Network & Computer Security II

Network & Computer Security

1.  Are you qualified to address all of these issues in your
organization?

Although the job requires a great deal of training and skill in a wide
range of network-related subjects, it is a potentially rewarding career.


Let’s examine what it takes to be a Network Security Specialist.

THE REQUIREMENTS:

The network security specialist’s role is highly technical in nature.
Unlike a typical network administrator, the security specialist needs
training not just in standard networking technologies, but in a variety
of specialized security methods and technologies, as well. This means
spending extra time in security-specific classes and studying for unique
certifications as well as gaining a generalized background in
networking.

For example, a typical security specialist needs to be proficient in
standard computer hardware, operating systems, and applications. This
training enables him or her to understand how computers operate and how
people commonly use them in the workplace.

Beyond that, the specialist needs to become a full-fledged network
administrator, learning basic networking theory. This involves training
in:

·  Network operating systems. Because organizations use various kinds
of NOSes, the security specialist needs to have hands-on experience with
Microsoft Windows, UNIX, Novell NetWare, and other network-specific
products. This includes learning how these network operating systems
interact with various desktop operating systems, and how they interact
with one another. This is because some organizations combine different
operating and network operating systems.

·  Platforms. In a complex organization, desktop computers might be
connected to a standard network server, or to a minicomputer or
mainframe system. Each configuration has its own special network
configuration and security-related issues.

·  Protocols. Networking protocols are the rules that networked
systems use to communicate with one another. All networks are built on a
set of protocols, and some networks use different protocols. An
understanding of these rules is essential to the network security
specialist.

·  Routers and gateways. These devices, which involve complex
hardware and software systems, enable networks to be connected to one
another. They also create a weak spot where security can be breached.

Once the specialist masters the basics of networking, he or she must
learn about security and the many threats to networks. This involves
training in:

·  Policies. Every organization must adopt strict policies to protect
its networks. Some of these policies are human, or behavioral. Others
are technological, involving precise configurations, the setting of user
rights, the use of passwords, and other tasks.

·  Firewalls. A firewall is an organization’s defense against
intrusion from the outside. A firewall protects a network from
unauthorized traffic coming from outside. A well-constructed firewall
defends a network from infiltration by hackers, who attempt to access
networks over the Internet. Firewalls must be constantly maintained and
watched to ensure they are doing their job.

·  Encryption. Encryption involves the encoding and decoding of data
as it travels from its source to its destination. Encrypted data is
useless to anyone who cannot decode it, and is an essential security
safeguard when transferring data across the Internet, or even across a
local area network that is connected to the Internet.

·  Packet Sniffing and other network-protection strategies. There are
many highly technical methods available for guarding a network from
unauthorized traffic. Some of these methods, such as packet sniffing,
are incorporated into firewalls. Other methods are stand-alone and must
be implemented separately. Depending on the network and organization,
multiple methods may be used.

In addition to these issues, many security experts study programming and
the development methods used on the Internet. The security expert needs
to understand how hackers, crackers, and malicious Webmasters can use
the Internet to infiltrate corporate networks and individual computers.
This knowledge enables the security specialist to use the broadest array
of weapons available.

HOW NETWORK SECURITY SPECIALISTS WORK

Network security specialists can work in a variety of ways. Many large
companies have one or more specialists on their IT staff, working
full-time on security issues. But security experts also can work on a
consulting basis, either individually or through one of the many IT
outsourcing services.

Either way, network security specialists are often involved when an
organization starts to design its new network or plans an upgrade to the
system. As part of the networking team, the security specialist must
learn how the organization plans to use its network, the features it
requires, and the level of Internet access it desires.

From there, the specialist is charged with assessing the security
threats that the network may be vulnerable to, then choosing methods for
defending the network against those threats. Strategies may include the
use of specific firewall technologies, password systems, encryption
methods, user access rights, and much more.

Once the network is in place, the specialist may be assigned the task of
“cracking” it, or actually trying to attack the network using the
same methods a hacker would use. This practice reveals potential
security holes, which can then be plugged.

2.  What are your thoughts about the needs of organizations for a
security specialist given the type of information you see here?

There has been a growing demand for IT professionals with expertise in
network security, especially as it relates to corporate networks that
connect to the Internet. In my opinion, it is worth considering hiring a
network specialist just for the job of taking care of network security
issues alone, especially with large networks of 500 users or more. But
it also boiled down to what your organization’s goals and objectives
are and the level of data sensitivity that needed to be protected from
prying eyes as well as financial viability (e.g. can your organization
afford to pay for an additional staff).

3. Do you need highly skilled people in your organization?

Yes. In an organization everyone has his or her designated fields of
responsibility. So it is highly desirable that skilled personnel
employed in their respective fields of expertise.

4.  Does it appear that this might be a very time consuming problem
with the number of computers and users you have in this organization?

No, simply because one or more LAN (Local Area Network) administrators
sometimes also called systems administrators can be placed in charge of
network and software are also available that can be purchased off the
shelf which can help to monitor network performance, network trouble
shooting etc.

5.  What impact does it have when your 500 + users tinker with their
settings on personal PCs and download shareware from the Internet?

There will be a dramatic slow down in network response time especially
during peak hour.

The many roles of a system administrator

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Every organisation needs system administrators to man their systems.
There is great demand for people who have the relevant qualifications
and experience says Nikita Singh

If your networks work seamlessly, software runs without a hitch, viruses
don’t invade your machine, forgotten passwords are easily sorted out,
an able system administrator must be manning your systems.

All organisations, big or small require system administrators for myriad
tasks, ranging from the vital to the mundane. System administrators
ensure wires connect, software runs smoothly, and printers function
properly day after day.

The role

As a system administrator, you will be responsible for setting up
servers, configuring and apportioning space for Web-based projects,
setting up of working e-mail accounts and mailing lists, management and
integration of databases, implementing security on the
intranet/extranet, setting up of firewalls and authorisation systems,
performing periodic backup of data and automating reporting tasks, and
executing hardware and software updates when necessary.

In addition, a system administrator may also be responsible for
incorporating new, and upgrading existing systems. Periodic checking,
analysing and implementation of fault tolerant systems also form an
integral part of a seasoned server administrator’s job. On the website
front, the administrator will be in charge of daily FTP uploads. Other
common tasks include coordinating with the programmers to set up mailing
lists and message boards.

Skill sets

“A system administrator needs to possess sound knowledge of website
architecture and infrastructure, coupled with TCP/IP skills. Ability to
implement network security, test and install firewall products,
experience in dealing with basic hardware functionality will be an added
advantage,” says Thim-miya, national head of sales and placements,
Aptech Computer Education.

Some prior experience in the field as a network specialist will augment
a person’s chances to obtain the role. Candidates with certifications
such as MCP, MCSE, CNE, CNA, are in demand. Apart from these intensive
courses, individuals should also try and take online tests and evaluate
their proficiency with a chosen specialisation. Websites such as
Brainbench offer online tests that are highly valued in the industry.

Types of system administrators

Generally, smaller companies employ one or a couple of system
administrators to look after the entire gamut of responsibilities of the
organisation connected to the role. The scenario is different in larger
organisations, where there are a number of system administrators, each
responsible for a specific role within the system. Following are the
classifications:

General system administrator

General system administrators are responsible for almost all aspects of
a computer network, viz. buying and installing computers,
troubleshooting, etc. Depending on the operating system with which they
are well-versed, system administrators fall into two groups—those who
know Unix-based operating systems (such as Sun’s Solaris and Hewlett
Packard’s HP-UX), and those who know Microsoft Windows network
environments. A few companies also require Linux system administrators.
Such administrators start at the junior level where they are generally
involved in troubleshooting. They move up to the senior level, which
involves handling complex queries and setting up and deciding the
overall design of their organisation’s computer systems.

Network administrator

Network administrators administer the network, allot IP addresses to
each employee and ensure that the network runs seamlessly. It is
essential that they are able to program software that controls networks,
and have in-depth knowledge of network protocols such as TCP/IP. On the
macro level, network administrators may design networks, recommend which
hardware to purchase, etc.

Security administrator

Security administrators ensure that the organisation’s systems are
secure and if not impossible, almost impossible to hack. They may also
keep a watch over employees for inappropriate network usage. A day in
the life of a security administrator involves constantly updating
themselves with programmes that might play havoc with the network such
as password cracking, algorithms, etc. In case a security breach could
not be averted, it is the system administrator’s responsibility to
close the systems, determine damages, trace the culprit and ensure that
such slip-ups do not recur.

Database administrator

Database administrators ensure that information on the network is
properly saved and build appropriate storage systems as per
requirements. In addition, it is their duty to design and maintain
proper backup retrieval systems, generally off-site, so that in case
disaster strikes, essential information is not lost.

Web-server administrator

A Web-server administrator is one rung ahead of the ladder in comparison
to a Webmaster. Unlike the latter who takes responsibility for a
website’s content, a Web-server administrator deals with the software
and hardware behind the scenes, the primary role being to ensure that
the website is always up and running, and that too at great speed. They
recommend the latest hardware and software to ensure fast download time,
while ensuring that backup servers are in place in the eventuality that
the main servers trip.

Hands-on experience is essential to get a job as a system administrator,
just the right qualification is not enough.

Nikita Singh works with Aptech Computer Education

Network Performance

~~~~~~~~~~~~~~~~~~~~~

Note: This was written in 1995 so some of the figures are out of date.
The general principles remain true.

What is a reasonable network performance? What can be done to improve
it?

These are very difficult questions to answer because `the network' does
so many different things for so many people, but this article should
help you to understand the issues.

There are four main factors that affect perceived network performance:
Bandwidth, Hardware Problems, User choices, and Server Load.

Bandwidth

The capacity of a network to transmit data is called Bandwidth, and it
is expressed in bits per second. Within each campus, most of the Brunel
network operates at 10Mb/s (ten million bits per second). This is enough
to transfer about one megabyte per second. Each 10Mb/s connection serves
a number of rooms: often a whole building, although teaching classrooms
normally have separate connections. Sharing bandwidth is a very
cost-effective system and it does not often result in major congestion:
peak loads seldom exceed 30% of the available capacity on our busiest
networks.

New applications such as video-conferencing will use more bandwidth so
we are monitoring the situation closely. When the traffic on part of the
network gets too high we can split it into smaller sections so that the
available bandwidth is shared by less people. The connections between
the main network routers operate at 100Mb/s.

The connection between Uxbridge and Runnymede runs at 2Mb/s in each
direction, and the link from Uxbridge to Osterley runs at the same
speed. This is fast enough that it does not have a noticeable effect on
the performance of most applications.

Brunel's link to SuperJANET is a more complex thing to describe. The
link connecting us to BT's SMDS exchange runs at 34Mb/s but this
bandwidth is not all available to us. The limit on traffic coming into
Brunel is about 25Mb/s but the outbound limit is 10Mb/s (soon to be
reduced to 4Mb/s, but we have the option of subscribing to higher speeds
by paying the appropriate annual fees). About 80 of the UK's more active
universities and research sites are connected to SuperJANET on the same
basis, and traffic is supposed to flow between the sites without
restriction. It has not yet been possible to demonstrate this large
traffic flow, but experience so far has been good. This means that many
UK sites are connected at speeds comparable to those of our local
network.

Within the UK Academic Community there are also several hundred smaller
colleges and research centres connected at speeds ranging from 9.6kb/s
to 2Mb/s, with 64kb/s being a very common speed. When communicating with
such sites the performance bottleneck is usually the site access line. A
64kb/s link will transfer about 8k Bytes per second, so loading a 1MB
file across such a link will take at least two minutes. Dial-up modem
links often operate at less than a quarter of this speed.

Links to commercial Internet providers in the UK are now quite good, but
very few commercial sites even have 64Kb/s connections so do not expect
fast transfers to and from `co.uk' sites.

International links are a major bottleneck. Most countries in Western
Europe now have internal networks running at 34Mb/s or above, but links
between countries tend to be at 2Mb/s or less. The reason is very
simple: money. A trans-border 2Mb/s link typically costs 250000 pounds
per year at each end. The problem is worse in continental Europe than it
is in the UK, which leads to the weird situation that a link to New York
costs less than one to Stuttgart! The UK Academic Community currently
has about 4Mb/s available to the US and Far East, and about 4Mb/s to
mainland Europe. All the international links are heavily overloaded,
with the US link being worst in the afternoon because the Americans are
then awake and using it as well as us.

An EC project called EUROCAIRN is trying to improve the situation within
Europe, but there does not appear to be enough political support to
force the PTTs (phone companies) to charge reasonable tariffs. Putting
this into perspective: it is estimated that the capital cost of the
latest transatlantic cable was equivalent to 100000 pounds per 2Mb/s
channel. At current tariffs that would pay back in three months if all
channels were sold. Maybe I should buy some BT shares after all....

Hardware Problems

Most offices and labs at Brunel are wired using `thinwire co-ax' cable,
sometimes called 10Base2. The connectors are `BNC' bayonet fittings.
When correctly used, this is a good cost-effective cabling system but it
does suffer from certain problems in inexperienced hands.

The most common problem is people who disconnect a PC from the wall and
take the cables away. As each `segment' of cable is shared with up to 30
other computers, a lot of people can be affected by one mistake. Even
computers that are on the `live' side of the break will stop working
because reflections are set up by the open end of the cable. This fault
can be recognised easily: a whole row of offices lose access to the
network completely.

A more subtle problem is caused by incorrect extension of cables: the
`T' connector must be directly on the back of the computer, with both
wires from the wall going to it. Simply adding wire between a `T' and a
computer will cause enough reflections in the cable to affect the
network.

This fault can be very difficult to recognise: sometimes a row of
offices loses contact, but more often they get very poor response
because some packets get through and others don't.

Similar problems can be caused by using the wrong type of cable or
connector. BNC connectors and co-ax cable are also used for lab
equipment and video links. Unfortunately, most such cables are 75-ohm
types rather than the 50-ohm cable used for networking. It is extremely
difficult to tell the difference by sight: special test equipment is
needed.

Sometimes people trip over carelessly-routed cables, or simply pull on
them to create slack. This can result in damage to the connectors: we
sometimes find plugs whose centre pin has been pulled back into the body
of the plug. Again, this can be a very difficult fault to recognise
though it is usually easy to find the offending plug once the problem
has been diagnosed. Symptoms include flaky performance and high error
statistics on network interfaces.

The most intractable problem of all is over-extension of cable segments.
There are more than 200 ethernet segments in the Brunel network, and
each is limited to a maximum of 185m of cable and 30 connected devices.
The recent explosive growth in demand for network connections has broken
the design assumptions that were made when the original wiring was
installed. As a result we often find segments with too much wire and too
many computers attached. The only cure is to install new wiring and more
network repeaters but this costs money and Computer Centre budgets are
not expanding fast enough to meet the demand. The symptoms of
over-extended cables vary greatly: some machines almost stop working
(laptop PCs are worst here) while others carry on almost without
noticing (Sun workstations seem particularly immune); network error
rates may rise, collision rates usually do rise although other things
can cause the same effect.

In the longer term, the solution to most of the wiring problems is to
convert to an `Unshielded Twisted Pair' (UTP) structured wiring system.
Under this scheme every computer has a separate connection back to a
network hub so it is much less likely to interfere with its neighbours.
Higher speeds (100Mb/s or more) can also be handled easily. UTP wiring
is installed in Mill and Faraday halls, and is always used for new
installations. Converting the existing setup in the academic buildings
will be a large job costing between 150 and 250 pounds per office if
reasonable groups of rooms are re-wired at the same time.

Other hardware problems concern ethernet adapter cards and PC
configurations. There are a great number of companies producing ethernet
cards for PCs, and some of them are not very good. We have found cards
that will not work if connected to segments with more than 20m of cable,
and cards that fail if the network is even slightly busy. Adapters that
connect to PC parallel ports seem to be a particular problem because the
parallel port is not really fast enough to transfer ethernet data.
Configuration of PC interrupts and I/O areas is another area fraught
with difficulty, and problems can show up months after an apparently
successful installation. The best advice for PC users is to only buy the
Computer Centre recommended PCs and ethernet adapters: they may not be
the fastest on the market but at least we have a lot of experience with
setting them up!

Finally, a most important rule: never connect anything other than a
computer to the network! Quite apart from the obvious things like
telephones and kettles, you should never connect other types of network
equipment (repeaters, bridges, routers, media-converters) because you
might be breaking the configuration rules, and Computer Centre staff
depend on their knowledge of network topology when looking for faults.

User Choices

The way you use your computer and the programs you run can affect its
performance and the performance of other people's computers. In an ideal
world this would not be the case, but it does help to know a bit about
what is going on...

Always remember that local disks tend to be faster than networked ones,
so if you are working on large files it may be best to copy them to a
local disk first and copy them back to the network filestore at the end
of the job. Don't forget to copy them back though, as the network
filestore gets backed up regularly and most local disks don't!

Do not open more windows than you really need. Under MS-Windows, every
open application window can slow down every other application, even if
it is not in active use. Even in Unix, an open window must consume some
resources though the impact tends to be small. Some applications remain
active even when not being used directly: desk clocks and
constantly-changing backgrounds are obvious cases, but some
wordprocessors do this too!

Putting extra network filesystems into your PATH variable can degrade
performance, so do not issue unnecessary `use' commands.

Avoid running things that wake up every few seconds and look for new
files or new logins on interactive machines. Some of these have an
enormous impact on performance.

Some apparently irrelevant things can have large effects on performance:
if you think you are getting poor network performance try comparing your
setup and style of use carefully with a neighbour. If you still cannot
resolve the problem, contact User Support for advice.

Server Load

Many network services are provided by machines that serve tens or
hundreds of people at a time. This obviously has an effect on
performance, though not always where you might expect! Consider some
numbers:

There are 7800 taught-course students registered on the Brunel network.
All their home-directory (drive H: in DOS terms) files are served by
three computers at Uxbridge and one at Runnymede. That works out at
about 2000 users per computer, yet the load on these machines is
acceptable because very little of the traffic generated by each person
relates to their private filestore. Similarly there are 4000 staff and
researchers whose files are spread across three machines at Uxbridge
while Runnymede staff share their server machine with the students.

These machines only tend to give poor performance if someone writes a
program that does something very unusual with their files.

There were about 1600 PCs active on the network in the month of June
1995. Most of the programs used on these machines are held on the `PC
servers' (The servers are not PCs at all, but they exist mainly to
service PCs). There are eleven such servers holding identical copies of
each file so they can share the workload. These machines are often
blamed for poor response times, and the load figures provide some
support for this view. We estimate that the current type of server
machine will support 30 classroom PCs or 100 office PCs with acceptable
performance, though the increasing size of most application software
will force us to change the estimates or upgrade the servers quite soon.
It is easy to do the sums and discover that there are more PCs in use
than we have server capacity for. Fortunately the estimates are not hard
limits, and for much of the day the performance is quite acceptable. The
problems come at peak times such as class changeovers, staff arriving in
the morning or returning from lunch etc. Anyone who can adapt their
working patterns to avoid the peaks will get better service.