Computer network is a system connecting two or more computers. A computer network allows
user to exchange data quickly, access and share resources including equipments, application software,
Data communications systems are the electronic systems that transmit data over communications
lines from one location to another. You might use data communications through your microcomputer
to send information to a friend using another computer. You might work for an organization whose
computer system is spread throughout a building, or even throughout the country or world. That is, all
the parts—input and output units, processor, and storage devices—are in different places and linked
by communications. Or you might use telecommunications lines—telephone lines—to tap into
information located in an outside data bank. You could then transmit it to your microcomputer for
your own reworking and analysis.
To attach to a network, a special-purpose hardware component is used to handle all the
transmission. The hardware is called a network adapter card or network interface card (NIC), it is
a printed circuit board plugged into a computer's bus, and a cable connects it to a network
Communications networks differ in geographical size. There are three important types:
LANs, MANs, and WANs.
Local Area Networks
Networks with computers and peripheral devices in close physical
proximity—within the same building, for instance—are called local area networks (LANs).
Linked by cable-telephone, coaxial, or fiber optic. LANs often use a bus form organization. In a
LAN, people can share different equipments, which lower the cost of equipments. LAN may be
linked to other LANs or to larger networks by using a network gateway. With the gateway, one
LAN may be connected to the LAN of another LAN of another office group. It may also be
connected to others in the wide world, even if their configurations are different. Alternatively, a
network bridge would be used to connect networks with the same configurations.
There is a newly development for LANs: WLAN. A wireless LAN (WLAN) is a flexible
data communication system implemented as an extension to, or as an alternative for, a wired
LAN within a building or campus. Using electromagnetic waves, WLANs transmit and receive
data over the air, minimizing the need for wired connections. Thus, WLANs combine data
connectivity with user mobility, and, through simplified configuration, enable movable LANs.
Over the recent several years, WLANs have gained strong popularity in a number of vertical
markets, including the health-care, retail, manufacturing, warehousing, and academic arenas.
These industries have profited from the productivity gains of using hand-held terminals and
notebook computers to transmit real-time information to centralized hosts for processing. Today
WLANs are becoming more widely recognized as a general-purpose connectivity alternative for
a broad range of business customers.
Applications for Wireless LANs Wireless LANs frequently augment rather than replace
wired LAN networks—often providing the final few meters of connectivity between a backbone
network and the mobile user. The following list describes some of the many applications made
possible through the power and flexibility of wireless LANs:
Doctors and nurses in hospitals are more productive because hand-held or notebook
computers with wireless LAN capability deliver patient information instantly.
Consulting or accounting audit engagement teams or small workgroups increase productivity
with quick network setup.
Network managers in dynamic environments minimize the overhead of moves, adds,
and changes with wireless LANs, thereby reducing the cost of LAN ownership.
Training sites at corporations and students at universities use wireless connectivity to
facilitate access to information, information exchanges, and learning.
Network managers installing networked computers in older buildings find that wireless
LANs are a cost-effective network infrastructure solution.
Retail store owners use wireless networks to simply frequent network reconfiguration.
Trade show and branch office workers minimize setup requirements by installing preconfigured
wireless LANs needing no local MIS support.
Warehouse workers use wireless LANs to exchange information with central databases and
increase their productivity.
Network managers implement wireless LANs to provide backup for mission-critical
applications running on wired networks.
Senior executives in conference rooms make quicker decisions because they have real-time
information at their fingertips.
The increasingly mobile user also becomes a clear candidate for a wireless LAN. Portable
access to wireless networks can be achieved using laptop computers and wireless NICs. This
enables the user to travel to various locations–meeting rooms, hallways, lobbies, cafeterias,
classrooms, etc.–and still have access to their networked data. Without wireless access, the user
would have to carry clumsy cabling and find a network tap to plug into.
Metropolitan Area Networks
These networks are used as links between office buildings in
a city. Cellular phone systems expand the flexibility of MAN by allowing links to car phones and
Wide Area Networks
Wide area networks are countrywide and worldwide networks.
Among other kinds of channels, they use microwave relays and satellites to reach users over long
distances. One of the most widely used WANs is Internet, which allows users to connect to other
users and facilities worldwide.
Continue reading it-e-11 Introduction to computer network
Java 2企业版(J2EE)连接器架构(JCA)是对J2EE标准集的重要的补充. 它注重的是用于将Java程序连接到非Java程序和软件包的中间件的开发.JCA是由Sun公司领导的Java标准化组织开发的.JCA 目前还是在最后的草案阶段, 它定于2001年年底发布并且将成为J2EE 1.3 的一部分.JCA 提供了许多值得注意的好处, 但是直接的JCA编程并不是每个人都能学会.
通用客户介面(CCI Common Client Interface,目前还是可选内容)
JCA 是软件工业界在应用程序集成领域建立标准进行的第一步工作,而以前要做到这一点基本上是通过专有的中间件完成的.这是迈向正确方向的第一步, 因为应用程序的集成已经不仅成为了业界领袖面临的首要问题而且也让大多数主流软件商无法回避.
最小化的资源适配器也许只能改进那些在JCA出现以前由不同的销售商开发的非标准适配器.在目前的开发阶段,JCA与更现代的和更开放的目标应用程序或环境结合的时候最能体会它的威力.到2004年,在软件集成项目中少于百分之三十的软件包和遗留下来的适配软件将使用JCA, 而且拥有完全功能的将少于百分之十--包括对事务的支持,完全的安全性,以及CCI(0.7 的可能性).
JCA 通用客户界面是调用程序(用户程序或是集成中间件)使用的一套应用编程界面(API).JCA CCI被用做对资源适配器的标准访问过程,不管实际的目标程序或是环境是如何工作的.因为所有的资源适配器支持相同的一套AIP,所有的调用程序和外界程序间的交互过程就形成了标准.但是对CCI支持在JCA 1.0中是可迁的.许多的资源适配器会暴露非标准的但是满足特定目标或平台访问方式的客户界面.
CCI与企业版JavaBeans(EJB)的调用界面是不同的,而且JCA 资源适配器的封装方式也不尽相同;JCA的Java编译文件(JAR)与EJB JAR文件有不同的设计方式.所以CCI代表了J2EE范围内一个新的专门的编程模型;它是复杂的而且需要专门的技术知识.但是实际使用CCI的开发者的大部分很可能将是工具软件销售商(例如WebGain和IBM Visual Age)以及集成中间件生产商(例如WebMethods和TIBCO Software),而不是企业应用开发者.
要支持JCA, 集成中间件销售商一般不得不采用一整套J2EE平台,就象JCA设计需要的那样(也就是"managed"选项).但它们中的大多数还没有这样的能力,所以可能只是实现JCA标准的功能弱一些的"unmanaged"选项.这种情况很可能拖延集成中间件销售商对JCA全部标准的采用,因而也就会拖延对整个 JCA的采用.到2004年,所有主导的集成中间件销售商都将通过独立开发或是合作在它们的产品里捆绑进一个J2EE应用服务器(0.7的可能性).
JCA 对 Web服务(Web services)
JCA在功能上比Web服务要丰富,但是它发布起来更难而且限制了销售商只能从 Java环境访问它们.Web服务界面能够自动的包括对Java,微软,和其它结构的支持.一个可能的折衷是销售商同时提供对JCA和Web服务界面的支持,也许使用Web服务来打包JCA CCI.在未来的版本里,JCA很可能扩展它对XML和松偶合访问的支持.未来的JCA版本还可能提供对CCI和Web服务的标准化的支持.因此,JCA 将为对JCA资源适配器的紧耦合(JCA)和松耦合提供协议.
JCA标准没有解决一个资源适配器是应该总是代表整个目标环境(3270 CICS)还是代表一个或多个外部程序的功能(例如这样的功能,"从一个3270 CICS 应用程序获取客户信息").复合资源适配器--那些为几个外部环境(例如AS/400和R/3)--则连提都没有提到.当前的应用集成的实际显示一个适配器的功能范围可以是"瘦"或者含有很多的技术而在商业逻辑方面变得"胖"而笨重.对大多数集成项目来说关键性的异步集成方式也没有出现在JCA 1.0里. 当实际采用JCA的时候这些问题就会出现而且有可能需要在JCA未来的版本里做进一步的扩展和明确.制定JCA 2.0的工作已经开始.
JCA 的范围被限制在适配器技术里,这相对于整个应用集成平台来说是一个小部分.许多应用集成的需求和方案还没有包括在J2EE里.它不支持语义数据传输,业务进程管理,异步集成(JCA 的目标只有请求/应答 式的适配器风格),消息仓库和集成系统管理.JCA完全面向对同步复合应用的支持,支异步应用程序集成视而不见.要满足这些要求,到2004年附加的与集成有关的标准将被添加进J2EE(0.8的可能性).
Continue reading [转]JCA--又一个半拉子架构的介绍
The term "firewall" illustrates a system that protects a network and the machines on them
from various types of attack. Firewalls are geared towards keeping the server up all the time and
protecting the entire network.
The primary goal of a firewall is to implement a desired security policy; controlling access
in both directions through the firewall, and to protect the firewall itself from compromise. It
wards off intrusionattempts, Trojans and other malicious attacks.
They are meant for the home user in a networked environment. They aim to block simple
attacks, unlike the enterprise level firewalls that the corporate world uses at the server or router end.
There are many ways to implement a firewall, each with specific advantages and disadvantages.
Nowadays organizations and professionals use Internet technology to establish their online
presence and showcase their products and services globally. Their endeavor is to leverage digital
technology to make their business work for them.
All the organizations and professionals are shifting from Dialup to broadband and getting a
fixed IP. It has led to an increase in security attacks, bugs in everyday working. This does not
mean that Dialup being anonymous dynamic link or the firewall of the ISP network make you
Now if your machine was under attack, you must have wondered what went wrong making
your system crash suddenly. It is not necessary for anyone to actually know about you or your IP
address to gain access to your system.
If your system is infected or prone to intrusions, then beyond the anonymity of your Dialup
connection or a dynamic IP, your system can be hacked.
There are many ways to gain unauthorized access to a system. Operating system
vulnerabilities, cracked or guessed passwords are some of the more common. Once access is
attained, the intruder can send email, tamper with data, or use the system privileges to attack
Information Theft and Tampering
Data theft and tampering do not always require that the
system be compromised. There have been many bugs with FTP servers that allow attackers to
download password files or upload Trojan horses.
A Service Attacks
Any attack that keeps the intended user from being able to use the
services provided by their servers is considered a denial of service attack. There are many types
of denial of service attacks, and unfortunately are very difficult to defend against. "Mail bombs"
are one example in which an attacker repeatedly sends large mail files in the attempt at filling the
server's disk file system thus preventing legitimate mail from being received.
Not all attacks on computer systems are malicious. Joyriders are just looking for
fun. Your system may be broken into just because it was easy, or to use the machine as a
platform to attack others. It may be difficult to detect intrusion on a system that is used for this
purpose. If the log files are modified, and if everything appears to be working, you may never
A vandal is malicious. They break in to delete files or crash computer systems
either because they don't like you, or because they enjoy destroying things. If a vandal breaks
into your computer, you will know about it right away. Vandals may also steal secrets and target
Spies are out to get secret information. It may be difficult to detect break-ins by
spies since they will probably leave no trace if they get what they are looking for.
A personal firewall, therefore, is one of the methods you can use to deny such intrusions.
Continue reading it-e-12 What is a Firewall
Firewalls basically work as a filter between your application and network connection. They
act as gatekeepers and as per your settings, show a port as open or closed for communication.
You can grant rights for different applications to gain access to the internet and also in a reverse
manner by blocking outside applications trying to use ports and protocols and preventing attacks.
Hence you can block ports that you don't use or even block common ports used by Trojans.
Using Firewalls you can also block protocols, so restricting access to NetBIOS will prevent
computers on the network from accessing your data. Firewalls often use a combination of ports,
protocols, and application level security to give you the desired security.
Firewalls are configured to discard packets with particular attributes such as:
Specific source or destination IP addresses.
Specific protocol types.
TCP flags set/clear in the packet header.
Choose the firewalls which have the ability to ward off all intrusion attempts, control
applications that can access the internet, preventing the malicious scripts or controls from
stealing information or uploading files and prevent Trojans and other backdoor agents from
running as servers.
The purpose of having a firewall cannot be diminished in order to gain speed. However,
secure, high-performance firewalls are required to remove the bottleneck when using high speed
Internet connections. The World-Wide-Web makes possible the generation of enormous amounts
of traffic at the click of a mouse.
Most of these firewalls are free for personal use or offer a free trial period. All the personal
firewalls available can't ensure 100% security for your machine. Regular maintenance of the
machine is needed for ensuring safety.
Continue reading it-e-13 How Firewalls Work
To get here to there, data must move through something. A telephone line, cable, or the
atmosphereare all transmission media, or channels. But before the data can be communicated, it
must be converted into a form suitable for communication.
Data communications lines can be connected in two types of configurations: point-to-point
and multidrop. A point-to-point line directly connects the sending and the receiving devices, and
a multidrop line connects many devices, not just one sending device and one receiving device.
The two ways of connecting microcomputers with each other and with other equipments are
through the cable and through the air. There are three basic forms into which data can be
converted for communication: electrical pulses or charges, electromagnetic waves, and pulses of
Specifically, five kinds of technology are used to transmit data. These are telephone lines
(twisted pair), coaxial cable, fiber-optic cable, microwave, and satellite.
Telephone Lines  Inexpensive, multiple-conductor cable comprised of one or more pairs
of 18 to 24 gauge copper strands. The strands are twisted to improve protection against
electromagnetic and radio frequency interference. The cable, which may be either shielded or
unshielded, is used in low-speed communications, as telephone cable. It is used only in baseband
networks because of its narrow bandwidth. Most telephone lines you see strung on poles consist
of cables made up of hundreds of copper wires are twisted pairs. Twisted pairs are susceptible to
a variety of types of electrical interference (noise), which limits the practical distance that data
can be transmitted without being garbled. Twisted pairs have been used for years for voice and
data transmission, however they are now being phased out by more technically advanced and
Coaxial cable is a type of thickly insulated copper wire that can carry a
larger volume of data—about 100 million bits per second, the insulation is composed of a
nonconductive material covered by a layer of woven wire mesh and heavy-duty rubber or plastic.
In terms of number of telephone connections, a coaxial cable has 80 times the transmission
capacity of twisted pair. Coaxial cables are most often used as the primary communications
medium for local connected network in which all computer communication is within a limited
geographic area, such as in the same building.
Coaxial cable is also used for undersea telephone lines.
Fiber-Optic Cable 
A transmission medium composed of a central glass optical fiber
cable surrounded by cladding and an outer protective sheath. It transmits digital signals in the
form of modulated light from a laser or LED (light-emitting diode). In fiber-optic cable, data is
transmitted as pulses of light through tubes of glass. In terms of number of telephone connections,
fiber-optic cable has 20,000 times the transmission capacity of twisted pair. However, it is
significantly smaller. Indeed, a fiber-optic tube can be half the diameter of a human hair.
Although limited in the distance they can carry information, fiber-optic cables have several
advantages. Such cables are immune to electronic interference, which makes them more secure.
They are also lighter and less expensive than coaxial cable and are more reliable at transmitting
data. They transmit information using beams of light at light speeds instead of pulses of
electricity, making them far faster than copper cable. Fiber-optic cable is rapidly replacing
twisted-pair telephone lines.
Instead of using wire or cables, microwave systems can use the atmosphere as
the medium through which to transmit signals. Microwaves are high-frequency radio waves that
travel in straight lines through the air. Because the waves cannot bend with the curvature of the
earth, they can be transmitted only over short distances. Thus, microwave is a good medium for
sending data between buildings in a city or on a large college campus. For longer distances, the
waves must be relayed by means of "dishes", or antennas. These can be installed on towers, high
buildings, and mountaintops. Each tower facility receives incoming traffic, boosts the signal
strength, and sends the signal to the next station.
Satellite communications refers to the utilization of geostationary orbiting
satellites to relay the transmission received from one earth station to one or more earth stations.
They are the outcome of research in the area of communications whose objective is to achieve
ever-increasing ranges and capacities with the lowest possible costs. Orbiting about 22,000 miles
above the earth, satellites rotate at a precise point and speed above the earth. This makes them
appear stationary so they can amplify and relay microwave signals from one transmitter on the
ground to another. The primary advantage of satellite communication is the amount of area that can
be covered by a single satellite. It also has other features: long communication distance, and the
cost of station building is independent of the communication distance, operating in broadcasting
mode, easy for multiple access, sustaining heavy traffic, able to transport different types of service,
independent sending and receiving, and monitoring. Three satellites placed in particular orbits can
cover the entire surface of the earth, with some overlap. Their only drawback is that bad weather
can sometimes interrupt the flow of data.
Continue reading it-e-14 Data Communications Channels
What is VSAT ? VSAT stands for Very Small Aperture Terminal//it's a catchy acronym
and as such it's been adopted by all and sundry for every type of satellite product from small
components of a system to complete systems. Because the term really hinges around the small size
of the antenna it has been used to describe both one-way and interactive systems. Specifically, we
in the industry, isolate television broadcast receivers because counting these as well would simply
distort the numbers in the marketplace, but data, audio and, to some extent, voice systems are
included. Generally, these systems operate in the Ku-band and C-band frequencies. As a rule of
thumb C-band (which suffers less from rain attenuation, but requires larger antennas) is used in
Asia, Africa and Latin America whilst Ku-band (which can use smaller antennas, but suffers from
rain fade in a monsoon-like downpour) is used in Europe and North America. Typically, interactive
Ku-band antenna sizes range from 75 centimetres to 1.8 metres and C-band from 1.8 metres to 2.4
metres. One way systems can use antennas as small as 45 centimetres.
What does a network look like? VSAT networks come in various shapes and sizes ranging
from star data system users with one site connected to an operator's shared hub to many
thousands based on a dedicated facilitylocated at their own site. Mesh systems have traditionally
been somewhat smaller in size than star systems//5 to 30 sites used to be a good rule of thumb
- but the average size of orders has risen as prices have come down and some rural telephony
networks now comprise as many as several hundred or even thousands of sites.
What is One-way Satellite ? One way systems rely on a transmitting station which
transmits one or more carriers to the satellite which re-broadcasts the signal over its coverage
area. All receive-only VSATs under the satellite footprint can then receive the signal or the
user/operator is able to define groups of VSATs from one to all on the network. Broadcast
systems are used for data and audio. The most popular application for data is the transmission of
financial feeds//Reuters, Telerate and KnightRidder are good examples of companies with
large data broadcasting networks//however, there are many other uses, such as software
downloads, file transfers, transmission of press agency news items (with pictures) and the
broadcast of paging messages for terrestrial transmission to the pagers themselves.
Who uses VSAT ? You name it really, car dealerships, gas stations, lottery systems, banks,
insurance companies, drug stores, general stores, supermarkets, healthcare companies, manufacturers,
couriers, hotel chains, car rental businesses, food manufacturers, heavy industries, mines, electrical
utilities, oil and gas pipelines, energy production and exploration, timbercompanies, plantations,
various government departments and agencies ... any others you can think of, just add to the list.
aperture ['æpə,tjuə] 英汉翻译
catchy ['kætʃi] 英汉翻译
acronym ['ækrəunim] 英汉翻译
sundry ['sʌndri] 英汉翻译
adj. 杂的；各式各样的n. 杂货；杂项
2, antenna [æn'tenə]
3, distort [dis'tɔ:t]
5, attenuation [ə,tenju'eiʃən]
6, hinge [hindʒ]
7, monsoon [mɔn'su:n]
8, downpour ['daunpɔ:]
9, dedicated ['dedikeitid]
10, facility [fə'siliti]
11, mesh [meʃ]
12, terrestrial [ti'restriəl, tə-]
13, dealership ['di:ləʃip]
14, timber ['timbə]
Continue reading it-e-15 Simple Introduction to VSAT
There are several factors that affect data transmission. They include speed or bandwidth,
serial or parallel transmission, direction of data flow, modes of transmission data, and protocols.
The different communications channels have different data transmission speeds.
This bit-per-second transmission capability of a channel is called its bandwidth. Bandwidth may be
of three types: voiceband, medium band, and broadband. Voiceband is the bandwidth of a standard
telephone line and used often for microcomputer transmission, the bps is 300-9600. Medium band
is the bandwidth of special liased lines used mainly with minicomputers and mainframe computers,
the bps is 56,000/264 million. Broadband is the bandwidth that includes microwave, satellite,
coaxial cable, and fiber-optic channels. It is used for very high-speed computers whose processors
communicate directly with each other. It is in the range of 56,000/30 billion bps.
Serial or Parallel Transmission Data travels in two ways: serially and in parallel. In serial
data transmission, bits flow in a serial or continuous stream, like cars crossing a one-lane bridge. Each
bit travels on its own communications line. Serial transmission is the way most data is sent over
telephones lines. Thus, the plug-in board making up the serial connector in a microcomputer's modem
is usually called a serial port. More technical names for the serial port are RS-232C connector and
asynchronous communications port. With parallel data transmission, bits flow through separate lines
simultaneously. In other words, they resemble cars moving together at the same speed on a multilane
freeway. Parallel transmission is typically limited to communications over short distances and is not
used over telephone lines. It is, however, a standard methods of sending data from a computer's CPU
to a printer.
Direction of Data Transmission
There are three directions or modes of data flow in a data
communications system: simplexcommunication, half-duplex communication, and full-duplex
communication. Simplex communication resembles the movement of cars on a one-way street.
Data travels in one direction only. It is not frequently used in data communication systems today.
One instance in which it is used may be in point-of sale (POS) terminals in which data is being
entered only. In half-duplex communication, data flows in both directions, but not simultaneously.
That is, data flows in only one direction at any one time. This resembles traffic on a one-lane
bridge. Half-duplex is very common and is frequently used for linking microcomputers by
telephone lines to other microcomputers, minicomputers, and mainframes. Thus, when you dial
into an electronic bulletin board through your microcomputer, you may well be using half-duplex
communication. In full-duplex communication, data is transmitted back and forth at the same
time, like traffic on a two-way street. It is clearly the fastest and most efficient form of two-way
communication. However, it requires special equipment and is used primarily for mainframe
communications. An example is the weekly sales figures that a supermarket or regional office
sends to its corporate headquarters in another place.
Modes of Transmitting Data
Data may be sent by asynchronous or synchronous transmission.
In asynchronous transmission, the method frequently used with microcomputers, data is sent and
received one byte a time. Asynchronous transmission is often used for terminals with slow speeds. Its
advantage is that the data can be transmitted whenever convenient for the sender. Its disadvantage is a
relatively slow rate of data transfer. Synchronous transmission is used to transfer great quantities of
information by sending several bytes or a block at a time. For the data transmission to occur, the
sending and receiving of the blocks of bytes must occur at carefully timed intervals. Thus, the system
requires a synchronized clock. Its advantage is that data can be sent very quickly. Its disadvantage is
the cost of the required equipment.
For data transmission to be successful, sender and receiver must follows a set of
communication rules for the exchange of information. These rules for exchanging data between
computers are known as the line protocol. A communication software package like Crosstalk
helps define the protocol, such as speeds and modes, for connecting with another microcomputer.
TCP/IP ( Transmission Control Protocol and Internet Protocol) are the two standard protocols for
communications on the Internet.
TCP/IP is the "language" of the Internet. It is a networking technology developed by the
United States Government Defense Advanced Research Project Agency (DARPA) in the 1970s.
It is most commonly employed to provide access to the Internet but can be and is used by many
people to create a LAN that may or may not connect to the Internet. In many aspects TCP/IP is a
client/server-type LAN, but many manufacturers of TCP/IP software have applications that allow
the "clients" to serve files or even applications. TCP/IP is truly an open systems protocol. This
means that no one manufacturer creates the product—any computer running TCP/IP software can
connect to anyone else who has TCP/IP software (provided the user has an account and security
permissions), regardless of who made the particular version of software.
When different types of microcomputers are connected in a network, the protocols can
become very complex. Obviously, for the connections to work, these network protocols must
adhere to certain standards. The first commercially available set of standards was IBM's Systems
Network Architecture (SNA). This works for IBM's own equipment, but other machines won't
necessarily communicate with them. The International Standards Organization has defined a set of
communications protocols called the Open Systems Interconnection (OSI). The purpose of the OSI
model is to identify functions provided by any network. It separates each network's functions into
seven "layers" of protocols, or communication rules. When two network systems communicate,
their corresponding layers may exchange data. This assumes that the microcomputers and other
equipment on each network have implemented the same functions and interfaces.
1, resemble [ri'zembl]
3, simplex ['simpleks]
4, duplex ['dju:pleks]
5, bulletin ['bulətin]
Continue reading it-e-16 Main Factors Affecting data Tansmission
Please notice that the term computer system here includes hardware, software, network
transmission paths, and people who interact with these components. By this definition,
everything from a desktop workstation to the Internet qualifies as a computer system.
An attacker is a person who tries to gain an advantage by exploiting a security hole.
Attackers are misfeasors, masqueraders, or clandestine users.
These authorized users gain additional but unauthorized access to resources on
a system or otherwise misuse their authorization. Examples include programmers who use their
accounts to exploit operating system (OS) vulnerabilities and gain administrative privileges, or
accountants who embezzlemoney by falsifying records in a database to which they have regular
access. A misfeasor is an "inside" person, someone within an organization who introduces a
security risk or poses a threat.
These people use authorized user access privileges to enter a system and
then, posing as that user, attack the system. Examples include hackers who obtain usernames and
passwords by cracking password files, and then use that information to gain entry to the system.
Masqueraders are usually persons outside the organization.
These individuals are insiders or outsiders who obtain their own, distinct
unauthorized access to a system. Examples include hackers who obtain administrative access to a
system long enough to create their own user accounts for subsequent access.
The concepts of access and authorization are not necessarily limited to user accounts within
an OS. Physical access to an equipment closet or authorization to place orders for new telephony
service are examples of other types of access and authorization. All persons who have any degree
of physical or logical interaction with a system, its components, or its processes are capable of
compromising system security.
The goals of an attacker range from innocuous to severely damaging:
Most thrill-seeking attackers are trophy grabbing. Their intent is not to
disrupt or damage a system, but to prove that they can enter the system. Such accomplishments
are badges of achievement in the hacker community.
The most common goal of a security attack is information theft. Intruders
seek sensitive information such as credit card numbers, usernames, passwords, and medical records.
This type of attack involves attackers who use computer resources without
paying for them. Software pirates who crack systems to host stolen software, or warez, for others
to download are guilty of service theft. Clandestine users also commit service theft by having
unauthorized accounts on a server.
This is the act of illegally assuming the identity of another person, or
masquerading, to gain control of that person's resources (usually computer and economic
privileges). An example of this is an attacker who uses stolen social security numbers and credit
histories to establish and exercise unauthorized lines of credit. Identity theft does not necessarily
involve information theft. For example, an attacker can commit e-mail forgerywithout stealing
sensitive information about the e-mail address owner.
This attack is more serious than information theft because the attacker alters
data rather than simply copying it. A student who changes a grade in a university registrar's
database is tampering. This example is stealthy tampering/the attack is not intended to draw
attention. A more extreme form of tampering is defacement, in which a hacker alters a system in
a very noticeable way, usually to make a personal or political statement. The disgruntled
computer operator who, upon dismissal, embeds nasty messages about management in a login
script, or the activist group that hacks into a corporate Web site are typical examples.
Denial of Service (DoS)
DoS can be the most damaging type of security attack. It
diminishes server capacity for authorized clients and temporarily disrupts access to the system. In
the worst cases, DoS attacks render a system unusable for a protracted period by destroying not
only its ability to communicate, but also any data that has been entrusted to it. DoS also can
occur as an unintentional side effect of service theft. For example, hosting pirated warez can
bring down a system because of the excessive download activity.
Although attackers continue to create new methods for violating computer system security,
the vulnerabilities they exploit remain the same. These vulnerabilities can be divided into five
The unquestioning, unchecked acceptance of a person or agent. Attacks that
exploit this vulnerability include: compromised system utilities, e-mail forgery, IP spoofing,
keystroke monitoring, logic bomb, masquerading, shoulder surfing, social engineering, Trojan
A defense is a countermeasurefor dealing with security attacks. Administrators can employ
five types of defenses:
ObfuscationConfusing the attacker by obscuring publicly available information that exposes
vulnerability. Examples include: anonymity, encryption, packet stuffing, public key cryptography,
shielding, steganography, trash disposal.
Authentication and Authorization Ensuring that a person or system claiming an identity is
the real owner of the identity, and granting access on a "must have" basis. Examples include:
badges and cards, biometrics, password, shared secret, signature, watermark.
Monitoring and Auditing Observing system vulnerabilities, either in real time or through
audit tools, to detect attacks. Examples include: filtering, firewall, integrity check, intrusion
detection, misuse detection, password checker, peer review, process review, security audit tools,
Currency Consistently using tested software updates and periodically reviewing human
processes and procedures. Examples include: patching, process review, upgrading.
Education and Enforcement Effectively equipping system designers and users with
knowledge of security risks, and then enforcing application of this knowledge. Examples include:
reminders, tip of the day, training.
The key to preventing security attacks from diminishing system performance is knowledge.
IT administrators can develop their security strategies by studying historical and contemporary
attacks, appropriate defenses, and the evolving trends in the computer security industry.
1, misfeasor [,mis'fi:zə]
2, masquerader [,mæskə'reidə]
3, clandestine [klæn'destin]
4, embezzle [im'bezl]
5, falsify [fɔ:lsifai]
7, innocuous [i'nɔkjuəs]
8, trophy ['trəufi]
10, forgery ['fɔ:dʒəri]
11, tampering ['tæmpəriŋ]
12, defacement [di'feismənt]
13, dismissal [dis'misəl]
14, nasty ['næsti]
15, exploit [iks'plɔit]
16, countermeasure ['kauntə,meʒə]
17, obfuscation [,ɔbfʌ'skeiʃən]
Continue reading it-e-17 Computer System Security
Network architecture describes how computer network is arranged and how computer
resources are shared.
There are a number of specialized terms that describes computer network. Some terms often
used with networks are: node, client, server, network operating system, distributed processing
and host computer.
A node is any device that is connected to a network. It could be a computer, printer, or
communication or data storage device.
A client is a node that requests and uses resources available from other nodes. Typically, a
client is a user's microcomputer.
A server is a node that shares resources with other nodes. Depending on the resources
shared, it may be called a file server, printer server, communication server, or database server.
Network operating system likes Windows, it controls and coordinate the activities between
computers on a network. These activities include electronic communication, information, and
In a distributed processing system, computing power is located and shared at different
locations. This type of system is common in decentralized organizations where divisional
offices have their own computer systems. The computer systems in the divisional offices are
networked to the organization's main or centralized computer.
Host computer is a large centralized computer, usually a minicomputer or a mainframe.
A network may consist only of microcomputers, or it may integrate microcomputers or
other devices with large computers. Networks can be controlled by all nodes working together
equally or by specialized nodes coordinating and supplying all resources. Networks may be
simple or complex, self-contained or dispersed over a large geographical area.
Configuration A network can be arranged or configured in several different ways. The
four principal configurations are star, bus, ring, and hierarchical.
In a star network, a number of small computers or peripheral devices are linked to a central
unit. This central unit may be a host computer or a file server. All communications pass through
this central unit. Control is maintained by polling. That is, each connecting device is asked
whether it has a message to send. Each device is then in turn allowed to send its message. One
particular advantage of the star form of network is that it can be used to provide a time-sharing
system. That is, several users can share resources ("time") on a central computer. The star is a
common arrangement for linking several microcomputers to a mainframe that allows access to an
In a bus network, each device in the network handles its own communications control. There
is no host computer. All communications travel along a common connecting cable called a bus. As
the information passes along the bus, it's examined by each device to see if the information is
intended for it. The bus network is typically used when only a few microcomputers are to be linked
together. This arrangement is common in systems for electronic mail or for sharing data stored on
different microcomputers. The bus network is not as efficient as the star network for sharing
common resources. (This is because the bus network is not a direct link to the resource.) However,
a bus network is less expensive and is in very common use.
In a ring network, each device is connected to two other devices, forming a ring. There is no
central file server or computer. Message are passed around the ring until they reach the correct
destination. With microcomputers, the ring arrangement is the least frequently used of the four
networks. However, it often is used to link mainframes, especially over wide geographical areas.
These mainframes tend to operate fairly autonomously. They perform most or all of their own
processing and only occasionally share data and programs with other mainframes. A ring
network is useful in a decentralized organization because it makes possible a distributed data
processing system. That is, computers can perform processing tasks at their own dispersed
locations. However, they can also share programs, data and other resources with each other.
The hierarchical network consists of several computers linked to a central host computer,
just like a star network. However, these other computers are also hosts to other, smaller
computers or to peripheral devices. Thus, the host at the top of the hierarchy could be a
mainframe. The computers below the mainframe could be minicomputers, and those below,
microcomputers. The hierarchical network—also called a hybrid network—allows various
computers to share databases, processing power, and different output devices. A hierarchical
network is useful in centralized organizations. For example, different departments within an
organization may have individual microcomputers connected to departmental minicomputers.
The minicomputers in turn may be connected to the corporation’s mainframe, which contains
data and programs accessible to all.
Every network has a strategy or way of coordinating the sharing of information
and resources. The most common network strategies are peer-to-peer and client/server systems.
In a peer-to-peer network system nodes can act as both servers and clients. For example, one
microcomputer can obtain files located on another microcomputer and can also provide files to
other microcomputers. A typical configuration for a peer-to-peer system is the bus network.
Commonly used net operating systems are Apple's Macintosh Peer-to-Peer LANs, Novell’s
Netware Lite, and Microsoft's Windows for Workgroups. There are several advantages to using this
type of strategy. The networks are inexpensive and easy to install, and they usually work well for
smaller systems with less than ten nodes. As the number of nodes increases, however, the
performance of the network declines. Another disadvantage is the lack of powerful management
software to effectively monitor a large network's activities. For these reasons, peer-to-peer network
are typically used by small networks.
Client/server network systems use one powerful computer to coordinate and supply services to
all other nodes on the network. This strategy is based on specialization. Server nodes coordinate
and supply specialized services, and client nodes request the services. Commonly used net
operating systems are Novell's Netware, Microsoft's LAN and Windows NT. One advantage of
client/server network systems is their ability to handle very large networks efficiently. Another
advantage is the powerful network management software that monitors and controls the network's
activities. The major disadvantages are the cost of installation and maintenance.
1, term [tə:m]
2, peripheral [pə'rifərəl]
3, hybrid ['haibrid]
4, dispersed [di'spə:st]
Continue reading it-e-18 Network Architecture
Internet is nowadays widely used in the world, it provides numerous services, such as
on-line booking, BtoB (business to business) services, databases accesses to the companies. But
all these services are asynchronous, which means that there is a delay between an action from the
user and the response from the service (it's a client/server architecture; a computer provides a
service which is used by one or several clients). The new generation of network communication
tools tries to reach the real time level, which means that there is no delay between the action of
the user and the response.
Real time chats, or for instance video on demand, are the new services provided by the
Internet today. These applications appeared recently and are still in development. One really
interesting applications for these technologies is video conference.
Video conference is a technology which allows people to communicate through computer
networks using an audio stream and a video stream. In a few words, people using video
conference can hear and see their correspondents.
Video conference has been very popular only over ISDN (dedicated digital phone lines).
These days, packet-switched networks, such as IP networks, have opened the door to newer
protocols including H.323. The computing power of the desktop systems, the kind of computers
that can be found in the companies or at home, allows the use of video conference applications.
Moreover, webcams, these little low resolution cameras that can be plugged on a regular
computer, are becoming cheaper and cheaper, and almost every computer has now audio
H.323 is the standard for video conference. It can be used over IP (Internet Protocol), and
possibly over all kinds of switched-packet networks (LAN/Local Area Network, MAN/
Metropolitan Area Network, and WAN/Wide Area Network, including the Internet). It was
defined by the ITU (it is the leading publisher of telecommunication technology, regulatory and
standards information ) in 1996. It is updated almost every year, to fit the new progresses in
network capabilities and computing power. The latest version is H.323.5. It was defined in 2003.
The scope of H.323 covers real-time voice, video and data communication over packet-switched
networks. It has multipoint capabilities (several people can communicate with several other people at
the same time) voice and video conferencing capabilities.
The H.323 protocol can be defined as an "umbrella" specification, which means that the protocol
includes several other protocols. In the H.323, the H.225.0, the H.245, the H.450.x, the T.120
protocols are also defined. In addition to these protocols H.323 uses audio codecs (H.261 and H.263),
video codecs (G.711, G.722, G.723.1, G.728 and G.729), and a real-time transport layer called
RTP/RTCP (Real-time Protocol and Real-time Control Protocol). All these protocols cover a different
aspect of the video conference system.
Video conference is one of the most exciting communication media, and will certainly take
a bigger and bigger place in our future. H.323 is a mature protocol that can be safely used for this
purpose. It is widely used by telecom companies, and offers interesting alternatives to the regular
telephone. With the growing power of Internet and the need of world wide communications,
there is no doubt that video conference will be tomorrow for our society what telephone is
1, regulatory ['regjulətəri]
Continue reading it-e-19 Video Conference and H.323