Computer Network Security
and Cyber Ethics
FOURTH EDITION
This page intentionally left blank
Computer Network
Security and
Cyber Ethics
FOURTH EDITION
Joseph Migga Kizza
McFarland & Company, Inc., Publishers
Jefferson, North Carolina
ISBN 978-0-7864-9392-0 (softcover : acid free paper)
ISBN 978-1-4766-1560-8 (ebook)
LIBRARY
OF
CONGRESS
BRITISH LIBRARY
♾
CATALOGUING DATA ARE AVAILABLE
CATALOGUING DATA ARE AVAILABLE
© 2014 Joseph Migga Kizza. All rights reserved
No part of this book may be reproduced or transmitted in any form
or by any means, electronic or mechanical, including photocopying
or recording, or by any information storage and retrieval system,
without permission in writing from the publisher.
Front cover: Firewall lock on mainboard (© iStock/Thinkstock)
Manufactured in the United States of America
McFarland & Company, Inc., Publishers
Box 611, Jefferson, North Carolina 28640
www.mcfarlandpub.com
Celebrating what is good within us all.
Keep the fire burning!
This page intentionally left blank
Acknowledgments
I am very grateful to all colleagues for the ideas, suggestions,
and criticisms they freely gave to me.
I am indebted to my daughters, Josephine and Florence, and
to my dear wife, Omumbejja Immaculate, for her input and support. She was instrumental in many ways.
Finally, to all those who, in one way or another, contributed
to this project, but whose names do not appear, thanks!
vii
This page intentionally left blank
Contents
Acknowledgments
vii
Preface
1
1. The Changing Landscape of Cybercrime
3
2. Morality
11
3. Ethics
17
4. Morality, Technology and Value
24
5. Cyberspace Infrastructure
32
6. Anatomy of the Problem
60
7. Enterprise Security
82
8. Information Security Protocols and Best Practices
123
9. Security and Privacy in Online Social Networks
161
10. Security in Mobile Systems
171
11. Security in the Cloud
183
12. Security and Compliance
198
Appendix: Questions for Classroom Use
209
Chapter Notes
215
Bibliography
221
Index
225
ix
This page intentionally left blank
Preface
Since the publication of the third edition of this book in 2011, a lot has
changed. Dramatic advances in mobile technology have resulted in the
unprecedented growth of social networks. This fast-changing technology landscape has forced me to make considerable changes to the contents of the book
to bring my faithful readers and students of information technology up to
date.
We have updated most of the contents in a good number of chapters,
added chapters with new contents and removed chapters with outdated content. With all these alterations, additions and removals, we have kept the core
theme of the text the same but brought new light, and new discussion points,
to the table. Although the book has been in production since 2002, when it
was selected as a Choice Outstanding Academic Title, the core theme of the
book has endured. This is a testimony not only to the quality of the book but
also to the persistence and growing relevancy of the issues discussed.
The growing relevancy of the issues in the book have confirmed and solidified my belief over the years that the security of cyberspace, as it evolves and
engulfs all of us, is and will always be based on secure, reliable software and
hardware protocols and best practices and a strong ethical framework for all
its users. If a morally astute and ethically trained user is missing from the equation, cyberspace will never be secure and, therefore, the information infrastructure we have come to depend on so much will likewise never be secure.
We focus on these core issues throughout the book.
Because of the central role of this ethical framework, we devote the first
four chapters to morality, ethics, and technology and value. In these, we
demonstrate the central role of morality and ethics in the decision-making
process of an information professional, and indeed all humans handling information technology. We also discuss in depth the value that technology adds
and the role it plays in our deliberations before we make decisions. We ponder
the question of whether technology makes decisions for us or whether we
depend on and use it to make wise decisions of our own.
1
2
Preface
In all, the security of information in general and of computer networks
in particular, on which our national critical infrastructure and, indeed, our
lives is increasingly depending, is based squarely on the individuals who build
the hardware and design and develop the software that run the networks that
store our vital information.
To address security issues in the rapidly changing technology and in the
growing ecosystem of online social networks, we have added two new chapters,
“Security in Mobile Systems” and “Security in the Cloud.” To continue the
discussion of the ever-changing nature of security protocols and best practices,
we have reworked and kept Chapter 8 as “Information Security Protocols and
Best Practices.” The last chapter has been updated and renamed “Security and
Compliance” to update the debate in the changing business information security landscape.
Although we seem to be making efforts toward mitigating computer security incidents, the progress we are achieving seems insignificant. Indeed, data
from incident reporting centers shows no let-up in activity from the time of
this book’s first edition to today. In fact, data shows that digital crime incidents
are mutating, unrelenting, always on the rise, which begs the question—are
we doing the right thing?
Maybe not. After more than 10 years of efforts to rein in the growing
and indeed mutating information infrastructure security problems, we still do
not seem to be doing the right thing. Maybe we need to change course. The
rise in such incidents has been and still is an indication of the poor state of
our cyberspace infrastructure security policies and the vulnerability of all
cyberspace resources. We have been pointing out over the years that we are yet
not doing enough. Toward this end, several private and public initiatives and
partnerships have been have been established and are discussed throughout
the book.
Finally, as has been the case in the last three editions, we are still keeping
the fire burning, for public awareness of the magnitude of cyber security and
cybercrimes, the weaknesses and loopholes inherent in the cyberspace infrastructure, and the ways to protect ourselves and our society. We also must have
more debate on the need for a strong ethical framework as a way to safeguard
cyberspace.
Chapter 1
The Changing
Landscape of Cybercrime
LEARNING OBJECTIVES :
After reading this chapter, the reader should be able to:
• Describe trends in computer crimes and protection against viruses and
other cybercrimes.
• Discuss the history of computer crimes.
• Describe several different cyber-attacker approaches and motivations.
• Identify the professional’s role in security and the tradeoffs involved.
In the last two decades, we have witnessed the rapid growth of the Internet, mobile technology and the correspondingly rapid growth of online crimes,
or cybercrimes. With this growth, there has been a spike in the rate of cybercrimes committed over the Internet. This has resulted into some people condemning the Internet and partner technologies as responsible for creating new
crimes and the root causes of these crimes. However, there is hardly any new
crime resulting from these new technologies. What has changed, as a result of
these new technologies, is the enabling environment. Technology is helping
in the initiation and propagation of most known crimes. As we get rapid
changes in technological advances, we are correspondingly witnessing waves
of cybercrimes evolving. Figure 1.1 shows the changing nature of the cybercrime landscape since 1980.
The period before 1980 was an experimental period. Then, the Internet
was new and required sophisticated and specialized knowledge that very few
people back then had. There was very little valuable information and data stored
in online databases as there is today, and there were no free online hacking tools
available. If one wanted to hack, one had to develop the tools to do the job—
a daunting task that required expertise. The easiest way to do it was to join hacking groups. Ganglike groups like the Legions of Doom, the Chaos Computer
3
4
Computer Network Security and Cyber Ethics
Figure 1.1 The Changing Nature of Cybercrimes
Club, NuPrometheus League, and the Atlanta Three were formed. Most of
these groups were led by notorious individuals like Kevin Mitnick (“The Condor”), Ian Murphy (“Captain Zap”), and Patrick K. Kroupa (“Lord Digital”).
At the tail end of the 1980s, computers had become smaller. The personal
computer (PC) had been introduced and was becoming very successful. Businesses were buying these computers at a rapid pace. Schools of varying standards were opening up and filling with students interested in becoming
computer programmers. More computers started getting into the hands of
young people through their schools, libraries, and homes as it was becoming
more and more possible for affluent families to afford a home PC. Curious
young people got involved with the new tools in large numbers. As their numbers rose, so did cybercrimes.
A profile of a cyber criminal soon emerged—a privately schooled, suburban, highly intelligent, soccer-playing but lonely wolf in thrill- seeking
escapades that would lead to bragging rights. We called them computer whiz
kids. Their operations were more or less predictable and, with exception of a
few cases, there was a complete lack of organizational structure, something
that is significantly noticeable in later generations of attacks. These whiz kids
led the second generation of cybercrimes.
The second generation of cybercrimes probably started at the tail end of
the first generation, around 1990, and lasted through 2000. This period was
characterized by serious, often devastating, and widespread virus attacks on
1—The Changing Landscape of Cybercrime
5
global computer networks. This period saw an unprecedented growth in computer networks around the globe. These interconnected and interdependent
networks became a very good conduit for these virus attacks. As the world
became a mesh of thousands of interdependent computer networks, more
individuals, businesses, organizations, and nations became more dependent
on them. Because of this high dependence, which continues, the mere mention
of a virus attack, whether real or not, caused panic in company boardrooms,
classrooms, and family living rooms.
The sources of these attacks (mostly viruses) were often the whiz kids of
the 1980s. The period experienced monstrous attacks including “Melissa,”
“The Goodtimes,” “Distributed Denial of Service,” “Love Bug,” and “Code
Red,” to name a few. The inputs fuelling the rise and destructive power of the
attacks were the large volume of free hacker tools available on the Internet,
the widespread use of computers in homes, organizations and businesses, large
numbers of young people growing up with computers in their bedrooms, the
growing interest in computers, the anonymity of users of the Internet, and the
ever-growing dependence on computers and computer networks. All these
put together contributed to the wild, wild cyberspace of the 1990s.
The third generation of cybercrimes began around the turn of the century.
As the Computer Science Institute and Federal Bureau of Investigation’s (CSI/
FBI) 2005 survey results indicate, virus attacks continued as the source of the
greatest financial losses. Closely behind viruses were unauthorized access,
which showed a dramatic cost increase and replaced denial of service as the second most significant contributor to computer crime losses during that period,
unauthorized use of computer systems, and Web site incidents in that order.1
Overall, the period saw a gradual move away from the huge devastating
virus attacks released by lonely wolves who expected no reward beyond proof
of their prowess and the corresponding infamous notoriety. This period was,
so far, characterized by small, less powerful, sometimes specialized but selective
and targeted attacks. The targets were preselected to maximize personal gains,
usually financial. Attacks so far in this period were overwhelmingly targeted
at financial institutions. The list of victims was long and included the following
examples:
• In February 2005, Bank of America Corp. reported computer tapes
containing credit card records of U.S. senators and more than a million
U.S. government employees went missing, putting customers at
increased risk of identity theft.
• In February 2005, ChoicePoint Inc., a Georgia-based credit reporting
company, had a breach of its computer databases, rendering nearly
145,000 people vulnerable to identity theft.
6
Computer Network Security and Cyber Ethics
• In April 2005, data wholesaler LexisNexis, a division of Reed Elsevier,
admitted having personal information from about 310,000 customers
stolen.
Because of strict reporting laws in California, more and more companies
and institutions were reporting losses of personal accounts. Among the companies and institutions were PayMaxx, health care heavyweight San Jose Medical
Group, California State University at Chico, Boston College, and the University of California at Berkeley.2 These made headlines, but many more did not.
A decade later since the beginning of the thrird generation, around 2010,
probably the fourth generation started. This was driven by a dramatic change
in communication technologies and the nature of the information infrastructure. First, there is a fast rate of convergence of computing and telecommunication coming a lot earlier than has been predicted. Second, there is a
developing trend in computing and communication devices’ miniaturization,
leading us faster to the long-awaited and often talked-about ubiquitous computing driven by faster, more powerful machines and with a rich application
repertoire that makes the technology of a decade earlier look prehistoric. The
result of these combined forces are the exceptionally fast growing infrastructure of social networks that are leading us into a new unplanned, unpredictable,
and more threatening computing environment. This changing nature of information technology against the changing background of user demographics is
creating a dynamic mosaic of security threats and problems. Plenty of IT
administrators are tossing and turning at night over the security risks that may
threaten their servers, networks and client computers. According to the 2010
survey of 353 network administrators conducted by Amplitude Research on
behalf of VanDyk Software (2010) and the Australian Cyber Crime and Security Survey Report 2012,3 historically and traditionally leading threats are no
longer in the lead as indicated in Tables 1.1 and 1.2. Most traditional cybercrimes witnessed in the previous two generations are in decline. This can be
attributed to the continuously changing landscape of cybercrimes.
Currently there are two major trends in this generation of cyber attacks.
First, the cyber criminals are organizing themselves more into criminal enterprise cartels, and two, we are seeing more state-sponsored hacking activities
than ever before. This seems to be a more troubling trend. New threats, according to the U.S. Department of Homeland Security’s ICS-CERT, include4:
• National governments—where we see government-sponsored programs developing capabilities with the future prospect of causing widespread, long-duration damage to critical national infrastructures of
adversarial nations.
1—The Changing Landscape of Cybercrime
7
Table 1.1 Changing System Threat Landscape, 2010
Threat Management Technique
Securing remote access
Keeping virus definitions up to date
Patching systems
Monitoring intrusions
Secure file transfer
Network use monitoring
User awareness
Password management
Managing logs
Replacing non-secure protocols
Percentage of Admins Who Identified
52
44
36
33
30
28
26
16
11
11
Data Source: http://www.channelinsider.com/c/a/Security/10-Security-Risks-That-Keep-Customers-Up-at-Night–893339/
Table 1.2 Change in Types of Attack and Misuse, 1999–2012
Type of attack
Inside abuse of info
access
Virus
Theft of computing
devices
Unauthorized access
Denial of service
System penetration
Theft of proprietary
info
Telecom fraud
Financial fraud
Sabotage/degradation
of networks
Abuse of wireless network
Web site defacement
Trajon/Rootkit
None of the above
(yr/perc.)
(yr/perc.)
(yr/perc.) (Down/Up)
1999/99
2000/95
2005/50
2005/75
2012/55
2012/30
Down
Down
1999/70
2000/70
2002/40
2002/40
2005/50
2005/35
2005/35
2005/18
2012/33
2012/18
2012/15
2012/ 9
Down
Down
Down
Down
2001/30
1999/18
2003/18
2005/10
2005/10
2005/ 4
2012/34
2012/ 4
2012/ 9
Up
Down
Down
2003/20
2005/ 2
2012/ 9
Up
2005/18
2004/ 5
N/A
N/A
2003/ 0
2005/ 3
N/A
N/A
2012/18
2012/ 6
2012/20
2012/35
Up
Down
Up
not enough info
Data Source: (1) CSI/FBI Computer Crime and Security Survey—http://i.cmpnet.com/gocsi/db_
area/pdfs/fbi/FBI2005.pdf. (2) CYBER CRIME & SECURITY SURVEY REPORT 2012, http:
//www.canberra.edu.au/cis/storage/Cyber%20Crime%20and%20Security%20Survey%20Report%
202012.pdf.
• Terrorists—where terrorists are starting to acquire skill to direct cyber
threats to individuals and increasingly critical national infrastructures.
8
Computer Network Security and Cyber Ethics
• Industrial spies and organized crime groups—with profit motivation,
international corporate spies and organized crime organizations are
slowly mounting cyber threats to individuals and critical national
infrastructures.
• Hacktivism—an old type of cybercrime that has not abetted with
changes in technology. In fact, hacktists have been presented, thanks
to new technologies, with new ways of increasing their political
activism. This legion of hackers includes individuals and groups.
• Hackers—like hactivists, are also as old as computer crimes themselves.
Efforts to Combat and Curtail Old and New
Cybercrimes
Against this background, efforts need to be and are being taken to protect
online data and information. Throughout this book, we are going to look at
methods, tools and best practices to combat these increasing and evolving
crimes. We summarize below, but we will detail in the coming chapters the
global efforts by governments, civil society and individuals that include:
• Security awareness. Data from PricewaterhouseCoopers (PwC)’s Breaches
Survey (ISBS) report (2012) shows that an organization with a quality enduser security awareness program is less likely to suffer a security breach.5 The
report further shows that security awareness through enterprise security policies is very effective. For example, data in the report show that organizations
with a clearly understood security policy are less likely to be breached.
• Formation of public-private partnerships. Public private partnerships
are going to bear good results. Some of these partnerships include:
0 The United Kingdom’s Cyber Crime Reduction Partnership (CCRP).
This effort is to provide a forum in which government, law enforcement,
industry and academia can regularly come together to tackle cybercrime
more than before.6 During National Cyber Security Awareness Month
2012, the U.S. Department of Homeland Security (DHS) and its partners
from the public and private sector highlighted the importance of protecting against cybercrime.7
0 DHS collaborates with financial and other critical infrastructure sectors
to improve network security. Additionally, DHS components, such as
the U.S. Secret Service and U.S. Immigrations and Customs Enforcement
(ICE), have special divisions dedicated to fighting cybercrime.
0 The FBI has the following cybercrime partnerships and initiatives8:
■ National Cyber Investigative Joint Task Force—as the focal point for
1—The Changing Landscape of Cybercrime
9
all U.S. government agencies to coordinate, integrate, and share information related to all domestic cyber threat investigations.
■ Cyber Task Forces (CTF)—a group of all key law enforcement agencies
in all 56 field offices at the state and local levels.
■ InfraGard: Protecting Infrastructure—an information sharing and
analysis effort serving the interests and combining the knowledge base
of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector.
■ National Cyber-Forensics & Training Alliance—an early-warning system based on the exchange of strategic and threat among members.
■ Strategic Alliance Cyber Crime Working Group—a global alliance of
law enforcement community sharing and steadily building operational
partnerships for joint investigations of cybercrimes.
■ Cyber Action Teams—small but highly trained teams of FBI agents,
analysts, and computer forensics and malicious code experts who travel
around the world on a moment’s notice to respond to cyber intrusions.
• Setting up publicly funded agencies to go after cyber criminals. Representative examples include:
0 The Secret Service maintains Electronic Crimes Task Forces (ECTFs),
which focus on identifying and locating international cyber criminals
connected to cyber intrusions, bank fraud, data breaches, and other
computer-related crimes. The Secret Service’s Cyber Intelligence Section
has directly contributed to the arrest of transnational cyber criminals
responsible for the theft of hundreds of millions of credit card numbers
and the loss of approximately $600 million to financial and retail institutions. The Secret Service also runs the National Computer Forensic
Institute, which provides law enforcement officers, prosecutors, and
judges with cyber training and information to combat cybercrime.
0 ICE’s Cyber Crimes Center (C3) works to prevent cybercrime and solve
cyber incidents. From the C3 Cyber Crime Section, ICE identifies
sources for fraudulent identity and immigration documents on the Internet. C3’s Child Exploitation Section investigates large-scale producers
and distributors of child pornography, as well as individuals who travel
abroad for the purpose of engaging in sex with minors.
• Security Information Sharing Partnership (CSISP) with long-term plans
to establish a National Computer Emergency Response Team (CERT).
These CERT teams are now in several countries including the United States,
Australia, the United Kingdom and others.
• In addition to sustained awareness programs, legislation is also beginning
to pay off. In the CSI Computer Crime and Security Survey 2009, in which
10
Computer Network Security and Cyber Ethics
responses were from 443 information security and information technology
professionals in United States corporations, government agencies, financial
institutions, educational institutions, medical institutions and other organizations, respondents generally said that regulatory compliance efforts have
had a positive effect on their organization’s security programs.
• You and I. Cybersecurity is a shared responsibility, and each of us has a role
to play in making it safer, more secure and resilient.
Although investment in public awareness, especially through moral and
ethical education, is long-term, these are encouraging signs that there might
be light at the end of the tunnel if we intensify our training programs. So, we
need to concurrently educate the user as well as develop security tools and
best practices as we look for the essential solutions to the ills of cyberspace.
We focus on them in the rest of the book and we begin by looking at morality
and ethics.
Chapter 2
Morality
LEARNING OBJECTIVES :
After reading this chapter, the reader should be able to:
• Understand how to make sound moral reasoning.
• Discuss moral values and ideals in a person’s life.
• Understand the relationship between morality and religion.
• Understand what it means to have moral principles, the nature of conscience, and the relationship between morality and self-interest.
Human beings do not live randomly. We follow a complex script, a life
script, a script based on cultural, religious, and philosophical concepts and
beliefs. Using the guidelines in that script, individuals then determine whether
their actions are right or wrong. The concepts and beliefs making up the guidelines are formulated, generalized, and codified by individual cultures or groups
over long periods of time. The main purpose of such guidelines is to regulate
the behavior of the members of that culture or group to create happiness for
all members of the culture or group. We define the concept of morality as the
conformity to such guidelines.
Morality
Morality is a set of rules of right conduct, a system used to modify and
regulate our behavior. It is a quality system by which we judge human acts
right or wrong, good or bad. This system creates moral persons who possess
virtues like love for others, compassion, and a desire for justice; thus, it builds
character traits in people. Morality is a lived set of shared rules, principles,
and duties, independent from religion which is practiced, applicable to all in
a group or society, and having no reference to the will or power of any one
11
12
Computer Network Security and Cyber Ethics
individual whatever his or her status in that group or society. Every time we
interact in a society or group, we act the moral subscript. Because morality is
territorial and culturally based, as long as we live in a society, we are bound to
live the society’s moral script. The actions of individuals in a society only have
moral values if taken within the context of this very society and the culture
of the individual.
Although moral values are generally lived and shared values in a society,
the degree of living and sharing of these values varies greatly. We may agree
more on values like truth, justice, and loyalty than on others. A number of factors influence the context of morality, including time and place.
Moral Theories
If morality is a set of shared values among people in a specific society,
why do we have to worry about justifying those values to people who are not
members of that society? To justify an action or a principle requires showing
good reason for its existence and why there are no better alternatives. Justifying
morality is not a simple thing since morality, by its own definition, is not
simply justifiable especially to an outsider. Moral reasons require more justification than social reasons because moral reasons are much stronger than aesthetic ones; for example, murder is not immoral just because most people find
it revolting; it is much more than that. To justify more reasons, therefore, we
need something strong and plausible to anchor our reasoning on. That something cannot be religion, for example, because one’s religion is not everyone’s
religion. We need something that demonstrates that the balance of good in
an action is favorable to other people, not only to one’s interests and desires.
Moral theories do satisfy this purpose. According to Chris MacDonald, moral
theories “seek to introduce a degree of rationality and rigor into our moral
deliberations.”1 They give our deliberations plausibility and help us better
understand those values and the contradictions therein. Because many philosophers and others use the words moral and ethical synonymously, we delay the
discussion of moral theories until we discuss ethics.
Moral Codes
For one to be morally good, one must practice the qualities of being good.
To live these qualities, one must practice and live within the guidelines of these
qualities. These guidelines are moral codes. The Internet Encyclopedia of Philosophy defines moral codes as rules or norms within a group for what is proper
2—Morality
13
behavior for the members of that group.2 The norm itself is a rule, standard,
or measure for us to compare something else whose qualities we doubt. In a
way, moral codes are shared behavioral patterns of a group. These patterns
have been with us since the first human beings inhabited the Earth and have
evolved mainly for survival of the group or society. Societies and cultures survive and thrive because of the moral code they observe. Societies and cultures
throughout history like the once mighty Babylonians, Romans, and Byzantines
probably failed because their codes failed to cope with the changing times.
We have established that morality and cultures are different in different
societies. This does not, however, exclude the existence of the commonality
of humanity with timeless moral code. These codes are many and they come
in different forms including:
• The Golden Rule: “Do unto others as you would have them do unto
you.”
• The Bronze Rule: “Repay kindness with kindness.” This rule is widely
observed because of its many varying interpretations.
There is a commonality of good in these rules which equate to Carl
Sagan’s culture-free and timeless universal set of moral codes3:
•
•
•
•
•
Be friendly at first meeting.
Do not envy.
Be generous; forgive your enemy if he or she forgives you.
Be neither a tyrant nor a patsy.
Retaliate proportionately to an intentional injury (within the constraints of the rule of the law).
• Make your behavior fairly (although not perfectly) clear and consistent.
The purpose of moral codes in a society is to exert control over the actions
of the society’s members that result from emotions. Observance of moral codes
in most societies is almost involuntary mostly because members of such societies grow up with these codes so they tend to follow them religiously without
question. In some societies, observance is enforced through superstition, and
in others through folklore and custom.
The Need for a Moral Code
When you ask people what kind of life they like most, the most popular
answer is always going to be a life full of freedoms. They want to be free. Democratic societies always claim to be free. The citizens have freedom. When you
14
Computer Network Security and Cyber Ethics
ask anyone what they mean by freedom, they will say that freedom is doing
what they want to do, when they want to do it, and in the way that they want
to do it. What they are actually talking about is a life without restraints.
But can we live in a society where an individual can do anything that he
or she wants? Popular culture dictates this kind of freedom. One would therefore say that in a world or society like this, where everyone enjoys full freedoms,
there would be anarchy. Well, not so. God created humans, probably the only
creatures on earth who can reason. God endowed us with the capacity to reason, to create guidelines for life so that everyone can enjoy freedom with reason. Freedom with reason is the bedrock of morality. True, morality cannot
exist without freedom. Because humans have the capacity to reason, they can
attain the freedom they want by keeping a moral code. The moral code, therefore, is essential for humanity to attain and keep the freedoms humans need.
By neglecting the moral code in search of more freedoms, human beings can
lose the essential freedoms they need to live. Lee Bohannon calls it a moral
paradox: by wrongly using your freedom, you lose your freedom.4 Humanity
must realize the need for freedom within reasonable restraints—with the moral
code, because without the code, absolute freedoms result in no freedom at all.
Moral Standards
A moral standard is a moral norm, a standard to which we compare
human actions to determine their goodness or badness. This standard guides
and enforces policy. Morality is a system that, in addition to setting standards
of virtuous conduct for people, also consists of mechanisms to self-regulate
through enforcement of the moral code and to self-judge through guilt, which
is an internal discomfort resulting from disappointment self-mediated by conscience.
Guilt and Conscience
Moral guilt is a result of self-judging and punishing oneself for not living
up to the moral standards set for oneself or for the group. If individuals judge
that they have not done “good” according to moral standards, they activate
the guilt response, which usually makes them feel bad, hide their actions from
both self and others, and find a fitting punishment for themselves, sometimes
a very severe punishment. This internal judgment system is brought about
because human beings have no sure way of telling whether an action is good
or bad based independently on their own standards. Individual standards are
2—Morality
15
usually judged based on group standards. So individuals judge themselves
based on group standards, and self-judgment sets in whenever one’s actions
fall short of the group’s standards.
The problem with guilt is that it can be cumulative. If individuals commit
acts repeatedly that they judge to be below moral standards, they tend to
become more and more withdrawn. This isolation often leads individuals to
become more comfortable with the guilt. As they become comfortable living
with the guilt, their previous actions, which were previously judged below
standards, begin to look not so bad after all. Individuals become more and
more complacent about the guilt and begin to look at the whole moral system
as amoral.
Guilt can be eased by encouraging people to focus on the intentions
behind the actions. Sometimes the intentions may be good but the resulting
action is bad. In such a case the individual should not feel so guilty about the
action. Besides looking for intent, one should also have the will and ability to
forgive oneself. Self-forgiveness limits the cumulative nature of guilt and hence
helps an individual to keep within the group.
Our moral code, and many times the law, lay out the general principles
that we ought not do because it is wrong to do it. The law also tells us not to
do this or that because it is illegal to do so. However, both systems do not specifically tell us whether a particular human action is an immoral or illegal act.
The link must be made by the individual—a self-realization. It is this inner
judgment that tells us if the act just committed is right or wrong, lawful or
unlawful. This inner judgment is what we call conscience. Additionally, conscience is the capacity and ability to judge our actions ourselves based on what
we set as our moral standards. The word conscience comes from the Latin word
conscientia which means knowing with. It is an “inner voice” telling us what to
do or not to do. This kind of self-judgment is based on the responsibility and
control we have over our actions. Conscience is motivated by good feelings
within us such as pride, compassion, empathy, love, and personal identification.
Conscience evolves as individuals grow. The childhood conscience is far different from the adult conscience because the perception of evil evolves with
age. The benefits of conscience are that the actions taken with good conscience,
even if the results are bad, do not make one guilty of the actions.
Fr. Austin Fagothey5 writes that conscience applies to three things:
(i) the intellect as a faculty of forming judgments about right and wrong
individual acts,
(ii) the process of reasoning that the intellect goes through to reach such
judgment, and
(iii) the judgment itself which is the conclusion of this reasoning process.
16
Computer Network Security and Cyber Ethics
We have seen in this section that morality does not belong to any individual, nor does it belong to any society or group of people. Thus, it cannot
be localized. However, those parts of the moral code that can be localized
become law.
The Purpose of Morality—The Good Life
According to Michael Miller, the ancients identified the purpose of
morality with the chief good. Because morality is territorial, whatever chief
good they proposed—happiness for Aristotle, no pain for Epicurus, apathy
for the Stoics, heavenly afterlife for Christians—they took that chief good to
be the moral purpose.6 In general, the chief good is not to suffer and die, but
to enjoy and live.
Chapter 3
Ethics
LEARNING OBJECTIVES :
After reading this chapter, the reader should be able to:
• Analyze an argument to identify premises and conclusion using ethical theories.
• Understand the use of ethical theories in ethical arguments.
• Detect basic logical fallacies in an argument.
• Articulate the ethical tradeoffs in a technical decision.
• Understand the role of professional codes of ethics.
“The unexamined life is not worth living.” This is a statement made by
Socrates before the Athenian court. The jury gave him a death sentence for
his menacing practice of going around Athens asking its citizens the ultimate
questions of human existence.1 Socrates agreed to drink hemlock and kill himself for his belief in a science that represents a rational inquiry into the meaning
of life. Socrates’s pursuit was a result of the Greeks’ curiosity and their desire
to learn about themselves, human life and society. This led to the examination
of all human life, to which Socrates devoted his life. Philosophers call this
ethics. Ethics is, therefore, the study of right and wrong in human conduct.
Ethics can also be defined as a theoretical examination of morality or “theory
of morals.” Other philosophers have defined ethics in a variety of ways.
Robert C. Solomon, in Morality and the Good Life,2 defines ethics as a set
of “theories of value, virtue, or of right (valuable) action.” O.J. Johnson, on the
other hand, defines ethics as a set of theories “that provide general rules or
principles to be used in making moral decisions and, unlike ordinary intuitions,
provides a justification for those rules.”3 The word ethics comes from the ancient
Greek word eché,4 which means character. Every human society practices ethics
in some way because every society attaches a value on a continuum of good to
bad, right to wrong, to an individual’s actions according to where that individual’s actions fall within the domain of that society’s rules and canons.
17
18
Computer Network Security and Cyber Ethics
The role of ethics is to help societies distinguish between right and wrong
and to give each society a basis for justifying the judgment of human actions.
Ethics is, therefore, a field of inquiry whose subject is human actions, collectively called human conduct, that are taken consciously, willfully, and for which
one can be held responsible. According to Fr. Austin Fagothey,5 such acts must
have knowledge, which signifies the presence of a motive, be voluntary, and
have freedom to signify the presence of free choice to act or not to act.
The purpose of ethics is to interpret human conduct, acknowledging and
distinguishing between right and wrong. The interpretation is based on a system which uses a mixture of induction and deduction. In most cases, these
arguments are based on historical schools of thought called ethical theories.
There are many different kinds of ethical theories, and within each theory
there may be different versions of that theory. Let us discuss these next.
Ethical Theories
Since the dawn of humanity, human actions have been judged good or
bad, right or wrong based on theories or systems of justice developed, tested,
revised, and debated by philosophers and elders in each society. Such theories
are commonly known as ethical theories. An ethical theory determines if an
action or set of actions is morally right or wrong. Codes of ethics have been
drawn up based on these ethical theories. The processes of reasoning, explanation, and justification used in ethics are based on these theories. Ethical theories fall into two categories: those based on one choosing his or her action
based on the expected maximum value or values as a consequence of the action
and those based on one choosing his or her action based on one’s obligation
or requirements of duty. The Greeks called the first category of theories telos,
meaning purpose or aim. We now call these teleological or consequentialist theories. The Greeks called the second category of theories deon, meaning binding
or necessary. Today, we call them deontological theories.6
Consequentialist Theories
We think of the right action as that which produces good consequences.
If an act produces good consequences, then it is the right thing to do. Those
who subscribe to this position are called consequentialists. Consequentialist
theories judge human actions as good or bad, right or wrong, based on the
best attainable results of such actions—a desirable result denotes a good action,
and vice versa. According to Richard T. Hull, consequentialist theories “have
three parts: a theory of value, a principle of utility, and a decision procedure.”7
3—Ethics
19
Within these are further theories. For example, in the theory of value there
are several other theories held by consequentialists including8:
• Hedonism, which equates good with pleasure, bad or evil with pain.
• Eudamonism, which equates good with happiness, bad or evil with
unhappiness.
• Agathism, which views good as an indefinable, intrinsic feature of various situations and states. Evil is seen as either an indefinable, intrinsic
feature of other situations and states, or simply as the absence of good.
• Agapeism, which equates good with live, bad with hate.
• Values pluralism, which holds that there are many kinds of good,
including pleasure and happiness, but also knowledge, friendship, love,
and so forth. These may or may not be viewed as differing in importance or priority.
There are three commonly discussed types of consequentialist theory9:
(i)
Egoism puts an individual’s interests and happiness above everything
else. With egoism, any action is good as long as it maximizes an individual’s overall happiness. There are two kinds of egoism: ethical egoism, which states how people ought to behave as they pursue their own
interests, and psychological egoism, which describes how people actually behave.
(ii) Utilitarianism, unlike egoism, puts a group’s interest and happiness
above those of an individual, for the good of many. Thus, an action is
good if it benefits the maximum number of people. Among the forms
of utilitarianism are the following:
• Act utilitarianism tells one to consider seriously the consequences
of all actions before choosing that with the best overall advantage,
happiness in this case, for the maximum number of people.10
• Rule utilitarianism tells one to obey those rules that bring the maximum happiness to the greatest number of people. Rule utilitarianism maintains that a behavioral code or rule is good if the
consequences of adopting that rule are favorable to the greatest
number of people.11
(iii) Altruism states that an action is right if the consequences of that action
are favorable to all except the actor.
Deontological Theories
The theory of deontological reason does not concern itself with the consequences of the action but rather with the will of the action. An action is
20
Computer Network Security and Cyber Ethics
good or bad depending on the will inherent in it. According to deontological
theory, an act is considered good if the individual committing it had a good
reason to do so. This theory has a duty attached to it. For example, we know
that killing is bad, but if an armed intruder enters your house and you kill
him, your action is good, according to deontologists. You did it because you
had a duty to protect your family and property. Deontologists fall into two
categories: act deontologists and rule deontologists.
• Act deontologists consider every judgment of moral obligation to be
based on its own merit. We decide separately in each particular situation what is the right thing to do.
• Rule deontologists consider that one’s duty in any situation is to act
within rules.
All other contemporary ethical theories, as Richard T. Hull contends, are
hybrids of utilitarianist and deontologist theories.
The process of ethical reasoning takes several steps, which we refer to as
layers of reasoning, before one can justify to someone else the goodness or badness, rightness or wrongness of one’s action. For example, if someone wants
to convince you to own a concealed gun, he or she needs to explain to you
why it is good to have a concealed gun. In such an exercise, the person may
start by explaining to you that we are living in difficult times and that no one
is safe. You may then ask why no one is safe, to which the person might reply
that there are many bad people out there in possession of high-powered guns
waiting to fire them for various and very often unbelievable reasons. So owning
a gun will level the playing field. Then you may ask why owning a gun levels
the playing field, to which the answer would be that if the bad guys suspect
that you own a gun just like theirs, they will think twice before attacking you.
You may further ask why this is so; the answer may be that if they attack you,
they themselves can get killed in the action. Therefore, because of this fear,
you are not likely to be attacked. Hence, owning a gun may save your life and
enable you to continue pursuing the ultimate concept of the good life: happiness.
On the other hand, to convince somebody not to own a concealed gun
also needs a plausible explanation and several layers of reasoning to demonstrate why owning a gun is bad. Why is it a bad thing, you would ask, and the
answer would be because bad guys will always get guns. And if they do, the
possibility of everyone having a concealed gun may make those bad guys
trigger-happy to get you fast before you get them. It also evokes an imageof
the Wild West filled with gun-toting people daring everyone in order to get
a kick out of what may be a boring life. You would then ask why is this situation
3—Ethics
21
dangerous if no one fires? The reply might be because it creates a situation in
which innocent people may get hurt, denying them happiness and the good
life. The explanation and reasoning process can go on and on for several more
layers before one is convinced that owning a gun is good or bad. The act of
owning a gun is a human act that can be judged as either good or bad, right
or wrong depending on the moral and ethical principles used.
The spectrum of human actions on which ethical judgments can be based
is wide-ranging, from simple, traditional and easy to understand actions like
killing and stealing, to complex and abstract ones like hacking, cellular telephone scanning, and subliminal human brain alterations. On one side of this
spectrum, the inputs have straight output value judgments of right and wrong
or good and evil. The other end of the spectrum, however, has inputs that cannot be easily mapped into the same output value judgments of right and wrong
or good and evil. It is on this side of the input spectrum that most new human
actions, created as a result of computer technology, are found. It is at this end,
therefore, that we need an updated definition of ethics—a functional definition.
Codes of Ethics
The main domains in which ethics is defined are governed by a particular
and definitive regiment of guidelines and rules of thumb called codes of ethics.
These rules, guidelines, canons, advisories, or whatever you want to call them,
are usually followed by members of the respective domains. For example, your
family has an ethical set of rules that every member of the family must observe.
Your school has a set of conduct rules that all students, staff and faculty must
observe. And, your college has a set of rules that govern the use of college computers. So depending on the domain, ethical codes can take any of the following
forms:
• principles, which may act as guidelines, references, or bases for some
document;
• public policies, which may include aspects of acceptable behavior,
norms, and practices of a society or group;
• codes of conduct, which may include ethical principles; and
• legal instruments, which enforce good conduct through courts.
Although the use of ethical codes is still limited to professions and high
visibility institutions and businesses, there is a growing movement toward
widespread use. The wording, content, and target of codes can differ greatly.
22
Computer Network Security and Cyber Ethics
Some codes are written purposely for the public, others target employees, and
yet others are for professionals only. The reader is referred to the codes of the
Association of Computing Machinery (ACM) and the Institute of Electric
and Electronics Engineers’ Computer Society (IEEE Computer), both professional organizations. Codes for the ACM can be found at and those for
IEEE Computer at www.ieee.org.
Objectives of Codes of Ethics
Different domains and groups of people formulate different codes of
ethics, but they all have the following objectives:
• Disciplinary: By instilling discipline, the group or profession ensures
professionalism and integrity of its members.
• Advisory: Codes are usually a good source of tips for members, offering
advice and guidance in areas where moral issues are fuzzy.
• Educational: Ethical codes are good educational tools for members of
the domain, especially new members who have to learn the dos and
don’ts of the profession. The codes are also a good resource for existing
members needing to refresh and polish their possibly waning morals.
• Inspirational: Besides being disciplinary, advisory, and educational,
codes should also carry subliminal messages to those using them to
inspire them to be good.
• Publicity: One way for professions to create a good clientele is to show
that they have a strong code of ethics and, therefore, their members
are committed to basic values and are responsible.
The Relevancy of Ethics to Modern Life
When Socrates made the statement, “the unexamined life is not worth
living” before the Athens court in 399 BC, human life was the same as it is
today in almost every aspect except quality. Not much has changed in the
essence of life since Socrates’s time and now. We still struggle for the meaning
of life, we work to improve the quality of life and we do not rest unless we
have love, justice and happiness for all. Socrates spent time questioning the
people of Athens so that they, together with him, could examine their individual lives to find “What I Individually Ought to Do” and “To Improve the
Lot of Humankind.” Many philosophers and those not so schooled believe
that this is the purpose of ethics.
The difficulty in finding “What I Individually Ought to Do” has always
3—Ethics
23
been, and continues to be for a modern life, a myriad of decisions that must
be made quickly, with overwhelming and quickly changing information, and
must be done reasonably well. This is not a simple statement that can be
quickly overlooked. We face these decision-making dilemmas every minute of
every day. Under these circumstances, when we are faced with the need to
make such decisions, do we really have enough information to make a sound
decision? When the information at hand is not complete and when the necessary knowledge and understanding of reality is lacking, the ability to identify
the consequences of a decision may often lead to a bad decision. For a number
of people, when the ingredients of a good decision-making process are missing,
they rely on habits. Decisions based on habits are not always sound ethical
decisions, and they are not always good.
The purpose of ethics has been and continues to be, especially for us in
a modern and technologically driven society, the establishment of basic guidelines and rules of thumb for determining which behaviors are most likely to
promote the achievement of the “The Best,” over the long-term.12 These guidelines and rules of thumb are the codes of ethics.
Chapter 4
Morality, Technology
and Value
LEARNING OBJECTIVES :
After reading this chapter, the reader should be able to:
• Identify assumptions and values embedded in a particular computer product design including those of a cultural nature.
• Understand the moral value of technology.
• Understand the role morality plays in decision making.
• Describe positive and negative ways in which computing alters the way
decisions are made by different people.
• Explain why computing/network access is restricted in some countries.
• Analyze the role and risks of computing in the implementation of public
policy and government.
• Articulate the impact of the input deficit from diverse populations in the
computing profession.
Every time I am onboard an aircraft, I reflect on how technology has
drastically changed our lives. Great things have happened during my life to
make our lives easier. Planes, trains and automobiles have all been invented to
ease our daily needs and necessity of movement. Near miraculous drugs and
difficult-to-believe medical procedures have been made possible because of
technology. The advent of computer technology has opened a new chapter in
technological advances, all to make our lives easier so that we all can live good
lives.
Ken Funk defines technology as a rational process of creating a means to
order and transform matter, energy, and information to realize certain valued
ends.1 Technology is not a value. Its value depends on how we use it. Indeed,
technology is a utility tool like a device, system, or method that represents the
process to the good life. Technological processes have three components:
24
4—Morality, Technology and Value
25
inputs, an engine, and outputs. For technology to be novel and useful to us as
a utility, the engine must be new and the outputs must have value to us. We
derive usefulness out of this utility based on the quality of that value in relation
to our value system. If the outputs of the processes have relevancy and contribute to the knowledge base that we routinely use to create other utilities
that ease our lives, then, the new technology has value. Otherwise, it is not a
good technology. We have seen and probably used many technologies that we
judge to be of no use to us.
What we call good and bad technologies are scaled on our value system.
If the process outputs are judged as having contributed to good knowledge in
our value system (moral values), then that technology is judged good and useful. We have seen many such technologies. However, we have also seen a myriad
of technologies that come nowhere near our value systems. These we call bad
technologies. So all judgments of technology are based on a set of value standards, our moral values.
There are many who will disagree with me in the way I define value, as
it is derived from technology. In fact, some argue that this value is subjective.
Others define it as objective. Many say it is intrinsic yet others call it instrumental. We are saying that this value is personal, hence, moral. In the end,
when we use technology, the value we derive from the technology and the
value we use in decision making while using the technology is based on one’s
beliefs and moral value system. This value scaling problem in the use of technology haunts all of us in the day-to-day use of technology and even more so
in decision making.
Moral Dilemmas, Decision Making,
and Technology
Dilemmas in decision making are quite common in our everyday activities. The process of decision making is complex: It resembles a mathematical
mapping of input parameters into output decisions. The input parameters in
the decision-making process are premises. Each premise has an attached value.
The mapping uses these values along with the premises to create an output,
which is the decision. For example, if I have to make the decision whether to
walk to church or take the car, the set of premises might include time, parking,
exercise, and gas. If I take the car, the values attached to the premises are saving
time, needing a parking space, not getting any exercise, and buying gas. However, if I decide to walk, my decision might be based on another set of premises
like: Walking to church one day a week is good exercise, and I will save money
by not buying gas. The mapping function takes these premises together with
26
Computer Network Security and Cyber Ethics
the values and outputs a “logical” decision. Dilemmas in decision making are
caused by one questioning the values attached to one’s premises as inputs to
the decision being made. One’s scaling of values to the inputs may be influenced
by a number of factors such as advances in technology and incomplete or misleading information.
Advances in Technology
Dilemmas are usually caused by advances in technology. Computer technology in particular has created more muddles in the decision-making process
than in any other technology. Advances in computer technology create a multitude of possibilities that never existed before. Such possibilities present professionals with myriad temptations.2
Incomplete or Misleading Information
Not having all the information one needs before making a decision can
be problematic. Consider the famous prisoners’ dilemma. Two people are
caught committing a crime, and they are taken to different interrogation rooms
before they have a chance to coordinate their stories. During the interrogation,
each prisoner is told that the other prisoner has agreed to plead guilty on all
charges. Authorities inform each prisoner that agreeing to plead guilty on all
charges as the other prisoner has done will bring him or her a reduced sentence.
Rejecting the plea will mean that the prisoner refuses to cooperate with the
investigation and may result in he or she receiving the maximum punishment.
Each prisoner has four recourses:
(i) plead guilty without the friend pleading guilty, which means deserting
a friend;
(ii) refuse to plead guilty while the friend pleads guilty, which means
betrayal and probably a maximum sentence;
(iii) plead guilty while the friend pleads guilty, which means light sentences
for both of them; or
(iv) both refuse to plead guilty and each receives either a light sentence or
a maximum sentence.
Whichever option the prisoners take is risky because they do not have
enough information to enable them to make a wise decision. There are similar
situations in professional life when a decision has to be made quickly and not
enough information is available. In such a situation, the professional must take
extra care to weigh all possibilities in the input set of premises with their corresponding values.
4—Morality, Technology and Value
27
Making Good Use of Technology
How can we use technology in a nondestructive way to advance human
society? Technology has placed at our disposal a multitude of possibilities,
many of which we never had before, that are shrouding our daily value-based
decision making in confusion and doubt. Doubt of our own value system, the
system we grew up with. Doubts are created because gaps in reasoning between
right and wrong has been muddled up because of the many possibilities, many
of which are new and we are no longer sure! An appropriate response to this
confusion of reasoning is multifaceted and may include the following solutions:
• Formulate new laws to strengthen our basic set of values, which are
being rendered irrelevant by technology.
• Construct a new moral and ethical conceptual framework in which
the new laws can be applied successfully.
• Launch a massive education campaign to make society aware of the
changing environment and the impact such an environment is having
on our basic values.
Nations and communities must have a regulated technology policy. Technology without a policy is dangerous technology. We are not calling for a burdensome policy. We are calling for a guided technology policy that is based
on a basket of values. In formulating a policy like this, societies must be guided
by the critical needs of their society based on a sound value system. Scientists
and researchers must also be guided by a system of values.
Strengthening the Legal System
In many countries and local governing systems, technology has outpaced
the legal system. Many laws on the books are in serious need of review and
revision. Lawyers and judges seriously need retraining to cope with the new
realities of information technology and its rapidly changing landscape. Legal
books and statutes need to be updated. The technology in many courtrooms
in many countries needs to be updated in order to handle the new breed of
criminal.
Updating the legal system to meet new technology demands cannot be
done overnight. It is complex. It needs a training component that will involve
judges, lawyers, court clerks, and every other personnel of the court. It also
needs an implementation component that involves acquiring the new technologies for the courtrooms. This will involve software and hardware and the
28
Computer Network Security and Cyber Ethics
training of the people to use such facilities. Lastly, and probably the most difficult, is the legislative component. A thorough review of current law is needed
to update the relevant laws and to draw up new ones to meet current needs.
Also, since technology is stretching the legal garment and constantly causing
tears in the seams, there is a need for a policy to allow quick and effective reaction to new technologies so relevant and needed laws are created quickly.
A New Conceptual Moral Framework
New technologies in communication have resulted in demographical
tidal waves for the global societies. Only primitive societies (which themselves
are disappearing) have not been touched. The movement of people and goods
between nations and societies and the Internet are slowly creating a new global
society with serious social and moral characteristics. With this new society, however, no corresponding moral and ethical framework has been created. This
has resulted in a rise in crime in the new nonmonolithic societies. The future
of monolithic societies is uncertain because of the rapid globalization of cultures and languages. This globalization, along with the plummeting prices of
computers and other Internet-accessing devices, had ignited a growing realization and fear, especially among religious and civic leaders, moralists, and parents,
that society is becoming morally loose and citizens are forgetting what it is to
be human. Of immediate concern to these groups and many others is that a
common morality is needed. However, they also realize that morality is not easily
definable. As societies become diverse, the need for a common moral framework as a standard for preserving decency and effectively reversing the trend
of skyrocketing moral decadence and combating crimes becomes most urgent.
Moral and Ethics Education
It is not easy to teach morality. In many countries this has been accomplished through the teaching of character. Character education in public
schools has raised many controversies between civil libertarians and the religious right. Each believes they have a God-given right to character education.
So while it is good to teach, we will focus on ethics education for now. Ethics
education can take many forms. We will discuss formal education and advocacy.
Formal Education
The formal education of ethics should start in elementary schools. As
students are introduced to information technology in elementary school, they
4—Morality, Technology and Value
29
should be told not to use machines to destroy other people’s property or to
hurt others. This should be explained in age-appropriate language. For example, children should be taught to use computers and the Internet responsibly.
They should be told not to visit certain Web pages, to avoid getting involved
in relationships online, not to give out personal or family information online,
and not to arrange to meet anyone offline. In addition, they should be told to
respect the work and property of others whether they are online or off. There
are already reported cases of children as young as 14 years old breaking into
computer systems and destroying records. In fact, many of the computer network attacks and a good number of the headline-making computer attacks
have been perpetrated by young people, sometimes as young as ten years old.
For example, in a certain county in Tennessee, several ninth graders broke into
their school’s computer system and infected it with a virus that wiped out
most of the school’s records. It is believed the students got the virus off the
Internet.3 The educational content must be relevant and sensitive to different
age groups and professionals.
As students go through high school, content should become progressively
more sophisticated. The message on the responsible use of computers should
be stressed more. The teen years are years of curiosity and discovery and a lot
of young people find themselves spending long hours on computers. Those
long hours should be spent responsibly. While a good portion of the message
should come from parents, schools should also play a part by offering courses
in responsible use of computers. The teaching should focus on ethics; students
should be given reasons why they should not create and distribute viruses,
download copyrighted materials off the Internet, or use the Internet to send
bad messages to others. These are ethical reasons that go beyond the “do it
and you will be expelled from school” type of threats.
In college, of course, the message should be more direct. There are several
approaches to deliver the message:
• Students take formal courses in professional ethics in a number of professional programs in their respective colleges.
• Instead of taking formal ethics courses, students are taught the information sprinkled throughout their courses, either in general education
or in their major.
• Include an ethics course in the general education requirements or add
ethics content to an existing course. For example, many colleges now
require computer literacy as a graduation requirement. Adding ethics
content to the already required class is an option.
• Require a one-hour online information ethics course.
30
Computer Network Security and Cyber Ethics
Once students join the workplace environment, they should be required
to attend informal refresher courses, upgrading sessions, seminars, in-service
courses or short workshops periodically.
Advocacy
Advocacy is a mass education strategy which has been used for generations. Advocacy groups work with the public, corporations and governments
to enhance public education through awareness. A mass education campaign
involves distributing a message in magazines, and electronic publications, by
supporting public events and by communicating through the mass media like
television, radio, and now the Internet.
Advocacy is intended to make people part of the message. For example,
during the struggles for voting rights in the United States, women’s groups
and minorities designed and carried out massive advocacy campaigns that were
meant to involve all women who eventually became part of the movement.
Similarly, in the minority voting rights struggles, the goal was to involve all
minorities whose rights had been trampled. The purpose of advocacy is to
organize, build, and train so there is a permanent and vibrant structure people
can be a part of. By involving as many people as possible, including the
intended audience in the campaigns, the advocacy strategy brings awareness
which leads to more pressure on lawmakers and everyone else responsible. The
pressure brought about by mass awareness usually results in some form of
action, usually the desired action.
The expansion and growth of cyberspace has made fertile ground for
advocacy groups, because now they can reach virtually every society around
the globe. Advocacy groups rally their troops around issues of concern. So far,
online issues include individual privacy and security, better encryption standards and the blocking of pornographic materials and any other materials
deemed unsuitable or offensive to certain audiences. The list of issues grows
every day as cyberspace gets more exposure.
Not only is the list of issues getting longer, but the number of advocacy
groups is also getting larger as more groups form in reaction to new issues.
Renowned advocacy groups for moral issues include4:
• The Family Research Council (FRC) works to promote and defend
common morality through traditional family values in all media outlets. It develops and advocates legislative and public policy initiatives
that promote and strengthen family and traditional values, and it
established and maintains a database for family value research.
4—Morality, Technology and Value
31
• Enough Is Enough (EE) is dedicated to preserving common morality
in cyberspace through fighting pornography on the Internet.
• The Christian Coalition (CC) represents some Christian churches in
the United States. It works on legislative issues and on strengthening
families and family values.
Chapter 5
Cyberspace Infrastructure
LEARNING OBJECTIVES :
After reading this chapter, the reader should be able to:
• Describe the evolution of and types of computer networks.
• Understand networking fundamentals, including network services and
transmission media.
• Understand network software and hardware, including media access control, network topologies, and protocols, as well as connectivity hardware
for both local area and wide area networks.
• Understand how and why the computer network infrastructure is the
bedrock that enables and offers a medium of computer crimes
In his science-fiction novel Neuromancer, William Gibson first coined the
term “cyberspace” to describe his vision of a three-dimensional space of pure
information, moving between computer and computer clusters that make up
this vast landscape. This infrastructure, as envisioned by Gibson, links computers
as both computing and transmitting elements, people as generators and users of
information, and pure information moving at high speed between highly independent transmitting elements. The transmitting elements are linked by conducting media, and the information moving from the sourcing element to the
receiving element via intermediary transmitting elements is handled by software
rules called protocols. The cyberspace infrastructure, therefore, consists of hardware nodes as sourcing, transmitting, and receiving elements; software as protocols; humanware as users of information; and finally pure information that is
either in a state of rest at a node or a state of motion in the linking media.
Computer Communication Networks
A computer communication network system consists of hardware, software, and humanware. The hardware and software allow the humanware—
32
5—Cyberspace Infrastructure
33
the users—to create, exchange, and use information. The hardware consists
of a collection of nodes that include the end systems, commonly called hosts,
and intermediate switching elements that include hubs, bridges, routers and
gateways. We will collectively call all of these network or computing elements,
or sometimes without loss of generality, just network elements. The software,
all application programs and network protocols, synchronize and coordinate
the sharing and exchange of data among the network elements and the sharing
of expensive resources in the network. Network elements, network software,
and users, all work together so that individual users get to exchange messages
and share resources on other systems that are not readily available locally. The
network elements may be of diverse hardware technologies and the software
may be different, but the whole combo must work together in unison. This
concept that allows multiple, diverse underlying hardware technologies and
different software regimes to interconnect heterogeneous networks and bring
them to communicate is called internetworking technology. Internetworking
technology makes Gibson’s vision a reality; it makes possible the movement
and exchange of data and the sharing of resources among the network elements.
This is achieved through the low-level mechanisms provided by the network
elements and the high-level communication facilities provided by the software
running on the communicating elements. Let us see how this infrastructure
works by looking at the hardware and software components and how they
produce a working computer communication network. We will start with the
hardware components, consisting of network types and network topology.
Later, we will discuss the software components consisting of the transmission
control system.
Network Types
The connected computer network elements may be each independently
connected on the network or connected in small clusters, which are in turn
connected together to form bigger networks via connecting devices. The size
of the clusters determines the network type. There are, in general, two network
types: a local area network (LAN) and a wide area network (WAN). A LAN
consists of network elements in a small geographical area such as a building
floor, a building, or a few adjacent buildings. The advantage of a LAN is that
all network elements are close together so the communication links maintain
a higher speed data movement. Also, because of the proximity of the communicating elements, high-cost and quality communicating elements can be used
to deliver better service and higher reliability. Figure 5.1 shows a LAN network.
WANs cover large geographical areas. Some advantages of a WAN
34
Computer Network Security and Cyber Ethics
Figure 5.1 A LAN Network
include the ability to distribute services to a wider community and the availability of a wide array of both hardware and software resources that may not
be available in a LAN. However, because of the large geographical areas covered by WANs, communication media are slow and often unreliable. Figure
5.2 shows a WAN network.
Network Topology
WAN networks are typically found in two topologies: mesh and tree.
WANs using a mesh topology provide multiple access links between network
elements. The multiplicity of access links offers an advantage in network reliability because whenever a network element failure occurs, the network can
always find a bypass to the failed element and the network continues to function. Figure 5.3 shows a mesh network.
A WAN using a tree topology uses a hierarchical structure in which the
most predominant element is the root of the tree and all other elements in the
network share a child-parent relationship. The tree topology is a generalization
of the bus topology. As in ordinary trees, there are no closed loops, so dealing
with failures can be tricky, especially in deeply rooted trees. Transmission from
any element in the network propagates through the network and is received
by all elements in the network. Figure 5.4 shows a WAN using a tree topology.
Figure 5.2 A WAN Network
Figure 5.3 A Mesh Network
Figure 5.4 A Tree Topology
36
Computer Network Security and Cyber Ethics
A LAN can be a bus, a star, or a ring topology. Elements in a bus topology,
as seen in Figure 5.5, are on a shared bus and, therefore, have equal access to
all LAN resources. All network elements have full-duplex connections to the
transmitting medium which allow them to send and receive data. Because each
computing element is directly attached to the transmitting medium, a transmission from any one element propagates the whole length of the medium in
either direction and, therefore, can be received by all elements in the network.
Because of this, precautions need to be taken to make sure that transmissions
intended for one element can only be gotten by that element and no one else.
Figure 5.5 A Bus Topology
Also, if two or more elements try to transmit at the same time, there is a
mechanism to deal with the likely collision of signals and to bring a quick
recovery from such a collision. It is also necessary to create fairness in the network so that all other elements can transmit when they need to do so.
To improve efficiency in LANs that use a bus topology, only one element
in the network can have control of the bus at any one time. This requirement
prevents collisions from occurring in the network as elements in the network
try to seize the bus at the same time.
In a star topology setting, all elements in the network are connected to
a central element. However, elements are interconnected as pairs in a pointto-point manner through this central element, and communication between
any pair of elements must go through this central element. The central element,
or node, can operate either in a broadcast fashion, in which case information
from one element is broadcast to all connected elements, or it can transmit as
a switching device in which the incoming data are transmitted to only one
element, the nearest element en route to the destination. The biggest disad-
5—Cyberspace Infrastructure
37
Figure 5.6 A Star Topology
vantage to the star topology in networks is that the failure of the central element results in the failure of the entire network. Figure 5.6 shows a star topology.
In networks using a ring topology, each computing element is directly
connected to the transmitting medium via a unidirectional connection so that
information put on the transmission medium is able to reach all computing
elements in the network through a system of taking turns in sending information around the ring. Figure 5.7 shows a ring topology network. The taking
of turns in passing information is managed through a token system. An element
currently sending information has control of the token and it passes it downstream to its nearest neighbor after its turn. The token system is a good management system of collision and fairness.
There are variations of a ring topology collectively called hub hybrids.
They can be a combination of either a star with a bus as shown in Figure 5.8
or a stretched star as shown in Figure 5.9.
Although network topologies are important in LANs, the choice of a
topology depends on a number of other factors including the type of transmission medium, reliability of the network, the size of the network and the
38
Computer Network Security and Cyber Ethics
Figure 5.7 A Ring Topology
Figure 5.8 A Bus and Star Topology Hub
5—Cyberspace Infrastructure
39
Figure 5.9 A Token Ring Hub
anticipated future growth of the network. Recently, the most popular LAN
topologies have been the bus, star, and ring topologies. The most popular busand star-based LAN topology is the Ethernet and the most popular ring-based
LAN topology is the Token Ring.
Ethernet as a LAN technology started in the mid–1970s. Since then, it
has grown at a rapid rate to capture a far larger LAN technology market share
than its rivals, which include Asynchronous Transfer Mode (ATM), Fiber Distributed Data Interface (FDDI), and Token Ring technologies. Its rapid
growth is partly historical. It has been on the market for the longest period
and it is simple. Many variations of Ethernet use either a bus or a star topology
and can run over any of the following transmission media: coaxial cable,
twisted pair, and optical fiber. We will discuss transmission media in the coming sections.
Ethernet can transmit data at different speeds, varying from a few Mbps
to higher numbers Gbps. The basic Ethernet transmission structure is a frame
and it is shown in Figure 5.10.
The source and destination fields contain six byte LAN addresses of the
form xx-xx-xx-xx-xx-xx, where X is a hexadecimal integer. The error detection
field is four bytes of bits used for error detection, usually using Cyclic Redundancy Check (CRC) algorithm, in which the source and destination elements
synchronize the values of these bits.
Ethernet LANs broadcast data to all network elements. Because of this,
Ethernet uses a collision and fairness control protocol commonly known as
Carrier Sense Multiple Access (CSMA) and Collision Detection (CD), combined
40
Computer Network Security and Cyber Ethics
Figure 5.10 Ethernet Frame Data Structure
as CSMA/CD. CSMA/CD makes sure that an element never transmits a data
frame when it senses that some other element on the network is transmitting.
Table 5.1 Popular Ethernet Technologies
Technology
10Base2
10Base-T
100Base-T
Gigabit
Transmission medium
Coaxial
Twisted
Copper wire
Optical fiber
Topology
Bus
Star
Star
Star
Speed
10Mbps
10Mbps
100Mbps
Gigabps
In this case it is carrier sensitive. If an element detects another element
on the network transmitting, the detecting element immediately aborts its
efforts. It then tries to retransmit later after a random amount of time. Table
5.1 shows some popular Ethernet technologies.
Token Ring LAN technology is based on a token concept which involves
passing the token around the network so that all network elements have equal
access to it. The token concept is very similar to a worshipping house collection
basket. If and when an attendee wants to donate money during the service,
they wait until the basket makes its way to where they are sitting. At that point
the donor grabs the basket and puts in money. Precisely, when the network
element wants to transmit, it waits for the token on the ring to make its way
to the element’s connection point on the ring. When the token arrives at this
point, the element grabs it and changes one bit of the token, which becomes
the start bit in the data frame the element will be transmitting. The element
then inserts data and releases the payload onto the ring. It then waits for the
token to make a round and come back. Upon return, the element withdraws
the token and a new token is put on the ring for another network element
that may need to transmit.
Because of its round-robin nature, the Token Ring technique gives each
network element a fair chance of transmitting if it wants to. However, if the
token ever gets lost, the network business halts. Figure 5.11 shows the structure
of a Token Ring data frame.
Like Ethernet, Token Ring has a variety of technologies based on transmission rates. Table 5.2 shows some of these topologies.1
5—Cyberspace Infrastructure
41
Figure 5.11 Token Ring Data Frame
Rival LAN technologies such as FDDI uses a Token Ring scheme with
many similarities to the original Token Ring technology. ATM transports realtime voice and video, text, e-mail, and graphic data and offers a full array of
network services that make it a rival of the Internet network.
Table 5.2 Token Ring Topologies
Technology
1
2
3
4
Transmission medium
Twisted pair
Twisted
Twisted pair
Optical fiber
Topology
Ring
Ring
Ring
Ring
Speed
4Mbps
16Mbps
100Mbps
100Mbps
Transmission Control Systems
The performance of a network type depends greatly on the transmission
control system (TCS) the network uses. Network transmission control systems
have five components: transmission technology, transmission media, connecting devices, communication services, and transmission protocols.
Transmission Technology
Data movement in a computer network is either analog or digital. In an
analog format, data is sent as continuous electromagnetic waves on an interval
representing things like voice and video. In a digital format, data is sent as a
digital signal, a sequence of voltage pulses which can be represented as a stream
of binary bits. Transmission itself is the propagation and processing of data
signals between network elements. The concept of representation of data for
transmission, either as an analog or a digital signal, is called an encoding scheme.
Encoded data is then transmitted over a suitable transmission medium that
connects all network elements. There are two encoding schemes: analog and
digital. Analog encoding propagates analog signals representing analog data.
Digital encoding, on the other hand, propagates digital signals representing
either an analog or a digital signal representing digital data of binary streams.
Because our interest in this book is in digital networks, we will focus on the
encoding of digital data.
42
Computer Network Security and Cyber Ethics
In an analog encoding of digital data, the encoding scheme uses a continuous oscillating wave, usually a sine wave, with a constant frequency signal
called a carrier signal. Carrier signals have three characteristics: amplitude,
frequency, and phase shift. The scheme then uses a modem, a modulationdemodulation pair to modulate and demodulate any one of the three carrier
characteristics. Figure 5.12 shows the three carrier characteristic modulations.2
Amplitude modulation represents each binary value by a different amplitude
of the carrier frequency. For example, as Figure 5.12 (a) shows, the absence of
a low carrier frequency may be represented by a 0 and any other frequency
then represents a 1. Frequency modulation also represents the two binary values by two different frequencies close to the frequency of the underlying carrier.
Higher frequency represents a 1 and low frequency then represents a 0. Frequency modulation is represented in Figure 5.12 (b). Phase shift modulation
changes the timing of the carrier wave, shifting the carrier phase to encode the
data. One type of shifting may represent a 0 and another type a 1. For example,
as Figure 5.12 (c) shows, a 0 may represent a forward shift and a 1 may represent
a backward shift.
Figure 5.12 Carrier Characteristic Modulations
5—Cyberspace Infrastructure
43
Quite often during transmission of data over a network medium, the volume of transmitted data may far exceed the capacity of the medium. When
this happens, it may be possible to make multiple signal carriers share a transmission medium. This is referred to as multiplexing. There are two ways multiplexing can be achieved: time-division multiplexing (TDM) and frequencydivision multiplexing (FDM).
The second encoding scheme is the digital encoding of digital data.
Before information is transmitted, it is converted into bits (zeros and ones).
The bits are then sent to a receiver as electrical or optical signals. The scheme
uses two different voltages to represent the two binary states (digits). For
example, a negative voltage may be used to represent a 1 and a positive voltage
to represent a 0. Figure 5.13 shows the encoding of digital data using this
scheme.
To ensure a uniform standard for using electrical signals to represent data,
the Electrical Industries Association (EIA) developed a standard widely known
as RS-232. RS-232 is a serial, asynchronous communication standard: serial,
because during transmission, bits follow one another, and asynchronous,
because it is irregular in the transfer rate of data bits. The bits are put in the
form of a packet and the packets are transmitted. RS-232 works in full duplex
between the two transmitting elements. This means that the two elements can
both send and receive data simultaneously. RS-232 has a number of limitations
including the idealizing of voltages, which never exists, and limits on both
bandwidth and distances.
Figure 5.13 Encoding Electrical Signal and Showing of Zeros and Ones
44
Computer Network Security and Cyber Ethics
Transmission Media
The transmission medium is the physical medium between network elements. The characteristic quality, dependability, and overall performance of
a network depends heavily on its transmission medium. Transmission medium
determines a network’s key criteria, the distance covered, and the transmission
rate. Computer network transmission media fall into two categories: wired
and wireless transmission.3
Wired transmission consists of different types of physical media. A very
common medium, for example, is optical fiber, a small medium made up of
glass and plastics that conducts an optical ray. As shown in Figure 5.14 (b), a
simple optical fiber has a central core made up of thin fibers of glass or plastics.
The fibers are protected by a glass or plastic coating called a cladding. The
cladding, though made up of the same materials as the core, has different properties that give it the capacity to reflect back to the core rays that tangentially
hit on it. The cladding itself is encased in a plastic jacket. The jacket is meant
to protect the inner fiber from external abuses like bending and abrasions.
The transmitted light is emitted at the source either from a light emitting
diode (LED) or an injection laser diode (ILD). At the receiving end, the emitted rays are received by a photo detector.
Figure 5.14 Types of Physical Media
5—Cyberspace Infrastructure
45
Another physical medium is the twisted pair, two insulated copper wires
wrapped around each other forming frequent and numerous twists. Together,
the twisted, insulated copper wires act as a full-duplex communication link. To
increase the capacity of the transmitting medium, more than one pair of the twisted
wires may be bundled together in a protective coating. Twisted pairs are far less
expensive than optical fibers, and indeed other media, and they are, therefore,
widely used in telephone and computer networks. However, they are limited in
transmission rate, distance, and bandwidth. Figure 5.14 (c) shows a twisted pair.
Coaxial cables are dual conductor cables with an inner conductor in the
core of the cable protected by an insulation layer and the outer conductor surrounding the insulation. The outer conductor is itself protected by yet another
outer coating called the sheath. Figure 5.14 (a) shows a coaxial cable. Coaxial
cables are commonly used in television transmissions. Unlike twisted pairs,
coaxial cables can be used over long distances.
A traditional medium for wired communication are copper wires, which
have been used in communication because of their low resistance to electrical
currents which allow signals to travel even further. But copper wires suffer
from interference from electromagnetic energy in the environment, including
from themselves. Because of this, copper wires are insulated.
Wireless communication involves basic media like radio wave communication, satellite communication, laser beam, microwave, and infrared.4 Radio,
of course, is familiar to us all as radio broadcasting. Networks using radio communications use electromagnetic radio waves or radio frequencies commonly
referred to as RF transmissions. RF transmissions are very good for long distances when combined with satellites to refract the radio waves.
Microwave, infrared, and laser are other communication types that can
be used in computer networks. Microwaves are a higher frequency version of
radio waves but whose transmissions, unlike radio, can be focused in a single
direction. Infrared is best used effectively in a small confined area, for example,
in a room as you use your television remote, which uses infrared signals. Laser
light transmissions can be used to carry data through air and optical fibers,
but like microwaves, they must be refracted when used over large distances.
Cell-based communication technology of cellular telephones and personal communication devices are boosting this wireless communication. Wireless communication is also being boosted by the development in broadband
multimedia services that use satellite communication.
Connecting Devices
Computing elements in either LAN or WAN clusters are brought
together by and can communicate through connecting devices commonly
46
Computer Network Security and Cyber Ethics
referred to as network nodes. Nodes in a network are either at the ends as end
systems, commonly known as clients, or in the middle of the network as transmitting elements. Among the most common connecting devices are: hubs,
bridges, switches, routers, and gateways. Let us briefly look at each one of these
devices.
A hub is the simplest in the family of network connecting devices because
it connects LAN components with identical protocols. It takes in imports and
retransmits them verbatim. It can be used to switch both digital and analog
data. In each node, presetting must be done to prepare for the formatting of
the incoming data. For example, if the incoming data is in digital format, the
hub must pass it on as packets; however, if the incoming data is analog, then
the hub passes it on in a signal form. There are two
types of hubs: simple and
multiple port. Figure 5.15
shows both types of hubs in
a LAN.
Bridges are like hubs in
every respect including the
fact that they connect LAN
components with identical
protocols. However, bridges
filter incoming data packets, known as frames, for
addresses before they are forwarded. As it filters the data
packets, the bridge makes no
modifications to the format
or content of the incoming
data. A bridge filters frames
to determine whether a
frame should be forwarded
or dropped. It works like a
postal sorting machine
which checks the mail for
complete postal addresses
and drops a piece of mail if
the address is incomplete or
illegible. The bridge filters
and forwards frames on the
Figure 5.15 Types of Hubs in a LAN
network with the help of a
5—Cyberspace Infrastructure
47
dynamic bridge table. The bridge table, which is initially empty, maintains
the LAN addresses for each computer in the LAN and the addresses of each
bridge interface that connects the LAN to other LANs. Bridges, like hubs,
can be either simple or multiple port. Figure 5.16 shows the position of a simple
bridge in a network cluster. Figure 5.17 shows a multiple port bridge.
Figure 5.16 A Simple Bridge
Figure 5.17 A Multiple Port Bridge
48
Computer Network Security and Cyber Ethics
Figure 5.18 LAN with Two Interfaces
LAN addresses on each frame in the bridge table are of the form cc-cccc-cc-cc-cc-cc-cc, where cc are hexadecimal integers. Each LAN address in the
cluster uniquely connects a computer on a bridge. LAN addresses for each
machine in a cluster are actually network identification card (NIC) numbers
that are unique for every network card ever manufactured. The bridge table,
which initially is empty, has a turnaround time slice of n seconds, and node
addresses and their corresponding interfaces enter and leave the table after n
seconds.5 For example, suppose in Figure 5.18 we begin with an empty bridge
table and node A in cluster 1 with the address A0-15-7A-ES-15-00 sending a
frame to the bridge via interface 1 at time 00:50. This address becomes the
first entry in the bridge table, Table 5.3, and it will be purged from the table
after n seconds. The bridge uses these node addresses in the table to filter and
then forwards LAN frames onto the rest of the network.
Switches are newer network intercommunication devices that are nothing
more than high-performance bridges. Besides providing high performance,
switches accommodate a high number of interfaces. They can, therefore, interconnect a relatively high number of hosts and clusters. Like their cousins the
bridges, the switches filter and then forward frames.
Routers are general purpose devices that interconnect two or more heterogeneous networks. They are usually dedicated to special purposes computers with separate input and output interfaces for each connected network.
Each network addresses the router as a member computer in that network.
Because routers and gateways are the backbone of large computer networks
5—Cyberspace Infrastructure
49
Table 5.3 Changes in the Bridge Table
Address
A0-14-7A-ES-15-08
Interface
1
Time
00:50
like the Internet, they have special features that give them the flexibility and
the ability to cope with varying network addressing schemes and frame sizes
through segmentation of big packets into smaller sizes that fit the new network
components. They can also cope with both software and hardware interfaces
and are very reliable. Since each router can connect two or more heterogeneous
networks, each router is a member of each network it connects to. It, therefore,
has a network host address for that network and an interface address for each
network it is connected to. Because of this rather strange characteristic, each
router interface has its own Address Resolution Protocol (ARP) module, its
own LAN address (network card address), and its own Internet Protocol (IP)
address.
The router, with the use of a router table, has some knowledge of possible
routes a packet could take from its source to its destination. The routing table,
like in the bridge and switch, grows dynamically as activities in the network
develop. Upon receipt of a packet, the router removes the packet headers and
trailers and analyzes the IP header by determining the source and destination
addresses, data type, and noting the arrival time. It also updates the router
table with new addresses if not already in the table. The IP header and arrival
time information is entered in the routing table. Let us explain the working
of a router by using Figure 5.19.
Figure 5.19 Routers in Action
50
Computer Network Security and Cyber Ethics
In Figure 5.19, suppose Host A tries to send a packet to Host B. Host A
is in network 1 and host B is in network 2. Both Host A and Host B have two
addresses, the LAN (host) address and the IP address. Notice also that the
router has two network interfaces: Interface1 for LAN1 and Interface2 for
LAN2 (for the connection to a bigger network like the Internet). Each interface has a LAN (host) address for the network the interface connects on and
a corresponding IP address. As we will see later in this chapter, Host A sends
a packet to Router 1 at time 10:01 that includes, among other things, both its
addresses, message type, and destination IP address of Host B. The packet is
received at Interface1 of the router; the router reads the packet and builds
row 1 of the routing table.
The router notices that the packet is to go to network 193.55.1.***, where
*** are digits 0–9, and it has knowledge that this network is connected on
Interface2. It forwards the packet to Interface2. Now Interface2 with its own
ARP may know Host B. If it does, then it forwards the packet on and updates
the routing table with inclusion of row 2. What happens when the ARP at the
router Interface1 cannot determine the next network? That is, if it has no
knowledge of the presence of network 193.55.1.***, then it will ask for help
from a gateway.
Gateways are more versatile devices that provide translation between networking technologies such as Open System Interconnection and Transmission
Control Protocol/Internet Protocol. (We will discuss these technologies
shortly.) Because of this, gateways connect two or more autonomous networks
each with its own routing algorithms, protocols, domain name service, and
network administration procedures and policies. Gateways perform all of the
functions of routers and more. In fact, a router with added translation functionality is a gateway. The function that does the translation between different
network technologies is called a protocol converter. Figure 5.20 shows the position of a gateway in a network.
Communication Services
Now that we have a network infrastructure in place, how do we get the
network transmitting elements to exchange data over the network? The communication control system provides services to meet specific network reliability and efficiency requirements. Two services are provided by most digital
networks: connectio...
Purchase answer to see full
attachment