Network presentation overview

Download Report

Transcript Network presentation overview

Unit 4
Networks
Computer Networks
•A computer network is a collection of computers linked together
so that they can communicate with each other
•A computer that is not connected to a network is called a standalone computer
•There are two different sorts of computer network:
•‘Local Area Network’ or ‘LAN’ - the computers are all in the
same building or in different buildings on one site permanently
connected to each other with special cables.
•‘Wide Area Network’ or ‘WAN’ - the computers are spread
over a large geographical area not permanently connected to
each other communicate using telephone lines, radio transmitters
or satellite links. Connected by gateways
Factors to consider when
choosing a network
Cost of the network
 Initial purchasing of equipment
 Installation and training
 Maintenance costs
 Size of the available budget will determine what
can be done e.g. fibre optic cable is faster but is
also more expensive. Wireless systems are
flexible but need more maintenance.
Size of the organisation
Needs
can range from a small LAN to a
global WAN.
Some communications media are limited
to the distance they have to travel.
Amount of data processing required must
also be considered.
How the system will be used



What type of applications do users require?
Will they need large data storage?
From where will they operate the network e.g. at
home in office or remote access from different
locations
Existing systems to integrate



More often networks are not developed from
scratch but need to fit in with existing systems.
Sometimes an extension is required e.g. when a
new branch office opens.
Therefore any new network must fit in with the
operating systems and protocols of the existing.
It must support any peripherals already in use
e.g. bar code readers, printers etc..
Performance and speed required
Performance in terms of ;




reliability
user friendliness
capacity
speed of processing.
Different parts of the organisation may have different
performance requirements. E.g. a realtime e- commerce
system may require greater speeds and capacity and
security than the in house payroll system
Security issues
Different organisations may have different
priorities e.g.
 A large business organisation may be primarily
concerned with
Prevention of hacking
 Avoid viruses
 Secure payment site


A school may be equally concerned with
blocking the downloading of illicit material
Clients (Terminals)
Thin clients (‘Dumb terminal’)
•Has no built in hard drive, expansion slots and only has
enough RAM and processing capacity to run applications
and output to a monitor
•Suitable for client server networks.
Fat clients (‘Intelligent terminal’)
•This is a workstation with full stand alone capacity. It has its
own hard drive for storage and a CPU.
•Stations have a processor so can share the processing. There
are many different ways to do this e.g. a station could act as a
printer server etc. A station could store programs on its disc
and load them while data files are stored elsewhere perhaps
upon a central fileserver.
•Suitable for peer to peer networks
Both LANs and WANs may be either
Client/Server
or
Peer-to-Peer networks.
Peer to peer network







All stations are joined together in the network have
equal status.
Each station can communicate directly with every other
workstation on the network without going through a
server.
They are both client and server sharing resources.
Are often a form of distributive processing sharing the
processing between intelligent terminals.
Hardware and data files can be access from several
computers.
Applications may be stored on different computers
and accessed by all as longer as the owner gives
permission.
Work is backed up on individual user PCs.
Client Server Network
The term Client/Server is used to describe networks that
have computers or terminals (clients) that are connected
to a more powerful computer called the NETWORK
SERVER.

A central file server store the data and programs
Access is determined by user access privileges controlled
by their logon names and passwords

A print server would spool data ready fro despoiling to a printer
when the printer is ready

A communication servers e.g. web server; email server may
control all email and internet access.
Peer to Peer
Client server
Cheaper: initial start up costs and
network operating system less
complicated
More expensive as software system more
complex and need to but servers.
Less vulnerable to central server crashes
If server crashes or cable fails no user can
continue work
Simpler to set up and maintain
Require specialist personnel to manage
system
Slower processing of tasks
Faster processing of tasks
Only works well on small networks <15
Can manage large networks
Security and backup are not centralised
and difficult to manage
Centralised control with servers often
doing many management functions
themselves e.g. regular backups, auditing
Access to data depends upon the owner’s
permission.
Offers easy access to centralised data
Networks
Advantages and Disadvantages
Advantages
• Printers can be shared.
• Programs can be shared.
• Data can be shared.
• Users can communicate with each other.
• You don’t have to use the same computer.
Disadvantages
• Networks are expensive to purchase and maintain.
• If a network breaks down everybody is affected.
• Special security measures are needed to stop users from
using programs and data that they shouldn’t have access
to.
Network Topology
Network topology refers to the layout used to connect
the computers together. There are three common
topologies:
• Bus
• Ring
• Star
Any of these topologies can be used regardless of
whether a network is local or wide area, server based or
peer-to-peer.
BUS
•Workstations are connected to the main central cable/bus
•Data can travel in both directions
•Two nodes could attempt to transmit at the same time and a
collision
To avoid
this, topology
a node waits
until no traffic on
2.This iswill
theoccur.
cheapest
network
as the
the smallest
bus and pauses
before
transmitting. If a collision
amountslightly
of cabling
is required
occurs both nodes wait and try again at a random time interval.
•The main bus standard is known as Ethernet the communications
uses a broadcast channel so all attached workstations can hear
every transmission.
Fileserver
Terminator
Terminal
Terminal
PLOTTER
PRINTER







Advantages
Less cable need than a ring. Relatively cheaper and
easier to install and maintain.
Easy to add new nodes by removing terminator
If a workstation/terminal goes down the others will
continue
Disadvantages
Heavy traffic can cause network failure and delays
Heavily dependent upon the cable backbone and cable
damage can cause network failure.
RING NETWORK

RING
CABLE
The Cambridge ring
T1
T8
has no central host
T2
computer and none of
the nodes need to have T7
overall control of
HARD
DISK
access to the network.
T6
T3
Messages in the ring
T5
T4
flow in one direction
from node to node.
The ring consists of a The choice of cable depends
upon the distance to be travelled
series of repeaters
and required speeds. Fibre optic
which are joined by
cabling is the best but the most
cables.
expensive. Fibre optic cabling
would allow a ring of about 100
kilometres.
PRINTER
SERVER
COMMUNICATIONS
SERVER
FILESERVER
SCANNER

Token passing technique






An imaginary token is continuously passed around the RING. A
token is a small packet that contains bits of data which passes
around the ring (Always the same way around)
The token is recognised as a unique character sequence.
If a device is waiting to transmit it catches a token and with it
the authority to send data. It attaches its data. The packet will
contain the destination address.
As long as one device has a token no other device can send data.
A receiving device acknowledges it has received the message by
inverting a 1 bit field.
Once the sending workstation has received acknowledgement
that the message has been received the token is free for use by
another device.
Advantages of a Ring network
There is no dependence upon a central host as data transmission is
supported by all devices on the ring. Each node has sufficient
intelligence to control the transmission of data from and to its own
node.
 Works effectively when processing is distributed across a site.
 Very high transmission speeds are possible.
 It is deterministic i.e. different performance levels can be
determined for different traffic levels.
 Routing between devices is simple because messages normally
travel in one direction.
 As data is in one direction it can transmit large volumes of data
Disadvantages  Systems depends upon the reliability of the ring repeater although
it can be designed to bypass faulty repeaters. If one node
malfunctions this can affect the operation of the network.
 Cabling costs
 Difficult to extend the ring.

STAR NETWORK


Each node is connected to a CPU at the centre.
Popular topology for a WAN.
Messages pass through host which interconnects
different devices on the network. The central
host switches messages point to point.
T7
T6
T8
Scanner
HARD
DISC
FILESERVER
COMMUNICATIONS
SERVER
T5
T4
PRINTER
T1
T2
T3
Advantages of a Star network





Suitable for WANs where large organisations rely on a central
computer for the bulk of data processing tasks
Central control of message switching allow a high degree of
security
Each spoke is dependent upon the rest. If one spoke breaks
down the others can continue and the central CPU can identify
any faults
Data transmission speeds can vary from spoke to spoke so one
can use a high-speed device and another a low speed e.g.. disc
drive.
Saves cabling.
Disadvantages



Network is vulnerable to central hub failures.
As a distributed system, some processing is still possible at the
nodes but internode connection is lost.
If servicing a WAN a mini or mainframe system is needed for
control of messaging. So hardware and software is expensive.
A Wide Area Network (WAN)
Workstation
Workstation
Workstation
Print Server
File Server
Printer
Gateway
Modem
Remote PC
Remote PC
Modem
network cables
telephone lines
Connecting and extending LAN‘s
Repeaters
 A repeater re amplifies a signal and resets it time so a signal is not
lost or distorted therefore longer distance can be travelled.
Bridge
 This is used to connect two LAN‘S of the same type eg two
token ring lan‘s two ethernet LAN,s Packets crossing such links
are forwarded to the bridge device and only the data needed to be
passed is passed to the receiving LAN.
Gateway or router
 Used to connect two different networks LAN's or WANs
eg an ethernet LAN to a token ring LAN or LAN's may be
remotely connected to WAN's using Gateways.
 Routers are more intelligent than bridges because it makes
decisions about the route the packet can be made to take in order
to find the most efficient path.
LANs and WANs
Modems
•A modem converts a digital signal to an equivalent analogue signal
so that it can be sent down a telephone line.
Computer
digital signal
01001
Modem
telephone
line
analogue
signal
Modem
Computer
digital signal
01001
Collisions
When two messages are sent at the
same time on the one medium


Collision detection - If a collision does occur
transmission will cease and each device involved is
made to wait a slightly different length of time before
trying again. If a number of retries is unsuccessful
error will be reported.
Collision avoidance - allows a device to place a packet
onto the network path as soon as its network card
detects it as being free. The card must test twice to see
if the network is free. This is to avoid collision with
other messages being put on milliseconds after the first
test which could still cause a collision
Front End Processor
Is a more sophisticated device for communications
control usually it is a mini computer whose task is to
handle all communications traffic going to and from
the mainframe. leaving the mainframe to concentrate
on other processing tasks.
It’s main tasks are
*parity checking
* stripping of overhead characters eg start and stop bits
and synchronisation characters.
*conversion from serial to parallel and vice versa
*network control and accounting

Wireless Media
Infra-red
Radiowaves
Bluetooth
Broadband
Microwaves
Mobile phones use microwaves. Ideal for linking
computers in two separate buildings fairly near to
each other. Satellite systems also make use of
microwaves.
Infra red light.

Infrared refers to light waves of a lower frequency
than human eyes can receive and interpret. Infrared
is used in most television remote control systems,
and with a standard called IrDA (Infrared Data
Association) it's used to connect some computers
with peripheral devices. For most of these computer
and entertainment purposes, infrared is used in a
digital mode -- the signal is pulsed on and off very
quickly to send data from one point to another.


Advantages Infrared communications are fairly
reliable and don't cost very much to build into a
device.
Disadvantages

It can only travel short distances.

Infrared is a "line of sight" technology.
Infrared is almost always a "one to one" technology.

Wireless networking- cableless
connectivity
Radio Transmission
 Devices have radio transmission facilities and radio receivers.
These radio receivers constantly scan the airways for incoming
signals. When it detects the signal it recognises it captures it and
converts it to digital form. The digital signal can be transmitted
to the CPU either by cable or wireless routers are now used.
 People now need to be mobile and still access their networks,
email accounts etc. e.g. doctors at the scene of an accident
accessing patient records.
 Wireless networks may be used as part of a LAN e.g. a mobile
bar code reader in a warehouse
 Part of a WAN or Virtual Private Network e.g. a delivery driver
using a hand held device to confirm deliveries with a central
database
Bluetooth technology
The Bluetooth PDA Adapter Card,
PC Card, and USB Adapter plug into
your PDA, PC, or notebook
computer, enable the user to
effortlessly transfer data to other
Bluetooth devices such as desktop or
notebook computers, input devices,
PDAs, scanners, printers, and even
mobile phones. Connect with up to
seven other Bluetooth devices at a
time.
Broadband and
wireless networking

The broadband connection gives faster access
speeds to the Internet and wireless routers give
wireless connection to the wireless adaptor in
your PC. Average home speeds of about 54
Mps are possible.
Advantages of Broadband







Faster connection when you want to be online
Savings on telephone bills
Faster downloading of programs, email, attachments
songs, graphics-rich sites, animations and video clips
Play interactive games at top speed against gamers
around the globe
Use telephone and be on the Internet
Realtime services such as web cams, radio better quality
Work from home with high speed access to corporate
networks
Disadvanatges


Higher subscription costs
Local exchanges may not be capable of very
high speed digital transmission
Software components
User Accounts and Logs



Each user must have an account with a user name and
password.
The account will have permissions i.e. access rights to
files and data such as read only, right only, read and
write, and there will be restrictions of programs or data
they can access. e.g. a member of the Personnel
Department may be able to write, add and delete files
of workers but a worker may only be able to read their
personnel file.
The resources; disk space, printers they can use etc will
be allocated to their account.
Auditing

Auditing software keeps a record of who has
logged on, when, how long, what programs and
data was used and what was amended. Therefore
any illicit use of the system can be tracked and
evidenced.
Remote Management





Networks can now be managed remotely from
other rooms, buildings or across many sites by
network management companies.
e.g.
A workstation left unattended can be logged off.
Network managers can observe what users are
doing.
Remote technicians can find and fix software
problems with the network
Configuration management
Factors to be considered when making
configuration choices
 Applications Software choices
 Operating systems and network
management software
 Hardware
 Range of User needs
 Future proofing
Security strategies
Threats;
 Hacking
 Spreading viruses
 Deliberate or accidental destruction of data
 Data integrity
 White collar crime
Prevention of deliberate crimes or misuse
1. Hacking – unauthorised access

Define security status and access rights for
users
All authorised users should be given user names
and passwords. This will limit unauthorised access
to the network.

Hierarchy of Passwords
 Identification
User Name
 Authentification Password
 Authorisation
What files you can see and
what your allowed to do
1. Hacking – unauthorised access

Enforce a strict password regime.
 Passwords must be kept secret;
 never written down at least 8 characters long;
a mixture of upper and lower case numbers
and letters;
 not allowed to reuse old passwords;
 do not use familiar names which are easy to
guess.
 Users should change their passwords
frequently
1. Hacking – unauthorised access

Restrict physical access to files e.g. smart cards to
control entrance to rooms. Secured areas to hold
serversAlarms – Protect computer room with burglar
alarms. Doors & windows – Locked when room not in
use

Biometric scans such as voice or hand prints; retina
scans;
Security of document filing systems. Access
Security limits a persons use of the network

1. Hacking – unauthorised access




Firewalls
A dedicated gateway machine with special security precautions
on it, used to monitor network, especially Internet, connections.
The idea is to protect a network segment and its files from
hackers.
An iron / sandbox is a special environment set up to trap a
hacker logging in over remote connections. May include a
modified shell restricting the hacker's movements in unobvious
ways, and "bait" files designed to keep him interested and logged
on until he can be traced.
This prevents intrusion from an Internet access Point. It can be
firewall software or a dedicated ‘ iron /sandbox’. It authenticates
messages coming into the network and verifies the legitimacy of
the user to enter the network. If a packet of data cannot be
authenticated then it is removed and not let through. This is used
to try to control hacking and malicious spreading of a virus
1. Hacking – unauthorised access


Proxy servers
This device tries to stop intruders from identifying the
IP (Internet Protocol) address of a user workstation
accessing the Internet. The IP address of any user
wanting to use the Internet sends a request to the proxy
server who notes this IP address. The proxy server
sends the request out to the Internet and it gets the
return response which then sends it to the user IP
address. Outsiders only see the IP address of the proxy
server and not of the user workstation. This is of little
use to a hacker.
1. Hacking – unauthorised access


Call Back procedures
Some companies operate a dial-back system. A user
logs on to a computer which immediately disconnects
the line and dials the user back. This would stop a user
logging on with someone else's password. If data is
transmitted through a network there needs to be
measures to ensure the data is secure. If users are
sending their credit card details over the Internet then it
is important that hackers cannot access them
1. Hacking – unauthorised access


Encryption
Data transmitted over a network is coded before
transmission. This means that anybody
intercepting the transmitted data would not be
able to understand it. The data needs to be decoded by the proper recipient.
2. Spreading a computer virus
These are programs introduced into computer systems which destroy or alter
files
by rewriting over data or by copying themselves over and over again until
computer system is full and cannot continue.







Firewalls
Don’t’ download unknown programs from the Internet straight
to hard disc. Only use reputable sources.
Write protect media so can’t be written onto
Don’t copy illegal software
Use a virus scanning software and virus eradication program.
Make sure this is kept up to date with the latest virus
definitions – available from the Internet.
Use diskless workstations on networks
Control access to portable media and do not let users use own
disk etc on the organisations system.
Computer fraud – white-collar crime
(NOT ’fraud’ by itself)







Bogus data entry when entering data
Bogus output -output may be destroyed to prevent discovery of
fraudulent data entry or processing
Alteration of files e.g. employee alters salary rate or hours
worked
Program Patching – introduction of an additional subroutine
or code e.g. channel funds into a fictitious account or transmit
codes to get free telephone calls
Suspense accounts rejected or unreconciled accounts may be
redirected into a colluding account.
Blackmailing with threat of virus
Deliberate data destruction to cause havoc and financial loss
to a competitor
Prevention or ‘White Collar’ computer crimes
Companies must implement security procedures
 Monitor all programs and users actions should be monitored and logged. All
users should be identifiable and all files capable of being audited keep online
transaction logs
 Auditing procedures to detect fraud
 Divide up programming tasks so no one programmer has responsibility for
writing a program common in banks.
 Control access to hardware and software.
Often companies are unwilling to disclose crimes against them because


It could lead to loss of public confidence in the security of the data.
Often their own security teams can be involved and this would again question
their efficiency.
Computer crime is often relatively easy because


Users do not have a great deal of technical knowledge
Many external auditors do not have the expertise to trace programs but rely
on printouts.

A Physical theft of computer equipment
– use locking devices: lock computers to desks; keep
doors and windows locked
 Serial numbers – Keep a record of all serial numbers.
 – restrict access to rooms with smart cards, hand or
voice prints, retina scans
 – Use fire doors and smoke alarms

• .
Physical protection of the data from
accidental destruction

Deliberate or accidental destruction of files.
Backup systems including
 Regular back up files - offsite - and in fireproof containers
 Online tape or disc streamer which automatically backs up
data on a network
 Grandfather father son security system in batch processing
systems. e.g. payroll
 RAID systems – mirror discs (Redundant Array of
Inexpensive Disc)
 Back-up files should be kept secure – ideally in locked,
fireproof rooms or safes in a different location to the network.
 Archiving means copying or moving files somewhere for
long-term storage.
 Some software and files can be password protected.
Accidental corruption / Data Integrity

Clerical procedures e.g asking customers to
confirm name and address date of birth agreed
words etc,

Prevent overwriting
 put
the write protect notch on your disc
 make hard discs read only
Verification procedures


Double entry keying
Check / parity bit
A Parity Bit is a single bit (0 or 1) added onto the end of a byte of data. If even
parity is used then the number of 1 bits in any transmitted data must always be even.
In the following two bytes, the red bit is the parity bit :
00101101
 11101110

The receiving computer will check the number of 1-bits in the data. If data is received
with an odd number of bits then the computer will know the data has been corrupted
during the transmission - and will ask for the data to be sent again.
Odd parity uses an odd number of 1-bits in every byte.
Validation procedures





Range checks;
Presence checks;
Check digits;
Format checks;
Input masks
Disaster Planning
Why is disaster planning important?
 A computer system can crash
e.g. hardware failure - e.g. hard drive head crash
software failure - resource problems or errors
 Floods, fire, bombs cannot always be prevented
 There may be deliberate vandalism/terrorism /hacking
or accidental altering of data e.g. by inexperienced
employees
 Networks may go down preventing communication
Companies must


Ensure data, hardware and software is not lost or
damaged.
Restore communication systems as quickly as possible.
Consequences



Loss of business and income
Loss of reputation
Legal action
The factors to take into account when
designing security policies









Physical security
Prevention of misuse
Availability of an alternative computer system and back up
power supply
Audit trails for detection
Continuous investigation of irregularities
System Access - establishing procedures for accessing data
such as log on procedures, firewalls
Operational procedures
Disaster recovery planning and dealing with threats from
viruses
Personnel administration

Staff code of conduct and responsibilities; staff training

Policy and maintenance staff available.

Disciplinary procedures.
Operational Procedures







Disciplinary procedures.
Screening potential employees
Routines for distributing updated virus information and
virus scanning procedures
Define procedures for downloading from the Internet,
use of floppy discs, personal backup procedures
Establish security rights for updating web pages
Establish a disaster recovery programme
Set up auditing procedures (Audit trails) to detect
misuse.
Factors determining how much a
company spends to develop control,
minimising risk.
1. What to do before?
Do a risk analysis of potential threats




Identify potential risks
Likelihood of risk occurring
Short and long term consequences of threat
How well equipped is the company to deal with
threat
Put preventive measures in place.




Establish physical protection system (firewalls
etc.)
Establish security rights for file access and
updating web pages
Establish a disaster recovery programme
Set up auditing procedures (Audit trails) to
detect misuse
Staff training in operational procedures.




Screening potential employees
Routines for distributing updated virus
information and virus scanning procedures
Define procedures for downloading from the
Internet, use of floppy discs, personal backup
procedures
Define staff code of conduct for using
computer systems e.g. no abusive emails. No
illicit use etc.
2. What to do during?

What response should staff make when the
disaster occurs?
3. What to do after?
Implement recovery measures
 Hardware can be replaced.
 Software can be re-installed. (or de-bugged by the
programming department).
 The real problem is the data. No business can afford to lose
its data.
 Backups of all data should be regularly made. This means
that the worst case scenario is that the business has to go
back to the situation of the last backup and carry on from
there. Backups may take a long time - often tape-streamed at
night.
 Alternative communication /computer systems may be
arranged in case a network goes down or alternative power
supply.