Transcript Networking/Internet Presentation - SIMS Inc.

Network & Internet Basics 101
SIMS 2003 Users Conference
by Steve Ryckman, SIMS Inc.
Email: [email protected]
Networking Overview
• Novell NetWare SFTIII is still the
recommended network for SIMS.
• SIMS “should” run on any network that
supports DOS/Windows workstations.
• Peer to peer networks are discouraged
for all but the smallest sites.
Novell NetWare is Dead
• Although Microsoft keeps spreading this
rumor, it is just that – a rumor.
• Novell has had some hard times, just
like any other company in the
technology sector, but they are on the
up-swing now.
NetWare SFTIII is Dead
• SFTIII and NetWare 4.2 are far from
dead. The current Novell product lifecycle chart shows products scheduled
for discontinuation through 2004 and
neither NetWare 4.2 or SFTIII are on it.
• Rumor is there will be a NetWare 4.2 or
4.3 with SFTIII released later this year.
IPX is slower than TCP/IP
• Another rumor, in fact the opposite is
true for applications like ours. TCP/IP
has a much smaller frame size making it
good for the internet that has a high loss
of packet ratio compared to in-house
networks. For networks like ours
though, IPX provides much better
throughput, almost twice as fast.
I need a GB or 10GB network
• False in a big way. Very few
environments will get any benefit from a
GB or 10GB network. Most 2ghz
computers still can only move about
130mb/s to a network card. It isn’t until
you go to server class machines with
multiple network cards that GB or 10GB
even becomes achievable.
Switches are better than Hubs
• True. Switches provide better collision
protection and less network chatter than
hubs. It is generally acknowledged that
a 10mb switch gets the same
throughput as a 100mb hub would.
• In an SFTIII environment this is even
more true because 18 times per second
the servers send packets to eachother.
.NET is the way of the future
• Microsoft marketing hype again. .NET
(pronounced DOT NET) is Microsoft’s
plan to take the client/server network
model onto the Internet to provide
“services”. This might be great if you
are running an on-line store, but it has
no place in a central station and gives
no benefit over current technologies that
are available from other vendors.
What is the Internet ?
• Just a real big network consisting of
millions of computers.
• It is NOT the “Web”. The “Web” and other
protocols run on the Internet.
• Has been in use since the late 60’s but
has only become popular since the
“Web” made it easy to navigate it.
• ArpaNet and MilNet were original
networks.
How big is it ?
• No one really knows.
• Thousands of servers, workstations and
other devices are connected to it each day.
• Email, Web Sites, Video feeds, Audio
streams, even alarm messages are all sent
across the Internet.
The Internet Collapse hype
• Collapse of Internet was supposed to
occur because of it’s massive growth.
• Minor routing glitches occasionally but no
massive failures like AOL or other much
smaller networks have experienced.
• ISP’s are spending millions setting up
redundant links and peering connections
with other ISP’s to ensure stability.
Is it safe ?
• Security risks are over-publicized but
they do occur, just like actual burglaries
vs the number of alarms received.
• Most corporate security violations are the
work of disgruntled/fired employees or of
completely unguarded networks.
• There is a real threat, SIMS receives five to
ten attempted security breaches a week.
Are you a target ?
YES
• Unfortunately any company in the
“security” industry is a little more of a
target than other small business.
• Any company is a target though, by
accident or intentionally.
Is it worth the risk ?
• Just like the Yellow Pages, the Internet
is a means of consumers to locate and
research the companies and products
they are interested in.
• Everything is on-line, job ads, alarm
distributors, even BBB records you can
use to research other companies before
you do business with them.
Will I make millions from it ?
• Putting your company on the internet
isn’t a guarantee of success, but it is
one more tool you and your customers
can use to mutual benefit.
• It’s for you to use as a business
resource, not just for sales.
• Program updates from SIMS, anti-virus
vendors and operating system vendors.
It’s too difficult to use/setup !
• Most ISP’s offer DSL service that
includes basic firewall protection in the
router.
• KISS – Keep It Simple to start and as your
company relies on it more, go to the next
level.
• Use outsourcing for email, your web site
and so forth until you have the technical
talent in your company to bring it in-house.
What type of connection ?
• Non-dedicated connection (dial-up).
• Good for just checking email and surfing the web
by your employees.
• Digital Subscriber Line (DSL)
• Always on connectivity using standard telephone
wiring.
• Faster than dial-up, but not a dedicated circuit and
doesn’t have same service level agreements
typically. Can host a web/email server with
DSL circuits from most ISP’s.
What type of connection ?
• Digital Subscriber Line (DSL continued)….
• Asynchronous DSL (ADSL) has a different speed
in one direction (typically faster download) than
upload speed. Good for surfing the web but not
for hosting servers.
• Synchronous DSL (SDSL) has the same speed
downloading as it does for uploading. Can be
used to host servers in your office if ISP allows it.
What type of connection ?
• Dedicated Circuits (T1, T3, etc).
• Use a dedicated circuit qualified for data only,
usually is much “cleaner” than typical voice lines.
Circuit is tagged as a data circuit in phone drop
boxes and switching centers.
• Most have service level agreements certifying the
number of dropped packets, error rate and so forth
which are acceptable, unlike DSL circuits which
are only required to meet voice-grade spec’s.
How does it connect ?
• Most ISP’s offer plans which for a monthly fee
will include a router. In my opinion it’s best to
lease the router from them until you learn
more about what you are doing and are
comfortable configuring the router yourself.
• Leasing the router avoids any finger pointing if you
have problems getting circuit operational since
they supplied it.
• Leasing the router doesn’t lock you into buying a
router until you are sure the circuit will meet your
needs for the long term.
But HOW does it connect ?
• Most routers have a standard Ethernet
connection just like workstations.
• Plug it in to your network hub/switch.
• Make sure your router has firewall/filtering built
into it or you possibly expose your network.
• Purchase a firewall and place it between
the internet router and your network.
What is the best circuit ?
• The “best” is in the eye of the beholder.
If you just need to surf the web and
check email, a dialup connection might
be the best solution. If you want to do
constant updates to your web site, do
video streaming, receive alarm
messages over the net, etc…. Then a
dedicated connection is needed.
What does SIMS use ?
• SIMS currently uses a flexible T1 from
UUNet. We pay for a 768kb connection but
can actually use the full 1.5mb range of the
T1 for short “bursts” where our traffic exceeds
our capacity.
• We have a Cisco 1720 router which we
purchased from UUNet.
• Previously we had a 768k SDSL connection
but almost weekly had connectivity issues.
SIMS: How much data ?
• Although we pay for 768kb connection,
we seldom use that much capacity.
Even with our mail servers, web
servers, name servers and our
workstations, we normally use an
average of 400kb. About three times a
month we go beyond our 768 limit when
many customers are downloading
program updates at the same time.
SIMS: Security precautions
• We use a firewall method called De-
Marcation Zoning (DMZ) whereby the
firewall has two “zones”.
• The DMZ “zone” contains all servers that
need to be accessed by the outside world.
• The LAN “zone” connects to the in-house
switch to provide outbound access for
SIMS workstations.
SIMS: Security continued…
• DMZ pro’s and con’s……
• Requires “public” servers by physically
isolated from internal servers, thus
requiring more computers, more cabling
and more advanced configuration.
• Provides an extra level of protection as
even if public servers are compromised,
the in-house network is not.
SIMS: How many servers ?
• We have five servers dedicated to
internet functions.
• Three of these servers share the load of
our web sites, email and name server
functions.
• One server is dedicated to the demo
SIMSWeb site.
• One server is dedicated to the Customer
Access (BBS) portion of our web site.
SIMS: Monitoring / Alerting ?
• Firewall instant messages my cell
phone to any known attacks.
• Custom written filters watch for
suspicious traffic and notify if trigger
levels are reached.
• All incoming and outgoing email is virus
scanned and scanned for other content
not desired.
SIMS: Pre-Emptive Measures…
• All traffic is logged and any traffic not deemed
“normal” is emailed for review.
• Several “Honeypot” services are run which
look like vulnerable systems (ftp servers with
no passwords, etc). Any attacks on these are
stealthily logged and the IP address is
automatically blocked from accessing ALL
SIMS servers for two hours.
SIMS: Paranoid or Cautious ?
• Every week we receive between five and ten
“attacks” against our servers.
• Most are scripts run from other violated servers on
the internet looking for new sites to attack.
• About once a year a full fledged attack against
multiple servers at SIMS occurs.
• The SIMS network has never been compromised,
at worst we shut down our Internet connection for
a couple of hours to eliminate the targets of the
attack. It’s not any fun to attack servers that aren’t
on-line any longer.
Why are sites attacked ?
• “Script Kiddies” trying to prove their ability to
compromise systems to their friends. Targets
are chosen based on the publicity they would
receive or because they know the target site.
• Retaliation for past “wrongs”. Current or exemployees trying to get even or access
documents/files they feel entitled to.
• Directed Attacks against competitors or other
companies for the purpose of humiliating
them or obtain trade secrets.
How are sites attacked ?
• Servers left unprotected. New security
vulnerabilities come out weekly, sometimes
daily for Windows. Make sure you apply
patches before someone uses the “hole”
against you.
• Services you don’t know are running. When
installing software, many programs open
back-doors that can be exploited by others
that know where they are.
How are sites attacked ?
• Trojan Horse programs. Sent either by email
or downloaded by a user unsuspectingly by
advertising the program as something it’s not.
Once the Trojan Horse program is executed,
it can open back-doors and even send a
message to it’s creator to let them know there
is a new system ready to be attacked by
them. Trojan Horse programs can even send
copies of passwords stored on your system.
Safe Surfing……
• Teach your employees not to download
things to their work computers. Go to
the point of creating a company policy
that forbids installation of unauthorized
programs. Programs advertised as
screen savers are the #1 way that
Trojan Horse programs get their victim
to load them.
Information Leaks……
• NEVER throw away documents with
passwords or other information about
your network without shredding them
first. “Dumpster Diving” is the most
common way that hackers gather
information during a directed attack.
Personal Information Leaks……
• Even though people know better, they
use their families names, birthdays or
pet information as passwords.
• Callers pretending to be “old friends” will
call office saying “I’m an old college
buddy, what’s Joe’s wife’s name again ?
When is his birthday ? I want to
surprise him, don’t tell him I called.”
Equipment Type Leaks……
• Callers will state they are XYZ ISP and
they are sure they can beat the price
you are paying now. “Who is your ISP ?
What type of router do you have ? Who
handles your firewall ?” All this is
information they can use to determine
more information than you want hackers
to know about you.
So WHY connect again ?
• Used intelligently, the Internet gives
your company great possibilities. You
don’t let your kids drive your car before
they’ve learned how…. Don’t put your
company on the Internet until you know
how to safely . The old adage “It’s
better to be safe than sorry” holds true
even in this “connected” age.
Top Ten Security Precautions
10. Virus scanners on all workstations.
9. Keep security patches current.
8. Passwords on all computers.
7. Remote access software locked down
to specific machines that need access.
6. Pro-active monitoring of activity.
5. Kill un-needed programs/services.
Top Ten continued…..
6. Know what is “normal” traffic.
5. Change passwords regularly and use
passwords that use mix of letters, numbers
and special characters.
4. Shred all security related documents.
3. Train employees about security.
2. Create a security procedure/manual.
Top Ten continued…..
1. Trust that the rules of network security
change daily, there is no such thing as a
100% secure network and never assume
your network is secure because you haven’t
noticed anything missing yet. If humans
create the security, other humans can break
it. It’s just a matter of how much time they
are willing to spend to get in.