Transcript 1 - SEEK

Introduction to Computer
Networks and Computer Systems
Michelle Murillo, Greg Shore, James Brunt
LTER Network Office
21 October 2004
EcoInformatics Workshop
Albuquerque, NM
Agenda
•
•
•
•
•
•
WAN
LAN
LAN components
Server
Backups
Security
Networks and Computers:
Why do we need them?
• To facilitate research by increasing
communication and access to data, metadata,
and applications for synthesis and integration
across broad spatial and temporal scales.
What is a network?
• A network is a communication system for
interconnecting users and devices such as
computers, terminals, printers, telephones, ...
• A network allows people or devices to share
information or data.
• In addition a network must be able to transmit
this information quickly, with reliability and
efficiency.
Types of Networks
• Local Area Network or LAN
– A LAN covers a small region of space, typically a single
building.
• Metropolitan Area Network or MAN
– A MAN is a collection of LANs within the same
geographical area, for instance a city.
• Wide Area Network or WAN
– A WAN is a computer network that spans a relatively large
geographical area. Typically, a WAN consists of two or more
local-area networks (LANs).
WAN
Wide-Area Network (WAN)
• Computers connected to a wide-area network
are often connected through public networks,
such as the telephone system. They can also be
connected through leased lines or satellites. The
largest WAN in existence is the Internet.
WAN: Leased lines
– A permanent telephone connection between two points set up
by a telecommunications common carrier.
– Unlike normal dial-up connections, a leased line is always active.
– The fee for the connection is a fixed monthly rate.
– The primary factors affecting the monthly fee are distance
between end points and the speed of the circuit.
– Because the connection doesn't carry anybody else's
communications, the carrier can assure a given level of quality.
– You can divide the connection into different lines for data and
voice communication or use the channel for one high speed
data circuit.
WAN: Leased line bandwidth examples:
T-1/DS1
T-3/DS3
1.544 Mbps.
43 Mbps
OC3
OC 12
OCx
51.85 Mbps
155.52 Mbps
Up to 2.48 Gbps
• The bandwidth of a network is similar to a
highway:
a one-lane road has less bandwidth than a four-lane
road
WAN: Wireless
• Satellite
– http://www.networkcomputing.com/netdesign/wireless1.html
• Microwave
• Spread Spectrum
– http://www.sss-mag.com/ss.html
• RF (radio frequency)
– See also:
• www.sierrawireless.com/news/docs/2130273_WWAN_v_WLAN.pdf
WAN: Other methods
– Cable modem: A modem designed to operate over cable TV lines.
Because the coaxial cable used by cable TV provides much greater
bandwidth than telephone lines, a cable modem can be used to achieve
extremely fast access to the World Wide Web. Cable modems can offer
speeds up to 2 Mbps
– DSL: refers collectively to all types of digital subscriber lines. DSL
technologies use sophisticated modulation schemes to pack data onto
existing copper telephone lines. Supports data transfer rates up to 32
Mbps for upstream traffic, and from 32 Kbps to over 1 Mbps for
downstream traffic.
WAN: Other methods
– ISDN: Abbreviation of integrated services digital network, an
international communications standard for sending voice, video, and data
over digital telephone lines or normal telephone wires. ISDN supports
data transfer rates of 64 Kbps (64,000 bits per second).
– Modem: A modem is a device or program that enables a computer to
transmit data over, for example, telephone or cable lines. The fastest
modems run at 57,600 bps, although they can achieve even higher data
transfer rates by compressing the data.
WAN: Considerations
• Availability:
– Metro – located within a metropolitan area phone system
–
–
–
–
whereT1 and higher speed connections are easily available
City – located near a city that is equipped to provide T1 service
but may or may not have available ISP to cover the internet
connection
Rural – outside of a regular metropolitan phone system but close
enough that connections can be made into a metropolitan system
Remote – area where only basic telephone service is typically
provided
Backcountry – area where not even basic telephone services are
available
WAN: Other Considerations
• Upload and download speed required?
• Costs:
–
–
–
–
Equipment
Installation
Monthly? Yearly?
Contract?
• ISP services and resources provided?
• Your needs
LAN
LAN: Local-area Network
• Most LANs connect workstations and personal
computers.
• Each node (individual computer ) in a LAN has its own
CPU with which it executes programs, but it also is able
to access data and devices anywhere on the LAN. This
means that many users can share expensive devices,
such as laser printers, as well as data.
• Users can also use the LAN to communicate with each
other, by sending e-mail or engaging in chat sessions.
LAN: Local-area Network
• LANs are capable of transmitting data at very fast rates,
much faster than data can be transmitted over a
telephone line; but the distances are limited, and there
is also a limit on the number of computers that can be
attached to a single LAN.
• There are many different types of LANs, Ethernets
being the most common for PCs. Most Apple
Macintosh networks are based on Apple's AppleTalk
network system, which is built into Macintosh
computers.
LAN: Ethernet
A local-area network (LAN) architecture developed
by Xerox Corporation in cooperation with DEC
and Intel in 1976.
• Ethernet supports data transfer rates of 10 Mbps.
• A newer version of Ethernet, called 100Base-T (or
Fast Ethernet), supports data transfer rates of 100
Mbps.
• The newest version, Gigabit Ethernet supports data
rates of 1 gigabit (1,000 megabits) per second.
•
• We can now connect to the WAN using our ISP
and our LAN…but what really makes up our
LAN?
• What do we do to build our LAN?
• What do we need to know to maintain our
LAN?
LAN: Some components
•
•
•
•
•
•
•
•
•
Desktops and Workstations
Printers, Plotters, Scanners
Servers
NAS/Storage units
Tape Arrays/Tape Drives
RAID Arrays
UPSs
An overabundance of cables
An overabundance of software, utilities, and
applications
Some quick definitions
• Workstation: A type of computer used for engineering
applications (CAD/CAM), desktop publishing, software
development, and other types of applications that require a
moderate amount of computing power and relatively high quality
graphics capabilities.
• Server: A computer or device on a network that manages
network resources. For example, a file server is a computer and
storage device dedicated to storing files.
• Client: part of a client-server architecture. Typically, a client is
an application that runs on a personal computer or workstation
and relies on a server to perform some operations. For example,
an e-mail client is an application that enables you to send and
receive e-mail.
• Desktops, workstations, printers, plotters,
scanners depend on…
–
–
–
–
–
Your (or system administrator) expertise
Cost or affordability
User requirements
User preferences
Historical
• Servers, arrays, disks, UPSs, NASs…
– Require more thought and long-term planning
– A good strategy is to:
•
•
•
•
•
•
Plan
Prototype
Evaluate
Implement
Evaluate
Plan
• The ideal scalable system is one that is a
‘framework’ wherein the components are
modular and can be upgraded through time
without a complete overhaul of the system.
• Modularity and scalablity:
– Consider putting services on individual servers as much as
possible
• Mail
• FTP
• Web
• File
• Compute
• Backup
• Patch
– This allows for the ability to upgrade individual servers as
needed
– Distributes/reduces the load
– If one server crashes, all services are not lost
– If need a new server function, easy to add new server without
disrupting other services or overloading an existing server
Example scalable design
DEDICATED NETWORK
Server decision issues
• Do not skimp on the hardware: a desktop is NOT a server!
– Performance issues
– Disk I/O performance and stability (RAID arrays)
– Tape drive
– CPU:
• XEON hyper-threaded chips
• More caching
• Multiple CPUs
– More RAM
– GB NIC (Network Interface Card)
– Maintenance agreements
• Use vendor resources to gather information and costs
Other server considerations
•
•
•
•
•
•
•
•
•
Footprint – rack, floor, desktop
Operating system – Unix, Linux, or Windows…
Mass storage (how much?)
Total cost of ownership (total cost over time?)
Power supply (enough for all equipment?)
Air conditioning (sufficient for cooling?)
UPS (size, number?)
Surge protectors – ethernet and power
Physical security
Unix vs. Windows
• Cost
• Level of support
– Support level required
• Technical knowledge
– Knowledge of system administration
• Preference
– User preference
• Usability
– Ease of use
• Historical
– Habit
• Vulnerability issues
– Virus, worms
• Requirements for system
- SQL Server
Mass storage: NAS
• A network-attached storage (NAS) device is a server that is dedicated to
nothing more than file sharing.
• NAS does not provide any of the activities that a server in a servercentric system typically provides, such as e-mail, authentication or file
management.
• NAS allows more hard disk storage space to be added to a network that
already utilizes servers without shutting them down for maintenance and
upgrades.
• With a NAS device, storage is not an integral part of the server. Instead,
in this storage-centric design, the server still handles all of the processing
of data but a NAS device delivers the data to the user.
• A NAS device does not need to be located within the server but can exist
anywhere in a LAN and can be made up of multiple networked NAS
devices.
Mass storage: tape
• Storing data on tapes is considerably cheaper than storing data
on disks.
• Tapes have large storage capacities, ranging from a few hundred
kilobytes to several gigabytes.
• Accessing data on tapes is much slower than accessing data on
disks.
– tapes are sequential-access media
– disks are random-access media
• Because tapes are so slow, they are generally used only for longterm storage and backup. Data to be used regularly is almost
always kept on a disk.
• Tapes are also used for transporting large amounts of data.
Computer: Total Cost of Ownership
•
•
•
•
•
•
•
•
Purchase price
Training costs
Application costs
Maintenance and support costs
Environmental change costs
Contracted technical support costs
Connectivity
System Administration
Computer: System Administration
• System monitoring
– Network and email traffic, system logs, disk utilization
•
•
•
•
•
•
•
Software and OS maintenance
Backup and recovery; disaster recovery
Hardware maintenance
Preventative maintenance
User support
Administrative
System documentation
Computer: Total Cost of Ownership
• A recently released Gartner study on the five
year (TCO - Total Cost of Ownership) of a
$2,000 PC, shows that when administration and
management costs are added into the equation
the actual cost is more like $21,000!!!
• A good summary article:
– http://www.wilsonmar.com/1tco.htm
Backups
Backup Best Practices
• Backup: To copy files to a second medium (a disk or tape) as a
precaution in case the first medium fails. One of the cardinal
rules in using computers is back up your files regularly.
• Backup data and system information – multiple times
• Keep a set of backups off-site
• If time and money allows – duplicate your backups, then move
one of the copies off-site
• Backup daily, weekly, monthly, quarterly and yearly
• Print out copies of configuration and other important files
• TEST!!!! Then TEST some more!
Backup solutions
•
•
•
•
•
•
•
Tape
Online
Off-site providers
CD
Zip
Jaz
External hard drive
Backup utilities and programs
• Costs range from free to very expensive
• Native (free)
– Unix
• ufsdump and ufsrestore (also dump and restore)
• tar
• cpio
– Windows
• Windows Backup Utility
• ASR (Automated System Recovery)
– Both
• COPY!!!
Backup utilities and programs
• Native: BEWARE!!! These utilities usually do not back up any
open files!
– (except MS XP uses a shadow copy, which will back up open
files)
• Vendor applications:
– Legato Networker
• http://www.legato.com/products/networker/
– Veritas Backup Exec
• http://www.veritas.com/index.html
– Arkeia:
• http://www.arkeia.com/
Backup types
• Full backup: Full backup is the starting point for all other
backups, and contains all the data in the folders and files that are
selected to be backed up. Because full backup stores all files and
folders, frequent full backups result in faster and simpler restore
operations. Remember that when you choose other backup types,
restore jobs may take longer.
• Differential backup: A differential backup contains all files that
have changed since the last FULL backup. The advantage of a
differential backup is that it shortens restore time compared to a
full backup or an incremental backup. However, if you perform
the differential backup too many times, the size of the
differential backup might grow to be larger than the baseline full
backup.
Backup Types
• Incremental backup: An incremental backup stores
all files that have changed since the last FULL OR
DIFFERENTIAL backup. The advantage of an
incremental backup is that it takes the least time to
complete. However, during a restore operation, each
incremental backup must be processed, which could
result in a lengthy restore job.
• For windows definitions:
– http://windows.about.com/library/weekly/aa010624a.htm
Security
Security
• “Security is vigilance”
• Security incidents have been increasing as the
technical knowledge required to prevent security
breaches increases while the sophistication of
hacker tools increases.
The problem: as viewed by System Administrators
• Lack of management understanding and
guidance
• Arbitrary priorities
• Lack of time, resources, and qualified staff
• New and mutating attacks, new vulnerabilities
• Insecure products, bad patches
Network Security Threats
• Any internet connection is vulnerable to:
–
–
–
–
–
Unauthorized access to the network
Denial of Service attacks
Viruses
Capture of private data and passwords
Offensive and/or unwanted content
Top Vulnerabilities to Windows Systems
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Web Servers & Services
Workstation Service
Windows Remote Access Services
Microsoft SQL Server (MSSQL)
Windows Authentication
Web Browsers
File-Sharing Applications
LSAS Exposures
Mail Client
Instant Messaging
Top Vulnerabilities to UNIX Systems
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
BIND Domain Name System
Web Server
Authentication
Version Control Systems
Mail Transport Service
Simple Network Management Protocol (SNMP)
Open Secure Sockets Layer (SSL)
Misconfiguration of Enterprise Services NIS/NFS
Databases
Kernel
The Ten Worst Security Mistakes
Information Technology People Make
1. Connecting systems to the Internet before hardening
them.
2. Connecting test systems to the Internet with default
accounts/passwords
3. Failing to update systems when security holes are
found.
4. Using telnet and other unencrypted protocols for
managing systems, routers, firewalls, and PKI.
5. Giving users passwords over the phone or changing
user passwords in response to telephone or personal
requests when the requester is not authenticated.
The Ten Worst Security Mistakes
Information Technology People Make
1. Failing to maintain and test backups.
2. Running unnecessary services, especially ftpd, telnetd,
finger, rpc, mail, rservices
3. Implementing firewalls with rules that don't stop
malicious or dangerous traffic-incoming or outgoing.
4. Failing to implement or update virus detection
software
5. Failing to educate users on what to look for and what
to do when they see a potential security problem.
The Five Worst Security Mistakes End Users Make
1. Failing to install anti-virus, keep its signatures up to date, and
apply it to all files.
2. Opening unsolicited e-mail attachments without verifying their
source and checking their content first, or executing games or
screen savers or other programs from untrusted sources.
3. Failing to install security patches-especially for Microsoft Office,
Microsoft Internet Explorer, and Netscape.
4. Not making and testing backups.
5. Using a modem while connected through a local area network.
The Seven Worst Security Mistakes Senior
Executives Make
1. Assigning untrained people to maintain security and providing neither
the training nor the time to make it possible to learn and do the job.
2. Failing to understand the relationship of information security to the
business problem-they understand physical security but do not see the
consequences of poor information security.
3. Failing to deal with the operational aspects of security: making a few
fixes and then not allowing the follow through necessary to ensure the
problems stay fixed
4. Relying primarily on a firewall.
5. Failing to realize how much money their information and
organizational reputations are worth.
6. Authorizing reactive, short-term fixes so problems re-emerge rapidly.
7. Pretending the problem will go away if they ignore it.
Ten Essential Security Measures
1.
Develop a Security Policy. And let everyone know
about it. Develop online warnings to inform users of the
rules for accessing your network.
2.
Use strong passwords. Choose passwords that are
difficult or impossible to guess. Give different passwords
to all accounts.
3.
Make regular backups of critical data. Backups must
be made on a regular basis and that restoration is
possible.
Ten Essential Security Measures
4.
Use virus protection software. Install the software,
check regularly for new virus signature updates, and scan
all files periodically.
5.
Use a firewall as a gatekeeper between your
computer and the Internet. Firewalls can be hardware
or software products.
6.
Enable Logging for all important systems. Often
Logging is turned off by default making it impossible to
tell what happened.
Ten Essential Security Measures
7.
Do not open e-mail attachments from strangers, Be
suspicious of any unexpected e-mail attachment from someone
you do know.
8.
Regularly download security patches from your software
vendors. Visit www.windowsupdate.com and other update
sites regularly. Don’t forget network devices (routers, hubs,
etc).
•
Document your network and conduct vulnerability scans.
•
Educate your users and yourself. Security is a continual
process.
Security: Summary
1. You can’t be totally secure, but there is a lot
that you can do (relatively cheaply) to make
your network more secure.
2. Most attacks play on well-known
vulnerabilities.
3. Education is the key to a secure network.
4. Security is a continual process
Security: More Resources
1. SANS – SANS Institute
- (www.sans.org)
2. CERT – Computer Security Coordination
Center at Carnegie Mellon
- (www.cert.org)
3. CSI – Computer Security Institute
- (www.goCSI.com )
4. CoSN
- (www.cosn.org)