Large organizations are faced with many challenges when it comes to systems and data security. A small organization may have one person who is responsible for vulnerability management but in a larger organization, there may be an entire team of individuals devoted to maintaining security within the company. Their sole responsibility is to develop strategies, which help protect the organization from virus outbreaks and hacker attacks. They are also responsible for maintaining data integrity and ensuring that systems are not compromised by other various security threats. In the event of a virus outbreak or network intrusion, the security team must respond as quickly as possible and have tactics in place to minimize the damage caused (e-Security Threats aren’t Just the Enemy of the Corporate, 2006).
One of the most common ways a company can secure their network and data is to set up a firewall system which blocks access to systems through the use of port blocking and port forwarding (Bird & Harwood, 2003. p. 476). It is also common for companies to set up an internal network where each system is assigned an internal IP address that is not visible on the Internet. All internal systems connect to the Internet via an internal gateway. The gateway may be a router, firewall, or NAT enabled computer. Organizations should also enable strict password policies, which require users to use passwords that are difficult to guess or crack using password cracking software. The policy should require users to change their password every 30 days (Bird & Harwood, 2003. pp. 466 – 468).
The company I work for, Oracle Corporation is a very large organization consisting of over 40,000 employees and 100 global offices. We employ an entire security team that responds to emergency situations. They are also responsible for staying informed about the latest security threats, such as new viruses and recently discovered security holes in software. It is their responsibility to inform the entire organization of new threats and to recommend that employees update their virus definitions and install any recently released patches. Being a software company, we also have to worry about security vulnerabilities within our own software (Oracle, Inc – Critical Patch Updates and Security Alerts, 2006). There is an entirely different team within our organization that is responsible for fixing security issues in our own software. This team develops software patches, which we recommend users and clients install. Sometimes we even develop new versions of software and ask users to upgrade.
Microsoft, Macromedia, and Lotus are all large software companies that deal with vulnerabilities and security issues within their own software. Microsoft is often criticized for having too many security problems and for not responding to them fast enough. One such issue that affects Microsoft Windows 2000 systems running Internet Information Services 5.0 is a security hole that allows attackers to gain complete control of the system. The exploit pertains to all systems that have not yet been patched, which means any system that has not had the proper software patch installed. Not having the patch installed makes the system vulnerable to attack, and allows a hacker to modify and delete files. The flaw was detected by a security professional at Eeye, which is a large security firm that specializes in detecting vulnerabilities in software (Microsoft Security Problem, 2006).
A vulnerability in Macromedia’s ColdFusion MX software was recently discovered which opens a system up to a possible scripting attack. Though the issue was considered a moderate threat, it was highly recommended by Macromedia that all ColdFusion MX users install the appropriate security patch to correct the issue and protect their systems from a possible attack (ColdFusion MX 7 – Cross-site Scripting in Default Error Page, 2006). A user of the software likely reported this issue. Macromedia encourages users to send a report of any and all security related issues to secure@macromedia.com. They claim to be committed to keeping their software up to date as to protect their customers from such security breaches. Information regarding Macromedia security issues can be found at http://www.macromedia.com/security.
At DefCon 8, which is an annual computer security convention where hackers and other security professionals join together to discuss security issues, a group of consultants demonstrated how an attacker could exploit a specific vulnerability in Lotus’ Notes Domino software. The vulnerability was considered low impact because physical access to the system was required, however they were able to show how an attacker could potentially gain access to a user’s account by exploiting the vulnerability. To protect a system, they recommended upgrading the encryption of http passwords and to not leave a system unattended with the Notes software up and running. Lotus recommends users and administrators visit http://www.lotus.com/security to stay informed on security related issues involving their software (Vulnerabilities in Lotus Notes Domino Aired at DefCon, 2006).
For more information on security and vulnerability management, you can visit http://www.securitydocs.com/Vulnerability_Management, which is a site containing several white papers and other helpful links.
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
e-Security Threats aren’t Just the Enemy of the Corporate. Retrieved January 31, 2006 from http://www.scmagazine.com/asia/news/article/419796/esecurity-threats-arent-just-enemy-corporate/
Oracle, Inc – Critical Patch Updates and Security Alerts. Retrieved January 31, 2006 from http://www.oracle.com/technology/deploy/security/alerts.htm
Microsoft Security Problem. Retrieved January 31, 2006 from http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2001/05/02/BU178838.DTL&type=business
ColdFusion MX 7 – Cross-site Scripting in Default Error Page. Retrieved January 31, 2006 from http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html
Vulnerabilities in Lotus Notes Domino Aired at DefCon 8. Retrieved January 31, 2006 from http://www.ciac.org/ciac/bulletins/k-062.shtml
Security Docs – Vulnerability Management. Retrieved January 31, 2006 from
Filed under: Networking
Fault tolerance systems are used to create redundancy in regard to data and network access. Redundancy allows continued access to data and network resources in the event of a device failure (Bird & Harwood, 2003. p. 386). Creating a fault tolerant network would require the installation of secondary devices such as backup power supplies, routers, switches, and hubs etc. as well as backup cabling in the event that a cable fails (Enterprise Design for Switches and Routers, 2006). For data redundancy, there are several options available. To ensure that data is available in the event of a hard disk failure, a RAID configuration can be used (Bird & Harwood, 2003. p. 388). Not all RAID types are fault tolerant, nor are they created equal. There are several options and factors one must consider when choosing a RAID type (Fault Tolerance, 2006).
Disaster recovery plans are used to recover from data loss or a system failure in which access to data has become impossible or compromised in some way (Bird & Harwood, 2003. p. 386). Disasters can include hard drive failures, power failures, or even natural disasters such as fires and floods (PCGuide – Care – Disaster Recovery, 2006). To ensure that data can be recovered and systems restored, an administrator should have a disaster recovery plan in place as well as a system that includes a data backup and restoration procedure.
Data backup is an important part of any disaster recovery strategy (Backup and Disaster Recovery, 2006). A network administrator should be aware of the different types of backup strategies available so that they can make an informed decision on which type of backup will suit their network. The factors to be considered when choosing a backup method include, how much data will be backed up and how much time can be allotted for the backup to be completed. Backup processes have a tendency to slow down data transmission on a network and use up resources on the backup server, such as RAM and processing power (Bird & Harwood, 2003. p. 403).
I have a system at my house that is connected to the Internet and acts as both a web server as well as an e-mail server. I have a program installed on the system, which allows it to be remotely controlled provided the right password is entered. I had always considered it to be secure and never had any problems, until one night I was sitting across the room and saw the mouse pointer begin to move across the screen. All of the sudden programs were opening and I realized someone had gotten control of my system through the remote control program. I still do not know who gained unauthorized access to my system nor do I know how they obtained access, however I had never felt so violated before. I immediately changed all of my passwords to make them more secure, and implemented a port blocking system to deny access from the Internet to that system. I have not had any problems like that since.
References
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
PCGuide – Care – Disaster Recovery. Retrieved January 14, 2006 from http://www.pcguide.com/care/bu/recov.htm
Fault Tolerance. Retrieved January 15, 2006 from http://www.comptechdoc.org/os/windows/win2k/win2ktolerance.html
Enterprise Design for Switches and Routers. Retrieved January 15, 2006 from http://www.microsoft.com/technet/itsolutions/wssra/raguide/NetworkDevices/igndbp_2.mspx
Backup and Disaster Recovery. Retrieved January 15, 2006 from http://compnetworking.about.com/cs/backuprecovery/
Filed under: Networking
The OSI model is a set of standards that is used to describe how data is transmitted over a network. The model is divided into seven parts, also known as layers. Each layer serves a different purpose and function in regard to data transmission (Wikipedia – OSI Model definition, 2006). The following describes each layer and their basic functions.
Layer 1 – Physical
The Physical layer typically describes networking hardware equipment and devices such as modems, hubs, and cabling as well as network card connector types. The physical layer interacts directly with the media access control sub-layer of the Data Link layer (Wikipedia – OSI Model definition, 2006).
Layer 2 – Data Link
The Data Link layer consists of two sub-layers: Logical Link Control (LLC) and Media Access Control (MAC). The LLC sub-layer is responsible for flow control as well as error detection and recovery. The MAC sub-layer is responsible for controlling access to media (Bird & Harwood, 2003, pp. 154-155). The Data Link layer typically operates through the use of software, such as a device driver for a network adapter card (OSI Model Layers, 2006). Devices that operate at the Data Link layer include network cards, switches as well as bridges. The Data Link layer is also responsible for physical addressing (Wikipedia – OSI Model definition, 2006).
Layer 3 – Network
The Network layer defines protocol types, logical addressing and is responsible for routing data packets (Bird & Harwood, 2003, pp. 155-157). A router is a type of device that operates at this layer. Some network protocols include: IP, IPX, and RIP (Wikipedia – OSI Model definition, 2006).
Layer 4 – Transport
Like the Data Link layer, the Transport layer handles flow control and error detection (Bird & Harwood, 2003, p. 157). Some transport protocols include: TCP, SPX, and ARP (Wikipedia – OSI Model definition, 2006).
Layer 5 – Session
The Session layer is responsible for maintaining end-to-end communications through the use of protocols such as: Named Pipes and RPC (Bird & Harwood, 2003, p. 159).
Layer 6 – Presentation
Data conversion, encryption/decryption and translation occurs at the Presentation layer (Bird & Harwood, 2003, pp. 159-160).
Layer 7 – Application
The Application layer is capable of handling flow control, error recovery, and network access (Bird & Harwood, 2003, p. 160). There are several types of applications and protocols that operate at this layer, including HTTP, FTP, SMTP, and Telnet (OSI Model Layers, 2006).
When a website is accessed, the data that is transmitted in the process will go through every layer of the OSI model. The process is as follows:
A user opens a browser window and attempts to connect to a website. The browser then attempts to communicate via the HTTP protocol over the application layer with the web server. If the website requires that the data be encrypted, the browser will encrypt or decrypt the data that is being transmitted. This encryption and decryption happens at the presentation layer. The browser then attempts creates a session between the client computer and the server computer so that the data can actually be transmitted between the computers on the session layer. The next layer is the transport layer and this is where the transmission of the data actually begins (OSI Reference Model, 2006). As the browser attempts to submit and request data to and from the web server, it will need to be routed to the proper location. The data will be routed over the Internet on the network layer based on the logical address of the server. Once the browser is aware of where to actually go to communicate with the web server, the data transmission will begin. The network card will prepare the data on the data link layer and then it will begin actually physically transmitting the data over the physical layer via a network medium, such as a cable or wireless frequency. The data will travel over the physical layer to and from the web server. When the browser request gets to the web server, it goes from the physical layer, to the data link layer where the network card begins receiving the data. The data then travels back up the OSI model through each layer. When data is sent from the web server back to the client system, the same process is followed (Bird & Harwood, 2003, pp. 152-153).
Network architects and engineers should be familiar with the OSI model because it will help them troubleshoot problems on a network (Network Troubleshooting Guide, 2006). Knowing how to identify which layer the problem is occurring at will help to determine what the actual cause of the problem is. Network architects should also be familiar with the standards that are defined when designing and building networks.
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
Wikipedia – OSI Model definition. Retrieved on January 4, 2006 from http://en.wikipedia.org/wiki/OSI_model
OSI Model Layers. Retrieved on January 4, 2006 from http://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html
OSI Reference Model. Retrieved on January 13, 2006 from http://www.how2pass.com/CCNA/study_material/osilayers.htm
Network Troubleshooting Guide. Retrieved on January 13, 2006 from http://support.3com.com/infodeli/tools/netmgt/tncsunix/product/091500/c1ovrvw.htm
Filed under: Networking
Network protocols are used to define a set of standards that devices use to communicate across a network (Network Protocols: Definition and Overview, 2006). For communication to occur between devices on a network they must use the same protocol to agree upon how to communicate with each other. The process can be compared to humans using a verbal language to communicate. For communication to be successful between two people, they must both speak and understand the same verbal language. Network protocols are used in a similar manner between devices on a network. A network utilizes a set of protocols known as a protocol suite (Bird & Harwood, 2003. pp. 174-175). A network protocol is just one type of protocol included in a protocol suite. Each type of protocol in a protocol suite is responsible for performing different functions. The network protocol that is included in a protocol suite is responsible for handling the tasks that create the ability for data to be transported across a network (Bird & Harwood, 2003. p. 175). In addition to defining the rules necessary for communication, the network protocol handles the logical addressing for devices and how data is routed between addresses (Bird & Harwood, 2003. p. 178).
There are several considerations that one must be familiar with when determining which network protocol to use. One of the most significant considerations is whether or not data will need to be routed. Some network protocols are not routable, which means they cannot send traffic across multiple networks (Bird & Harwood, 2003. p. 193). If the network is going to be complex in design, it should utilize a routable protocol so that the network can be segmented and each segment can communicate with each other (Comparison of Windows NT Network Protocols, 2006). Another factor to consider is whether or not devices on the network will require Internet access. If Internet access is required, the network devices must be enabled to communicate using the TCP/IP protocol suite. The choice of which network protocol to use will also depend on how large the network will be. A low-level network protocol can be used on smaller networks but for larger networks, a high-level protocol should be used. What makes a protocol low or high-level depends on its overall complexity and capabilities (Bird & Harwood, 2003. p. 193).
A low-level network protocol, which can be used on a small network that does not require routing, is the NetBEUI protocol (Bird & Harwood, 2003. p. 191). A routable high-level network protocol, which should be used for larger networks and networks that require Internet access, is the TCP/IP protocol suite (Bird & Harwood, 2003. p. 183). Both protocols have different advantages and disadvantages. TCP/IP is considered to be much more complex than NetBEUI because it is routable and operates at several layers of the OSI model. An advantage of NetBEUI over TCP/IP is that it is fast because it is simple and lightweight, although it is not routable (Bird & Harwood, 2003. p. 191). TCP/IP can be used on almost all operating systems including Windows, UNIX, Linux, and Macintosh but NetBEUI is only used on Windows systems. Considering that TCP/IP is rather complex and has many different configuration options, it can be difficult to configure whereas NetBEUI is very easy configure because its only requirement is a NetBIOS name (Bird & Harwood, 2003. p. 193).
In terms of complexity, there are high-level and low-level network protocols (Network Protocol – Computer Networking, 2006). Typically, what makes a protocol simple or complex depends on how easily it can be configured and whether or not it is routable (Bird & Harwood, 2003. p. 193). A protocol that is routable and supports large networks is usually more difficult to configure, therefore it is considered to be more complex than lower-level protocols that are not routable and used on smaller networks (Bird & Harwood, 2003. pp. 178-193).
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
Comparison of Windows NT Network Protocols. Retrieved on January 12, 2006 from http://support.microsoft.com/kb/q128233/
Network Protocols: Definition and Overview. Retrieved on January 12, 2006 from http://www.javvin.com/protocols.html
Network Protocol – Computer Networking. Retrieved on January 12, 2006 from http://compnetworking.about.com/od/networkprotocols/l/bldef_protocol.htm
Filed under: Networking
A domain name is recognized as an IP address through the use of the Domain Naming System, also known as DNS (DNS definition, 2006). The DNS system uses a database, which holds information including domain names and IP addresses as well as the mapping information that describes the corresponding IP address information based on a specific domain name (The TCP/IP Guide – DNS Name Server Concepts and Operation, 2006). For an IP address to be resolved to a domain name, it must follow the following process: An IP address is assigned to a server such as a web or e-mail server and is used to uniquely identify that server on the Internet (Bird & Harwood, 2003. pp. 221-224). For an IP address to be mapped to an Internet domain name, an Internet facing DNS server must have a record registered in its database, which contains the IP address and it’s corresponding domain name. This Internet facing DNS server is known as the authoritative DNS server in this instance. When a DNS server is registered on the Internet, it is registered as an authoritative server for any domains that have records hosted in its database and sends that information to an Internet root DNS server. The root DNS servers are responsible for holding database entries that describe address information for authoritative DNS servers based on top-level domain names. When a domain name is queried, a root server should send the DNS request to the proper Internet facing DNS server that holds the actual hostname entries and IP address mapping information (Domain Name System, 2006).
On a network that uses TCP/IP to communicate, each device must be assigned an IP address, which uniquely identifies the device on the network. A device cannot use an IP address that is already assigned another device on the same network. There are two basic parts to an IP address: the network ID and host ID. All devices on a specific network will be assigned IP addresses that share the same network ID (Bird & Harwood, 2003. p. 233). An IP address contains four octets. An octet is a number that represents 8 bits of information (Basic Addressing, 2006). An octet can be described in either decimal or binary format. A binary octet is a series of 8 numbers, all consisting of 0’s or 1’s. A decimal octet is a number that has been converted from the binary format to decimal format by using the binary-to-decimal conversion process (Bird & Harwood, 2003. p. 234). An IP address will always belong to a specific class, which is a way of grouping addresses based on their size in terms of networks and hosts. The address range of the first octet and the subnet mask are used to identify which class an IP address belongs to (Bird & Harwood, 2003. pp. 235-236).
A MAC address and an IP address are very different. A MAC address is a physical address that is assigned to a network device and cannot be changed. The MAC address contains information regarding the manufacturer of the device as well as a unique identifier similar to a serial number (Bird & Harwood, 2003. p. 139). An IP address is a logical address assigned to a network device and can be changed as needed. A MAC address works at the Data Link layer of the OSI model (Bird & Harwood, 2003. p. 154). An IP address works at the Network layer of the OSI model (Bird & Harwood, 2003. p. 156).
The Dynamic Host Configuration Protocol (DHCP) is used to automatically assign IP addresses to hosts on a network that uses TCP/IP (Bird & Harwood, 2003. p. 217). DHCP can also provide a host with other information such as a subnet mask, default gateway address and DNS server addresses (Bird & Harwood, 2003. p. 218). When a device is enabled as a DHCP client, it sends a broadcast message which requests acknowledgment from an available DHCP server. A DHCP server then offers an address lease to the client (DHCP – A Whatis.com Definition, 2006). The client accepts the address and is automatically configured based on the information provided by the DHCP server and then the server lets the client know it has registered it as a client. The client can then begin communicating on the network using the given IP address information (Bird & Harwood, 2003. p. 219).
When a network that uses TCP/IP needs to be segmented, a process called subnetting is used. Large networks are segmented into separate smaller networks for security purposes and also to control network traffic (Bird & Harwood, 2003. p. 241). Subnetting is also helpful in utilizing network addresses more efficiently. For instance, by using a default subnet configuration, many host addresses may go unused. The network may be modified to allow more sub-networks by limiting the number of host addresses used (Bird & Harwood, 2003. p. 238). This is accomplished by altering the subnet configuration.
Subnetting is implemented by modifying a networks defined subnet mask. A subnet mask is used to identify what portion of an IP address is the network ID and what portion is the host ID (Bird & Harwood, 2003. pp. 238-242). When the network ID and host ID are known, a valid host range can be determined for a given network ID. Without a subnet mask, it would be impossible to distinguish between the network ID and the host ID (Basic Addressing, 2006). When more hosts are needed, a portion of the available networks is used and therefore the number of available networks that can be used is decreased. Just the same, when more sub-networks are needed, a portion of the available host range is used and so the number of available host addresses is decreased. The subnetting configuration will depend on how many sub-networks are needed versus how many hosts per sub-network are needed (Bird & Harwood, 2003. pp. 238-242).
When multiple devices on a TCP/IP enabled network need to share one connection to the Internet, they must be configured to use an Internet connection sharing service such as Network Address Translation (NAT) or Internet Connection Sharing (ICS) (Bird & Harwood, 2003. pp. 224-226). ICS is a form of NAT that is used on Windows systems. NAT is implemented by configuring one system to have access to the Internet and allowing it to share that connection and then configuring other systems on a network to connect to the NAT enabled system to gain access to the Internet (Bird & Harwood, 2003. p. 225).
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
The TCP/IP Guide – DNS Name Server Concepts and Operation. Retrieved on January 12, 2006 from http://www.tcpipguide.com/free/t_DNSNameServerConceptsandOperation.htm
DNS definition. Retrieved on January 12, 2006 from http://computing-dictionary.thefreedictionary.com/DNS
Domain Name System. Retrieved on January 12, 2006 from http://en.wikipedia.org/wiki/DNS
Basic Addressing. Retrieved on January 12, 2006 from http://www.comptechdoc.org/independent/networking/guide/netaddressing.html
DHCP – A Whatis.com Definition. Retrieved on January 12, 2006 from http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213894,00.html
Filed under: Networking
A network operating system is an operating system that provides the capability to connect, share and manage resources on a network (Network Operating System (NOS) definition, 2005). The types of resources that can be shared include files, applications, printers, and storage space (Bird & Harwood, 2003, p. 319). The network operating system is also responsible for managing security.
A client operating system is an operating system that allows a computer to connect to a network and utilize shared resources on a network (Desktop operating system definition, 2005). Microsoft Windows is the most popular client operating system in use today (Bird & Harwood, 2003, p. 367).
A file system is a structural system that is typically built into an operating system. Most file systems provide access to data in the form of directories and files. In most cases the file system is hierarchical in structure (File system – a Whatis.com definition, 2005). The type of file system used dictates the type of security that can be implemented as well as how data is actually accessed.
There are a few network operating systems that have had a major impact on network computing. One of the most influential network operating systems has been the Microsoft Windows operating system. Microsoft Windows has always been considered a popular stand-alone desktop operating system, however over the last decade, it has gained popularity as a network operating system as well. In comparison to other systems, such as Novell and UNIX, Windows provides ease of use and administration and is reasonably priced. Windows can also run on a wide variety of platforms and is capable of connecting to several different client operating systems (Wikipedia – Windows NT definition).
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
File system – a Whats.com definition. Retrieved on January 4, 2006 from http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212120,00.html
