computer networking part 2 and internet safe suring cs 1 rick graziani cabrillo college spring 2006

Computer Networking Part 2and

Internet Safe Suring

CS 1

Rick Graziani

Cabrillo College

Spring 2006

Rick Graziani [email protected] 2

Review

• Network

• LANs

• IP Configuration

• Internet

• TCP/IP

• DSL/Cable Modem with a Router


What is a network?

• A computer network is a series of computers and other devices interconnected by communication paths.

• Computer networks include: LANs and WANshttp://www.albany.edu


LAN – Local Area Network

• A LAN:– Operates within a limited geographical area– Controlled by local administration– Allows local users to:

• Share printers• Access local file servers with software and data• Access the Internet


Creating an Ethernet Network

• To start, your computer must have an Ethernet Network Interface Card (NIC).• Ethernet NICs have an RJ-45 interface or port.• Hubs and Switches are used to connect computers, printers and other devices

in the Ethernet LAN.• Ethernet cables, i.e. Cat-5 or Cat-6 cables (Category 5, Category 6) are used

to connect computers to the hubs and switches.• Cat-5 cable connects computer NIC to hub or switch.


IP Configuration

• To communicate with other computers on your network you need to properly configure:– IP Address (of your computer)– Subnet Mask (of your computer)

• To communicate with computers outside your network you need to properly configure:– Default Gateway IP Address

• To be able to use domain names, like www.cabrillo.edu, instead of IP addresses you need to properly configure:– DNS (Domain Name System)

Server IP Address


IP Configuration: Default Gateway

• Any information that needs to be sent to IP Addresses outside your network is sent to the Default Gateway or Router.

To the Internet192.168.1.10

192.168.1.1


IP Configuration: DNS

Hey, 207.62.87.54, what is the IP Address for www.yahoo.com?

It is 66.94.230.47

Yahoo Web Server

Hey, 66.94.230.47, please send me your web page.

Here, 192.168.1.10, here is my web page.


Setting the IP Configuration Information

• IP information can be configured:– Statically– Dynamically

• Using a DHCP (Dynamic Host Configuration Protocol) Server


IP Configuration: Dynamic Configuration

I’m booting up, if there is a DHCP Server out there, I need my IP Configuration Information!

DHCP Server

Here is your IP Address, Subnet Mask, IP Address for the Default Gateway (router), and IP Address for the DNS Server!


What is the Internet?

• The Internet was originally designed by DARPA (Defense Advanced Research Projects Agency) in response to the U.S.S.R. launching Sputnik, the first satellite.

• Out of this came the Internet, a way for computers to communicate from different parts of the world.

• These computers can be any type of computer using any type of operating system, as long as they are using the protocol TCP/IP.


What is TCP/IP? What is a protocol?

• A protocol is nothing more than an agreement or rules to govern a way of communicating.

• The sender and receiver, and everyone in between, must agree on the rules, the protocol.

The actual letter (data) is inside (encapsulated) the envelope.


What is TCP/IP? What is a protocol?

• Protocol: An agreed form of communications.


Yahoo Web Server

Source IP Address: 192.168.1.10

Destination IP Address: 66.94.230.47

Destination IP Address: 192.168.1.10

Source IP Address: 66.94.230.47

192.168.1.1066.94.230.47

Inside envelope: Request for web page

Inside envelope: Web page


DSL or Cable Modem: No Router

204.180.205.1 Public Address

Hacker can only get to public address and not private address

DSL or Cable Modem

• Routers can help protect your DSL or Cable Modem Network.


When using NAT (Network Address Translation, the Router helps hide your network from attackers.

204.180.205.1 Public Address

192.168.1.10 Private Address

Hackers can only get to public addresses and not private addresses

DSL or Cable Modem: With a Router

Internet


Bandwidth

• Bandwidth - The amount of information that can flow through a network connection in a given period of time.

• Usually measured in bits per second (bps)– bps: bits per second– Kbps: thousands of bits per second– Mbps: millions of bits per second


Networking – Part 2

• Circuit Switching versus Packet Switching

• Wireless

• Careers in Information Technology


WAN Link Options


Circuit Switched

• Circuit Switching: A form of data communication which establishes a single connection or circuit between source and destination to carry the data stream.

• Like a conventional telephone system. • When a subscriber makes a telephone call the dialed number is used

to set switches in the exchanges along the route of the call so that there is a continuous circuit from the originating caller to that of the called party.


Packet Switching

Frame Relay, X.25, ATM

• Packet Switching: A form of data communications which breaks a data stream into small sections, sends them separately by the best available channels and reassembles the original data stream at its destination.

• An alternative is to allocate the capacity to the traffic only when it is needed, and share the available capacity between many users.


Wireless Access Point

• A wireless access point is a device that connects wireless devices (laptops, etc.) to a wired network, usually an Ethernet LAN.


Wireless Access Point

• In our example the wireless access point (AP) will include a Router.


Putting it together

• Exactly the same as connecting a router without an AP.


Configuring the AP and Router

Wireless Settings:

• SSID (Service Set Identifier) – Name of your network

• Security: WPA, WEP, or none

Router settings include: IP Address, Subnet Mask, Default Gateway, and DNS Server information


SSID

• The SSID is what will be displayed when people with wireless computers are looking for a wireless LAN.


Linksys WRT54G

Router Information • IP Address from ISP• Connects to your DSL/Cable Modem• NAT (Network Address Translation)

Local Network• Switch or Hub• Connect “wired” computers• DHCP Server (optional)

Wireless• SSID: MyHomeNetwork • DHCP Server: (optional)• Channel: 11

• Encryption Function: WPA

MAC address for AP’s IP address


You choose…

• There are many resources to discuss the possible health risks or wireless LANs.

• As a networking and WLAN user and instructor I have my own thoughts which I will share.

• If you are concerned, then research the information and come to your own conclusions.

• The following information is from my own research and experience.


Wireless Frequency

• Wireless APs operate at:– 2.4 GHz– 5 GHz

• 2 GHZ! That’s the same as my microwave oven, isn’t that dangerous?

• Answer: No.– Electromagnetic waves happen naturally.

• Light is an electromagnetic wave– It is not the frequency, but the wattage, the power.

• Any electromagnetic wave can be dangerous with too much power.

• A 25 watt light bulb is safe, but it wouldn’t be safe at 250,000 watts

– Wireless access points generate signals at 1/10th of a watt.• Like all electromagnetic waves, the signal does not fade in a

linear manner, but inversely as the square of the distance.

Rick Graziani [email protected] 30www.britishlibrary.net


Inverse square law

• Double the distance of the wireless link, we receive only ¼ of the original power.

• Triple the distance of the wireless link, we receive only 1/9 the original power.

• Move 5 times the distance, signal decreases by 1/25.

Point A

2 times the distance ¼ the power of Point A

10 20 30 40 50 100

3 times the distance 1/9 the power of Point A

5 times the distance 1/25 the power of Point A

10 times the distance 1/100 the power of A


Putting it in some perspective

• Measurements from an antenna transmitting 100mW at 1 inch• Remember a milliwatt is 1/1,000th of a Watt• Microwave oven typically operates at 1,000 watts in a confined space.

1” 100 mW 1/10th watt2” 25 mW 1/40th watt4” 6.25 mW 1/166th watt8” 1.56 mW 1/1000th watt16” 0.39 mW 4/10,000th watt32” 0.097 mW 1/10,000th watt64” (5.3 ft) 0.024 mW 2/100,000th watt 128” (10.6 ft) 0.006 mW 6/1,000,000th watt256” (21.3 ft) 0.0015 mW 15/10,000,000th watt

• Light bulbs would also be dangerous the were 10,000 to 1,000,000,000,000 stronger.

• A 250,000 watt up to a 250,000,000,000,000 watt light bulb would also be dangerous.


Wireless Security – Everyone can hear

• Others can “hear” or capture your information.• Wireless signals are propagated, sent, similar to our voice

sound waves.


Wireless Security – Everyone can hear

• If we don’t want them to understand what they hear, we can encrypt or code the information.

• As long a our wireless computer and access point are using the same encryption algorithm, such as WEP or WPA.


Wireless Security - WPA

• WPA (WiFi Protected Access) is currently the best option.

• The password is configured on both the wireless access point and the computer.


Wireless Security

• Without any security, anyone can:– Use your wireless access point to access your network

and the Internet.– Capture your information from your wireless computer.


Wireless Security

DriftNetCommView


Wireless Security

• Your web browsing or email access should already be secured.

• Look for the lock


Careers in Information Technology


Computer Support Specialist

• Installing computer hardware and software.

• Troubleshooting

• Maintenance and upgrades


Networking: System Administrator

• Installing, configuring, and maintaining network servers

• UNIX, LINUX, Microsoft

• Web, DNS, DHCP, Mail Servers

• Backup and recovery, user administration

• Security


Networking: Network Technician/Analyst

• Install, manage, troubleshoot network infrastructure:– Routers, Switches, Cables, Wireless Access Points

• Issues: Security, Quality of Service, Video On Demand, Voice over IP


Keeping up on technology

• Wireless• Security

Internet: Safe Surfing


Safe Surfing

• Adware– Pop-ups– Spyware– Blocking Pop-ups

• Java Traps or Pop-Up Hell

• Spyware– Blocking Spyware

• Cookies

• Virus Protection

• Spam– Blocking Spam


Adware

• Adware or advertising-supported software is any software application in which advertisements are displayed while the program is running.

• Displays the ads in pop-up windows or through a bar that appears on a computer screen.

• Adware helps recover programming development costs, and helps to hold down the price of the application for the user (even making it free of charge)—and, of course, it can give programmers a profit, which helps to motivate them to write, maintain, and upgrade valuable software.


What are Pop-ups? (Wikipedia.org)

• Pop-up ads are a form of online advertising on the Web where certain websites open a new web browser window to display advertisements.

• Usually generated by JavaScript• A less intrusive variation on the pop-up window is the pop-under

advertisement. – This opens a new browser window, but in the background, so as

not to interrupt the user's page-view.


From Gain Publishing: www.gainpublishing.com/ about/

http://www.gainpublishing.com/about/

http://www.gainpublishing.com/about/



• For early advertising-supported websites, banner ads were sufficient revenue generators.

• But in the wake of the dot com crash, prices paid for banner advertising clickthroughs decreased and many vendors began to investigate more effective advertising methods.

• Pop-up ads by their nature are difficult to ignore or overlook, and are claimed to be more effective than static banner ads.

• Pop-ups have a much higher click rate than web banner ads do.



• Most users regard pop-ups as a nuisance. • In the early 2000s, all major web browsers except Internet Explorer

allowed the user to block pop-ups almost completely. • In 2004, Microsoft released Windows XP SP2, which added pop-up

blocking to Internet Explorer. • Some users install non-Microsoft ad-blocking software instead. • Advertisers continually seek ways to circumvent such restrictions. • Many of the latest pop-ups are created using Flash and have extensive

animation and trickery.

Ultimate irony!


From Microsoft

• With Windows XP Service Pack 2 (SP2) Internet Explorer allows you to prevent most pop-up windows from appearing over pages you want to view while you're using the Internet.

• When you install SP2, Pop-up Blocker is turned on in Internet Explorer and set to the medium setting, which means it will block most automatic pop-ups.


Block Pop-up Windows with Internet Explorer

http://www.microsoft.com/windowsxp/using/web/sp2_popupblocker.mspx


C/NET – Pop-ups mean more $$$

• Publishers willingly allow pop-ups or pop-unders because they command higher prices, and they're in high demand by advertisers.

• Ad executives say they can cost advertisers about $10 per thousand sent for top-rated sites.

• That compares with between $2 and $3 per thousand for a static banner ad that appears on the same popular site.

• The Web sites that sold or disseminated the most pop-up ads in the month of April 2005 include CNN.com, ESPN.com, Excite.com, Weather.com, and The New York Times.


“Java Trap” or “Pop-up Hell”

• Pornographic websites are among the most common users of pop-up ads.

• Some particularly vicious types of pop-up ads have been specifically designed to "hijack" a user's Internet session.

• As each window is closed by the user it activates another window -- sometimes indefinitely.

• Usually the only way to stop this is to close the browser. • Mouse Trapping: Another variation of pop-up fills an entire screen

with an ad or Web page, removing any menu bars or other on-screen icons by which the user can close the window.



• Pop-up ads can also be spawned as a separate process (that is to say, apart from the browser) on the user's local computer.

• This is typically because of a spyware infestation, or because the user has voluntarily (or involuntarily) installed adware.


Spyware (Wikipedia.org)

• Spyware is computer software that gathers and reports information about a computer user without the user's knowledge or consent.

• May perform many different functions, including:– the delivery of unrequested advertising (pop-up ads in particular),– harvesting private information– re-routing page requests to illegally claim commercial site referal fees

• Spyware as a category overlaps with adware

• Spyware or Malware in a broader sense can include: adware, remote access trojans (RATs), keystroke loggers, denial-of-service (DoS) attack agents, probe tools, and other backdoor network threats (including most popular remote access tools).


Fighting Spyware

• Spybot (www.safer-networking.org)

• PestPatrol (www.pestpatrol.com)


Cookies

• A cookie is information sent by a server to a browser and then sent back to the server each time it accesses that server.

• They were invented by Lou Montulli, a former employee of Netscape Communications.

• Amongst other uses, cookies enable websites to be customized for individual users once browsing patterns have been established.

• Cookies can however cause potential security problems as information such as credit card details might be collected via a cookie.

• Cookies can however, only store information that you provide.


Cookies - Purpose

• Typically this is used to authenticate or identify a registered user of a web site as part of their first login process or initial site registration without requiring them to sign in again every time they access that site.

• Other uses are maintaining a "shopping basket" of goods selected for purchase during a session at a site, site personalization (presenting different pages to different users), and tracking a particular user's access to a site.


Cookies - Permissions

• A browser may or may not allow the use of cookies. • The user can usually choose a setting.• Microsoft Internet Explorer

– Tools > Internet Options > Privacy Tab– Use slider to set options, or use advanced options


Virus Protection

• In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents


Spam (Wikipedia)

• Spamming is the act of sending unsolicited electronic messages in bulk.

• The most common form of spam is that delivered in e-mail as a form of commercial advertising.

• Spamming has been considered by various commercial, government, and independent entities to be one of the foremost social problems facing electronic media today.

• Many attempts have been made to curb this problem including e-mail filtering, contractual measures such as Internet Service Providers' acceptable-use policies, laws such as the Can Spam Act of 2003 and market pressures such as boycotts of those who use or support spam.


CAN-SPAM Act of 2003 (Wikipedia)

• The CAN-SPAM Act of 2003, signed into law by President Bush on December 16, 2003, establishes the first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions.

• The bill's full name is an acronym: Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003.

• It also requires the FTC to promulgate rules to shield consumers from unwanted mobile service commercial messages.

• The bill permits e-mail marketers to send unsolicited commercial e-mail as long as it contains all of the following:– an opt-out mechanism; – a functioning return e-mail address; – a valid subject line indicating it is an advertisement; and – the legitimate physical address of the mailer. – The legislation also prohibits the sale or other transfer of an e-mail

address obtained through an opt-out request. It criminalizes the use of automated means to register for multiple e-mail accounts from which to send spam. It prohibits sending sexually-oriented spam without clear markings.


Anti-Spam

• Spammers obtain e-mail addresses by a number of means: – Web pages– guessing common names at known domains– "e-pending" – searching for e-mail addresses corresponding to specific persons

• Many e-mail spammers go to great lengths to conceal the origin of their messages.

• Spoofing e-mail addresses - spammer modifies the e-mail message so it looks like it is coming from another e-mail address.

• Among the tricks used by spammers to try to circumvent the filters is to intentionally misspell common spam filter trigger words, ie. "viagra" might become "vaigra", or by inserting other symbols within the word, i.e. "v/i/a/g./r/a".

http://www.giantcompany.com/?PID=A22227


Spam


Phishing

• From Wikipedia, the free encyclopedia

• This phishing attempt, disguised as an official email from a (fictional) bank, attempts to trick the bank's members into giving away their account information by "confirming" it at the phisher's linked website.

• In computing, phishing is a criminal activity using social engineering techniques.

• Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication.

• Phishing is typically carried out using email or an instant message, although phone contact has been used as well.

• Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.

http://en.wikipedia.org/wiki/Image:Yahoo_phishing.jpg


PayPal Scam


From: [email protected]: Thursday, February 09, 2006 9:52 PMTo: [email protected]: {spam?} Account Security Measures.

Dear PayPal valued member,

In our terms and conditions you have agreed to state that your account must always be under your control or those you designate at all times.

We have noticed some activity related to your account that indicates that other parties may have tried gaining access or control of your information in your account.

In order to secure your account we may require some specific information from you. We encourage you to follow the link below and complete the requested form as soon as possible.

Please follow the link below and renew your account information: [ "http://www.paypai.com.profile-6433.com"onMouseOver ]https://www.paypal.com/cgi-bin/webscr?cmd=login-run

Failure to update your records will result in further account limitations.This notification expires on February 12, 2006.

*Please be aware that we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account.

We are very sorry for the inconvenience this might cause but please understand that this is a security measure meant to help protect you and your account.

Sincerely,C. DouglasPayPal Account Review [email protected]=========================================Please do not delete this section.(Your case ID is PP-079-070-365.)=========================================PayPal, an eBay companyCopyright © 1999-2006 PayPal. All rights reserved.

www.paypai.com

Another PayPal Scam


Third Bank Scam

Dear Customer,

Fifth Third Bank, is committed to maintaining a safe for ourcustomers. To protect the security of your account, Fifth Third Bank, employssome of the most advanced security systems in the world and our anti-fraudteams regularly screen the Fifth Third system for unusual activity.

We are contacting you to remind that on November 5, 2006 our Account ReviewTeam identified some unusual activity in your account. In accordance with FifthThird Bank's User Agreement and to ensure that your account has not beencompromised, access to your account was limited. Your account access willremain limited until this issue has been resolved. We encourage you to log in andperform the steps necessary to restore your account access as soon as possible.Allowing your account access to remain limited for an extended period of timemay result in further limitations on the use of your account and possible accountclosure. Visit now Online Banking page and perform verification process.

Login to online banking account

Thank you for your prompt attention to this matter. Please understand that this isa security meant to help protect you and your account. We apologize forany inconvenience.

Sincerely,Fifth Third Bank, Account Review Department


Third Bank Scam


WalMart and other Retails (Fake)

Dear Customer,

Thank you for ordering from our internet shop. If you paid with a credit card, the charge on your statement will be from name of our shop.

This email is to confirm the receipt of your order. Please do not reply as this email was sent from our automated confirmation system.

Date : 08 Oct 2006 - 12:40Order ID : 37679041Payment by Credit cardProduct : Quantity : PriceWJM-PSP - Sony VAIO SZ370 C2D T7200 : 1 : 2,449.99Subtotal : 2,449.99Shipping : 32.88TOTAL : 2,482.87

Your Order Summary located in the attachment file ( self-extracting archive with "37679041.pdf" file ).PDF (Portable Document Format) files are created by Adobe Acrobat software and can be viewed with

Adobe Acrobat Reader.

If you do not already have this viewer configured on a local drive, you may download it for free from Adobe's Web site.

We will ship your order from the warehouse nearest to you that has your items in stock (NY, TN, UT & CA). We strive to ship all orders the same day, but please allow 24hrs for processing.

You will receive another email with tracking information soon.We hope you enjoy your order! Thank you for shopping with us!


Fake Wells Fargo Page


Real Wells Fargo Page


Difficult to tell the difference


Useful sites

• http://hoaxbusters.ciac.org/


Useful sites

• http://www.snopes.com/


Useful sites

• http://www.symantec.com/enterprise/security_response/threatexplorer/risks/hoaxes.jsp

Internet: Safe Surfing

CS 1

Rick Graziani

Spring 2006

computer networking part 2 and internet safe suring cs 1 rick graziani cabrillo college spring 2006

Documents

ip addresses

internet slide

system server ip address

default gateway ip address

router slide

type of computer

lan local area network

dns server