Unit-4

Intranets and wireless networks

Intranets
Organizations use internet networking standards and web technology to create private networks called intranets. The intranet is an internal organizational network that provides access to data across the enterprise. It uses the existing company network infrastructure along with internet connectivity standards and software developed for the World Wide Web. Intranets create networked applications that can run on many different kinds of computers throughout the organization, including mobile handheld computers and wireless remote access devices.

Intranets
Whereas the web is available to anyone, an intranet is private and is protected from public visits by firewalls-security systems with specialized software to prevent outsiders from entering private networks. Intranet software technology is the same as that of the World Wide Web. A simple intranet can be created by linking a client computer with a web browser to a computer with web server software using a TCP/ IP network with software to keep unwanted visitors out.

Extranets
Extranets expedite the flow of information between the firm and its suppliers and customers. They can allow different firms to work collaboratively on product design, marketing, and production.

The Wireless Revolution

Devices that support wireless or mobile communication and computing include: Cell phones Laptops Personal digital assistants (PDAs): Small, pen based, handheld computers with built-in wireless telecommunications capable of entirely digital communications transmission. E-mail handhelds: A special type of handheld that is optimized for wireless text messaging. Smart phones: Hybrid devices combining the functionality of a PDA with that of a digital cell phone.

 Digital cellular service uses several competing standards that are incompatible. Global System for Mobile Communication (GSM) is the standard used in Europe and much of the rest of the world outside the United States. GSM's strength is its international roaming capabilities. Code Division Multiple Access (CDMA) is the most widely used standard in the United States. CDMA is less expensive and supports higher quality transmissions. Most digital cellular systems today can transmit data at rates ranging from 9.6 to 2 Mbps. 384 Kbps is acceptable for email but not for downloading large files or Web pages.

 Short message service (SMS) is a text message service used by a number of digital cell phone systems to send and receive short alphanumeric messages. 2.5G networks use upgrades to the existing cellular infrastructure and feature data transmission rates ranging from 30 to 144 Kbps.
More powerful cellular networks called thirdgeneration (3G) networks have transmission speeds ranging from 384 Kbps for mobile users in, say, a car, to more than 2 Mbps for stationary users, sufficient for rich media downloads. There are also multiple standards and technologies governing how cellular phones access the Internet and the World Wide Web.

 Wireless Application Protocol (WAP) is a system of protocols and technologies that enables cell phones and other wireless devices with tiny display screens, low-bandwidth connections, and minimal memory to access Web services. A microbrowser is an Internet browser that works with the low-memory constraints and low bandwidth requirements of handheld wireless devices and uses WML (Wireless Markup Language). Requests are made to a WAP gateway which translates HTML content into WML for the WAP client to receive it. I-mode is a wireless service offered by Japan's NTT DoCoMo mobile phone network that uses compact HTML instead of WML for delivering content.

 WIRELESS APPLICATION PROTOCOL (WAP) VERSUS IMODE WAP and I-mode use alternative standards for accessing information from the wireless Web. There is a hierarchy of complementary standards for wireless computer networks designed for connecting to personal area networks (PANs), LANs, MANs, and WANs.
Bluetooth, or IEEE 802.15, uses the 2.4-GHz band for creating small PANs, linking up to eight devices within a 10 meter area. devices can communicate to each other without direct user intervention. Its low power requirements make Bluetooth appropriate for batterypowered handhelds, cell phones, or PDAs.

 A BLUETOOTH NETWORK (PAN) Bluetooth enables a variety of devices, including cell phones, PDAs, wireless keyboards and mice, PCs, and printers, to interact wirelessly with each other within a small 30-foot (10-meter) area. In addition to the links shown, Bluetooth can be used to network similar devices to send data from one PC to another, for example. Wi-Fi (wireless fidelity), or IEEE 802.11 includes three standards: 802.11a: This standard can transmit up to 54 Mbps in the 5GHz band, in ranges of 10-30 meters. 802.11b: This standard, currently the most popular, transmits up to 11 Mbps using the 2.4 GHz band with a range of 30-50 meters. 802.11g: This standard also uses the 2.4 GHz band and can transmit up to 54 Mbps.

 Wi-Fi system can operate in two modes: Infrastructure mode, in which wireless devices communicate with a wired LAN through access points Ad-hoc mode, or peer-to-peer mode, in which the devices communicate directly to each other.

 AN 802.11 WIRELESS LAN Mobile laptop computers equipped with network interface cards link to the wired LAN by communicating with the access point. The access point uses radio waves to transmit network signals from the wired network to the client adapters, which convert them into data that the mobile device can understand. The client adapter then transmits the data from the mobile device back to the access point, which forwards the data to the wired network. Mobile wireless stations often need a wireless network interface card (NIC) that has a built-in radio antenna. The 802.11 standard can be used to provide wireless Internet access, in which an access point plugs into a wired Internet connection. Businesses are using Wi-Fi to create low costs WLANs and provide Internet access.

 Hotspots A specific geographic location in which an access point provides public Wi-Fi network service. WiMax Stands for Worldwide Interoperability for Microwave Access. Popular term for IEEE Standard 802.16 for wireless networking over a range of up to 31 miles with a data transfer rate of up to 75 Mbps.

 Radio frequency identification (RFID) Technology using tiny tags with embedded microchips containing data about an item and its location to transmit short-distance radio signals to special RFID readers that then pass the data on to a computer for processing. Wireless sensor networks (WSNs) Networks of interconnected wireless devices with builtin processing, storage, and radio frequency sensors and antennas that are embedded into the physical environment to provide measurements of many points over large spaces.

Software Audit
About 95% of IT security risks comes from software. So it is imperative that organizations assess, measure and manage their own software risk. Attackers constantly probe applications, libraries and network in search of exploitable vulnerabilities. Attacks and probes is not based on size and complexity of software, but the strength of security structure. So the project manager should safeguard all the software by maintaining software security methodology.

Software Audit
Auditing is important because even a single successful exploitation among organization customer leads to Financial losses Loss of reputation Customer confidence Market share

What is an Audit?
Audit provide an independent evaluation of software products or processes to ascertain compliance to standards, specifications and procedures based on objective criteria. The form or content of the product to be produced. The process by which the products shall be produced How compliance to standards or guidelines shall be measured.

What is Software audit?

Software audit is a regular investigation of the software installed on all computers in an organization to ensure that it is authorized or licensed. software audit minimize the risk of prosecution for software theft, minimize the risk of viruses through uncontrolled software copying and ensure technical support is available to all users.

Purpose (or) need for software audit

To identify critical security issues before they are exploited. This will help to accurately discover issues and provide possible solutions. After installation of software, regular audit should conduct, in order to reduce the vulnerabilities of software. To locate the most problematic crashes of the application and train the team into cognitive debugging. Improvise present security system

Purpose (or) need for software audit

To conduct software vulnerability assessment in order to mimic an evil attacker intent. On every release of software, auditing should conduct regularly. (check quality assurance) Security structure of software will change overtime. It is not a one-time task.

 Initiator Who might be a manager in the audited organizations, a customer or user representative of the audited organization, or a third party. Lead Auditor who must be someone free from bias and influence that could reduce his ability to make independent, objective evaluations. Recorder- documents, action items, decisions and recommendations made by audit team Auditors Who must be like lead auditor free from bias examine products defined in the audit plan, document their observations and recommend corrective actions ( single auditor only) Audited organization provides a liaison to auditors and provide all information to auditors.

Roles

Software audit review

Documentary products
Sorts of plan Contracts Specifications Designs Procedures Standards and reports

Non-documentary products
Data Test data Deliverable media

IS audit
Control (previous or computer in operation)

Types of auditors
Internal and External Auditors

How is auditing executed?

IS auditing categorized into three: Auditing around the computer Auditing through the computer Auditing with the computer