Large organizations are faced with many challenges when it comes to systems and data security. A small organization may have one person who is responsible for vulnerability management but in a larger organization, there may be an entire team of individuals devoted to maintaining security within the company. Their sole responsibility is to develop strategies, which help protect the organization from virus outbreaks and hacker attacks. They are also responsible for maintaining data integrity and ensuring that systems are not compromised by other various security threats. In the event of a virus outbreak or network intrusion, the security team must respond as quickly as possible and have tactics in place to minimize the damage caused (e-Security Threats aren’t Just the Enemy of the Corporate, 2006).
One of the most common ways a company can secure their network and data is to set up a firewall system which blocks access to systems through the use of port blocking and port forwarding (Bird & Harwood, 2003. p. 476). It is also common for companies to set up an internal network where each system is assigned an internal IP address that is not visible on the Internet. All internal systems connect to the Internet via an internal gateway. The gateway may be a router, firewall, or NAT enabled computer. Organizations should also enable strict password policies, which require users to use passwords that are difficult to guess or crack using password cracking software. The policy should require users to change their password every 30 days (Bird & Harwood, 2003. pp. 466 – 468).
The company I work for, Oracle Corporation is a very large organization consisting of over 40,000 employees and 100 global offices. We employ an entire security team that responds to emergency situations. They are also responsible for staying informed about the latest security threats, such as new viruses and recently discovered security holes in software. It is their responsibility to inform the entire organization of new threats and to recommend that employees update their virus definitions and install any recently released patches. Being a software company, we also have to worry about security vulnerabilities within our own software (Oracle, Inc – Critical Patch Updates and Security Alerts, 2006). There is an entirely different team within our organization that is responsible for fixing security issues in our own software. This team develops software patches, which we recommend users and clients install. Sometimes we even develop new versions of software and ask users to upgrade.
Microsoft, Macromedia, and Lotus are all large software companies that deal with vulnerabilities and security issues within their own software. Microsoft is often criticized for having too many security problems and for not responding to them fast enough. One such issue that affects Microsoft Windows 2000 systems running Internet Information Services 5.0 is a security hole that allows attackers to gain complete control of the system. The exploit pertains to all systems that have not yet been patched, which means any system that has not had the proper software patch installed. Not having the patch installed makes the system vulnerable to attack, and allows a hacker to modify and delete files. The flaw was detected by a security professional at Eeye, which is a large security firm that specializes in detecting vulnerabilities in software (Microsoft Security Problem, 2006).
A vulnerability in Macromedia’s ColdFusion MX software was recently discovered which opens a system up to a possible scripting attack. Though the issue was considered a moderate threat, it was highly recommended by Macromedia that all ColdFusion MX users install the appropriate security patch to correct the issue and protect their systems from a possible attack (ColdFusion MX 7 – Cross-site Scripting in Default Error Page, 2006). A user of the software likely reported this issue. Macromedia encourages users to send a report of any and all security related issues to secure@macromedia.com. They claim to be committed to keeping their software up to date as to protect their customers from such security breaches. Information regarding Macromedia security issues can be found at http://www.macromedia.com/security.
At DefCon 8, which is an annual computer security convention where hackers and other security professionals join together to discuss security issues, a group of consultants demonstrated how an attacker could exploit a specific vulnerability in Lotus’ Notes Domino software. The vulnerability was considered low impact because physical access to the system was required, however they were able to show how an attacker could potentially gain access to a user’s account by exploiting the vulnerability. To protect a system, they recommended upgrading the encryption of http passwords and to not leave a system unattended with the Notes software up and running. Lotus recommends users and administrators visit http://www.lotus.com/security to stay informed on security related issues involving their software (Vulnerabilities in Lotus Notes Domino Aired at DefCon, 2006).
For more information on security and vulnerability management, you can visit http://www.securitydocs.com/Vulnerability_Management, which is a site containing several white papers and other helpful links.
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
e-Security Threats aren’t Just the Enemy of the Corporate. Retrieved January 31, 2006 from http://www.scmagazine.com/asia/news/article/419796/esecurity-threats-arent-just-enemy-corporate/
Oracle, Inc – Critical Patch Updates and Security Alerts. Retrieved January 31, 2006 from http://www.oracle.com/technology/deploy/security/alerts.htm
Microsoft Security Problem. Retrieved January 31, 2006 from http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2001/05/02/BU178838.DTL&type=business
ColdFusion MX 7 – Cross-site Scripting in Default Error Page. Retrieved January 31, 2006 from http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html
Vulnerabilities in Lotus Notes Domino Aired at DefCon 8. Retrieved January 31, 2006 from http://www.ciac.org/ciac/bulletins/k-062.shtml
Security Docs – Vulnerability Management. Retrieved January 31, 2006 from
Filed under: Networking
Fault tolerance systems are used to create redundancy in regard to data and network access. Redundancy allows continued access to data and network resources in the event of a device failure (Bird & Harwood, 2003. p. 386). Creating a fault tolerant network would require the installation of secondary devices such as backup power supplies, routers, switches, and hubs etc. as well as backup cabling in the event that a cable fails (Enterprise Design for Switches and Routers, 2006). For data redundancy, there are several options available. To ensure that data is available in the event of a hard disk failure, a RAID configuration can be used (Bird & Harwood, 2003. p. 388). Not all RAID types are fault tolerant, nor are they created equal. There are several options and factors one must consider when choosing a RAID type (Fault Tolerance, 2006).
Disaster recovery plans are used to recover from data loss or a system failure in which access to data has become impossible or compromised in some way (Bird & Harwood, 2003. p. 386). Disasters can include hard drive failures, power failures, or even natural disasters such as fires and floods (PCGuide – Care – Disaster Recovery, 2006). To ensure that data can be recovered and systems restored, an administrator should have a disaster recovery plan in place as well as a system that includes a data backup and restoration procedure.
Data backup is an important part of any disaster recovery strategy (Backup and Disaster Recovery, 2006). A network administrator should be aware of the different types of backup strategies available so that they can make an informed decision on which type of backup will suit their network. The factors to be considered when choosing a backup method include, how much data will be backed up and how much time can be allotted for the backup to be completed. Backup processes have a tendency to slow down data transmission on a network and use up resources on the backup server, such as RAM and processing power (Bird & Harwood, 2003. p. 403).
I have a system at my house that is connected to the Internet and acts as both a web server as well as an e-mail server. I have a program installed on the system, which allows it to be remotely controlled provided the right password is entered. I had always considered it to be secure and never had any problems, until one night I was sitting across the room and saw the mouse pointer begin to move across the screen. All of the sudden programs were opening and I realized someone had gotten control of my system through the remote control program. I still do not know who gained unauthorized access to my system nor do I know how they obtained access, however I had never felt so violated before. I immediately changed all of my passwords to make them more secure, and implemented a port blocking system to deny access from the Internet to that system. I have not had any problems like that since.
References
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
PCGuide – Care – Disaster Recovery. Retrieved January 14, 2006 from http://www.pcguide.com/care/bu/recov.htm
Fault Tolerance. Retrieved January 15, 2006 from http://www.comptechdoc.org/os/windows/win2k/win2ktolerance.html
Enterprise Design for Switches and Routers. Retrieved January 15, 2006 from http://www.microsoft.com/technet/itsolutions/wssra/raguide/NetworkDevices/igndbp_2.mspx
Backup and Disaster Recovery. Retrieved January 15, 2006 from http://compnetworking.about.com/cs/backuprecovery/
Filed under: Networking
The OSI model is a set of standards that is used to describe how data is transmitted over a network. The model is divided into seven parts, also known as layers. Each layer serves a different purpose and function in regard to data transmission (Wikipedia – OSI Model definition, 2006). The following describes each layer and their basic functions.
Layer 1 – Physical
The Physical layer typically describes networking hardware equipment and devices such as modems, hubs, and cabling as well as network card connector types. The physical layer interacts directly with the media access control sub-layer of the Data Link layer (Wikipedia – OSI Model definition, 2006).
Layer 2 – Data Link
The Data Link layer consists of two sub-layers: Logical Link Control (LLC) and Media Access Control (MAC). The LLC sub-layer is responsible for flow control as well as error detection and recovery. The MAC sub-layer is responsible for controlling access to media (Bird & Harwood, 2003, pp. 154-155). The Data Link layer typically operates through the use of software, such as a device driver for a network adapter card (OSI Model Layers, 2006). Devices that operate at the Data Link layer include network cards, switches as well as bridges. The Data Link layer is also responsible for physical addressing (Wikipedia – OSI Model definition, 2006).
Layer 3 – Network
The Network layer defines protocol types, logical addressing and is responsible for routing data packets (Bird & Harwood, 2003, pp. 155-157). A router is a type of device that operates at this layer. Some network protocols include: IP, IPX, and RIP (Wikipedia – OSI Model definition, 2006).
Layer 4 – Transport
Like the Data Link layer, the Transport layer handles flow control and error detection (Bird & Harwood, 2003, p. 157). Some transport protocols include: TCP, SPX, and ARP (Wikipedia – OSI Model definition, 2006).
Layer 5 – Session
The Session layer is responsible for maintaining end-to-end communications through the use of protocols such as: Named Pipes and RPC (Bird & Harwood, 2003, p. 159).
Layer 6 – Presentation
Data conversion, encryption/decryption and translation occurs at the Presentation layer (Bird & Harwood, 2003, pp. 159-160).
Layer 7 – Application
The Application layer is capable of handling flow control, error recovery, and network access (Bird & Harwood, 2003, p. 160). There are several types of applications and protocols that operate at this layer, including HTTP, FTP, SMTP, and Telnet (OSI Model Layers, 2006).
When a website is accessed, the data that is transmitted in the process will go through every layer of the OSI model. The process is as follows:
A user opens a browser window and attempts to connect to a website. The browser then attempts to communicate via the HTTP protocol over the application layer with the web server. If the website requires that the data be encrypted, the browser will encrypt or decrypt the data that is being transmitted. This encryption and decryption happens at the presentation layer. The browser then attempts creates a session between the client computer and the server computer so that the data can actually be transmitted between the computers on the session layer. The next layer is the transport layer and this is where the transmission of the data actually begins (OSI Reference Model, 2006). As the browser attempts to submit and request data to and from the web server, it will need to be routed to the proper location. The data will be routed over the Internet on the network layer based on the logical address of the server. Once the browser is aware of where to actually go to communicate with the web server, the data transmission will begin. The network card will prepare the data on the data link layer and then it will begin actually physically transmitting the data over the physical layer via a network medium, such as a cable or wireless frequency. The data will travel over the physical layer to and from the web server. When the browser request gets to the web server, it goes from the physical layer, to the data link layer where the network card begins receiving the data. The data then travels back up the OSI model through each layer. When data is sent from the web server back to the client system, the same process is followed (Bird & Harwood, 2003, pp. 152-153).
Network architects and engineers should be familiar with the OSI model because it will help them troubleshoot problems on a network (Network Troubleshooting Guide, 2006). Knowing how to identify which layer the problem is occurring at will help to determine what the actual cause of the problem is. Network architects should also be familiar with the standards that are defined when designing and building networks.
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
Wikipedia – OSI Model definition. Retrieved on January 4, 2006 from http://en.wikipedia.org/wiki/OSI_model
OSI Model Layers. Retrieved on January 4, 2006 from http://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html
OSI Reference Model. Retrieved on January 13, 2006 from http://www.how2pass.com/CCNA/study_material/osilayers.htm
Network Troubleshooting Guide. Retrieved on January 13, 2006 from http://support.3com.com/infodeli/tools/netmgt/tncsunix/product/091500/c1ovrvw.htm
Filed under: Networking
Network protocols are used to define a set of standards that devices use to communicate across a network (Network Protocols: Definition and Overview, 2006). For communication to occur between devices on a network they must use the same protocol to agree upon how to communicate with each other. The process can be compared to humans using a verbal language to communicate. For communication to be successful between two people, they must both speak and understand the same verbal language. Network protocols are used in a similar manner between devices on a network. A network utilizes a set of protocols known as a protocol suite (Bird & Harwood, 2003. pp. 174-175). A network protocol is just one type of protocol included in a protocol suite. Each type of protocol in a protocol suite is responsible for performing different functions. The network protocol that is included in a protocol suite is responsible for handling the tasks that create the ability for data to be transported across a network (Bird & Harwood, 2003. p. 175). In addition to defining the rules necessary for communication, the network protocol handles the logical addressing for devices and how data is routed between addresses (Bird & Harwood, 2003. p. 178).
There are several considerations that one must be familiar with when determining which network protocol to use. One of the most significant considerations is whether or not data will need to be routed. Some network protocols are not routable, which means they cannot send traffic across multiple networks (Bird & Harwood, 2003. p. 193). If the network is going to be complex in design, it should utilize a routable protocol so that the network can be segmented and each segment can communicate with each other (Comparison of Windows NT Network Protocols, 2006). Another factor to consider is whether or not devices on the network will require Internet access. If Internet access is required, the network devices must be enabled to communicate using the TCP/IP protocol suite. The choice of which network protocol to use will also depend on how large the network will be. A low-level network protocol can be used on smaller networks but for larger networks, a high-level protocol should be used. What makes a protocol low or high-level depends on its overall complexity and capabilities (Bird & Harwood, 2003. p. 193).
A low-level network protocol, which can be used on a small network that does not require routing, is the NetBEUI protocol (Bird & Harwood, 2003. p. 191). A routable high-level network protocol, which should be used for larger networks and networks that require Internet access, is the TCP/IP protocol suite (Bird & Harwood, 2003. p. 183). Both protocols have different advantages and disadvantages. TCP/IP is considered to be much more complex than NetBEUI because it is routable and operates at several layers of the OSI model. An advantage of NetBEUI over TCP/IP is that it is fast because it is simple and lightweight, although it is not routable (Bird & Harwood, 2003. p. 191). TCP/IP can be used on almost all operating systems including Windows, UNIX, Linux, and Macintosh but NetBEUI is only used on Windows systems. Considering that TCP/IP is rather complex and has many different configuration options, it can be difficult to configure whereas NetBEUI is very easy configure because its only requirement is a NetBIOS name (Bird & Harwood, 2003. p. 193).
In terms of complexity, there are high-level and low-level network protocols (Network Protocol – Computer Networking, 2006). Typically, what makes a protocol simple or complex depends on how easily it can be configured and whether or not it is routable (Bird & Harwood, 2003. p. 193). A protocol that is routable and supports large networks is usually more difficult to configure, therefore it is considered to be more complex than lower-level protocols that are not routable and used on smaller networks (Bird & Harwood, 2003. pp. 178-193).
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
Comparison of Windows NT Network Protocols. Retrieved on January 12, 2006 from http://support.microsoft.com/kb/q128233/
Network Protocols: Definition and Overview. Retrieved on January 12, 2006 from http://www.javvin.com/protocols.html
Network Protocol – Computer Networking. Retrieved on January 12, 2006 from http://compnetworking.about.com/od/networkprotocols/l/bldef_protocol.htm
Filed under: Networking
A domain name is recognized as an IP address through the use of the Domain Naming System, also known as DNS (DNS definition, 2006). The DNS system uses a database, which holds information including domain names and IP addresses as well as the mapping information that describes the corresponding IP address information based on a specific domain name (The TCP/IP Guide – DNS Name Server Concepts and Operation, 2006). For an IP address to be resolved to a domain name, it must follow the following process: An IP address is assigned to a server such as a web or e-mail server and is used to uniquely identify that server on the Internet (Bird & Harwood, 2003. pp. 221-224). For an IP address to be mapped to an Internet domain name, an Internet facing DNS server must have a record registered in its database, which contains the IP address and it’s corresponding domain name. This Internet facing DNS server is known as the authoritative DNS server in this instance. When a DNS server is registered on the Internet, it is registered as an authoritative server for any domains that have records hosted in its database and sends that information to an Internet root DNS server. The root DNS servers are responsible for holding database entries that describe address information for authoritative DNS servers based on top-level domain names. When a domain name is queried, a root server should send the DNS request to the proper Internet facing DNS server that holds the actual hostname entries and IP address mapping information (Domain Name System, 2006).
On a network that uses TCP/IP to communicate, each device must be assigned an IP address, which uniquely identifies the device on the network. A device cannot use an IP address that is already assigned another device on the same network. There are two basic parts to an IP address: the network ID and host ID. All devices on a specific network will be assigned IP addresses that share the same network ID (Bird & Harwood, 2003. p. 233). An IP address contains four octets. An octet is a number that represents 8 bits of information (Basic Addressing, 2006). An octet can be described in either decimal or binary format. A binary octet is a series of 8 numbers, all consisting of 0’s or 1’s. A decimal octet is a number that has been converted from the binary format to decimal format by using the binary-to-decimal conversion process (Bird & Harwood, 2003. p. 234). An IP address will always belong to a specific class, which is a way of grouping addresses based on their size in terms of networks and hosts. The address range of the first octet and the subnet mask are used to identify which class an IP address belongs to (Bird & Harwood, 2003. pp. 235-236).
A MAC address and an IP address are very different. A MAC address is a physical address that is assigned to a network device and cannot be changed. The MAC address contains information regarding the manufacturer of the device as well as a unique identifier similar to a serial number (Bird & Harwood, 2003. p. 139). An IP address is a logical address assigned to a network device and can be changed as needed. A MAC address works at the Data Link layer of the OSI model (Bird & Harwood, 2003. p. 154). An IP address works at the Network layer of the OSI model (Bird & Harwood, 2003. p. 156).
The Dynamic Host Configuration Protocol (DHCP) is used to automatically assign IP addresses to hosts on a network that uses TCP/IP (Bird & Harwood, 2003. p. 217). DHCP can also provide a host with other information such as a subnet mask, default gateway address and DNS server addresses (Bird & Harwood, 2003. p. 218). When a device is enabled as a DHCP client, it sends a broadcast message which requests acknowledgment from an available DHCP server. A DHCP server then offers an address lease to the client (DHCP – A Whatis.com Definition, 2006). The client accepts the address and is automatically configured based on the information provided by the DHCP server and then the server lets the client know it has registered it as a client. The client can then begin communicating on the network using the given IP address information (Bird & Harwood, 2003. p. 219).
When a network that uses TCP/IP needs to be segmented, a process called subnetting is used. Large networks are segmented into separate smaller networks for security purposes and also to control network traffic (Bird & Harwood, 2003. p. 241). Subnetting is also helpful in utilizing network addresses more efficiently. For instance, by using a default subnet configuration, many host addresses may go unused. The network may be modified to allow more sub-networks by limiting the number of host addresses used (Bird & Harwood, 2003. p. 238). This is accomplished by altering the subnet configuration.
Subnetting is implemented by modifying a networks defined subnet mask. A subnet mask is used to identify what portion of an IP address is the network ID and what portion is the host ID (Bird & Harwood, 2003. pp. 238-242). When the network ID and host ID are known, a valid host range can be determined for a given network ID. Without a subnet mask, it would be impossible to distinguish between the network ID and the host ID (Basic Addressing, 2006). When more hosts are needed, a portion of the available networks is used and therefore the number of available networks that can be used is decreased. Just the same, when more sub-networks are needed, a portion of the available host range is used and so the number of available host addresses is decreased. The subnetting configuration will depend on how many sub-networks are needed versus how many hosts per sub-network are needed (Bird & Harwood, 2003. pp. 238-242).
When multiple devices on a TCP/IP enabled network need to share one connection to the Internet, they must be configured to use an Internet connection sharing service such as Network Address Translation (NAT) or Internet Connection Sharing (ICS) (Bird & Harwood, 2003. pp. 224-226). ICS is a form of NAT that is used on Windows systems. NAT is implemented by configuring one system to have access to the Internet and allowing it to share that connection and then configuring other systems on a network to connect to the NAT enabled system to gain access to the Internet (Bird & Harwood, 2003. p. 225).
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
The TCP/IP Guide – DNS Name Server Concepts and Operation. Retrieved on January 12, 2006 from http://www.tcpipguide.com/free/t_DNSNameServerConceptsandOperation.htm
DNS definition. Retrieved on January 12, 2006 from http://computing-dictionary.thefreedictionary.com/DNS
Domain Name System. Retrieved on January 12, 2006 from http://en.wikipedia.org/wiki/DNS
Basic Addressing. Retrieved on January 12, 2006 from http://www.comptechdoc.org/independent/networking/guide/netaddressing.html
DHCP – A Whatis.com Definition. Retrieved on January 12, 2006 from http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213894,00.html
Filed under: Networking
A network operating system is an operating system that provides the capability to connect, share and manage resources on a network (Network Operating System (NOS) definition, 2005). The types of resources that can be shared include files, applications, printers, and storage space (Bird & Harwood, 2003, p. 319). The network operating system is also responsible for managing security.
A client operating system is an operating system that allows a computer to connect to a network and utilize shared resources on a network (Desktop operating system definition, 2005). Microsoft Windows is the most popular client operating system in use today (Bird & Harwood, 2003, p. 367).
A file system is a structural system that is typically built into an operating system. Most file systems provide access to data in the form of directories and files. In most cases the file system is hierarchical in structure (File system – a Whatis.com definition, 2005). The type of file system used dictates the type of security that can be implemented as well as how data is actually accessed.
There are a few network operating systems that have had a major impact on network computing. One of the most influential network operating systems has been the Microsoft Windows operating system. Microsoft Windows has always been considered a popular stand-alone desktop operating system, however over the last decade, it has gained popularity as a network operating system as well. In comparison to other systems, such as Novell and UNIX, Windows provides ease of use and administration and is reasonably priced. Windows can also run on a wide variety of platforms and is capable of connecting to several different client operating systems (Wikipedia – Windows NT definition).
References:
Bird, D. & Harwood, M. (2003). Network+, Exam N10-002. Que Publishing
File system – a Whats.com definition. Retrieved on January 4, 2006 from http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212120,00.html
Many people today may be aware of the fact that there are risks involved in making purchases online but unfortunately, they may not be as educated on the types of precautions that companies take to protect their customers against these risks. Without being informed on how they are protected, people will continue to be leery of making purchases online. Some of the risks involved in purchasing products and services online include: information theft, identify theft, and credit card fraud.
Information theft occurs when someone’s personal information is obtained through unlawful activities (Cashman, Shelly, & Vermaat, 2004, p. 360). Stealing confidential information is another form of information theft. Identify theft is another risk involved in making purchases online. When someone uses another person’s confidential and personal information to impersonate them, this is known as identity theft (Identity Theft, 2005). The impersonator may use their false identity to obtain credit cards, property, or other items of which the person with the true identity becomes liable. When a person uses stolen credit card information, this is known as credit card fraud (Credit Card Fraud, 2005).
To guard against information theft, many Internet companies employ the use of data encryption (Cashman et al., 2004, p. 361). When data is encrypted, it is converted into an unreadable format and must be decrypted before it can be read or understood. To encrypt data, an encryption key is used which is similar to a password. The encryption key must be provided to decrypt the data before it can be read (Cashman et al., 2004, p. 361). When information is transmitted over the Internet, it becomes extremely vulnerable to security risks (Cashman et al., 2004, p. 363). Most browsers are capable of using encryption to help secure data transmission. A website that uses encryption to secure data while being transmitted is known as a secure site (Cashman et al., 2004, p. 364). Some sites use digital certificates to validate the authenticity of a user or website. Occasionally websites will use SET encryption to secure financial transactions. SET is the Secure Electronics Transactions specification (Cashman et al., 2004, p. 364).
It is common for companies to collect information about their customers; however this can become a privacy concern. To ensure that customers are aware of how an organization protects their privacy, many Internet companies provide an online privacy policy which explains the type of information collected by the customer as well as how their information is used (Cashman et al., 2004, p. 367). It is recommended for customers to read a company’s privacy policy before purchasing their products or services online.
References:
Cashman, T.J., Shelly, G.B, & Vermaat, M. E. (2004). Discovering Computers: Fundamentals editions. Boston: Course Technology
Identity Theft (2005). Retrieved December 13, 2005 from http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci801871,00.html
Credit Card Fraud. (2005). Retrieved December 13, 2005 from http://retailindustry.about.com/od/lp/g/credit_fraud.htm
Filed under: Networking
There are three types of computer networks: LANs, MANs, and WANs (Cashman, Shelly, & Vermaat, 2004, p. 290). A LAN is a Local Area Network and typically described as a network that exists in a single location, such as an office building or house. A MAN is a Metropolitan Area Network, which is a network that connects LANs across a metropolitan area such as a city or county. A WAN is a Wide Area Network and connects multiple networks over a large geographical area such as states or countries. The Internet is the largest Wide Area Network in existence (Cashman et al., 2004, p. 290).
There are two types of network architectures widely used: client/server and peer-to-peer (Cashman et al., 2004, p. 291). A client/server network can accommodate more than 10 computers whereas a peer-to-peer network is recommended when the network consists of 10 or less computers. A client/server network is the most common type of network used in businesses today. The peer-to-peer architecture is often used for small home networks (Creating a Home Network, 2005).
There are three basic network topologies: Bus, Ring and Star (Cashman et al., 2004, pp. 292 – 293). Bus networks are typically easy to install and inexpensive however a significant drawback being, if the bus cable fails, the entire network fails (Network Topologies, 2005). A Ring network is not as easy to install as a Bus network although if one device fails, not all devices fail as well. Only the devices located after the failed device on the ring will fail (Cashman et al., 2004, p. 293). On a Star network, if one device fails all other devices remain connected and unaffected. A Star network is also considerably easier to install and maintain in comparison to Bus and Ring networks (Cashman et al., 2004, p. 293). Another topology is known as a Mesh network. A Mesh network consists of multiple Star networks that are connected to each other.
There are many different types of communication technologies. Some of those technologies include Token Ring, Bluetooth, IrDA, Ethernet and TCP/IP (Cashman et al., 2004, p. 294). These technologies can also be referred to as protocols. Ethernet can be used on a Star network topology and is commonly used on LANs. TCP/IP is a protocol that is used for Internet data transmissions (Cashman et al., 2004, p. 294).
Any type of network will require certain pieces of hardware. Some of the hardware required may consist of network cards, cabling, hubs/switches, and routers (Cashman et al., 2004, pp. 300 – 301). The type of hardware needed will depend on the type of network and the topology used. The most commonly used network card type is an Ethernet card (Cashman et al., 2004, p. 300). A network card can be installed in almost any type of computer including servers, desktops, and laptops. Any computer that is to be connected to the network will require a network card. Having a router connected will allow several computers on the network to share one connection to the Internet (Cashman et al., 2004, p. 301). Some routers have built in firewall protection.
I recommend for a small organization with multiple locations to implement a LAN at each of their branch offices and then connect their LANs to each other via a MAN. Each office location will have a router installed, which provides them with a WAN connection to the Internet. All devices connected to the LAN at each office will share the same Internet connection. I recommend that the organization use a client/server architecture versus a peer-to-peer because it will allow them much room from growth if the company expands and they need to add more computers to the network (Cashman et al., 2004, p. 291). I will also recommend that the organization use a Star topology when designing their network. A Star network will be more reliable than other types of networks in that, if a device fails it will not bring the entire network down. It will also be easy to install and will allow for much growth and expansion (Cashman et al., 2004, p. 293). The organization should use the Ethernet protocol in their Star topology network.
I would also suggest a T1 line be installed at each office location. A T1 is the most popular type of line used to connect businesses to the Internet (Cashman et al., 2004, p. 298). A T1 line is reasonably priced and can provide simultaneous high-speed connections to the Internet for multiple users via a router.
References:
Cashman, T.J., Shelly, G.B, & Vermaat, M. E. (2004). Discovering Computers: Fundamentals editions. Boston: Course Technology
Network Topologies. (2005). Retrieved December 9, 2005, from
http://compnetworking.about.com/od/networkdesign/l/aa041601a.htm
Creating a Home Network. (2005). Retrieved December 9, 2005 from http://support.microsoft.com/default.aspx?scid=%2Fdirectory%2Fworldwide%2Fen-gb%2Fhnetwork.asp
Nearly all businesses today have some sort of presence on the Internet. Even if the only information they have available on their website is a phone number and address, most companies have something on the Internet with their name on it (Cashman, Shelly, & Vermaat, 2004, p. 58). Many of these companies even offer their products or services for purchase through their websites. This type of business is called e-commerce (Cashman et al., 2004, p. 62). E-commerce is a type of business transaction that takes places over a secure internet connection (Cashman et al., 2004, p. 63). Typically, the customer selects the items they would like to purchase and then places them into an online shopping cart (Cashman et al., 2004, p. 63). They then provide a username and password, along with their payment method and billing information (Cashman et al., 2004, p. 356). This information is usually encrypted as it is sent over the Internet (Cashman et al., 2004, p. 361). Almost all businesses that accept online payments offer these types of secure transactions (Cashman et al., 2004, p. 364).
Data encryption and secure transactions are used to protect customers and their privacy (Cashman et al., 2004, p. 367). As a result of things like identity theft and consumer fraud, customers are becoming more concerned about their privacy when doing business online. Any company that offers their products or services for purchase online should be aware of how to take the necessary precautions to protect their customer’s privacy. Using encryption and secured transactions will allow the company to provide their customers with protection against identity theft and consumer fraud (Federal Trade Commission, 2005).
Some of the other concerns a company might have when they choose to do business online include data storage and integrity as well as system installation and maintenance. If the company chooses to host their website in-house, they will have to set up a system that will be used for online transactions. This system will be vulnerable to various types of security breaches. Some security concerns include attacks by hackers and crackers (Cashman et al., 2004, p. 354). They will also need to protect themselves and their customers against system failure and data loss (Cashman et al., 2004, p. 361). However, if the company were to outsource the system, they will likely have to be less concerned with these areas as the company that hosts the website will be responsible for system availability and maintenance.
References:
Cashman, T.J., Shelly, G.B, & Vermaat, M. E. (2004). Discovering Computers: Fundamentals editions. Boston: Course Technology
Federal Trade Commission (2005). Retrieved December 8, 2005 from http://www.consumer.gov/idtheft/con_minimize.htm
