How we communicate on the Internet, The building blocks of networks, and The vulnerabilities of Software applications
The internet has brought a revolution on the way people work and play. It allows proper and timely communication, sharing of data and searching information in seconds. The internets forms a global network of computer devices such as PCs, laptops, smartphones among others connected to the internet.
Billions of computers can communicate with each other if they are connected to the internet. The internet has TCP/IP protocol that allows separate networks to communicate with each other. The combination of these networks connected to each other forms a wide area network(WAN) known as the internet. People connect to the internet to get online and access facilities such as communication platforms such as emails, VolP, share information through text messages, sounds, videos and images. The internet allows storage of information and streaming television programs, music, videos and playing online games. The internet allows sales men to communicate with customers through shopping carts. Streaming data is the process of sending it in pieces. Hackers use phishing techniques to gain personal information about other people through deception techniques. Hyperlinks are used to link to other documents and webpages connected to other locations. HTTP are hypertext transfer protocol requests where web browsers send requests as servers respond to the requests. Others download information from the internet into their computers and devices. Messages have to be broken into binary data packets before transferring them. Browsers search as Google chrome and internet explorer are use dto view web pages. Bandwidth is used to measure data transferable through communication channel over a given period.Social networking sites such as facebook allow communication with far distance people. social media adds value to businesses by buiding networks to exchange information and build strong relationships. Emails,chat and RSS enable professional and personal communication. online banking allows sending of money to other international banks.
Web 2.0 and social media
Web 2.0 is used to describe advanced internet technologies and applications that ensure sharing of information and collaboration. These include social networks,blogs and RSS. Social media are online platforms and technologies used by people to build social networks and communicate with other people. they share experiences,insights,perceptions and opinions. Social media is cheap and affordable,easy to manipulate tools and convenient. Business people use social media to add value to their businesses by building social capital individuals through face book, email, twitter, chat and newsgroup. They also extract information from voice communications and video conferencing. Business and people strengthen their relationships with others and organizations . they exchange information advertise, show case their projects and companies.
Face book is a social networking platform that supports e-commerce activities, advertises goods while selling others. It connects friends, co-workers, businesses, groups and families. Face books offers latest promotions and services and reaches customers as well as alerting them on special offers for customers. There are postings of works, talents and gained skills.
E-mails are used to communicate with clients, allows person-to-person messanging, shares documents and allows sending many messanges to many people. people also attach pictures for their customers to review.
Chats and instant messanging connects with friends through real-time interactive conversations through the internet. Groups of people can communicate through chats since all people can view messages posted by others. Mos employees use chats to communicate in their work places. Instant messaging is a chat service that allows creation of private channels. It alerts users when listed persons are online. Instant messanging tools include Yahoo messenger, MSN messenger and AOL instant messenger. Customers ask questions and get information through chat features and websites.
Newsgroups are discussion groups on electronic bulletin boards. People share ideas and information on certain topics while others post messages to newsgroups.
Blogs are websites where personal thoughts are posted, advertisements on particular products and links are available. Blogs are created by hobbyists, entrepreneurs, professionals and corporations.
Twitter social networking profile allows users to post short text messages and posts liited to 140 characters. Seasonal promotions, advertisements, special pricings and feedbacks on relationships are available. Businessmen gather information from their customers feedback to know the position of their business.
Network building blocks
Networks are build from
client computers; these are computers used by end users to access network resources. They are located on users desks and run windows desktop versions such as windows 7,XP, and Vista.
These are computers providing shared resources like printers,disk storage,internet access and emails. Server computers run specialized network operating systems to provide network services.
Network interface or ports are installed in computers to enable them communicate over other networks. Most network interfaces have Ethernet as networking standards. Ethernet is fast, has low cost and is reliable. It is used by most broadband technologies although it has its wires and cables connected to the floor and walls to connect to the components. Hardware includes Ethernet RJ-45 cables and network Hub.
Cables connect computers physically using cables called twisted pair or 10Base T.
Twisted pair cable is also known as Cat-5 and Cat-6 cables, where Cat-6 are faster than Cat-5. They are renamed as copper to differentiate them with fiber-optic cable.
Switches connect computer cables and devices. The switch again connects woith the rest of the network. Each switch has ports 8 or 16 where eight port switches connects to eight computers and 16 port switches connects to 16 computers.
Wireless networks enable computers to communicate through radio signals. In wireless networks, receivers abd radio transmitters replace cables. Wireless networking is flexible in that it does not require cables to be run through ceilings and walls. Clinet computers can be located at any distant convenient to network broadcast. However, it is insecure than wired networks.
A complete network has to have software for porper working of the network.Server computers use special networking system(NOS) to function in an efficient manner.
Routers are devices that direct information across network infrastructure from their sources to destinations. They are used as bridging devices that link intranet to the internet.
These are individual computers like laptops and desktop systems used for processes and applications. Network applications and resources are shared through the intranet availed to all users and restricted to individuals and groups.
BCS.(2016).Network building blocks. Retrieved from http://www.bcs.org/content/conWebDoc/1495
vulnerabilities of Software applications
Application vulnerability are system flaws and weaknesses in applicattions exploited by hackers to compromise the security of applications. Attackers take advantage of vulnerabilities in systems to access important information and facilitate other cyber crimes. The crimes aim at getting confidential information, integrity and availability of resources of the organization, insecure cryptographic storage,LDAP injection,the users and creators of programs.
Software applications are vulnerable to remote code execution, SQL injection, Format string vulnerabilities, cross site scripting(XSS),username enumeration.
Remote code execution
It allows attackers in running arbitrary system level code on vulnerable servers while retrieving desired information inside. This vulnerability is causd by improper coding. Penetration testing assignments may not discover these problems but they are exposed when doing source code review.
Exploiting register globals in PHP that control superglobal availability in PHP scripts. These include data encoded using URL,data obtained from cookies among others. Parameters are initialized in systems including unwanted files from attackers which leads to execution of arbitrary files from various remote locations.
XMLRPC for PHP vulnerabilities allow software to run in disparate operating systems and environments and make procedure calls through the internet.
SQL injection is used by attackers to retrieve crucial information from databases of web servers. Information can be disclosed basically and using code ezxcecution and compromising of the system. MS SQL has exetended procedure call which allows execution of system level command through MS SQL server. Error messages displayed by MS SQL servers shows more information than MySQL server.
Format string vulnerability
The vulnerability comes from using unfiltered user input such as format string parameter in Perl or C functions. Malicious attackers use % and %x format tokens in printing data from stack memory and other locations. Arbitrary data is also written to arbitrary locations using %n format token to commands printff(). It writes back numbers of formatted bytes. Format string vulnerability attacks are denial of service attacks,reading and writing. Denial of service attacks use format string vulnerabilities and are characterized through utilization of % format specifier. They read datathat is off the stack and read data from illegal addresses causing the program to crash. Reading attacks use the %x format specifier in printing memory sections which the user cannot access. Writing attacks use the %u format specifiers in overwriting instruction pointer and force execution of shell codes supplied by user.
Cross site scripting
This attack occurs where backend validation scripts informs attackers when usernames are correct or wrong. Attackers exploit the vulnerability to experiment with different usernames and have chances of determining valid ones through the help of error messages.
Management of application vulnerability
Software developers use vulnerability scanning software in detecting code vulnerabilities which is expensive and not user friendly. They become outdated quickly and inaccurate for use. Veracode services in the cloud and systematic approach are used in delivering scalable options that are simpler in reducing risks across the web,third party applications and web risks. Vera code offers on-demand application testing that detects and offers solutions for identified vulnerabilities.