Editorial Reviews. Review. "Introduction to Computer Networks and Cybersecurity is much eBook features: Highlight, take notes, and search in the book; In this edition, page numbers are just like the physical edition; Use X-Ray to get the most important. Introduction to Computer Networks and Cybersecurity, edited by J. David Irwin, and Chwan-Hwa (John) Wu, CRC Press, ProQuest Ebook Central. "Draft Introduction to Computer Networking and Cybersecurity To the Student It is difficult to overstate the importance of computer networks and network security.

Introduction To Computer Networks And Cyber Security Ebook

Language:English, German, Portuguese
Published (Last):12.12.2015
ePub File Size:27.85 MB
PDF File Size:10.78 MB
Distribution:Free* [*Registration needed]
Uploaded by: WHITLEY

Mar 31, An Introduction to Computer Networks 1 An Overview of Networks. 13 textbook – in courses in computer security, network management. Introduction to Computer Networks and Cybersecurity takes an integrated approach to networking and cybersecurity, highlighting the interconnections so that. Hardback. New. If a network is not secure, how valuable is it? Introduction to Computer Networks and Cybersecurity takes an integrated approach to networking.

However, while both share some significant commonalities, they're quite different in the scope and duties required of each. If you know that information security is the industry for you but are having difficulty deciding between cybersecurity and computer forensics, read on to learn which one is right for you!

Cybersecurity vs. Computer Forensics Let's start by what cybersecurity and computer forensics have in common: both focus on the protection of digital assets and intelligence. Individuals in both fields are employed in virtually all industries and sectors, from non-profit organizations to government entities to private corporations and enterprises - as more and more businesses recognize the importance of securing their systems and technologies, both cybersecurity and computer forensics professionals are finding their skills in high demand.

However, the two professions are not synonymous. In fact, it's helpful to think of cybersecurity and computer forensics as two essential sides of the same coin - the work they do is very similar, but differs in a few key ways.

To put it simply, cybersecurity is about prevention, while computer forensics is about response. Or, in other words: the cybersecurity team works to implement and maintain a robust information security system, with the intention of defending an organization from cyber attacks; in the event that their efforts fail, and a breach is made, the computer forensics team works to identify the hack, understand the source, and recover compromised data. The two fields are highly reliant on one another to maintain ongoing network security for organizations across numerous industries and sectors.

What Does a Cybersecurity Degree Entail? As mentioned above, cybersecurity is all about prevention. As a result, a cybersecurity degree will give students hands-on experience in applying security measures to ensure confidentiality, integrity, and availability of data. Students will leave a cybersecurity degree program with the ability to evaluate a computer network and the information security needs of an organization, and to assess and implement cybersecurity risk management policies.

They'll learn how to measure the performance of, troubleshoot, maintain, and update, enterprise-level information security systems, and provide real-time security solutions through continuous network monitoring.

Communication, especially as it relates to short- and long-term organizational cybersecurity strategies and policies, is particularly emphasized. Courses will include everything from network fundamentals to an introduction to operating system to ethical hacking to web page development, ensuring graduates have a well-rounded set of technology skills. On the flip side, a computer forensics degree will give students experience in identifying and responding to cybersecurity breaches and network hacks that have already happened.

They'll learn to do this work across a variety of technologies, from computers to mobile devices. Graduates of a B. These Irwin, J. The base HTML file includes several referenced objects, such as links and images. Each object is addressable by a Uniform Resource Locator URL , and the following is a typical example of a URL in which the host name and path name are specified as shown.

As such, it controls the manner in which Web pages are transferred back and forth between the Web server and its various clients. There are two versions of HTTP. RFC [3][4]. When the client initiates a TCP connection to the server and the server accepts the connection, sockets are created at both ends and port number 80 is used.

Then, HTTP messages are exchanged between the browser, i. Since TCP is employed, the data transfer is reliable. Once the request has been answered, the TCP connection is closed. Keep in mind that HTTP is stateless, meaning that the server maintains no information about past client requests.

Protocols that maintain state are complex because the past history must be maintained in some manner. Request is sent by a client to a web server and response is sent from a web server to a client. These header lines are followed by a blank line representing the carriage return, and the line feed indicating the end of the Header lines [6].

Wireshark is a network analyzer software or network sniffer that supports every OS. It is a free download from www. Line 10 [SYN], i. Lines represent the file transfer from a HTTP server. Line 17 acknowledges that the correct file has been received by the client host.

Clearly, a format that is understood by every host will make this task easy. A generic URI syntax consists of a sequence of four main components: For example, mailto: The format and interpretation of fragment iden- tifiers are dependent on the media type of the resulting retrieval, as defined in RFC [6].

A URI can be further classified as a locator, a name, or both. For example, urn: This URL specifies where an identified resource is available and the mechanism for retrieving it. URLs are written as follows: For example, Irwin, J. In the former case, the input is uploaded in the URL field of the request line and is of the form http: The information that is sent from a form with the POST method is invisible in the header lines and there are no limits on the amount of information sent.

The GET information, i. A service is being requested and that service is a search. Note that the information specifies that the GET method is requested, the ver- sion number is given and the host identified.

The informa- tion requested is a name search, in particular the name of John Smith. However, in this case there is an entity body that contains the query.

Once again, a search is specified, and in this case the search is conducted in order to find people. The input param- eters are the first and last name, which must be given in the entity body. It is important to note that the information in the body can be encrypted to provide better security, whereas the header lines can be sniffed easily. While these two versions have some things in common, there are some distinct differences. The requested HTML file completes the response message.

As the example HTTP response message indicates, the first line specifies the status code. In the former case, at most one object is sent over a separate and distinct TCP connection. In the latter case, multiple objects are sent over the same TCP connec- tion. Tower image 2. Motorbike image 3. HTML elements are constructed with: We further assume the client browser wants to download this page. Let us first consider the non-persistent HTTP case by examining in detail the manner in which a Web page is transferred from server to client.

We assume the URL for the page is http: The process pro- ceeds as follows: Step 1: Step 2: Step 3: The TCP handshake is sent from server to client to confirm the connection is established. Step 4: The message sent indicates that the client requests a base HTML file. Step 5: This response message will be of the following form: Fri, 16 Aug Fri, 09 Aug As the figure illustrates, this process is repeated for each of the three JPEG objects.

The fact that there are several steps involved in this process leads one to question the amount of time this process will actually take. To aid us in quantifying the time involved, we define the round-trip time RTT as the time required for a small packet to travel from client to server and back again.

With reference to Figure 1. For simplic- ity, we have deliberately ignored such things as propagation delays and delays in routers and other intermediate devices. In summary, the non-persistent client-server interaction over TCP has the following charac- teristics.


One connection is established for each object, and the server closes the connection after sending an object. Two RTTs are required per object. Finally, after the base HTML file is processed by the client browser, the browser opens parallel TCP connections in order to fetch the referenced objects. In the former Irwin, J. Request connection Request connection Accept connection Accept connection Request bike image Request index.

In the latter mode, multiple active con- nections are employed at the same time. In fact, most browsers will open multiple parallel TCP connections. In order to facilitate the visualization of these two types of connections, we assume infinite bandwidth. This is clearly a process which operates in tandem and thus by its very nature is time consuming. There is however an underlying assumption in this case that the pipe has an infinite bandwidth.

For a low data rate link, there is essentially no difference between parallel and serial connections; however, a high data rate link can benefit from parallel connections. Let us next consider the persistent HTTP case. It also encounters operating system over- head for each TCP connection, and the browsers typically open parallel TCP connections in order to fetch the referenced objects.

Cybersecurity vs. Computer Forensics

Persistent HTTP connections can be in one of two forms: Without pipelining, the client issues a new request only when the previous response has been received, and only one RTT is required for each referenced object.

The client issues the three HTTP requests, one after the other, without waiting for the arrival of previously requested files as shown in Figure 1. In contrast to pipelining, the persistent connection without pipelining issues a request and then waits until the complete file is received before issuing the next HTTP request. Figure 1. For most organizations, the access link to the Internet is almost always full, and hence there typically exists a long queuing delay when sending a packet to the Internet.

Assume, for example, that the average queuing delay at the border router is ms when a packet travels to the Internet. In contrast, when a response packet travels from the Internet to a Gbps LAN, the queuing delay is negligible when compared with the delay in the opposite direction.

In addition, suppose that a homepage is to be downloaded that has only one base file that is Kbits long. Neglecting all the other delays, an HTTP request and response can be approximated as follows: Network latency contains the round-trip time RTT and the number of round trips required to transfer application data is the delay that can be minimized through protocol optimizations. Network bandwidth has grown substantially over the past two decades, thereby reducing the transmission delay, while propaga- tion delay is largely constrained by the speed of light and has remained unchanged.

Therefore reducing the number of round trips has become the most effective way to improve the latency of TCP-based applications. The media file will stop play back if the rate of play back exceeds the rate at which the file is downloaded. The file will resume to play again after further video is downloaded. Google Video, and YouTube support video progressive downloading that can seek any part of the video before buffering is complete.

A Flash Video player can request any part of the Flash Video file starting at a specified key frame. Cookies are designed to provide a browser with memory for a particular site that one has visited.

Individuals who use the Web to download a variety of items are typically very familiar with Cookies. Obviously, this information can be very useful in enticing the users to download more goods by informing them of downloading opportunities that fit their pattern of downloads.

Cookies provide the state information for HTTP since it is inherently stateless. In addition, the file is also contained in a back-end database that exists at the Web site. The following data is typical of the type of information Cookies generate: Alice always accesses the Internet from a PC, and this is the first time the current Web site has been vis- ited. When an initial HTTP request arrives at the site, e.

This information is also saved in a special Cookie file maintained by the browser. If Alice returns to the site. This process is repeated each time Alice visits this web site. There is tremendous value in this process for site. For example, the web site knows such things as what she is downloading, how much she is downloading, the order of her downloads and the times of download.

Armed with this information, the company is in a position to suggest additional downloads that are aligned with her previous history of downloads at their site.

So, once a download has been made and Alice has given the company all the necessary data that identifies her, e. site http resp creates ID Create Set- one cookie: site http reques t msg cookie: Two cookies are set by site. Note that this Hypertext Transfer Protocol contains two Cookies. Two cookies are sent to site. For example, in order to access the page http: The server responds by sending the requested page, pre- ceded by the HTTP header, that may contain lines requesting the browser to store Cookies.

If the browser sup- ports Cookies and they are enabled, every subsequent page request to this particular server will contain the Cookie. As an example, if the browser requests the page: In this example, we assume the Cookie sent by the web server is the following: Cookies can expire, and will not be sent by the browser to the server under any one of the fol- lowing conditions: This last condition permits a server or script to explicitly delete a Cookie.

This process can be performed in the following manner. First, the user provides both user name and password in the text fields of a login page and forwards them to the server. Next, the server receives and checks this data. If correct, the server sends back a page that confirms a successful login and includes a Cookie. The pair: Finally, with every user request from the server, the browser automatically sends the Cookie to the server, the server compares the Cookie with those that are stored, and if a match is found the server has identified the user.

This technique is commonly used by a variety of sites that permit login, such as Yahoo. Cookies assist with such things as authorization, shopping carts, recommendations and user session state, i. This state is maintained at the protocol endpoints, i.

Computer Networking

Cookies are routinely being used to collect statistics and generate Irwin, J. However, when a Cookie is used for a single sign on, the authen- tication information stored in the Cookie may be stolen.

Unfortunately, Cookies contain a lot of information about an individual and therefore privacy is always an issue when they are used.

The use of a proxy server is the most economical way. It handles HTTP requests for the origin server, and stores recently requested objects. A user can configure a browser to first access the web cache. Under these circumstances, the browser sends all HTTP requests directly to cache. If the requested object is resident in cache, the cache will return the object to the client.

Otherwise, the cache will request the object from the origin server. When the cache receives the object, it retains a copy and for- wards it on to the client. The Web Caching Operation for the Object cnn.

The proxy caching operation is performed in the following manner. This technique clearly has some inherent advantages. It provides quick turnaround to clients, reduces the load on the Web server, and it results in a significant drop in bandwidth consumption for the access link that connects an internal network to the Internet.

It is, of course, possible that the cache does not have the most up-to-date version of an object. Perhaps it has been recently modified in the Web server. If no recent modification has taken place, it is not necessary for the origin server to send the object to the proxy.

If a modification has taken place, the proxy will no longer have the most up-to-date version of the object, and it will be necessary for the web server to forward this updated version to the proxy. Therefore, the file transmission delay of the objects contained in the page is elimi- nated; this also removes the associated processing delays, propagation delays, and queuing delays for subsequently requesting and delivering objects contained in the web pages. As a consequence, the congested border router of an organization may have fewer outgoing HTTP request packets and a reduction in the queuing delays for achieving a faster Internet link to an ISP.

Conditional POST can also be used in a similar manner. The first proxy server, known as Squid, is still the most popular open-source proxy server software. One should understand its caveats when using each of its features.

Since the proxy is a server to the client and a client to the server, it is essentially a client and server at the same time. The proxy also plays a critical role in security. It is the initial point of contact for a client, and yet no important information is stored locally. As such, it serves as a sacrificial lamb in the case of unwarranted penetration. If the cache is poisoned, then attacks can be propagated to a computer that accesses the cache. Recently, there have been numerous attacks aimed at poisoning the cache, and unfortunately they are as effective as an attack on the origin server for users that employ the proxy.

In the former case, where the browser is specifically configured for this mode of operation, all requests are directed to the proxy. In this mode, user action is required.

In the latter case, the proxy lies in the path between client and server, intercepts packets en route, and interposes itself in the transfer of data. The benefit of this mode is that no user action is required. Web proxies do perform a number of viable functions.

Among them are anonymization, trans- coding, prefetching and filtering. The transcoding operation converts data from one form to another to reduce the size of files for such things as cell-phone browsers, and it improves the effective link performance when communicating with ISPs.

By requesting content before the user asks for it, prefetching provides a valuable service for dialup users.

Filtering is yet another important function in that it can be used to block access to sites, based on either URL or content. Many vendors provide security services by simply blocking access to malicious sites. Filtering can also be used to reduce the bandwidth consumption for certain protocols and appli- cations, such as P2P and video streaming. Content providers want to offer content, while consumers want to access it. To do this, quite often the providers deploy server farms and replicas, while consumers deploy web proxies.

What are the consequences? What is the most effective and economical way of designing access links? The following assumptions are made concerning the operation of this network. The Effect That Upgrading to a Higher Data Rate Access Link Has on Delays One method, although costly, for dealing with this situation is to increase the bandwidth of the access link between the institutional network and the public Internet through the use of a T3 line, i.

The consequences of this change from a 10 Mbps to a 45 Mbps access line are reflected in two areas. However, this upgrade will be costly, e. For example, assuming a hit rate of 0. In addition, how do we ensure that the information is always available even when the area suffers catastrophic damage? The advantages of WAAS are centralized applications and storage in the data center while maintaining LAN-like application performance by caching. This caching involves both replicating and synching files and the database.

It also provides for application acceleration for remote employees, the minimization of branch office IT costs and the simplification of data pro- tection through the existing infrastructure.

Content delivery networks CDNs are used to cache data in various geographic locations around the world, so you can access that data faster by reducing access latency.

CDNs can dynamically distribute assets to strategically placed redundant core, fallback and edge servers. CDNs can have automatic server availability sensing with instant user redirection. The user must provide authentication information in the form of a user identification and password, and interact with FTP through a FTP user interface. The FTP process is executed in the following manner. When the client identifies a file and sends the server a file transfer com- mand, the server opens a second TCP connection, which is used by the server to transfer the file of interest.

Once the file has been transferred, the server closes this data connection. If another file is requested by the client, the server will open another data connection to transfer this new file. The control information is said to be out-of-band because FTP employs a separate connection for this information. This process, the server employs, of keeping up with the client in this manner is called maintaining state.

This maintenance of state severely limits the number of simultaneous FTP sessions that can be accommodated. In contrast, HTTP is a stateless protocol. In either case, the TCP control connection uses server port number 21 and the control connection is initiated by the client. Note that in the active case, the TCP data connection is on server port number 20 while a client port number greater than , i. After the control connection is established, the active mode requires the client to send the server the port number PD using the PORT command over the control connection.

The passive mode is bet- ter when the client is behind a firewall that is unable to accept incoming TCP connections. The passive mode requires the client to open two random unprivileged local ports: The first port Pc connects to the server on port Since the client initiates the data connection, the firewall will permit its establishment. In comparison to earlier versions of the SCP protocol, which permitted only file transfers, the SFTP allows for a range of operations on remote files.

Thus, SFTP is actually a remote file system protocol. The additional capabilities enjoyed by SFTP clients, when compared with SCP, include the resumption of interrupted transfers, directory listings, and remote file removal.

The user agent composes, edits, reads and saves mail messages. There are a number of graphical user interfaces GUIs for email in use, e. The user, Bob, composes a message. His user agent sends it to a server using SMTP. There is also a message queue for outgoing messages that will be sent. Therefore it is the protocol used between mail servers.

The direct transfer of mail between the sending server and the receiving server employs TCP as a reliable transfer vehicle, and port number 25 is used. The actual transfer process consists of three phases: SMTP has been around for a long time, and as a result has some characteristics that are clearly out-of-date in these modern times. One of these archaic characteristics is the restriction that the body of the message, as well as the headers, must be in 7-bit ASCII.

The following example outlines in some detail the actual process by which an email is sent and received. Some of the key features of SMTP are the following: While SMTP is a push operation, i.

Recall that in a standard business letter, the top of the letter contains certain information, e. This type of information, which could be referred to as header information, is also present in email.

CRLF, i.

When multimedia is contained in the message or the message contains languages other Irwin, J. These additional lines in the message header declare that MIME content is included.

Note that the information in this header defines the MIME version to be 1. Since some 8-bit binary code is reserved for signaling purposes, the use of Base64 encoding avoids any conflicts. Line numbers are the response from the server using suc- cess code , failure code or error.

Line number 22 and the ones beyond are the content of the MIME message. The final delivery step in this process is accomplished by Irwin, J. POP3 is a simple mail access protocol, but it has some critical limitations.As such, it controls the manner in which Web pages are transferred back and forth between the Web server and its various clients. It is a well-informed, revised, and comprehensible educational book that addresses not only professionals but also students or anybody else interested in cyber security and needs an integrated source.

Which of the following alternatives is the fastest HTTP connection? Wireshark is a network analyzer software or network sniffer that supports every OS.

If you don't need a book ASAP, or you have time to wait until they decide to contact you this is the place to download.

CARRI from Philadelphia
I do fancy reading books quarrelsomely. Look through my other posts. I have a variety of hobbies, like nordic skiing.