradually been replaced by computers. The size and price of the systems decreased significantly, but the telecoms engineers have questioned the system architecture which has remained the same. Most technical advances have been made between the PBX, the interface of the subscriber line remained the same.

IP telephony is a set of telephone functions using the IP to transmit voice and manage phone functions. voice, digitized and compressed, is transmitted as packets routed in the same manner as data packets. So there is more switching circuits is the standard feature of Internet routing is used.

Netmeeting was one of the first applications to transmit voice over IP. He had a PC connected to the Internet to digitize voice and send it. The result was not famous. The sound settings were delicate and the latency (time forwarding packets) added to the time compression of voice, did not allow a natural conversation. With the advent of ADSL and computers 20 times faster, the situation has changed. Skype, released in September 2003, was the first VoIP software to make usable. The system is owned and unfortunately his phone features are limited. It does so between 2 PCs equipped with Skype. In early 2004, Skype has introduced the function and conference since July 2004, Skype offers a paid service to call or be called by landlines.

To aspire to replace fixed telephony, it takes a whole lot more advanced features. NetMeeting uses the H.323 standard developed by ITU-T, who copied the principles of traditional telephony.
A new protocol, much better suited to the Internet was developed by the IETF SIP. It is this protocol that will enable the development of telephony features. It also helps develop “SIP phones” that allow you to connect directly to the Internet by way of PC.

 

Leave a Reply

Your email address will not be published. Required fields are marked *