BUSINESS DATA NETWORKS AND SECURITY
ELEVENTH EDITIONBUSINESS DATA NETWORKSAND SECURITYRaymond R. PankoUniversity of Hawai i at MānoaJulia L. PankoWeber State University330 Hudson Street, NY NY 10013
Vice President, IT & Careers: Andrew GilfillanSenior Portfolio Manager: Samantha LewisManaging Producer: Laura BurgessAssociate Content Producer: Stephany HarringtonPortfolio Management Assistant: Madeline HouptDirector of Product Marketing: Brad ParkinsProduct Marketing Manager: Heather TaylorProduct Marketing Assistant: Jesika BetheaField Marketing Manager: Molly SchmidtField Marketing Assistant: Kelli FisherCover Image: uschools/E /Getty ImagesVice President, Product Model Management: Jason FournierSenior Product Model Manager: Eric HakansonLead, Production and Digital Studio: Heather DarbyDigital Studio Course Producer: Jaimie NoyProgram Monitor: Christopher Rualizo, SPi GlobalProject Manager: Neha Bhargava, Cenveo Publisher ServicesComposition: Cenveo Publisher ServicesPrinter/Binder: LSC CommunicationsCover Printer: Phoenix ColorText Font: Palatino LT ProCredits and acknowledgments borrowed from other sources and reproduced, with permission, in this textbook appear onthe appropriate page within text or at the end of book.Microsoft and/or its respective suppliers make no representations about the suitability of the information contained in thedocuments and related graphics published as part of the services for any purpose. All such documents and related graphicsare provided “as is“ without warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warrantiesand conditions with regard to this information, including all warranties and conditions of merchantability, whether express,implied or statutory, fitness for a particular purpose, title and non-infringement. In no event shall Microsoft and/or itsrespective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resultingfrom loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or inconnection with the use or performance of information available from the services.The documents and related graphics contained herein could include technical inaccuracies or typographical errors. Changesare periodically added to the information herein. Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time. Partial screen shots may be viewed in fullwithin the software version specified.TrademarksMicrosoft Windows , and Microsoft Office are registered trademarks of the Microsoft Corporation in the U.S.A. and othercountries. This book is not sponsored or endorsed by or affiliated with the Microsoft Corporation.Copyright 2019, 2016, 2013 by Pearson Education, Inc. All rights reserved. Manufactured in the United States ofAmerica. This publication is protected by Copyright, and permission should be obtained from the publisher prior to anyprohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical,photocopying, recording, or likewise. For information regarding permissions, request forms and the appropriate contactswithin the Pearson Education Global Rights & Permissions department, please visit www.pearsoned.com/permissions.Acknowledgements of third party content appear on the appropriate page within the text, which constitutes an extension ofthis copyright page.Unless otherwise indicated herein, any third-party trademarks that may appear in this work are the property of theirrespective owners and any references to third-party trademarks, logos or other trade dress are for demonstrative ordescriptive purposes only. Such references are not intended to imply any sponsorship, endorsement, authorization,or promotion of Pearson’s products by the owners of such marks, or any relationship between the owner and PearsonEducation, Inc. or its affiliates, authors, licensees or distributors.Library of Congress Cataloging-in-Publication DataNames: Panko, Raymond R., author. Panko, Julia L., author.Title: Business data networks and security / Raymond R. Panko, University ofHawai’i at Mānoa, Julia L. Panko, Weber State University.Description: Tenth edition. Boston : Pearson, [2018] Includesbibliographical references and index.Identifiers: LCCN 2017048586 ISBN 9780134817125 (alk. paper) ISBN0134817125 (alk. paper)Subjects: LCSH: Business enterprises–Computer networks–Security measures. Computer networks–Management. Computer networks–Security measures. Computer security.Classification: LCC HD30.37 .P36 2018 DDC 658.4/78–dc23 LC record available athttps://lccn.loc.gov/2017048586ISBN 10:0134817125ISBN 13: 9780134817125
To Sal Aurigemma. A great partner in crime in research and teaching.
BRIEF CONTENTSPreface for AdoptersxxiPreface for Students xxxvAbout the AuthorsxliChapter 1Chapter 1aChapter 2Chapter 3Chapter 3aChapter 4Chapter 5Chapter 5aChapter 6Chapter 6aChapter 7Chapter 8Chapter 8aChapter 9Chapter 9aChapter 10Chapter 11AppendixCore Network Concepts and Terminology 1Hands-On: A Few Internet Tools 36Network Standards 37Network Management 73Hands-On: Microsoft Office Visio 102Network Security 107Ethernet (802.3) Switched LANs 145Hands-On: Cutting and Connectorizing UTP 175Wireless LANs I 181Hands-On: Using Xirrus Wi-Fi Inspector 213Wireless LANs II 223TCP/IP Internetworking I 255Hands-On: Wireshark Packet Capture 286TCP/IP Internetworking II 293Cisco’s IOS Command Line Interface (CLI) 322Carrier Wide Area Networks (WANs) 327Networked Applications 353Managing the Security Process 387Glossary 425IndexCredits449469Online ModulesModule AModule BModule CModule DMore on TCPMore on ModulationMore on TelecommunicationsDirectory Serversv
CONTENTSPreface for AdoptersxxiPreface for Students xxxvAbout the AuthorsxliCHAPTER 1 CORE NETWORK CONCEPTS AND TERMINOLOGY1A State of Siege 1Anything, Anytime, Anywhere 4The Internet Reorganizes to Get Commercial 4Old Yet Always New 5Owning and Managing the Internet 7The Snake in the Garden 8Next Steps 9Outside the Internet 9Client and Server Hosts 10Networked Applications 12The Job of the Source Host 13The Job of the Destination Host 16Inside the Internet 17The Main Characters: IP Addresses, Packets, Routers,Data Links, and Routes 17IP Addresses 17IP Packets 19Routers 20Data Links and Routes 21The Transport and Internet Processes in the Network Stack 22Supervisory Standards: Beyond TCP and IP 23Single Networks, Data Links, and Physical Links 26Point-to-Point Single Networks 26Ethernet Single Networks 27Frames and Packets 29Single Network Addresses 31Internet Routers and Personal Access Routers 32Internet Core Routers 32Residential Access Router 32vii
viiiContentsCorporate Access Point 33Where to Next? 33End-of-Chapter Questions 34Chapter 1a HANDS-ON: A FEW INTERNET TOOLSChapter 2 NETWORK STANDARDS3637How Internet Standards Come to Be IN MORE DEPTH: April 1 and RFCs3740Introduction 40Standard Protocol 41What Are Network Standards? 41The Importance of Standards 41Creating Standards 42Standards Agencies 42Standards Architectures 43The OSI Standards Architecture 45The TCP/IP Standards Architecture 46When Do We Capitalize “Internet?“ 46The Hybrid TCP/IP–OSI Standards Architecture 47Message Ordering (Plus Reliability and Connection Orientation)in Standards 49Simple Message Ordering in HTTP 49Message Ordering and Reliability in TCP at theTransport Layer 50Message Syntax in Standards 54Syntax: General Message Organization 54The Syntax of the Internet Protocol (IP) Packet 56Transmission Control Protocol (TCP) Segment Syntax 57User Datagram Protocol (UDP) Datagram Syntax 59Port Numbers 60Frame Syntax 63Encoding Application Messages into Binary 64Encoding 64Encoding Text as ASCII 65Converting Integers into Binary Numbers (1s and 0s) 66Encoding Alternatives 68Protocols in this Chapter 70End-of-Chapter Questions 71
ContentsChapter 3 NETWORK MANAGEMENT73Introduction 73Network Quality of Service (QoS) 74Transmission Speed 74Other Quality-of-Service Metrics 78Service Level Agreements (SLAs) 80Network Design 82Traffic Analysis 82Reliability Through Redundancy 85Traffic Requirements versus Leased Lines 86Momentary Traffic Peaks 87Centralized Network Management 90Ping 92Traceroute 93The Simple Network Management Protocol (SNMP) 94Automation 96Software-Defined Networking (SDN) 96Traditional Configuration and Its Discontents 96Software-Defined Networking Operation 99End-of-Chapter Questions 101Chapter 3a HANDS-ON: MICROSOFT OFFICE VISIO102What is Visio? 102Using Visio 102Chapter 4 NETWORK SECURITY107The Target Breach 107The POS Attack 108Damages 111Perspective 112Introduction 112Types of Attacks 113Malware Attacks 113Vulnerabilities and Patches 114Social Engineering: No Vulnerability Necessary 114Types of Malware 115Payloads 117Human Break-Ins (Hacking) 118ix
xContentsDenial-of-Service (DoS) Attacks 120Advanced Persistent Threats (APTs) 121Types of Attackers 122Cybercriminals 122Employees, Ex-Employees, and Other Insiders 123Business Competitors 124Cyberterrorists and National Governments 124Protecting Dialogues Cryptographically 125Encryption for Confidentiality 125Electronic Signatures: Message Authenticationand Integrity 126Host-to-Host Virtual Private Networks (VPNs) 127Authentication 128Authentication Terminology and Concepts 128Reusable Passwords 129Other Forms of Authentication 132Firewalls and Intrusion Detection Systems 135Dropping and Logging Provable Attack Packets 136Stateful Packet Inspection (SPI) Firewalls 137Next-Generation (Application Aware) Firewalls(NGFWs) 139Intrusion Detection System (IDSs) 141 IN MORE DEPTH: Antivirus Protection 142End-of-Chapter Questions 143Chapter 5 ETHERNET (802.3) SWITCHED LANs145Ethernet Begins 145Introduction 146Local Area Networks 146Perspective: Layer 1 and Layer 2 Standards 147Basic Physical Layer Terminology 148Ethernet Physical Layer Standards 150Signaling 1504-Pair Unshielded Twisted Pair (UTP) Physical Links 152Optical Fiber (Fiber) 155Link Aggregation (Bonding) 159Perspective on Purchasing Physical Links in Ethernet 160 IN MORE DEPTH: Fiber Modes and Light Wavelength 161
ContentsThe Ethernet Data Link Layer Switching and Frame SyntaxStandard 162Physical Link and Data Link Length Restrictions 162Ethernet Data Link Layer Switch Operation 164Core Fields in the Ethernet Frame 166 IN MORE DEPTH: Secondary Fields in The Ethernet Frame 168Management 169SNMP 169Reliability 169Ethernet Security 170Ethernet Security in Perspective 170Virtual LANs (VLANs) for Network Segregation 170Initial User Authentication Through 802.1X 171802.1AE Switch-to-Switch Protection 172ARP Cache Poisoning 172End-of-Chapter Questions 173Chapter 5a HANDS-ON: CUTTING AND CONNECTORIZING UTPIntroduction 175Solid and Stranded Wiring 175Solid-Wire UTP versus Stranded-Wire UTP 175Relative Advantages 176Adding Connectors 176Cutting the Cord 176Stripping the Cord 176Working with the Exposed Pairs 177Pair Colors 177Untwisting the Pairs 177Ordering the Pairs 177Cutting the Wires 178Adding the Connector 178Holding the Connector 178Sliding in the Wires 179Some Jacket Inside the Connector 179Crimping 179Pressing Down 179Making Electrical Contact 179Strain Relief 180175xi
xiiContentsTesting 180Testing with Continuity Testers 180Testing for Signal Quality 180Chapter 6 WIRELESS LANs I181Introduction 182OSI Standards 182802.11 Wi-Fi 182Basic Access Point Operation 183Radio Signal Propagation 184Perfidious Radio 184Frequencies 184Antennas 185Wireless Propagation Problems 186Service Bands and Bandwidth 189Service Bands 189Signal and Channel Bandwidth 190Licensed and Unlicensed Service Bands 192Channel Use and Co-Channel Interference 193The 2.4 GHz and 5 GHz Unlicensed ServiceBands 194Spread Spectrum Transmission 195Normal versus Spread Spectrum Transmission 196Orthogonal Frequency Division Multiplexing (OFDM) SpreadSpectrum Transmission 197802.11 WLAN Operation 197From 802.11 to 802.3 197Wireless Networks with Multiple AccessPoints 198Media Access Control 199 IN MORE DEPTH: Media Access Control (Mac)201802.11 Transmission Standards 203Channel Bandwidth and Service Band Bandwidth 203Speed and Market Status 204Your Service Speed Will Vary. A Lot. 205Multiple Input/Multiple Output (MIMO) 205Beamforming and Multiuser MIMO 207 IN MORE DEPTH: 802.11/WI-FI Notes 208End-of-Chapter Questions211
ContentsChapter 6a HANDS-ON: USING XIRRUS Wi-Fi INSPECTORIntroduction 213The Four Windows 213The Radar Window (Read the Fine Print) 214Connection Window 215The Networks Window 216Signal History 217Other Groups on the Ribbon 218Tests 218Connection Test 218Speed Test 219Quality Test 220Chapter 7 WIRELESS LANs II 223Child’s Play 223802.11i WLAN Security 225802.11i 225802.11i Stages 227Pre-Shared Key (PSK) Initial Authentication Mode in802.11i 228802.1X Initial Authentication Mode Operation 231Beyond 802.11i Security 232Rogue Access Points 232Evil Twin Access Points and Virtual Private Networks(VPNs) 233802.11 Wi-Fi Wireless LAN Management 236Access Point Placement 236Centralized Management 238 IN MORE DEPTH: Expressing Power Ratios in Decibels239Peer-to-Peer Protocols for the Internet ofThings (IoT) 241Bluetooth 243Classic Bluetooth and Bluetooth Low Energy (LE) 243One-to-One, Master–Slave Operation 244Bluetooth Profiles 246Bluetooth Low Energy 246Other Promising IoT Transmission Standards 248Near Field Communication (NFC) 248213xiii
xivContentsWi-Fi Direct 249Zigbee and Z-Wave 250Security in the Internet of ThingsEnd of Chapter Questions 253Chapter 8 TCP/IP INTERNETWORKING I251255Introduction 255IP Routing 257Hierarchical IPv4 Addressing 257Routers, Networks, and Subnets 260Network and Subnet Masks 261How Routers Process Packets 263Switching versus Routing 263Routing Table 265Rows Are Routes for All IPv4 Addresses in aRange 265Step 1: Finding All Row Matches 266Step 2: Selecting the Best-Match Row 269Step 3: Sending the Packet Back Out 270Cheating (Decision Caching) 271Routing Tables for IPv6 Addresses 272 IN MORE DEPTH: Masking When Masks Do Not Break at 8-BitBoundaries 272The Internet Protocol Version 4 (IPv4) Fields 273The First Row 273The Second Row 274The Third Row 274IP Options 275IP Version 6 (IPv6) 275Outgrowing IPv4 275IPv6 275Writing IPv6 Addresses in Canonical Text Notation(RFC 5952) 276The IPv6 Main Header 279Extension Headers 281The Transmission Control Protocol (TCP) 282Fields in TCP/IP Segments 282Openings and Abrupt TCP Closes 283
ContentsThe Limited Maximum Length of User Datagram Protocol (UDP)Datagrams 284End-of-Chapter Questions 285Chapter 8a HANDS-ON: WIRESHARK PACKET CAPTURE286Introduction 286Getting Wireshark 286Using Wireshark 286Getting Started 286Starting a Packet Capture 287Getting Data 287Stopping Data Collection 288Looking at Individual Packets 289Options 290Chapter 9 TCP/IP INTERNETWORKING II293Introduction 293IP Subnetting 294IPv4 Subnet Planning 294IPv6 Subnetting 296Other TCP/IP Standards 299Network Address Translation (NAT) 299The Domain Name System (DNS) 301DHCP Servers 305Simple Network Management Protocol(SNMP) 306Dynamic Routing Protocols 309Internet Control Message Protocol (ICMP) for Supervisory Messagesat the Internet Layer 310IPsec 311Core IPsec Principles 312VPNs 313Applying ESP Protections 314Security Associations (SAs) 316Creating Security Associations 318SSL/TLS VPNs 319End-of-Chapter Questions 320xv
xviContentsChapter 9a CISCO’S IOS COMMAND LINE INTERFACE (CLI)322Command Line Interfaces (CLIs) 322CLI Essentials 323A More Complex Cisco IOS Interaction 324Chapter 10 CARRIER WIDE AREA NETWORKS (WANs) 327LANs and WANs (and MANs) 328LANs versus MANs and WANs 328Other Aspects of WANs 330Carrier WAN Components and Business Uses 331The Telephone System 332Residential Wired Internet Access 333Residential Asymmetric Digital Subscriber Line (ADSL)Service 333Cable Modem Service 334ADSL versus Cable Modem Service 336Cellular Data Service 336Cellular Service 337Why Cells? 338Cellular Data Speeds 339Cellular Generations: 3G, 4G, and 5G 339Wired Business WANs 340Leased Lines 341Reaching the ISP via a Leased Line 342Leased Line Private Corporate WANs 342Carrier WAN Services 345Carrier Ethernet 345Multiprotocol Label Switching (MPLS) 347WAN Optimization 349End-of-Chapter Questions 351Chapter 11 NETWORKED APPLICATIONS353Introduction 353Networked Applications and Application Architectures 354Application Security 356Netflix Dives into the Amazon 358Netflix 359Virtualization and Agility 361
ContentsInfrastructure as a Service (IaaS) and Software as a Service(SaaS) 362Clients Move into the Cloud 364Rain Clouds: Security 365Networks and The Cloud 365The World Wide Web 366HTTP and HTML Standards 366Complex Webpages 367The Hypertext Transfer Protocol (HTTP) 367Electronic Mail (E-Mail) 370Delivery Standards 370Receiving Standards 371E-Mail File Format Standards 372Cryptographic E-Mail Protections 373Voice Over IP (VoIP) 375CODEC 376External Components 377VoIP Signaling 377The VoIP Transport Packet 378Peer-to-Peer (P2P) Applications 379Skype 381Tor 383End-of-Chapter Questions 385Appendix:MANAGING THE SECURITY PROCESS387Failures in the Target Breach 388The Plan–Protect–Respond Cycle 391Security Planning Principles 392Risk Analysis 392Comprehensive Security 394Defense in Depth and Weakest Links 394Identify and Manage Single Points of Takeover 397Least Permissions 397Identity Management 400Segment the Network 402Organizational System Security 404Policy-Based Security Management 406Policies versus Implementation 406xvii
xviiiContentsOversight 407Implementation Guidance 409Policy-Based Centralized Management 410Response 412Normal Incidents 413Major Incidents 414Rehearsing for Major Incidents 415Real-Time Fail-Over 416Intrusion Detection Systems (IDSs) 417End-of-Chapter Questions 422Online ModulesModule AMORE ON TCPNumbering OctetsOrdering TCP Segments upon ArrivalThe TCP Acknowledgment ProcessFlow Control: Window SizeModule BMORE ON MODULATIONModulationFrequency ModulationAmplitude ModulationPhase ModulationQuadrature Amplitude Modulation (QAM)Module C MORE ON TELECOMMUNICATIONSIntroductionThe PSTN Transport Core and SignalingThe Transport CoreTime Division Multiplexing (TDM) LinesLeased Lines and Trunk LinesAsynchronous Transfer Mode (ATM) TransportSignalingCommunication SatellitesMicrowave TransmissionSatellite TransmissionGeosynchronous Earth Orbit (GEO) Satellites
ContentsLow Earth Orbit (LEO) and Medium Earth Orbit (MEO) SatellitesVSAT SatellitesWiring the First Bank of Paradise Headquarters BuildingFacilitiesTelephone WiringData WiringPlenum CablingPBX ServicesCarrier Services and PricingBasic Voice ServicesAdvanced ServicesTelephone Carriers and RegulationPTTs and Ministries of TelecommunicationsAT&T, the FCC, and PUCsDeregulationVoice Over IPModule DDIRECTORY SERVERSIntroductionHierarchical OrganizationLightweight Directory Access Protocol (LDAP)Directory Servers and the Networking StaffMicrosoft’s Active Directory (AD)Active Directory DomainsDomain ControllersDomains in an Active Directory TreeComplex StructuresAuthentication and Directory ServersGlossary 425IndexCredits449469xix
PREFACE FOR ADOPTERSSIX QUESTIONSThis preface begins with six questions that adopters have when considering a textbook. What courses is this book used in? Why all the security? Does this book have the content your students need on the job market? Why does it have four principles chapters followed by chapters on specifictechnologies? Does this book have the support you need? Does this book have the support your students need?What Courses use this Book? Introductory networking courses in information systems that prepare graduatesto work in corporate IT departments use this book. It has the kind of knowledgethey need to manage networking in corporations. It is used at both the undergraduate and graduate levels. Due to its extensive security conten
BRIEF CONTENTS Preface for Adopters xxi Preface for Students xxxv About the Authors xli Chapter 1 Core Network Concepts and Terminology 1 Chapter 1a Hands-On: A Few Internet Tools 36 Chapter 2 Network Standards 37 Chapter 3 Network Management 73 Chapter 3a Hands-On: Microsoft Office Visio 102 Chapter 4 Network
Unified Networks Corporate Data Networks Public Data Networks Corporate Telephony Networks Public Telephony Networks The Unified Network Brings It All Together Unified Network defined: Brings together the world’s disparate telephony and data networks Optimized for both service
DCAP406 COMPUTER NETWORKS Sr. No. Description 1. Introduction to Computer Networks: uses of computer networks, 2. Network hardware, network software, Reference models, Example networks 3. Physical Layer : Theoretical Basis for Data Communication, Guided Transmission Media, Wireless Transmission, Communication Satellites 4.
3.1 Obtaining Palo Alto Networks Software Licenses To obtain licensing and access to the Palo Alto Networks - Cloud Security Fundamentals v1 labs, your institution must be a Palo Alto Networks Authorized Academy Center (AAC). You can find information about the Palo Alto Networks AAC at the following
Cyber security in a digital business world 68% of cyber security leaders will invest more in security as their business model evolves. 44% are using managed security services 21% report that suppliers and business partners were the source of a cyber attack in the last 12 months www.pwc.co.nz/gsiss2017 Cyber security in a digital business world
AVG Internet Security 9 ESET Smart Security 4 F-Secure Internet Security 2010 Kaspersky Internet Security 2011 McAfee Internet Security Microsoft Security Essentials Norman Security Suite Panda Internet Security 2011 Sunbelt VIPRE Antivirus Premium 4 Symantec Norton Internet Security 20
neric Data Modeling and Data Model Patterns in order to build data models for crime data which allows complete and consistent integration of crime data in Data Warehouses. Keywords-Relational Data Modeling; Data Warehouse; Generic Data Modeling; Police Data, Data Model Pattern existing data sets as well as new kinds of data I. INTRODUCTION The research about Business Intelligence and Data
environments that install and support Juniper Networks technology-based networks in which LAN and WAN routers and switches reside. » Junos Security: This track is directed toward those who design and implement Juniper Networks secure networks. Certificat
4 SOLUTION RIEF OT and IoT Security and Visibility SAAS Vantage SaaS-Powered Security and Visibility of OT and IoT Networks Nozomi Networks Vantage leverages the power and simplicity of software as a service (SaaS) to deliver unmatched security and visibility across your OT, IoT, and IT networks.
