Network Components and Security Measures for BusinessesByAdam Hess

Topics to be covered: Basics of a Network Modems, Routers, Firewalls, Switches, Cabling Virtual Private Networking (VPN) Vulnerabilities with Networks

Businesses Schools

Basics of a Network What is the purpose of a computer network?

Share resources! Whether it be software or hardware (Software) Share files, programs, applications (Hardware) Share storage

Basics of a Network Four basic elements of a computer network:

Sender Receiver Medium (copper, fiberglass, light) Protocols

Two types of Networks: Peer-to-Peer (P2P) Client-Server (C/S)

Basics of a Network Geographical distinctions:

PAN (Personal Area Network) Bluetooth earpiece to cellphone

LAN (Local Area Network) and WLAN(Wireless LAN) Computers on an office floor

WAN (Wide Area Network) Device in one city connected to device in another city.

Peer-to-Peer Network Can connect two computers together with

crossover cable Can connect computers with a switch Every computer is responsible for what resources

it shares, as well as security settings.

Client-Server Network Has server computer with a server operating

system which manages resources. Server has domain controller(s)

List of users List of groups List of computers

Client-Server Network Server controls what the clients see

Which clients see what information Which users have access Which computers have access

Manage utilities Antivirus Updates, etc.

Modems, CSU/DSU A modem is a device that modulates an analog

carrier signal to encode digital information. It also demodulates carrier waves to get the digital

information. Dial-Up connections

Modems, CSU/DSU CSU/DSU – Channel Service Unit/Data Service

Unit. (Confused with modems) Digital-Digital connection. No need to

modulate/demodulate from analog to digital or vise versa.

Device used to connect a router to a digital circuit such as a DSL, T-Carrier, and OC lines.

They are responsible for the connection between telecom network and your network.

Routers Routers are the devices that make communication

between networks possible. Operate at the Network Layer (Layer 3) of OSI model.

A router forwards packets and routes the information to a desired destination.

When devices are connected to the ports of a switch in the router, the router will assign each of them a unique IP address with the help of Dynamic Host Configuration Protocol (DHCP).

Routers Consumer-focused Router vs. Business Router Consumer based routers are typically around the

$100 range, depending on what features they come with.

Business based routers can be very expensive: $1000+. These are purposed for security, flexible access to network, and scalability.

Firewalls A firewall can be a software or hardware-based

network security system. The firewall’s job is to block ports (or doors) so

that only the ports you want information to come in on are open.

There are 65,536 ports that a network can use to communicate to the Internet or outside the network.

Firewalls Stateful firewalls can control the incoming and

outgoing network traffic and analyze the data to determine whether it should be allowed through.

They keep memory of previous packets and hold several attributes of each connection in dynamic state tables.

Firewalls can be configured; the network administrator can create a rule set to check the incoming and outgoing data on whether or not it can pass through.

Firewalls Hardware firewalls come in two types:

Network Address Translation (NAT) Stateful Packet Inspection (SPI)

Software firewalls: Checks to see if applications on your computer are

trying to communicate outside the network

Switches Devices that link network segments or network

devices (computers, other switches, etc) Switches operate at the Data-Link Layer (Layer 2)

of the OSI model. These devices receive messages from other

devices and transmit the messages only to the devices for which the message was intended.

Switches Two types of switches: Managed/Unmanaged Managed switches: Allows users to change

configurations and tune the network properly. Unmanaged switches: Doesn’t allow any changes

to configurations/settings. Unmanaged switches are normally found at the

consumer level.

Switches Switches are very important for computer

networks. These devices bridge the network components

together and allows for a manageable architecture.

Switches are crucial for setting up segments or VLANs (Virtual Local Area Networks)

Cabling Without cables, there would be no way for any

communication in a network! Cabling may sound very basic, and it is. But there

are certain procedures and guidelines to follow.

Cabling Different types of networking cables:

Cat3, Cat5, Cat6 Ethernet cables Cat3 was the original networking cable not used much

anymore. Max speed of 10 Mbps

Cat5, or Cat5e, has been the standard for a while. Max speeds of 1 Gbps

Cat6 is now becoming more of the standard. Allows speeds up to 10 Gbps Also has more shielding between the twisted pair wires

Cabling Plenum cable: Very expensive cable but only used

in hot areas. If you have to run cable through heating ducts,

then you should use Plenum cable. Some states have standards that prohibit anything

other than Plenum cabling to be run through heating ducts.

To be safe, either avoid going through ducts, or if you must, then use Plenum cable.

Cabling Plugs used for these cables?

RJ-45 (RJ-11 is used for telephones!)

When cabling, take your time and do a good job. Zip-tie bunches of cables Cables should run to a central area Ends of these cables should be punched into patch

panels These panels allow for flexibility and ease of seeing what

plug goes to which port.

Cabling All your runs should be “homeruns” The cable should be a single cable from the jack all

the way to the patch panel. Spliced cables are not professional Spliced cables can deteriorate Stress can pull connection apart

Virtual Private Networking (VPN) VPN allows computers and/or networks to

connect over the Internet securely. Example: Office in Los Angeles needs to securely

connect to the network in an office in New York. VPN follows a C/S architecture.

VPN software allows the clients to connect to the server securely.

Virtual Private Networking(VPN) Large number of routers in the Internet Tunneling protocol

Sets up a “tunnel” between your client and the server

Encrypts the data inside the tunnel If a hacker is sitting at a router between the client

and the server and tries penetrating the tunnel, the data is still encrypted

Virtual Private Networking (VPN) The tunnel will detect any attempted attacks.

Tunnel will shut down and find a new path through the Internet

This is how VPN sustains a secure connection.

Virtual Private Networking (VPN) How does VPN communication happen?

VPN client application on your computer will ask for username and password.

This data is sent to the server. VPN server will check credentials and see if you’re

allowed on the network.

Virtual Private Networking (VPN) Once connected to VPN server, the computer is

logically a part of the network. Problems?

The speed of your connection and the upload speed of the network at the office is crucial.

If you try to edit a large file on the network, then that data will have to get uploaded to the Internet.

VPN is slow compared to physically being a part of the network.

Virtual Private Networking (VPN) Other problems?

Old wiring is bad for transmitting data. The problem with this is that VPN technology says that if

someone tries to hack into the tunnel, the tunnel will drop and rebuild a connection through a different router. What does an attack “look like”? When the data signal isn’t steady or if the stream gets slowed

down, dropped packets etc. If you have bad wiring between you and the server, you may

have these problems. VPN may keep bouncing up and down causing problems.

Vulnerabilities with Networks Information can be considered the most

important thing when it comes to businesses Keeping trade secrets and patents, even financial

or personal information can make or break a business.

Network Administrators must keep the network safe and allow only permitted users to be on the network.

Vulnerabilities with Networks With C/S network, this is very simple.

Clients can only access what the server allows them. Clients can only get this access when credentials are

verified When the Network Administrator sets up the

groups, users, and computers, he/she must manage which ones have access to what information.

Vulnerabilities with Networks Monitoring traffic among the clients, Network

Administrators can detect attacks if one of the users attempts to hack into something.

With WLANs, the risks of intrusions are even greater. Any mobile device within range of the access point is a

threat to the security of the network. Having a Network Access Controller, the administrator

can allow access to only certain users or devices.

Network Security Challenges Faced by Universities Each year, new students arrive at colleges and

bring with them their laptops and other mobile devices.

More often than not, these devices are not up to the security levels that would be acceptable.

On top of that, the devices could be housing malware and other viruses.

Conclusion In summary, developing a successful and secure

computer network system has several areas that must be addressed. Network components, cabling, configurations, etc.

Being a network administrator comes with a great responsibility of protecting the network from attacks and keeping the information from being leaked to unwelcome guests while maintaining stable connections to all the network components.

Questions or Comments?

References: [1] (2013, October 16). Retrieved October 20, 2013, from Wikipedia website: http://upload.wikimedia.org/wikipedia/commons/5/5b/Firewall.png [2] Critical Control 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches ." . (n.d.). Retrieved October 16, 2013, from SANS website: http://www.sans.org/critical-security-controls/control.php?id=10 [3] Critical Control 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers . (n.d.). Retrieved October 10, 2013,

from SANS website: http://www.sans.org/critical-security-controls/control.php?id=3 [4] Data Breach Trends & Stats. (2013). Retrieved October 10, 2013, from http://www.indefenseofdata.com/data-breach-trends-stats [5] Dhull, S. (2010). Study of Vulnerabilities in Wireless Local Area Networks (WLAN). International Journal of Education Administration, 2(4), 727-731. Retrieved from

http://www.ripublication.com/ijea.htm [6] Network and Computer Systems Administrators. (2012, March 19). Retrieved October 16, 2013, from Occupational Outlook Handbook website:

http://www.bls.gov/ooh/computer-and-information-technology/network-and-computer-systems-administrators.htm [7] Positioning Network Agent in the network. (n.d.). Retrieved October 25, 2013, from Websense website:

http://www.websense.com/content/support/library/deployctr/v77/dic_ws_na_loc.aspx [8] Powers, V. (2008, March). Keeping an Eye on the Network. University Business, 55-58. Retrieved from http://www.badgerlink.net/ [9] Purcell, J. E. (n.d.). Security Control Types and Operational Security. Retrieved October 10, 2013, from Risk website:

http://risk1.net/Security-Control-Types-and-Operational-Security-James-E.-Purcell-pdf-e2182.html [10] Stewart, J. (2011, June 6). June tech tips - firewalls, routers, and switches. The Enterprise. Retrieved from http://www.slenterprise.com/ [11] Thurman, M. (2011, March 7). Firming Up Firewall Protection. Security Manager's Journal, 24.