™ Today it is almost inconceivable for a business not to have computers, whether it is a construction company or a high technology firm. When a business has more than one computer, they are almost always connected together in a local area network. These networks may be more or less advanced and therefore more or less costly. Companies invest so much (in terms of both money and time) in a local area networks because there are many advantages that a local area network brings to a business and how it is administered. Some businesses use a local area network in such a way they are highly dependent on it always working. If the company’s network fails, then you may see all the employees chatting away in the corridors because they can’t do their work. This means big losses for the company and causes stresses on the employees. All companies must consider their local area networks a vital asset and downtime must be avoided. This imposes huge demands on the network staff to keep such networks running almost 100% of the time. The advantages of One of the main advantages of installing and maintaining LANs is the opportunity they create for better communication and cooperation between employees and customers. Security considerations: Local Area Network security can be both a help and hindrance. Comprehensive security is beneficial because it provides a central and safe strategy for data access and disaster recovery. All information is protected by the design and implementation of the network security solution. On the other hand, interconnecting computers in local area networks creates a security risk, since doing so makes it technically possible for intruders to access many machines on the network at 샌즈카지노 once. Cost considerations: Installing a local area network is a relatively expensive project. Servers, cabling, switches, routers and software can all be expensive and should never be purchased without expert advice. Keeping the network operating and secure also requires a lot of resources and can be costly. Surprisingly, a local area network can bring a number of cost savings. Sharing resources avoids the need to purchase equipment for each individual. Even more important is the security that a local area network can provide. Data loss could cost a business a great deal of money and in some cases, cause the business to shutdown altogether. Computer Network Management should require a consistent routine for data backups with regular checkups of data quality – a practice that will save a company huge sums in the event of a mishap. Computer Network Management: preliminary analysis phases The first phase of computer network management is to determine the source of the problem (a preliminary study that looks into several options of differing scope may be useful here) and defining it in a specification of requirements. Examples of what should be evaluated are different network operating systems, mail systems, and other applications. The choice of hardware components should also be evaluated. This phase is generally aimed at establishing what the system should do, not how it should do it. Computer Network Management: design phase The purpose of design phase is to determine how the requirements of the specification are to be met. The current approach to large, complex projects is to break them down into smaller, more manageable subprojects. Computer Network Management: implementation phase This phase involves the physical installation of the local area network. Cables are run, software is installed, and computers and other hardware are put in place. Computer Network Management: integration and system testing phase In this phase, commissioning of the network begins, and routines are adapted to users and the operating personnel. The system must be tested, both to ensure that the network meets the requirements set out in the specification and that it is stable enough to perform the central function it has in the organization. Computer Network Management: operation and maintenance Local area networks have complex operating routines. This is because there may be serious consequences when faults occur or unauthorized persons gain access to the system. Many companies have employees devoted solely to take care of running and maintaining computer networks. These system administrators may deal with network issues such as performance, reliability and security of both hardware and software. Computer Network Management: tools Although an organization may have computer administrators on site, they must also monitor the network more than eight hours a day. In fact, some of the worst trouble that arises with networks can happen during the night hours when nobody is using the network. With the right computer “http://www.securemycompany.com”network management tools, your organization can receive the security of knowing that problems will be foreseen, prevented, and taken care of – and that your network administrator can be notified at a moment’s notice, should anything go exceptionally wrong.
0 Comments
™ Web and FTP Servers Every network that has an internet connection is at risk of being compromised. Whilst there are several steps that you can take to secure your LAN, the only real solution is to close your LAN to incoming traffic, and restrict outgoing traffic. However some services such as web or FTP servers require incoming connections. If you require these services you will need to consider whether it is essential that these servers are part of the LAN, or whether they can be placed in a physically separate network known as a DMZ (or demilitarised zone if you prefer its proper name). Ideally all servers in the DMZ will be stand alone servers, with unique logons and passwords for each server. If you require a backup server for machines within the DMZ then you should acquire a dedicated machine and keep the backup solution separate from the LAN backup solution. The DMZ will come directly off the firewall, which means that there are two routes in and out of the DMZ, traffic to and from the internet, and traffic to and from the LAN. Traffic between the DMZ and your LAN would be treated totally separately to traffic between your DMZ and the 메리트카지노 Internet. Incoming traffic from the internet would be routed directly to your DMZ. Therefore if any hacker where to compromise a machine within the DMZ, then the only network they would have access to would be the DMZ. The hacker would have little or no access to the LAN. It would also be the case that any virus infection or other security compromise within the LAN would not be able to migrate to the DMZ. In order for the DMZ to be effective, you will have to keep the traffic between the LAN and the DMZ to a minimum. In the majority of cases, the only traffic required between the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need some sort of remote management protocol such as terminal services or VNC. Database servers If your web servers require access to a database server, then you will need to consider where to place your database. The most secure place to locate a database server is to create yet another physically separate network called the secure zone, and to place the database server there. The Secure zone is also a physically separate network connected directly to the firewall. The Secure zone is by definition the most secure place on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if required). Exceptions to the rule The dilemma faced by network engineers is where to put the email server. It requires SMTP connection to the internet, yet it also requires domain access from the LAN. If you where to place this server in the DMZ, the domain traffic would compromise the integrity of the DMZ, making it simply an extension of the LAN. Therefore in our opinion, the only place you can put an email server is on the LAN and allow SMTP traffic into this server. However we would recommend against allowing any form of HTTP access into this server. If your users require access to their mail from outside the network, it would be far more secure to look at some form of VPN solution. (with the firewall handling the VPN connections. LAN based VPN servers allow the VPN traffic onto the network before it is authenticated, which is never a good thing.) ™ It is deniable that our works and lives are more convenient and easier when using wireless. We can work anywhere and that is why wireless networks are becoming so popular. Especially if you have broadband Internet access, a wireless router can give you instant communication with the world. Imagine you are sitting by the pool and enjoying chatting through the Internet. Or lounging in the Jacuzzi listening to your MP3 collection is appealing to us all. Unfortunately, many, or even most, wireless units don’t come with security features already functioning. This may not seem like a big issue to someone who is simply setting up a home network, but there are a number of potential problems you should consider. Identity theft seems to be the most serious problem. If your network is unsecured, the personal data on your wireless electronic equipment is also unsecured. The order you just placed for a book at Amazon may have given your contact and payment information to an unscrupulous hacker! Nearly every town in which “WiFi” is common will have “War Drivers” and “War Chalkers” at work. These are people who walk or drive around town with wireless equipment, searching for unsecured networks. 샌즈카지노 The “Chalkers” then live up their name, marking curbs and other public items with chalk so that others can more easily find and exploit your network. In fact, not all “War Drivers” are hackers, of course. Many just want to use your network for free, but the risk is high if you don’t learn how to protect yourself. You can usually find quite a bit of free information as to how to secure your network at the website of your router’s manufacturer, or by doing a search in a search engine for a phrase like “secure home wireless.” In addition, there are also your neighbors who may find your network by accident and enjoy nosing into your activities and using your Internet access at will, slowing down your network speed in the process. Even many businesses use cheap, home-use quality equipment for their company networks. With the poor security often found on small business networks, anyone with a basic knowledge of wireless can access sensitive company and customer data. It is highly recommended that you hire service companies to secure your network for you, or else you will have to bear with a risk of being exploited. A search of your local yellow pages or an inquiry at your neighborhood computer store should yield professional help and get your private data private again. ™ Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked. You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors? Have you thought about a social engineering attack? What about the users who use your network on a daily basis? Are you prepared in dealing with attacks by these people? Believe it or not, the weakest link in your security plan is the people who use your network. For the most part, users are uneducated on the procedures to identify and neutralize a social engineering attack. Whats going to stop a user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you know, your network is compromised. This problem exists particularly in an environment where a help desk staff 우리카지노 reset passwords over the phone. There is nothing to stop a person intent on breaking into your network from calling the help desk, pretending to be an employee, and asking to have a password reset. Most organizations use a system to generate usernames, so it is not very difficult to figure them out. Your organization should have strict policies in place to verify the identity of a user before a password reset can be done. One simple thing to do is to have the user go to the help desk in person. The other method, which works well if your offices are geographically far away, is to designate one contact in the office who can phone for a password reset. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are. Why would an attacker go to your office or make a phone call to the help desk? Simple, it is usually the path of least resistance. There is no need to spend hours trying to break into an electronic system when the physical system is easier to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and ask who they are and what they are there for. If you do this, and it happens to be someone who is not supposed to be there, most of the time he will get out as fast as possible. If the person is supposed to be there then he will most likely be able to produce the name of the person he is there to see. I know you are saying that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers of all time. The US government thought he could whistle tones into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by making a phone call, he accomplished some of the greatest hacks to date. If you want to know more about him Google his name or read the two books he has written. Its beyond me why people try and dismiss these types of attacks. I guess some network engineers are just too proud of their network to admit that they could be breached so easily. Or is it the fact that people dont feel they should be responsible for educating their employees? Most organizations dont give their IT departments the jurisdiction to promote physical security. This is usually a problem for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from a physical or social engineering attack. ™ Cabling of data and voice systems is often ignored by many companies until the last minute just before relocation or new building takes place. Many information systems professionals view it as a low priority or something that just takes away from their budget for real network components 코인카지노 such as servers or software. However having a state of the art easy to manage cabling system is just as important as good reliable servers on a network. Cabling is the backbone of any computer network; it ties all the components of the network together therefore it should receive as much careful consideration as any other network component. Mistake number one Blindly choosing the lowest bidder This is the most common mistake made when installing voice and data network cabling. Often the lowest bidder is the contractor who is the smallest, has the least experience or the one that made a mistake on their bid. Prior to making this decision you should know your contractor. Find out how long they have been in business, visit some of the large installations they have done and by all means go visit their offices and warehouse. A site visit to their office will tell you most of what you need to know about an organization. Make sure your contractor has completed jobs of similar scope and size. Mistake number two Choosing the manufactures product that will be installed Many companies have tried to standardize on a particular manufacture of cabling system. Some of the larger manufactures are Belden, Comscope, Ortronics, AMP and Leviton. You cant go wrong with any of these big names. However IT managers and corporate executives get hung up on trying to standardize because they believe it will make things easier for the IT staff. The reality of the situation is that if you choose any of the larger names the only components that might not be interchangeable are the faceplates. Of course there are performance criteria as well and they all claim to be the best. Do your own research and choose a manufacture that you feel has a strong company that will be there to stand behind their product should you even need to make a warranty claim Mistake number three Paying too much for the latest cabling technologies The fact is that todays network components and network components of the future cannot exceed the specifications of Cat 5E and Cat 6 cabling components. Combine this with the fact that the average company moves every 3 to 4 years. You will find it hard to benefit from future proofing a building you dont occupy. Look at you current infrastructure, what equipment or applications do you plan to add or upgrade? Is Gigabit or 10 Gigabit Ethernet an option for you in the near future? Mistake number four Not using universal wiring The EIA/TIA and BICSI both recommend a universal wiring platform for your Communications Infrastructure. In the old days the average install would consist of a single voice grade cable for the phone system and a single data grade cable (Cat 3, Cat5, Cat5E or Cat 6) for their computers. This of course dedicates the usability of these cables to one system type. This is further exacerbated by the termination method used. Voice cables were traditionally terminated on 66 style blocks (66m1-50), which are not user friendly and require a special tool and cross connect wire to make changes. Telephony companies have made a killing for years just performing MAC work (Moves, Adds and Changes) because a customer was unable or unwilling to brave the telephone closet and perform the MAC work themselves. The practice of using a true universal wiring platform is now the standard for all reputable cabling contractors. A Universal Wiring Platform is made up of all data grade components that are downward compatible for all voice applications. A common installation would consist of 3 Category 5E or Category 6 cables all terminated on a 110 type Patch Panel. At the wall plate all cable would be terminated on the matching grade of 8 position modular jack (incorrectly know as an RJ-45). This design not only allows for maximum flexibility were the customer could have 3 computers or 3 phones or 2 computer and 1 phone or any configuration that works for their application. The point is that now the customer is in complete control of their cabling infrastructure and does not need to pay a contractor to come out every time they move an office. In the long run this will also save you money on the overall cabling system as it will shift and flex to meet your needs without having to bring in your cabling contractor. Remember, having the contractor in after construction has completed will involve them pulling out ceiling tiles and standing on desks while you are trying to do business. The elimination of the disruption alone makes it worth while. Mistake number five No CAD pre installation and post installation CAD drawings. Most customers really have no idea what their cabling platform will look like when they sign the paperwork. They rely on their contractor to just do the right thing. Do not make this mistake, if you dont understand how your infrastructure will work or what it should look like, dont sign. Your contractor should have the ability to take your building blue print and overlay his cabling plan on top of your electrical plans. This will give you a visual representation of what you are paying for and allow you to ask questions. Likewise, after the job is complete you should receive what is called an As Built Drawing showing all of your communications outlets with a standards based numbering system. Some contractor will even provide a scale elevation plan showing were your patch panels are and how much room you have left in each rack for growth and or other equipment. This should be provided to you both hard copy and in AutoCAD format for your architect to incorporate into your final building As Builts. Mistake number six Not getting a design before the job starts. This seems to be all over the board, some people have no design plan what so ever. Some will pay $10,000 for an engineering firm to write a specification were they charge by the pound for the spec. Dont be fooled that a large spec is a good spec. Often a specification filed with time consuming exercises for the bidding contractor and unnecessary pricing breakouts will only prevent good contractors from bidding on your project. What you want is a spec that clearly defines your realistic requirements, requires basic qualification with references and does it as quickly and simply as possible. Do not try to write a spec that will cover every contingency, you will drive your contractor away and you will only confuse the process more. Once you have selected your contractor based on an apple s to apple comparison, you can always and should always sit down to discuss the project and other options that they recommend. One more thing, always, always have the contractor provide you with a parts list with quantities, not individual prices, just quantities. This will help you weed out the contractors that did their homework when you start to compare their list of parts. Mistake number six No cable management All cabling systems will look organized before they are used, thats easy. Show me that cabling system after 6 months and I will tell you if the proper wire management was used. Used being the key word here. Remember, you can have the best wiring management in the world, if you dont strictly enforce its use with your IT Staff, you will have a mess. That said, your contractor must provide you with a good design. My recommendation is, listen to your contractor, they know more than you do about this. Then, go visit some of the sites that are done the way they recommend. See how they look after being used a few months. Ask the customer how easy it is to keep organized. Dont underestimate the value of this step. If your patch panels are a mess and you cant effect changes in a rapid and orderly fashion then you would have been better off paying your contractor to do the MAC work for you. |
Archives
January 2023
Categories |