Computer Network

292 บทที่ 34. ความปลอดภัยของเน็ตเวิร์ค



34.8 สรุป



การรักษาความปลอดภัยถือเป็นอีกหนึ่งความจำเป็นในเน็ตเวิร์ค โดยเฉพาะอย่างยิ่งในองค์กรขนาดใหญ่ หากเกิด
การรั่วไหลของข้อมูลอาจทำให้สูญเสียข้อมูลอย่างมหาศาล ในบทนี้เราได้นำเสนอพื้นฐานของการรักษาความ
ปลอดภัย รวมไปถึงประเภทของการการโจมตีแบบต่างๆ ในอินเทอร์เน็ตการการโจมตีอาจเกิดขึ้นที่เลเยอร์แตก
ต่างกันไป อย่างไรก็ตามแม้ว่าเราจะมีโพรโตคอล หรือวิธีป้องการที่ดีอย่างไร หากผู้ใช้หรือผู้ดูแลระบบขาดความ
ความใส่ใจ ความปลอดภัยที่ต้องการก็ไม่อาจเกิดขึ้นได้



34.9 คำถามท้ายบท



1. การใช้บอกถึงข้อดีและข้อเสียของการใช้คีย์ขนาดใหญ่

2. การคุกคามเน็ตเวิร์คแบ่งออกได้เป็นกี่แบบอะไรบ้าง

3. การโจมตีเน็ตเวิร์คแบบแอ็กทิฟ สามารถทำได้กี่วิธี อะไรบ้าง book)


4. การรักษาความปลอดภัยสามารถทำได้ในเน็ตเวิร์คเลเยอร์ที่ต่างกัน จงอธิบายการรักษาความมั่นคงปลอดภัย
(partial
ใน Network Layer และ Transport Layer

5. อธิบายถึงความปลอดภัยที่เกิดขึ้นจาการใช้ไฟร์วอลล์


6. การใช้งาน VPN สามารถป้องกันระบบได้อย่างไร อธิบาย
only





KKU

34.9. คำถามท้ายบท 293



























book)







(partial









only





KKU











รูปที่ 34.13: security

book)







(partial









only





KKU

บรรณานุกรม







[1] Ying Loong Lee, Jonathan Loo, Teong Chee Chuah, Modeling and performance evaluation
of resource allocation for LTE femtocell networks, Modeling and Simulation of Computer
Networks and Systems, 2015.
book)
[2] Lee Chao, Cloud Computing Networking: Theory, Practice, and Development, CRC Press

Boca Raton, FL, 2016.

[3] https://dailymanna.blog/2019/05/13/from-1g-in-1980s-to-5g-in-2020-onwards/
(partial
[4] Grenville Armitage, Mark Claypool and Philip Branch, Networking and Online Games:
Understanding and Engineering Multiplayer Internet Games, John Wiley & Sons Inc, 2006.

[5] T. Berners-Lee, R. Cailliau, H. Nielsen, and A. Pecret, The World Wide Web, Comm, ACM, Aug.
1994, vol.37, no.8 pp.76-82


only Using Authenticated Encryption Algorithms with the
[6] RFC 5282, D. Black, D. McGrew,
Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol, August 2008.

[7] E.BryanCarne, AProfessional'sGuidetoDataCommuniationinaTCP/IPWorld, ArtectHouse,

2004. KKU

[8] Praphul Chandra, Daniel M. Dobkin, Alan Bensky, Ron Olexa, David A. Lide and Farid Dowla,
Wireless Networking, MA, USA, 2008.


[9] Chang, R. W. (1966). Synthesis of band-limited orthogonal signals for multi-channel data
transmission, Bell System Technical Journal 46, 1775-1796.


[10] H. Jonathan Chao and Bin Liu, High performance switches and routers, JohnWiley & Sons,
Inc, 2007.

[11] Mooi Choo Chuah, Qinqing Zhang, Design and Performance of 3G Wireless Networks and
Wireless LANs, Springer, USA, 2005.


[12] Cheung, Nim K.; Nosu Kiyoshi; Winzer, Gerhard, Dense Wavelength Division Multiplexing
Techniques for High Capacity and Multiple Access Communication Systems, IEEE Journal
on Selected Areas in Communications, Vol. 8 No. 6, August 1990.


[13] B. Davie and Y. Rekhter, MPLS: Technology and Applications, Morgan Kaufmann, 2000.

295

296 บรรณานุกรม



[14] Behrouz A. Forouzan, Sophia Chung Fegan, Data communications and networking ,
McGraw-Hill, 2007.

[15] Deering, S., Watching the Waist of the Protocol Hourglass, Presentation at IETF 51 Meeting,

London, England, August 2001.
www.iab.org/iab/DOCUMENTS/hourglass-london-ietf.pdf

[16] RFC2409, D. Harkins, D. Carrel, The Internet Key Exchange (IKE), November 1998.


[17] Gary A. Donahue, Network Warrior, O'Reilly , June 2007.

[18] Finenberg, V., A Practical Architecture for Implementing End­to­End QoS in an IP Network,
IEEE Communications Magazine, Jan. 2002, pp. 122–130.


[19] Fred Halsall, Data Communications, Computer Networks, and Open Systems,
Addison-Wesley Pub. Co, 1996. book)

[20] Ray Horak, Telecommunications and Data Communications Handbook, John Wiley & Sons,
(partial
Inc., Hoboken, New Jersey, 2007.

[21] Alberto Leon-Garcia, Indra Widjaja, Communication Networks: Fundamental Concepts and
Key Architectures, McGraw-Hill, 2001.


[22] Ran Giladi, Network Processors Architecture, Programming, and Implementation, Morgan
only
Kaufmann , CA, USA, 2008.

[23] Gerd Keiser, Local Area Networks 2 , McGraw-Hill Companies 2002. Reference Data for Radio
nd
Engineers , 4th ed. International Telephone and Telegraph Corporation, 1956.
KKU

[24] Srinivasan Keshav, An Engineering Approach to Computer Networking: ATM networks, the
internet, and the telephone network, Addison-Wesley, 1997.

[25] RFC 4306, C. Kaufman Internet Key Exchange (IKEv2) Protocol, December 2005.


[26] IEEE Standard 802.3u, Media Access Control (MAC) Parameters, Physical Layer, Medium
Attachment Units, and Repeater for 100 Mbps Operation, Type 100Bast­T, 1995.


[27] ITU-T Quality of telecommunication services: concepts, models, objectives and
dependability planning – Terms and definitions related to the quality of telecommunication
services, September 2008

[28] James F. Kurose and Keith W. Ross Computer Networking: A Top­Down Approach 4th ed.,

Pearson Education, 2008.

[29] Pete Loshin, Bin Liu, IPv6: Theory, Protocol, and Practice , Morgan Kaufmann, 2004.

[30] Daniel Menasce, Virgilio A. F. Almeida, Capacity Planning for Web Performance: Metrics,

Models, and Methods, Prentice-Hall, Inc, 1998.

บรรณานุกรม 297



[31] James D. McCabe, Network Analysis, Architecture, and Design Third Edition Morgan
Kaufmann , MA, USA, 2007.

[32] David McDysan and Darren Spohn, ATM Theory and Application, McGraw-Hill, 1998.


[33] Deepankar Medhi, Karthikeyan Ramasamy, Network Routing Algorithms, Protocols, and
Architectures, Morgan Kaufmann , CA, USA, 2007.


[34] Nader F. Mir, Computer and Communication Networks, Prentice Hall, 2006.

[35] Lydia Parziale et al, TCP/IP Tutorial and Technical Overview, International Business Machines
Corporation, December 2006.


[36] Laxman H. Sahasrabuddhe, Biswanath Mukherjee, Multicast Routing Algorithms and
book)
Protocols: A Tutorial, in IEEE Network, January/February 2000, pp.90-102.

[37] Sommer, J., Gunreben, S., Feller, F., Köhn, M., Mifdaoui, A., Saß, D., Scharf, J.: Ethernet: a

survey of its fields of application, IEEE Communications Surveys & Tutorials, Vol. 12, No.2,
(partial
2010, pp.263-284.

[38] John D. Spragins, Joseph L. Hammond and Krzysztof Pawlikoski, Telecommunications:
Protocols and Design, Addison-Wesley Pub. Co, 1992.


[39] C. E. Spurgeon, Ethernet: The Definitive Guide. O’Reilly Media, February 2000, vol. 1
only

[40] Williams Stallings, High­Speed Networks and Internets: Performance and Quality of Service
2nd, Prentice Hall, 2002.
KKU
[41] William Stallings, Wireless Communications & Networks 2 , Pearson Education, 2005.
nd

[42] William stallings, Cryptography and Network Security: Principles and Practice 5 ,
th
Prentice-Hall, Inc, 2010.

[43] Steve Steinke , Lesson 154: Network Delay and Signal Propagation. , Network Magazine ,
May 5, 2001.


[44] Andrew S. Tanenbaum, Computer Networks, Fourth Edition, Prentice Hall, 2003.


[45] Tilley, N. ; Reiher, P. ; Kleinrock, L., Host­to­Host Congestion Control for TCP Communications
Surveys and Tutorials, IEEE Volume: 12 , Issue: 3 Pp: 304 - 342.

[46] G. Xylomenos, G. C. Polyzos, P. Mahonen, and M. Saaranen, TCP Performance Issues over
Wireless Links, IEEE Communications Magazine, Vol. 39, No. 4, pp. 52-58, April 2001.


[47] N. Yeager and R. McCrath, Web Server Technology, San Francisco, CA: Margan Kaufman, 1996.

[48] Asynchronous Transfer Mode. Available from: http:// en.wikipedia.org/ wiki/

Asynchronous_Transfer_Mode#cite_note-6 (เมษายน 2558)

298 บรรณานุกรม



[49] http:// www.cisco.com/ en/ US/ prod/ collateral/ wireless/ ps7183/ ps469/
prod_white_paper0900aecd806a1a3e.html ( ตุลาคม 2555)

[50] http:// www.cisco.com/ en/ US/ tech/ tk648/ tk361/
technologies_tech_note09186a0080093f18.shtml (มกราคม 2556)


[51] http://th.wikipedia.org/wiki/สหภาพโทรคมนาคมระหว่างประเทศ (มกราคม 2556)











book)







(partial









only





KKU

บรรณานุกรม 299



























book)







(partial









only





KKU

book)







(partial









only





KKU

ดรรชนี







4D-PAM5, 25 Congestion Control Algorithms, 187
8B6T, 25 Connection-Oriented Networks, 127
Connectionless Networks, 126
Shannon channel capacity, 33
Core-Based Tree (CBT), 168

Address Resolution Protocol (ARP), 102 Count-to-infinity, ดู The Bellman-Ford-Moore
Algorithm
Addressing book)
Logical address, 9 Crosstalk, 31
Physical address, 9 Cryptography, 259
Port address, 9 Message Digest algorithm, 260
Specific address, 10 Public-key algorithms, 260

Advanced Encryption Standard (AES), 262 (partial Cyclic Redundancy Check (CRC), 69
Asynchronous Transmission, 51 Data Encrption Standard (DES), 261
Attenuation, 29 decibel, 29
Auto-negotiation, 100 Delay, 11
Availability, 256 only Designate Port, ดู Spanning Tree Protocol

KKU
Bandwidth, 10 Deterministic Access Methods, 73
Bandwidth efficiency, 32 Differential Manchester, 24
Block Coding, 25 Differentiated Services, 250
Bridges, 87 DS Domain, 252
DS Field, 250
Carrier Sense Multiple Access (CSMA), 77 Distance-VectorMulticastRoutingProtocol, 167
Carrier Sense Multiple Access with Collision Distortion, 30
Avoidance (CSMA/CA), 121 Distributed Inter-frame Space (DIFS), 121
Carrier Sense Multiple Access with Collision Domain Name System
Detection(CSMA/CD), 79 DNS Operation, 229
Channel Capacity, 31 Domain Name Space, 229

Checksum, 68 Domain Name System (DNS), 228
Circuit switching, 58 Dual Stack, 213
Classless Inter-Domain Routing (CIDR), 138 Dynamic Host Configuration Protocol, 140
Coaxial Cable, 42
Composite signal, 30 Electronic Mail (E-mail), 236
Confidentiality, 255 Encapsulating Security Payload (ESP), 270

Congestion avoidance, 189 Ethernet, 26, 82

301

302 ดรรชนี



Exponential Backoff algorithm, 80 Special use IP address, 134
Exposed Node Problem, 113 IPv4 Addresses, 132
IPv6, 139
Fast Recovery, 191 IPv6 Address Architecture, 204

Fast Retransmit, 190 IPv6 Extension Headers, 199
Fast-Ethernet, 27 Destination Options Header, 203
Fiber Optic, 43 Fragment Header, 201
FIFO, ดู Queueing Desciplines Hop-by-Hop Options, 203
File Transfer Protocol, 220 No Next Header, 203

Firewall, 271 Routing Header, 200
Application Layer Firewall, 272 Security Header, 201
Packet Filtering Firewall, 271 ISM bands, 108
Proxy, 272
Stateful Inspection Firewall, 272 Jitter, 12
Fixed Routing, 147 book)
Flooding, 148, 164 Leaky Bucket, 244

Forward Error Control, 67 Line Coding, 23
Free-Space Propagation, 109 Link Budget, 111
Frequency Division Multiple Access, 73 (partial Local Area Networks (LAN), 1
Frequency-Division Multiplexing (FDM), 54 Logical Link Control, 83


only
Gigabit-Ethernet, 28 Loss, 13
Go-Back-N ARQ, 64 Manchester, 24

Hidden Terminal Problem, 112 Maximum Transmission Unit, 131
Hub, 36 mBnL, 24
medium-depent interface (MDI), 83
ICMPv6, 210 KKU Message Digest Method, 264
Impulse noise, 30 Metropolitan Area Networks (MAN), 2
Induced noise, 30 MLT-3, 25
Integrity, 256 Multicast OSPF (MOSPF), 167

Intermodulation noise, 111 Multipath Propagation, 110
Internet, 3 Diffraction, 110
InternetControlMessageProtocol(ICMP),143 Reflection, 110
Internet Group Management Protocol (IGMP), Scattering, 110
165 Multipurpose Internet Mail Extensions (MIME),

Internet Message Access Protocol (IMAP), 238 237
Internet Protocol, 130
Intersymbol interference (ISI), 30 near-end crosstalk (NEXT), 31
IPSec, 268 Network Address Translation (NAT), 145
IPv4, 130 Network Interface Card, 35
Fragment Header, 131 Network Management, 232

Reserved IP addresses, 134 Management Information Base (MIB), 234

ดรรชนี 303



StructureofManagementInformation(SMI), Reverse Address Resolution Protocol (RARP),
233 105
Network Topology, 2 Reverse Path Multicast (RPM), 166
Noise, 111 Reverse-Path Broadcasting (RPB), 164

Nonreturn-to-Zero, 23 Reverse-Path Forwarding (RPF), 164
Normalized throughput, 76 Rivest-Shamir-Adleman (RSA), 262
Nyquist's Sampling Rate, 32 Root Bridge, ดู Spanning Tree Protocol
Nyquist's Sampling Theorem, 32 Root Port, ดู Spanning Tree Protocol
Round Robin, ดู Queueing Desciplines
Open Shortest Path First (OSPF), 160 Router, 39
Packets, 162 Routing Information Protocol (RIP), 156
OSI Model, 3 Message, 156
book)
routing table explosion, 138
Packet Switching, 59 RSVP Operation, 247
Path Cost, 93, ดู Spanning Tree Protocol Receiver-Based Reservation, 248

Personal Area Network (PAN), 1 Reservation Merging, 249
Physical Medium Attachment (PMA), 83 Reservation Style, 249
Polar NRZ, 23 RSVP Messages, 248
Polynomial Codes, 69 (partial Path Messages, 248
Port States, 94, ดู Spanning Tree Protocol Resv Messages, 248

Post Office Portocol (POP), 237
only
Pretty Good Privacy (PGP), 264 Secure Sockets Layer (SSL), 266
Priority Queue, ดู Queueing Desciplines Secure/Multipurpose Internet Mail Extension
Processing delay, 12 (S/MIME), 265
Propagation delay, 11 Security Attacks, 256
Protocol Independent Multicast (PIM), 168 Fabrication, 256

Pure ALOHA, 76 KKU Interception, 256
Interruption, 256

Queueing delay, 12 Modification, 256
Queueing Desciplines Selective Repeat ARQ, 63
FIFO, 241 Shannon's Law, 33
Priority Queue, 241 Signal Propagation, 108
Round Robin, 242 Signal Rate, 32

Weighted Fair Queueing, 242 Signl-to-Noise Ratio, 30
Queueing Disciplines, 241 Simple Mail Transport Protocol (SMTP), 237
SimpleNetworkManagementProtocol(SNMP),
Random Access Methods, 75 235
Resource Reservation, 244 Single parity check, 67
Integrated Services Architecture, 245 Slotted ALOHA, 77
ResourceReservationProtocol(RSVP),246 Slow Start, 188
Service Classes, 246 Socket, 218

Return-to-Zero, 24 Source Routing, 147

304 ดรรชนี



Spanning Tree Protocol, 89 Unipolar, 23
Bridge Protocol Data Units (BPDU), 89 User Datagram Protocol (UDP), 173
Designate Port, 94
Path Cost, 93 Variable-Length Subnetting, 137

Port States, 94 Virtual LAN (VLAN), 95
Root Bridge, 92 Tagging, 96
Root Port, 93 Virtual Private Networks, 273
Static Routing, 147 Remote access VPN, 273
Stop-and-wait ARQ, 61 Site-to-site VPN, 273
Subnetting, 135 VLAN Trunking Protocol (VTP)
Management Domain, 99
supernetting, 138
Switch, 38 VLAN Trunking Protocol (VTP) , 98
book)
Synchronous Transmission, 52 Wavelength-Division Multiplexing (WDM) , 55
Web Browser, 221
TCP Round Trip Time, 186 WeightedFairQueueing, ดูQueueingDesciplines

TCP Sliding Windows, 185 Wide Area Network (WAN), 2
Window Size, 186 WLAN Architecture, 120
TCP well-Known port, 175
The Bellman-Ford-Moore Algorithm, 149 (partial
Count-to-infinity, 153

Link Failure, 152
only
Split-Horizon, 154
Split-Horizon with Poison Reverse, 154
The TCP/IP Model, 7
Thermal noise, 30, 111
Three-way Handshaking,

Throughput, 11 KKU 177
Time Division Multiple Access, 74
Time Division Multiplexing (TDM), 55
Timeout, 186
Token Bucket, 244

Traffic Shaping, 243
Transmission delay, 12
Transmission Impairment, 29
Transparent Bridges, 87
Transport Control Protocol (TCP), 174
Tunneling, 213

Twisted-pair cable, 40
Two-Dimensional parity checks, 68
Types of Networks, 1


UDP well-Known port, 173