-
Security for the Internet connection— The Internet connection, the physical method of connecting one or more of the computers on your internal network, must be protected from Internet attacks. This can be done using a combination of translation and firewall technologies.
-
Preferences and knowledge of installer— the network configuration is invariably influenced by the knowledge, experience, and personal preferences of the person installing the network components.
Internet and Networking Devices
Ethernet Hub
Source – ConceptDraw NetDiagrammer
Hubs work at the physical layer (Layer 1) of the OSI (Open System Interconnection) model. Using an Ethernet hub can connect multiple twisted pair or fiber optic Ethernet devices together, making them act as a single segment. The device is thus a form of multiport repeater. Ethernet hubs are also responsible for forwarding a jam signal to all ports if it detects a collision.
Hubs also often come with a BNC and/or AUI connector to allow connection to legacy 10BASE2 or 10BASE5 network segments. The availability of low-priced Ethernet switches has largely rendered hubs obsolete but they are still seen in older installations and more specialized applications...
Hubs are divided into the following categories,
Passive Hubs
Active Hubs
Intelligent Hubs
Ethernet Switch
Source – ConceptDraw NetDiagrammer
A network switch is a computer networking device that connects network segments.
A switch works at data link layer (Layer 2) of the OSI (Open Systems Interconnection) model. Network switches are capable of inspecting data packets as they are received, determining the source and destination device of that packet, and forwarding it appropriately. By delivering each message only to the connected device it was intended for, a network switch conserves network bandwidth and offers generally better performance than a hub.
Switches have two main uses which are segmenting networks to improve performance and connecting networks of different speeds. Low-end network switches appear nearly identical to network hubs, but a switch contains more "intelligence" (and a slightly higher price tag) than a network hub.
Workstation
Source – ConceptDraw NetDiagrammer
Workstations are intended primarily to be used by one person at a time, although they can usually also be accessed remotely by other users when necessary. A workstation is a client. It’s a standalone computer has a processor and system and application software.
Workstations usually offer higher performance than is normally seen on a personal computer, especially with respect to graphics, processing power, memory capacity and multitasking ability.
Normally workstations are optimized for displaying and manipulating complex data such as 3D mechanical design, engineering simulation results, and mathematical plots. Consoles usually consist of a high resolution display, a keyboard and a mouse at a minimum, but often support multiple displays and may often utilize a server level processor. For design and advanced visualization tasks, specialized input hardware such as graphics tablets or a SpaceBall can be used.
Workstations are designed and optimized for situations requiring considerable computing power, where they tend to remain usable while traditional personal computers quickly become unresponsive.
Network printer
Link -
Network printers, have built-in network interfaces (typically wireless or Ethernet), and can serve as a hardcopy device for any user on the network. Individual printers are often designed to support both local and network connected users at the same time.
A printer produces a hard copy (permanent human-readable text and/or graphics) of documents stored in electronic form, usually on physical print media such as paper or transparencies.
Network Fax
Link-
Network fax is a versatile fax solution that offers simple, yet comprehensive, document distribution capabilities. Documents can be transmitted to their destination either via fax or e-mail.
Fax is a telecommunications technology used to transfer copies (facsimiles) of documents, especially using affordable devices operating over the telephone network. The word telefax, short for telefacsimile, for "make a copy at a distance", is also used as a synonym. The device is also known as a telecopier in certain industries.
ADSL modem
Source – ConceptDraw NetDiagrammer
ADSL modem or DSL modem is a device used to connect a single computer or router to a DSL phone line, in order to use an ADSL service. The acronym NTBBA (network termination broad band adapter, network termination broad band access) is also common in various countries. Some ADSL modems also manage the connection and sharing of the ADSL service with a group of machines: in this case, the unit is termed a DSL router or residential gateway.
Asymmetric digital subscriber line transceiver or ATU-R, as the telephone companies call it, is a functional block inside every ADSL modem which actually performs modulation, demodulation and framing, while other functional blocks perform Asynchronous Transfer Mode Segmentation and Reassembly, IEEE 802.1D bridging and/or IP routing. Typical user interfaces are Ethernet and USB. Although an ADSL modem working as a bridge doesn't need an IP address, it may have one assigned for management purposes.
File server
Link-
A file server has disk storage allows different programs; running on other computers, to access the files and allows users to share files. Only one copy of an application software needs this copy can share among all users it will save the disk space. File servers do not need to be high-end but must have enough disk space to incorporate a large amount of data. File servers do not need to possess great power or super fast computer specifications.
In common parlance, the term file server refers specifically to a computer on which a user can map or mount a disk drive or directory so that the directory appears to be on the machine at which the user is sitting. Additionally, on this type of file server, the user can read or write a file as though it were part of the file system of the user's computer.
Files and directories on the remote computer are usually accessed using a particular protocol, such as WebDAV, SMB, CIFS, NFS, Appletalk or their mutations.
Proxy server
Source – ConceptDraw NetDiagrammer
In computer networks, a proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server provides the resource by connecting to the specified server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it would 'cache' the first request to the remote server, so it could save the information for later, and make everything as fast as possible.
A proxy server that passes all requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.
A proxy server can be placed in the user's local computer or at specific key points between the user and the destination servers or the Internet.
Internet & Network Vulnerabilities
Internet Vulnerabilities
Network Vulnerabilities
Network loopholes are in every network system. Network technology advances so rapidly that it can be very difficult to eradicate vulnerabilities altogether; the best one can hope for, in many cases, is simply to minimize them. Networks are vulnerable to slowdowns due to both internal and external factors. Internally, networks can be affected by overextension and bottlenecks, external threats, DoS/DDoS attacks, and network data interception. The execution of arbitrary commands can lead to system malfunction, slowed performance, and even failure. Indeed, total system failure is the largest threat caused by a compromised system-understanding possible vulnerability is critical for administrators.
Internal network vulnerabilities result from overextension of bandwidth (user needs exceeding total resources) and bottlenecks (user needs exceeding resources in specific network sectors). These problems can be addressed by network management systems and utilities such as traceroute, which allow administrators to pinpoint the location of network slowdowns. Traffic can then be rerouted within the network architecture to increase speed and functionality.
Security Measures & Counter Measures
Most security incidents occur because system administrators do not implement available countermeasures, and hackers or disgruntled employees exploit the oversight. Therefore, the issue is not just one of confirming that a technical vulnerability exists and finding a countermeasure that works, it is also critical to verify that the countermeasure is in place and working properly.
This is where the Security Wheel, a continuous process, is an effective approach. The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis.
To begin the Security Wheel process, first develop a security policy that enables the application of security measures. A security policy needs to accomplish the following tasks:
- Identify the security objectives of the organization.
- Document the resources to be protected.
- Identify the network infrastructure with current maps and inventories.
- Identify the critical resources that need to be protected, such as research and development, finance, and human resources.
After the security policy is developed, make it the hub upon which the four steps of the Security Wheel are based. The steps are secure, monitor, test, and improve.
Secure
Secure the network by applying the security policy and implementing the following security solutions:
- Authentication - Give access to authorized users only. One example of this is using one-time passwords.
- Firewalls - Filter network traffic to allow only valid traffic and services.
- Virtual Private Networks (VPNs) - Hide traffic content to prevent unwanted disclosure to unauthorized or malicious individuals.
- Vulnerability patching - Apply fixes or measures to stop the exploitation of known vulnerabilities. This includes turning off services that are not needed on every system. The fewer services that are enabled, the harder it is for hackers to gain access.
Monitor
Monitoring security involves both active and passive methods of detecting security violations. The most commonly used active method is to audit host-level log files. Most operating systems include auditing functionality. System administrators for every host on the network must turn these on and take the time to check and interpret the log file entries.
Passive methods include using intrusion detection or IDS devices to automatically detect intrusion. This method requires only a small number of network security administrators for monitoring. These systems can detect security violations in real time and can be configured to automatically respond before an intruder does any damage.
An added benefit of network monitoring is the verification that the security devices implemented in Step 1 of the Security Wheel have been configured and are working properly.
Test
In the testing phase of the Security Wheel, the security of the network is proactively tested . Specifically, the functionality of the security solutions implemented in Step 1 and the system auditing and intrusion detection methods implemented in Step 2 must be assured. Vulnerability scanning tools such as SATAN, Nessus, or NMAP are useful for periodically testing the network security measures.
Improve
The improvement phase of the Security Wheel involves analyzing the data collected during the monitoring and testing phases, and developing and implementing improvement mechanisms that feed into the security policy and the securing phase in Step 1. To keep a network as secure as possible, the cycle of the Security Wheel must be continually repeated, because new network vulnerabilities and risks are created every day.
With the information collected from the monitoring and testing phases, intrusion detection systems can be used to implement improvements to the security. The security policy should be adjusted as new security vulnerabilities and risks are discovered.
Tabulation of Costing
References