版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡(jiǎn)介
我們畢業(yè)啦其實(shí)是答辯的標(biāo)題地方軟件工程專業(yè)英語(yǔ)SOFTWAREENGINEERINGESSENTIALS2023/10/212023/10/21..24.1LOCALAREANETWORK
4.2TCP/IP4.3
SECURITYSUMMARYCHPTER4
NETWORKINGANDSECURITY2023/10/21COMPETENCIESAfterreadingthischapter,youshouldbeableto:1.ExplaintheInternet.2.DiscussthetwokindsofLAN:EthernetLAN,andWi-Fi.3.Describehowthedataaretransferred.4.DescribehowtosendonepacketthroughEthernet.5.ExplainTCP/IP.6.DescribetheEthernetdesignprocessandhowtodealwithcollision.7.Discusssecurity.2023/10/21.32023/10/21Inthischapter,wewillfirstelaborateonhowthecomputernetworkworks.Thebasic
principlesofhowthecomputernetworkworksaresurprisinglysimplealthoughthedetailsarefairlycomplicated.We’llstartfromthesmall-scale,LocalAreaNetwork,orshortlyaLAN.Andtheninthenextsectionwe’llexplainhowtheInternetcoverstheentireearth.Finallyinthischapter,wewilldiscusscomputersecurity.2023/10/21.42023/10/212023/10/21..54.1LOCALNETWORKAREA2023/10/214.1LOCALAREANETWORK
Thedetailsofnetworkingcanbequitecomplicated.Butthebasicideasofhowitallworksaresurprisinglysimple,andthat'swhatwe'regoingtostudy.TheInternetislikeaglobalphonesystemforcomputers:acomputercan"call"anothercomputerontheinternettogetorsendalittleinformation.Supposeyourlaptopisconnectedtotheinternet,andyoutype""intoyourbrowser--whathappens?Yourcomputercontactsthecomputer""--placinga"call"ineffect--andsendsarequestforthemainwebpage.Themachinesendsbackalargeresponsewhichisthewebpageandendsthecall.Yourbrowsergetsbackallthisdataandformatsitforyourscreensoyoucanreadthetext,clicklinksetc.We'lllookatthisfetch-webexampleafewdifferentwaystoseehowtheinternetworks.2023/10/21..2023/10/214.1LAN
ItstandsforaLocalAreaNetwork.Theseareverycommon.ALANisanetworkthatwouldbeusedtocovermaybeonefloorofabuildingormaybejustwithinahouseorsomethinglikethat.TwoverycommonexamplesofLANtechnologyareEthernet.whichiswired,useswires,it'swiredLANtechnology,andWi-Fi,whichisthewirelessradiosortofanalogtoEthernet.Thoseareincrediblycommon.2023/10/21..2023/10/214.1LAN4.1.1EthernetLAN4.1.2Packets-DataTransmission4.1.3Ethernet--SendingOnePacket4.1.4Wi-Fi--SameStrategy4.1.5EthernetDesignSummary2023/10/21..2023/10/214.1.1EthernetLANWiresaboutasthickasadrinkingstraw100metermaxwirelength,soit’slocalWiresoftenyelloworblueRJ-45plug,likeabigphoneplug2023/10/21..2023/10/21Figure4-1EthernetRJ-45plug
2023/10/21..2023/10/21Figure4-3datafromcomputer1tocomputer22023/10/21..4.1.2Packets-DataTransmission2023/10/214.1.3Ethernet--SendingOnePacket2023/10/21..Figure4-4SendingonepacketonEthernet2023/10/21READING1NETWORKING
PacketErrors--ChecksumRe-Send
2023/10/21..Figure4-9checksum2023/10/21READING1NETWORKING
MultipleComputers--EthernetDesign
2023/10/21..Figure4-10EthernetDesign2023/10/21READING1NETWORKING
EthernetCollision2023/10/21..Figure4-11
EthernetCollision2023/10/214.1.4Wi-Fi--SameStrategy2023/10/21..2023/10/214.1.5EthernetDesignSummary1.Shared:there'sjustonewiresharedbyeveryone,soit’scheap;2.DistributedandCollaborative:thereisnocentralcontrol,dependingoneachcomputerfollowingthecollaborativeprotocolingoodfaith;3.Insecure:it’snottoohardtolistentoorpickuppacketsnotintendedforthereceiver;4.Performancedegrades:
itsperformancedoesnotbreakasmorecomputersusethesharedmedium
2023/10/21..2023/10/212023/10/21..184.2
TCP/IP2023/10/214.2TCP/IP
ThepreviousLANexamplesareaboutconnectingcomputersonthesameLAN.Nowwewillscaletheproblemuptosendpacketsbetweenanytwocomputersontheearth.TheworldwideInternetisbuiltontheTCP/IPfamilyofstandards(TransmissionControlProtocol/InternetProtocol)whichsolvestheproblemofsendingpacketsbetweencomputersacrossthewholeinternet.Thesearefreeandopen,vendor-neutralstandardswhichisprobablythereasontheyhavebeensoincrediblysuccessful.2023/10/21..2023/10/214.2TCP/IPTheworldwideInternetisbasedactuallyonsomeGovernment-fundedresearchinthe70sfromtheUnitedStates,andsomestandardscalledTCP/IParecreated.TheTCP/IPisafamilyofstandards(TransmissionControlProtocol/InternetProtocol)whichsolvestheproblemofsendingpacketsbetweencomputersacrossthewholeinternet.Thesearefreeandopen,vendor-neutralstandardswhichisprobablythereasontheyhavebeensoincrediblysuccessful.2023/10/21..2023/10/214.2TCP/IP4.2.1IPAddress4.2.2DomainNames4.2.3Router4.2.4WhatDoesitMeantoBeOntheInternet?4.2.5Ping2023/10/21..2023/10/214.2.1IPAddress2023/10/21..Figure4-6IPaddress2023/10/214.2.2DomainNameDomainnamesareessentiallyalternatenamesforIPaddresses.Wehavedomainnamessuchas,.Domainnamesareeasyforpeopletorememberandtype.DomainsystemcanlookupanIPaddressfromadomainname.Sowhenyouuseadomainname,itislookeduptogetanIPaddressfortheactualpackets2023/10/21..2023/10/214.2.3Router2023/10/21..Figure4-7Router2023/10/214.2.4WhatDoesitMeantoBeOntheInternet?OntheInternet—e.g.connecttoaWi-Firouter1.computerconnectstoanupstreamroutertohandletraffic.MostWi-FiaccesspointscombineWi-Fi-radiosandarouter.2.TheroutertypicallygivesthecomputeranIPaddresstouseThecomputercannotpickanarbitraryIPaddress,sincetheleftpartoftheaddressdependsonthelocationontheInternet…detailknownbytherouter3.DHCP“DynamicHostConfigurationProtocol”—automaticallyconfigurenetworksettingstoworklocally.Computersveryoftenusethisfeaturetogetneedednetworkconfigurationfromtherouterautomatically.2023/10/21..2023/10/214.2.5Ping"ping"isanoldandverysimpleinternetutility.Yourcomputersendsa"ping"packettoanycomputerontheinternet,andthecomputerrespondswitha"ping"reply(notallcomputersrespondtoping).Inthisway,youcancheckiftheothercomputerisfunctioningandifthenetworkpathbetweenyouanditworks.Asaverb,"ping"hasnowenteredregularEnglishusage,meaningaquickcheck-inwithsomeone.Experiment:
Mostcomputershaveapingutility,oryoucantry"ping"onthecommandline.Trypinging.2023/10/21..2023/10/21Traceroute
Tracerouteisaprogramthatwillattempttoidentifyalltheroutersinbetweenyouandsomeothercomputeroutontheinternet-demonstratingthehop-hop-hopqualityoftheinternet.Mostcomputershavesomesortof"traceroute"utilityavailableifyouwanttotryityourself(notrequired).Someroutersarevisibletotracerouteandsomenot,soitdoesnotprovidecompletelyreliableoutput.However,itisaneatreflectionofthehop-hop-hopqualityoftheInternet.2023/10/21..2023/10/21READING2TCP/IP
HowDoesaPacketGetAcrosstheInternet?2023/10/21..Figure4-12:aPacketGetAcrosstheInternet2023/10/21READING2TCP/IP
RouterAnalysis?Eachrouterknowsenoughtofigurethenexthop,notthewholeroute.Theoriginalcomputerdoesnottypicallyknowmuch,delegatingtorouters“Core”routers,towardsthemiddleRoutersmeasureconnectionfunctionality/breakageallthetime.RoutearoundRoutersareanotherdistributed,collaborativesystem2023/10/21..2023/10/21READING2TCP/IP
Special"Local"IPAddressesNotethat10.x.x.xand192.168.x.xaddressesarespecial"local"IPaddressesTheseaddressesarenotvalidoutontheinternetatlargeThesearetranslatedtoarealIPaddressasapacketmakesitswayFrequentlygivenoutbyWi-Firouters2023/10/21..2023/10/212023/10/21..314.3
SECURITY2023/10/214.3SECURITYComputersecurityisabigandkindofdramaticarea,anditcanlookscary.Butitdoesn'tneedtobe.Wegoingtotalkaboutsomeofthemostimportantcases.Andinparticular,stayingsafeisnotthathard.Itdoesn'tneedtobethatcomplicated.We'lltalkaboutthemostimportantandinterestingideas.Keepingsafeisnotthathard.2023/10/21..2023/10/214.3SecurityNow,computersecurityisascarytopicandadramaticarea.Wearegoingtotalkaboutsomeofthemostimportantcasesandinterestingideas.Infact,stayingsafeisnotthathardandcomplicated.2023/10/21..2023/10/214.3Security4.3.1Computer--TheCastle4.3.2PasswordAttacks4.3.3PhishingAttacks4.3.4MalwareAttacks4.3.5SafetyRecap2023/10/21..2023/10/214.3.1Computer--TheCastle2023/10/21..Figure4-8Badguyoutsideacomputer2023/10/214.3.2PasswordAttacksThebadguycouldtrytoguessyourpasswordonasiteTrytologinagainandagainWorksifthepasswordiscommonAlsoknownas“dictionaryattach”.TryallthewordsinadictionaryThisfailmostly,butsuccesshereandtherewithanaccountwithapoorpasswordisgoodenoughforthebadguysTherefore:avoidhavinganobviousorcommonlyusedpassword2023/10/21..2023/10/21BadPasswordsDonotneedtobesuperelaborate(somesitesgocrazywiththis).Herewelistsomecommonpasswords-donotusethese!Commonpasswords:password,password1,123456789,12345678,1234567890,abc123,computer,tigger,1234,qwertyBesides,avoidapasswordthatthousandsofothersouttherehavealsochosen2023/10/21..2023/10/21GoodPasswordsWhatIdoforsecurepasswords,forexampleforabanksite,startwithaword,addmisspelling,thenaddsomerandomletters.Couldaddsomedigitsand/orpunctuationandmaybesomeuppercaseletters.
mottens,erx--fine
Mottens,9erx--better
MotenX,97erx--probablymorecomplexthannecessary2023/10/21..2023/10/21Herewelistsomesuggestions:
Thelistofcommonpasswordscontainspasswordsthatarejustawordorawordplusatinyvariation,like"jane","secret1","mittens123",ortwowordslike"catmittens",soit'svitalthatyourpassworddoesnotlooklikethat.It'soktohaveawordfragment,butitshouldalsoincludesignificantnonsenseletters.Personally,Ilikestartingwithaword,sinceitiseasytorememberandfasttotype,butthenrandomjunkneedstobeaddedinandaroundit.Somesitesgocrazy,requiringmanyuppercaseletters,digits,andpunctuationletters.Ithinkthat'snotnecessary.It's"securitytheater":addingmorecomplexityandtheappearanceofactionbutwithoutactuallyaddingtosecurity.2023/10/21..2023/10/214.3.3PhishingAttacks“Phishing”,i.e.thebadguyis“fishing”foryouBadguytricksyouintoexposingyourpasswordorwhateverNodoubtyouhavereceivedmanyphishingemailsNote:notrelatedtoanactualtransactionoraccount,badguysjustspewtheseout,hopingtofoolsomeoneAlternatelycouldhaveaphishingwebsitethatimitatestherealeBaysiteBadguysemailsoutorinsomeotherwaydistributestheurltophishingsiteBadguyswantpasswordsforsitesthathavesomethingtodowithmoney2023/10/21..2023/10/21HerearesomesuggestionsabouthowtoavoidPhishing:
Don'ttrustURLsinemailsorrandomsites,especiallywhenleadingtoaloginpageScrutinizetheURLasshowninyourbrowseroremailprogram.BadguyURLwilltrytolooklegit,like
www.ebay.bad-guy.rumoresecure)TypetheURLinyourself.IfitclaimstobefromeBay,typeinyourselfinyourbrowser.It'sasimplerule.Firefoxetc.candoextragreenhighlightingof"real"site.e.g.Lookfor
https
intheURL2023/10/21..2023/10/214.3.4MalwareAttacks"Malware"isthegeneraltermforaprogramwrittenbythebadguytodobadthingstoyourmachine-breakintothemachine,stealpasswords,sendspam,etc.Howcanthebadguygettheirprogramonacomputerandgetittorun?HerewewilldiscusstwokindsofMalware:TrojanandVulnerability,andtheirintrusiontechniques.2023/10/21..2023/10/21Malware1TrojanA"Trojan"isamalwaredisguisedassomethingelse,like"awesome-cursors.exe"or"fun-game.exe"or"JustinBeiber.JPEG.exe“Sotheuserdownloadsitoraccessesit,notawarethatitwilldosomethingbad.E.g.SuperAntivirus.exe—thisisactuallyacommonTrojanruse!Trytomakeitlikeharmlesscontent,notaprogramClaimtobeaprogramthatdoessomethingmanypeoplewant,butreallyit’smalwareTherefore:Don’trunprogramsfromrandomsources(googleitfirst,seewhatpeoplesay)Ifsomethingisfromawellknowndomainandhaslotsofdownload,someonewouldhaveflaggeditifitwasmalware2023/10/21..2023/10/21Malware2-VulnerabilitySupposethereisabugintheFlashanimationdisplayprogramWhenfedcertainpathologicanimationbytes,theprogrambreaksandgivesaccesstothemachineSothebadguyputamaliciousFlashanimation,andthensendslinkstoitinspamJustvisitingthepagewiththebadcontentisenoughtocompromisethemachineifitisvulnerable.Thisisprobablythemostscarycase,astheuserdoesverylittle.2023/10/21..2023/10/21Malware2-VulnerabilitySolution:Keepweb-facingsoftwareuptodateAllbrowsersnowhavestrongauto-updatechannels,sobydefaulttherightthingtendstohappenAside:thisisalsowhyhavingaproprietaryformatlikeFlashbeakeypartoftheinternetismaybenotagoodarchitecture.PeoplewereverydependentonAdobetofixthesoftwareveryquickly,andAdobe’srecordwasveryuneven.2023/10/21..2023/10/214.3.5SafetyRecap1.PasswordattacksDon'tuseabadpasswordforanimportantsite(e.g.bank)
Don'tre-usepasswordsacrossimportantsites2.PhishingAttacksProceedcarefullywithcontentfromemail,orwithprovocativetitles
LookatthebrowserURL-areawhentypinginpassword
Orjusttypeinwebaddressyourselfinthebrowserinsteadofclickingintheemail3.MalwareAttacks
ToavoidTrojan,beverywaryofdownloadingandrunningcode(Googlethenameorsource).
ToavoidVulnerability,keepinternet-facingsoftwareonauto-updatetostayatthelatest.2023/10/21..2023/10/212023/10/21..474.1LANLANethernetpacketdigitaltransmissionNocentralcontrolMACaddressTEXT4.2TCP/IP4.3SECURITY7.TCP/IPStandards8.domainnames9.router10.DHCP11.ping12.traceroute13.passwordAttacks14.PhishingAttacks15.HTTPS16.malwareattacks17.Trojan18.vulnerabilityTermss2023/10/212023/10/21..48CONCEPTS1.WhatisLAN?2.WhatisEthernet?3.Howthedataaresentfromonecomputertoanother?4.WhatisthepatternofsendingonepacketonEthernet?5.WhatisWi-Fi?6.WhatisthedifferencebetweenEthernetLANandWi-Fi?2023/10/212023/10/21..49CONCEPTS7.WhatarethefeaturesoftheEthernetDesign?8.WhatisIPaddress?9.Whatisdomainname?10.Whatisrouter?11.Whatdoesitmeanforacomputertobeontheinternet?12.Whatis“ping”?13.Whatis“traceroute”?2023/10/212023/10/21..50CONCEPTS14.Whatdoesacomputerlikefromoutside?15.Whatisthesuggestionsofagoodpassword?16.WhatisPhishing?17.WhatisMalwareAttack?Howtoavoidit?18.WhatisTrojan?Howtoavoidit?19.WhatisVulnerability?Howtoavoidit?2023/10/21MultipleChoice1.SupposeacomputerwantstosendapacketonEthernet.whatdoesthecomputerfirstwaitfor?a.Waitsforitsscheduledtimeinthepredeterminedtransmissionschedule.b.WaitsforthecentralEthernetcontrollertosignalthattransmissionisnowpermitted.c.Waitsfortherecipientcomputertosignalthatitisready.d.WaitsfortheEthernetwiretobequiet.2023/10/21..2023/10/212.WhichoneisnotthefeatureofEthernet?a.Sharedb.DistributedandCollaborative.c.Secure.d.Performancedegrades.2023/10/21..2023/10/213.WhichoneofthefollowingisnotavalidIPaddress?a.b.c.00d.42.257.99.112023/10/21..2023/10/214Whichofthefollowingisgenerallynottrueaboutrouters?a.Routerscheckthecentralinternet-mapwhichshowsroutesforallpackets.b.Routersgetpacketsfromcomputers,forwardthemon.c.Routerscontinuouslymonitorthestatusoftheirconnections.d.Routersforwardeachpacketonehopclosertoitsfinaldestination.2023/10/21..2023/10/215.Whatdoespingdo?a.Notifiesthelocalrouterthatthecomputerwantsmorepackets.b.Sendsa“areyouthere”packettoacomputer,gettingbacka“yes”packet.c.Notifiesthelocalrouterthatthecomputerdoesnotwantanymorepackets.d.Sendsa“whoisthere”packet,gettingbackadescriptionoftherecipient.2023/10/21..2023/10/216.Whichoneofthefollowingistheworstpassword?a.snyrk34b.XXagflib1c.Xxagflibd.password2023/10/21..2023/10/217.Again,whichoneofthefollowingistheworstpassword?a.hygyslb.ipludtc.secretd.ahtygx2023/10/21..2023/10/218.Whichofthefollowingbestdescribesaphishingattack?a.Trytoobtainthepasswordbytrickingthevictimintologgingintoafakebutrealisticlookingwebsite.b.Trytofigureoutthepasswordbycontinuouslyattemptingtologinwithpasswordguesses.c.Trytofigureoutthepasswordbyinterceptingthepacketsoftheloginnetworktransaction.d.Trytoobtainthepasswordbybreakingintothevictim’shouseandlookingforitwrittendownsomewhere.2023/10/21..2023/10/219.WhichoneofthefollowingE-MailslookslikeaTrojanattack?a.Pleasevisitwww.scwhab.bad-guy.ruandloginwithyourregularpassword—thestandardlog-inpageisbrokentoday.b.Wehavedetectedavirusonyourcomputer.Pleasedownloadandrunthisprogramtocheck:SuperVirusChecker.exec.Ihave27milliondollarshereinSpain.Ifyouwillsendmeyour
溫馨提示
- 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。
最新文檔
- 鈦鎳合金耐磨性試驗(yàn)研究
- 摩托車鏈條項(xiàng)目可行性實(shí)施報(bào)告
- 寶雞文理學(xué)院《律師與公證制度》2022-2023學(xué)年第一學(xué)期期末試卷
- 干燥架攝影相關(guān)項(xiàng)目實(shí)施方案
- 供熱公司安全管理工作措施
- 寶雞文理學(xué)院《教育技術(shù)學(xué)研究方法》2022-2023學(xué)年第一學(xué)期期末試卷
- 單縫衍射完整版本
- 大米專用冰箱市場(chǎng)環(huán)境與對(duì)策分析
- 2024年匠心杯鉗工賽項(xiàng)理論考試題庫(kù)(含答案)
- 實(shí)驗(yàn)室用燒瓶相關(guān)項(xiàng)目建議書
- 《夏天里的成長(zhǎng)》優(yōu)秀課件
- 人教版七年級(jí)上冊(cè)數(shù)學(xué)一元一次方程的應(yīng)用-古代數(shù)學(xué)問(wèn)題
- 小學(xué)生團(tuán)體心理輔導(dǎo)方案
- 床單元消毒機(jī)-課件
- 高中語(yǔ)文上冊(cè)(統(tǒng)編)2.3峨日朵雪峰之側(cè)-【課件】-(共20張PPT)
- 工程暫停令-范本
- 污泥脫水石灰投加系統(tǒng)工藝說(shuō)明
- 中學(xué)干部教師隊(duì)伍建設(shè)三年發(fā)展規(guī)劃
- 腸梗阻護(hù)理和查房課件
- 關(guān)于女性員工職業(yè)生涯規(guī)劃的制定
- 患教-頸動(dòng)脈斑塊課件
評(píng)論
0/150
提交評(píng)論