Lecture 21: Internet Security Intro to IT

COSC1078 Introduction to Information Technology

Lecture 21

Internet SecurityJames Harland

james.harland@rmit.edu.au

Lecture 21: Internet Security Intro to IT

Introduction to IT

1-4 Introduction, Images, Audio, Video

5-6 Computer Fundamentals Assignment 1, WebLearn Test 1

7 Review

8 Operating Systems WebLearn Test 2

9 Operating Systems Assignment 2

10 Internet

11 Internet & Security   WebLearn Test 3

12 Future of IT Assignment 3, Peer and Self Assessment

Lecture 21: Internet Security Intro to IT

Intro to IT Schedule

Week Lecture 1 Lecture 2

11 Internet Protocols Internet Security

12 Future of IT Review by request or more Future of IT

13 Mock Exam Wednesday 2nd June

Lecture 21: Internet Security Intro to IT

Overview

Questions?

Mock Exam

Assignment 3

Internet Security

Questions?

Lecture 21: Internet Security Intro to IT

Mock Exam

10.00-12.30 (TBC) on Wednesday 2rd June in 10.13.03 Bring your own paper, pens, etc. No calculators allowed Answers will be available from me when you leave

Schedule (times to be confirmed):

10.00 Access to room 10.15 Reading time commences 10.30 Writing time commences 12.30 Exam concludes

Lecture 21: Internet Security Intro to IT

Assignment 3

Review

(re-) answer What is IT? questions from Tutorial 1

Identify difficult parts of the course

Suggest new questions

Include favourites from Assignments 1 and 2

Reflect

Answer reflection questions from tutorials

Research

Write about a particular IT topic of your choice

(5-6 paragraphs)

Lecture 19: Internet: Images Intro to IT

InternetLisa?Hi Dad!

Listen!Lisa?Hi Dad! Listen!

Lecture 21: Internet Security Intro to IT

Internet Structure

Application Application

Transport Transport

Network

Link

Network

Link

Mordor sucks!

2 dor1 Mor3 suc 4 ks!

1 2 3 49 5 6 2

14

3

22

1

3

4

2 3 1 49 5 6 2

2 dor1 Mor3 suc 4 ks!

Mordor sucks!

Lecture 21: Internet Security Intro to IT

Internet Structure

1 Mor

1

6

6

Lecture 21: Internet Security Intro to IT

Network Layer (Internet Protocol) Real intelligence is in the network layer

Adds next destination to packet

Not complete list of addresses

Sends to next destination

Retrieves final destination packets for this node

Passes them to the transport layer

Routing tables can be updated when disconnections occur

Hop counts used to stop endless looping

Lecture 21: Internet Security Intro to IT

Transport layer

Transmission Control Protocol (TCP) often used

User Datagram Protocol (UDP) becoming more common

TCP

Establishes connection first

Send and wait for acknowledgement

Reliable

Can adjust flow control to avoid congestion

Often best for email (which is not real-time)

Older

Lecture 21: Internet Security Intro to IT

Transport layer

UDP

Doesn’t establish connection

Just sends and forget

Efficient

No congestion adjustment

Works well for DNS lookup

Often used for Voice over Internet Protocol (VoIP) applications such as Skype

Lecture 21: Internet Security Intro to IT

Internet addresses

Unique 32-bit identifier (up to 4,294,967,296)

Soon to become 128-bit identifier

Managed by Internet Corporation for Assigned Names and Numbers (ICANN)

ISPs get “blocks” of addresses

32-bit string represented as N1.N2.N3.N4 where Ni

is in the range 0..255

17.12.25.0 means

00010001 00001100 00011001 00000000

Lecture 21: Internet Security Intro to IT

Internet addresses

Dotted decimal notation is still not very kind to humans …

www.sludgefacethemovie.com -> ??.??.??.??

Translation done by name servers which look up the Domain Name System (DNS)

Domains such as rmit.edu.au can be structured by the domain owner (eg goanna.cs.rmit.edu.au)

Lecture 21: Internet Security Intro to IT

Internet Security

pass wordpatch spa

mfire wall

virus war drivingkey logge

r

proxy worm

phishing

Trojan horse

Security vs access

It is always a trade-off (a balance between two competing forces)

More security means less access

More access means less security

Redundancy can be either fatal or vital

Nothing is perfect!

Freedom vs security `Everything which is not forbidden is allowed’

-- Principle of English Law `Everything which is not allowed is forbidden’

-- Common security principle

`Anything not mandatory is forbidden’

-- “military policy” `Anything not forbidden is compulsory’ (??)

— T.H. White (The Once and Future King)

Lecture 21: Internet Security Intro to IT

Conclusion

Work on Assignment 3

Check whether your security defenses are up to date