Wednesday, November 30, 2016

Activity - Network Security Terminology


Security Solutions

No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution. If one security component fails to identify and protect the network, others still stand.

A home network security implementation is usually rather basic. It is generally implemented on the connecting end devices, as well as at the point of connection to the Internet, and can even rely on contracted services from the ISP.

In contrast, the network security implementation for a corporate network usually consists of many components built into the network to monitor and filter traffic. Ideally, all components work together, which minimizes maintenance and improves security.

Network security components for a home or small office network should include, at a minimum:

  • Antivirus and antispyware – These are used to protect end devices from becoming infected with malicious software.


  • Firewall filtering – This is used to block unauthorized access to the network. This may include a host-based firewall system that is implemented to prevent unauthorized access to the end device, or a basic filtering service on the home router to prevent unauthorized access from the outside world into the network.


In addition to the above, larger networks and corporate networks often have other security requirements:

  • Dedicated firewall systems – These are used to provide more advanced firewall capabilities that can filter large amounts of traffic with more granularity.


  • Access control lists (ACL) – These are used to further filter access and traffic forwarding.


  • Intrusion prevention systems (IPS) – These are used to identify fast-spreading threats, such as zero-day or zero-hour attacks.


  • Virtual private networks (VPN) – These are used to provide secure access to remote workers.


Network security requirements must take into account the network environment, as well as the various applications, and computing requirements. Both home environments and businesses must be able to secure their data while still allowing for the quality of service that is expected of each technology. Additionally, the security solution implemented must be adaptable to the growing and changing trends of the network.

The study of network security threats and mitigation techniques starts with a clear understanding of the underlying switching and routing infrastructure used to organize network services.

Security Threats

Network security is an integral part of computer networking, regardless of whether the network is limited to a home environment with a single connection to the Internet or as large as a corporation with thousands of users. The network security that is implemented must take into account the environment, as well as the tools and requirements of the network. It must be able to secure data while still allowing for the quality of service that is expected of the network.

Securing a network involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Threat vectors may be external or internal. Many external network security threats today are spread over the Internet.

The most common external threats to networks include:

  • Viruses, worms, and Trojan horses - malicious software and arbitrary code running on a user device


  • Spyware and adware - software installed on a user device that secretly collects information about the user


  • Zero-day attacks, also called zero-hour attacks - an attack that occurs on the first day that a vulnerability becomes known


  • Hacker attacks - an attack by a knowledgeable person to user devices or network resources


  • Denial of service attacks - attacks designed to slow or crash applications and processes on a network device


  • Data interception and theft - an attack to capture private information from an organization’s network


  • Identity theft - an attack to steal the login credentials of a user in order to access private data


It is equally important to consider internal threats. There have been many studies that show that the most common data breaches happen because of internal users of the network. This can be attributed to lost or stolen devices, accidental misuse by employees, and in the business environment, even malicious employees. With the evolving BYOD strategies, corporate data is much more vulnerable. Therefore, when developing a security policy, it is important to address both external and internal security threats.

Wireless Broadband

Connecting to the Internet is vital in smart home technology. DSL and cable are common technologies used to connect homes and small businesses to the Internet. However, wireless may be another option in many areas.

Wireless Internet Service Provider (WISP)

Wireless Internet Service Provider (WISP) is an ISP that connects subscribers to a designated access point or hot spot using similar wireless technologies found in home wireless local area networks (WLANs). WISPs are more commonly found in rural environments where DSL or cable services are not available.

Although a separate transmission tower may be installed for the antenna, it is common that the antenna is attached to an existing elevated structure, such as a water tower or a radio tower. A small dish or antenna is installed on the subscriber’s roof in range of the WISP transmitter. The subscriber’s access unit is connected to the wired network inside the home. From the perspective of the home user, the setup is not much different than DSL or cable service. The main difference is that the connection from the home to the ISP is wireless instead of a physical cable.

Wireless Broadband Service

Another wireless solution for the home and small businesses is wireless broadband, as shown in the figure. This uses the same cellular technology used to access the Internet with a smart phone or tablet. An antenna is installed outside the house providing either wireless or wired connectivity for devices in the home. In many areas, home wireless broadband is competing directly with DSL and cable services.

Sunday, November 20, 2016

Technology Trends in the Home

Networking trends are not only affecting the way we communicate at work and at school, they are also changing just about every aspect of the home.
The newest home trends include ‘smart home technology’. Smart home technology is technology that is integrated into every-day appliances allowing them to interconnect with other devices, making them more ‘smart’ or automated. For example, imagine being able to prepare a dish and place it in the oven for cooking prior to leaving the house for the day. Imagine if the oven was ‘aware’ of the dish it was cooking and was connected to your ‘calendar of events’ so that it could determine what time you should be available to eat, and adjust start times and length of cooking accordingly. It could even adjust cooking times and temperatures based on changes in schedule. Additionally, a smartphone or tablet connection allows the user the ability to connect to the oven directly, to make any desired adjustments. When the dish is “available”, the oven sends an alert message to a specified end user device that the dish is done and warming.
This scenario is not long off. In fact, smart home technology is currently being developed for all rooms within a house. Smart home technology will become more of a reality as home networking and high-speed Internet technology becomes more widespread. New home networking technologies are being developed daily to meet these types of growing technology needs.

Cloud Computing

Cloud computing is another global trend changing the way we access and store data. Cloud computing allows us to store personal files, even backup our entire hard disk drive on servers over the Internet. Applications such as word processing and photo editing can be accessed using the Cloud.
For businesses, Cloud computing extends IT's capabilities without requiring investment in new infrastructure, training new personnel, or licensing new software. These services are available on demand and delivered economically to any device anywhere in the world without compromising security or function.
There are four primary types of Clouds, as shown in the figure: Public Clouds, Private Clouds, Hybrid Clouds, and Custom Clouds. Click each Cloud to learn more.
Cloud computing is possible because of data centers. A data center is a facility used to house computer systems and associated components. A data center can occupy one room of a building, one or more floors, or an entire building. Data centers are typically very expensive to build and maintain. For this reason, only large organizations use privately built data centers to house their data and provide services to users. Smaller organizations that cannot afford to maintain their own private data center can reduce the overall cost of ownership by leasing server and storage services from a larger data center organization in the Cloud.

Video Communication

Another trend in networking that is critical to the communication and collaboration effort is video. Video is being used for communications, collaboration, and entertainment. Video calls can be made to and from anywhere with an Internet connection.
Video conferencing is a powerful tool for communicating with others at a distance, both locally and globally. Video is becoming a critical requirement for effective collaboration as organizations extend across geographic and cultural boundaries. Click Play in the figure to view how TelePresence can be incorporated into everyday life and business.
Click here to read the transcript of this video.

Online Collaboration

Individuals want to connect to the network, not only for access to data applications, but also to collaborate with one another. Collaboration is defined as “the act of working with another or others on a joint project.” Collaboration tools, like Cisco WebEx shown in the figure, give employees, students, teachers, customers, and partners a way to instantly connect, interact, and achieve their objectives.
For businesses, collaboration is a critical and strategic priority that organizations are using to remain competitive. Collaboration is also a priority in education. Students need to collaborate to assist each other in learning, to develop team skills used in the work force, and to work together on team-based projects.

Bring Your Own Device

The concept of any device, to any content, in any manner, is a major global trend that requires significant changes to the way devices are used. This trend is known as Bring Your Own Device (BYOD).
BYOD is about end users having the freedom to use personal tools to access information and communicate across a business or campus network. With the growth of consumer devices, and the related drop in cost, employees and students can be expected to have some of the most advanced computing and networking tools for personal use. These personal tools include laptops, netbooks, tablets, smartphones, and e-readers. These can be devices purchased by the company or school, purchased by the individual, or both.
BYOD means any device, with any ownership, used anywhere. For example, in the past, a student who needed to access the campus network or the Internet had to use one of the school’s computers. These devices were typically limited and seen as tools only for work done in the classroom or in the library. Extended connectivity through mobile and remote access to the campus network gives students tremendous flexibility and more learning opportunities for the student.
.

New Trends

As new technologies and end user devices come to market, businesses and consumers must continue to adjust to this ever-changing environment. The role of the network is transforming to enable the connections between people, devices, and information. There are several new networking trends that will effect organizations and consumers. Some of the top trends include:

  • Bring Your Own Device (BYOD)

  • Online collaboration

  • Video communications

  • Cloud computing

Activity - Reliable Networks


Security

The network infrastructure, services, and the data contained on network-attached devices are crucial personal and business assets. There are two types of network security concerns that must be addressed: network infrastructure security and information security.
Securing a network infrastructure includes the physical securing of devices that provide network connectivity, and preventing unauthorized access to the management software that resides on them, as shown in Figure 1.
Information security refers to protecting the information contained within the packets being transmitted over the network and the information stored on network attached devices. In order to achieve the goals of network security, there are three primary requirements, as shown in Figure 2:

  • Confidentiality - Data confidentiality means that only the intended and authorized recipients can access and read data.

  • Integrity - Data integrity means having the assurance that the information has not been altered in transmission, from origin to destination.

  • Availability - Data availability means having the assurance of timely and reliable access to data services for authorized users.
To learn more about security as a requirement for reliable networks, refer to the Appendix for this chapter.

Quality of Service

Quality of Service (QoS) is also an ever increasing requirement of networks today. New applications available to users over internetworks, such as voice and live video transmissions, create higher expectations for the quality of the delivered services. Have you ever tried to watch a video with constant breaks and pauses? As data, voice, and video content continue to converge onto the same network, QoS becomes a primary mechanism for managing congestion and ensuring reliable delivery of content to all users.
Congestion occurs when the demand for bandwidth exceeds the amount available. Network bandwidth is measured in the number of bits that can be transmitted in a single second, or bits per second (bps). When simultaneous communications are attempted across the network, the demand for network bandwidth can exceed its availability, creating network congestion.
When the volume of traffic is greater than what can be transported across the network, devices queue, or hold, the packets in memory until resources become available to transmit them. In the figure, one user is requesting a web page and another is on a phone call. With a QoS policy in place, the router can manage the flow of data and voice traffic, giving priority to voice communications if the network experiences congestion.
To learn more about QoS as a requirement for reliable networks, refer to the Appendix for this chapter.

Scalability

A scalable network can expand quickly to support new users and applications without impacting the performance of the service being delivered to existing users. The figure shows how a new network can be easily added to an existing network. In addition, networks are scalable because the designers follow accepted standards and protocols. This allows software and hardware vendors to focus on improving products and services without worrying about designing a new set of rules for operating within the network.
To learn more about scalability as a requirement for reliable networks, refer to the Appendix for this chapter.

Fault Tolerance

The expectation is that the Internet is always available to the millions of users who rely on it. This requires a network architecture that is built to be fault tolerant. A fault tolerant network is one that limits the impact of a failure, so that the fewest number of devices are affected. It is also built in a way that allows quick recovery when such a failure occurs. These networks depend on multiple paths between the source and destination of a message. If one path fails, the messages can be instantly sent over a different link. Having multiple paths to a destination is known as redundancy.
One way reliable networks provide redundancy is by implementing a packet-switched network. Packet switching splits traffic into packets that are routed over a shared network. A single message, such as an email or a video stream, is broken into multiple message blocks, called packets. Each packet has the necessary addressing information of the source and destination of the message. The routers within the network switch the packets based on the condition of the network at that moment. This means that all the packets in a single message could take very different paths to the destination. In the figure, the user is not aware and is unaffected by the router dynamically changing the route when a link fails.
This is not the case in circuit-switched networks traditionally used for voice communications. A circuit-switched network is one that establishes a dedicated circuit between the source and destination before the users may communicate. If the call is unexpectedly terminated, the users must initiate a new connection.
To learn more about packet-switched and circuit-switched networks, refer to the Appendix for this chapter.

Network Architecture

Networks must support a wide range of applications and services, as well as operate over many different types of cables and devices, which make up the physical infrastructure. The term network architecture, in this context, refers to the technologies that support the infrastructure and the programmed services and rules, or protocols, that move data across the network.
As networks evolve, we are discovering that there are four basic characteristics that the underlying architectures need to address in order to meet user expectations:

  • Fault Tolerance

  • Scalability

  • Quality of Service (QoS)

  • Security

Lab – Researching Converged Network Services

In this lab, you will complete the following objectives:

  • Part 1: Survey Your Understanding of Convergence

  • Part 2: Research ISPs Offering Converged Services

  • Part 3: Research Local ISPs Offering Converged Services

  • Part 4: Select Best Local ISP Converged Service

  • Part 5: Research Local Company or Public Institution Using Convergence Technologies
Lab - Researching Converged Network Services
.

The Converging Network

Today, the separate data, telephone, and video networks are converging. Unlike dedicated networks, converged networks are capable of delivering data, voice, and video between many different types of devices over the same network infrastructure, as shown in the figure. This network infrastructure uses the same set of rules, agreements, and implementation standards.

Traditional Separate Networks

Consider a school built thirty years ago. Back then, some classrooms were cabled for the data network, telephone network, and video network for televisions. These separate networks could not communicate with each other, as shown in the figure. Each network used different technologies to carry the communication signal. Each network had its own set of rules and standards to ensure successful communication.

Packet Tracer - Network Representation

In this activity, you will explore how Packet Tracer serves as a modeling tool for network representations.
Packet Tracer - Network Representation Instructions
Packet Tracer - Network Representation - PKA

Packet Tracer - Help and Navigation Tips

Packet Tracer is a fun, take-home, flexible software program which will help you with your Cisco Certified Network Associate (CCNA) studies. Packet Tracer allows you to experiment with network behavior, build network models, and ask "what if" questions. In this activity, you will explore a relatively complex network that highlights a few of Packet Tracer’s features. While doing so, you will learn how to access Help and the tutorials. You will also learn how to switch between various modes and workspaces.
Packet Tracer – Help and Navigation Tips Instructions
Packet Tracer – Help and Navigation Tips - PKA

Businesses Internet Connections

Corporate connection options differ from home user options. Businesses may require higher bandwidth, dedicated bandwidth, and managed services. Connection options available differ depending on the type of service providers located nearby.
The figure illustrates common connection options for businesses:

  • Dedicated Leased Line - Leased lines are actually reserved circuits within the service provider’s network that connect geographically separated offices for private voice and/or data networking. The circuits are typically rented at a monthly or yearly rate. They can be expensive.

  • Ethernet WAN - Ethernet WANs extend LAN access technology into the WAN. Ethernet is a LAN technology you will learn about in a later chapter. The benefits of Ethernet are now being extended into the WAN.

  • DSL - Business DSL is available in various formats. A popular choice is Symmetric Digital Subscriber Lines (SDSL) which is similar to the consumer version of DSL, but provides uploads and downloads at the same speeds.

  • Satellite - Similar to small office and home office users, satellite service can provide a connection when a wired solution is not available.
The choice of connection varies depending on geographical location and service provider availability.

Home and Small Office Internet Connections

The figure illustrates common connection options for small office and home office users:

  • Cable - Typically offered by cable television service providers, the Internet data signal is carried on the same cable that delivers cable television. It provides a high bandwidth, always on, connection to the Internet.

  • DSL - Digital Subscriber Lines provide a high bandwidth, always on, connection to the Internet. DSL runs over a telephone line. In general, small office and home office users connect using Asymmetrical DSL (ADSL), which means that the download speed is faster than the upload speed.

  • Cellular - Cellular Internet access uses a cell phone network to connect. Wherever you can get a cellular signal, you can get cellular Internet access. Performance will be limited by the capabilities of the phone and the cell tower to which it is connected.

  • Satellite - The availability of satellite Internet access is a real benefit in those areas that would otherwise have no Internet connectivity at all. Satellite dishes require a clear line of sight to the satellite.

  • Dial-up Telephone - An inexpensive option that uses any phone line and a modem. The low bandwidth provided by a dial-up modem connection is usually not sufficient for large data transfer, although it is useful for mobile access while traveling.
Many homes and small offices are more commonly being connected directly with fiber optic cables. This enables an ISP to provide higher bandwidth speeds and support more services such as Internet, phone, and TV.
The choice of connection varies depending on geographical location and service provider availability.

Internet Access Technologies

There are many different ways to connect users and organizations to the Internet.
Home users, teleworkers (remote workers), and small offices typically require a connection to an Internet Service Provider (ISP) to access the Internet. Connection options vary greatly between ISP and geographical location. However, popular choices include broadband cable, broadband digital subscriber line (DSL), wireless WANs, and mobile services.
Organizations typically require access to other corporate sites and the Internet. Fast connections are required to support business services including IP phones, video conferencing, and data center storage.
Business-class interconnections are usually provided by service providers (SP). Popular business-class services include business DSL, leased lines, and Metro Ethernet.

Intranets and Extranets

There are two other terms which are similar to the term Internet:

  • Intranet

  • Extranet
Intranet is a term often used to refer to a private connection of LANs and WANs that belongs to an organization, and is designed to be accessible only by the organization's members, employees, or others with authorization.
An organization may use an extranet to provide secure and safe access to individuals who work for a different organization, but require access to the organization’s data. Examples of extranets include:

  • A company that is providing access to outside suppliers and contractors.

  • A hospital that is providing a booking system to doctors so they can make appointments for their patients.

  • A local office of education that is providing budget and personnel information to the schools in its district.

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Best Web Hosting