[컴퓨터네트워크] 1. Introduction (4)

1-7. Basic network security

Network Security

▶ Field of network security:

• How bad guys attack computer networks.
• How we can defend networks against attacks.
• How to design architectures that are immune to attaks.

▷ Internet was not orignally desinged with much security in mind...

 

 

Bad guys: put malware into hosts via Internet

▶ malware (악성 소프트웨어)

--> malware can get in host from:

• virus: self-replicating infection by receiving + executing object.
  (기생해서 실행, 사용자 개입 필요, 컴퓨터 내 공격)
• worm: self-replicating infection by passively receiving object that gets itself executed.
  (독자적으로 실행, 사용자 개입 필요x, 네트워크 공격)

▷ Spyware malware: Spyware malware can record keystrokes, web sites visited, upload infomation to collection site.

--> 사용자 몰래 개인정보를 수집하는데 쓰이는 악성 소프트웨어

 

▷ Infected host can be enrolled in botnet(봇넷: 사용자가 모르게 악성 소프트웨어의 통제를 받는 컴퓨터들), used for spam or DDoS(Distributed Denial of Service) attacks.

 

 

Bad guys: attack server, network infrastructure

▶ DoS(Denial of Service)

: attackers make resources (server, bandwidth) unavailable to legitimate(합벅적인) traffic by overwhelming resource with bogus(가짜의) traffic. --> 실제 request가 실행되지 못하도록 한다.

DoS(Denial of Service)

1. Select target.
2. Break into hosts around the network.
3. Send packets to target from compromised(손상된) hosts. --> 실제 사용자는 이용할 수 없게 된다.

 

 

Bad guys: packet interception

▶ packet "sniffing"

packet "sniffing"

1. Broadcasts media.
2. Promiscuous network interface: reads/records all packets. (media에 올라온 것은 일단 받는다.)

 

 

Bad guys: fake identity

▶ IP spoofing

: Send packet with false source address. (다른 source인 척 하는 것)

• Solution: end-point authentication(증명).
  (Source --> Destination에서 진짜 source가 맞는지 확인하는 것)

 

---

1-8. Internet History

1961-1972: Early packet-switching principles.

1961-1972: Early packet-switching principles.

 

1972-1980: Internetworking, new and proprietary(전용) networks.

1972-1980: Internetworking, new and proprietary(전용) networks.

 

1980-1990: new protocols, a proliferation(확산) of networks.

1980-1990: new protocols, a proliferation(확산) of networks.

 

1990, 2000s: commercialization, the Web, new apps.

1990, 2000s: commercialization, the Web, new apps.

 

2005-present: more new apps, Internet is "everywhere"

2005-present: more new apps, Internet is "everywhere"

 

Summary of Internet history

Summary of Internet history

---

 

Ch2: Application Layer

▶ Principles of network applications

• Transport-layer service models (Application-layer의 종류에 따라 다른 서비스를 제공한다.)
• client-server paradigm, peer-to-peer paradigm

▶ Popular application-layer protocols

• Web, HTTP (HTTP/2)
• Email, SMTP/IMAP
• DNS

▶ PeP vs. Client-server

▶ Vedio straming

• DSAH
• Content Distribution Networks (CDN)

▶ Socket programming with UDP, TCP

 

 

Some network apps

Some network apps

 

 

Creating a network app

Creating a network app

▷ Write app programs that:

• run on end systems.
• communicate over network.

--> Application: end system (host)에만 있다!

 

 

Application architectures

▶ Possible structure of applications:

• Client-Server
  ex) HTTP, SMTP, DNS
• Peer-to-Peer (P2P)
  ex) BitTorrent (file sharing), Internet Telephony (Skype), IPTV

 

1) Client-server paradigm

▶ Server host

• Always-on host.
• Permanent IP address. --> Client host가 접근할 수 있도록 한다.
• Data senters for scaling(비례 축소) --> server farm: 외부에서는 하나의 서버인 것처럼 보인다.

 

▶ Client host

• Commnicate with server.
• Do not communicate directly with each other.
• May be intermittently(간헐적으로) connected. --> Always connected (x).
• May have dynamic IP address. <-- IP address가 부족하기 때문이다.

 

2) Peer-peer architecture (P2P)

• No always-on server
• Arbitary end systems (peer) directly communicate with each other.
• Peer: request service from other peers & provide service in return to other peers.
  --> Self scalability(확장성): new peers bring new service capacity, as well as new service demands.
  --> Doesn't require significant server infrastructure nor server bandwidth.
• Peers are intermittently(간헐적으로) connected and change IP addresses (dynamic IP address).
  --> Complex management.

 

 

Process communicating

▷ Process: program running within a host.

• 같은 host 내에서: two processes communicate using inter-process communication.
• 다른 host끼리: processes communicate by exchanging messages. (network service 이용)

 

▶ Client-Servers

• Client process: process that initiate communication.
• Server process: process that waits to be connected.

 

▶ P2P 

: Applications with P2P architectures have both client process & server process.

--> Client process & Server process in the same host.