Statement and Confirmation of Own Work
Programmer/Qualification name: International Diploma in Computer Studies
Each NCC Education assessed assignment submitted by you must have this statement attached to the assignment as the cover page or it will not be accepted for marking. Please ensure that this statement is either firmly attached to the cover of the assignment or electronically inserted into the front of the assignment.
- The comparative Networking features of Windows and Linux.
- Interoperability features of Ubuntu with the existing Microsoft Windows Workstations.
- Necessary screen shots of Installation and configuration of ubuntu for file and printer sharing with windows.
- Various cost associated with the performance, security, support, and maintenance of the Ubuntu.
The national Bank for Rural Development is set up as an apex Development Bank with a mandate for facilitating flow for promotion and development of agriculture, small scale industries, cottage and village industries, handicrafts and rural crafts. It also has the mandate to support all other allied economic activities in rural areas, promote integrated and sustainable rural development and secure prosperity of rural areas.
I am appointed as the new networking adviser to advise the bank on cost effective networking solution. The bank has mostly windows based network and clients. The bank also wants their agents and branches to the banks network securely through VPN. The bank decides to evaluate the benefits of the open source Linux operating system, preferably the ubuntu. So a feasibility report is given below to evaluate the benefits of ubuntu as interoperable and alternative NOS for the Bank.
Networking feature of windows server 2003
Internet Protocol version 6 (IPv6)
IPv6 is the next generation of the Internet layer protocols of the TCP/IP protocol suite. IPv6 solves the current problems of Internet Protocol version 4 (IPv4) with respect to address depletion, security, auto configuration, extensibility, and more.
Point-to-Point Protocol over Ethernet (PPPoE)
Windows Server 2003 delivers a native PPPoE driver for making broadband connections to certain Internet service providers (ISPs) without the need for additional software.
Network bridging allows administrators to interconnect network segments using computers running Windows Server 2003. In a multi-segment network, one or more computers may have multiple network adapters such as a wireless adapter, a dial-up adapter, or an Ethernet adapter.
Internet Protocol Security (IPSec) over NAT
The difficulty of using IPSec-based VPNs or IPSec-protected applications across a NAT is eliminated. Windows Server 2003 allows a Layer Two Tunneling Protocol (L2TP) over IPSec (L2TP/IPSec) or an IPSec connection to pass through a NAT. This capability is based on the latest IETF standards work.
Additions to Group Policy
New Group Policy improvements in Windows Server 2003 give administrators granular control over most network configuration settings.
Enhanced Connection Manager Administration Kit (CMAK)
Windows Server 2003 delivers new features and improvements for CMAK, allowing administrators to provide more than one VPN server for connections, turn on end-user logging, automatically configure browser proxy settings on client computers, enable or disable client-side split tunneling, and configure pre-shared keys for L2TP/IPSec connections.
Wireless network deployments dramatically increase demand for multiple Remote Authentication Dial-In User Service (RADIUS) servers and better tools to diagnose authentication issues and manage network access control.
Management and Integration Extensions
The Windows Server 2003 family delivers exciting new networking features for simplifying the management of your enterprise network. A new Network Load Balancing Manager provides a single point of configuration and management for load balancing. Support for RFC 2734 allows TCP/IP traffic on an IEEE 1394 serial bus.
Internet Connection Firewall (ICF)
ICF, designed for use in a small business, provides basic protection on computers directly connected to the Internet or on local area network (LAN) segments. ICF is available for LAN, dial-up, VPN, or PPPoE connections. ICF integrates with ICS or with the Routing and Remote Access service.
IPSec Network Load Balancing
Network Load Balancing provided with Windows Server 2003 now supports IPSec traffic. Administrators can use Network Load Balancing for a group of servers to provide scale-out reliability and capacity for IPSec-protected applications and Windows VPN gateway deployments.
Networking feature of Ubuntu
Has all the features needed to provide e-mail services, whether acting as a connector to the Internet with Postfi x, or as a central storage for users to access their e-mail with Dovecot. It also supports a range of content checkers to keep your organisation spam and virus free.
File and print server
Makes sharing fi les across multiple systems with Samba easy. CUPS shares printers across networks and minimises printer recognition issues.
Web application server
Serves dynamic web pages using your favourite tools including PHP, Perl, Python, Apache, MySQL or PostgreSQL with more options supported by vendors and the community, such as Java and Ruby.
Offers great security for your business with its easy to administer, but fi ne-grained security procedures. From kernel hardening to access control and years of free updates, Ubuntu Server will face any security audit.
Integrates easily with Windows, MacOSX, Unix and Linux. Also comes with Likewise Open and LDAP connectors to easily integrate with your current user management system, allowing your clients to seamlessly authenticate.
Includes network & CD deployment, unattended installation, controlled installation, pre and post installation scripting, easy confi guration GUI, automated updates and Landscape (Ubuntu systems management) integration.
Ubuntu Server Edition JeOS
Allows to build virtual appliances. Configured to be as low footprint as possible, it allows to run more appliances per server to maximize system usage.
Provides a range of network infrastructure services, including DNS with Bind 9, DHCP for easy network configuration and VPNs with Open VPN. Additionally, includes FreeRadius, monitoring through Nagios or Munin and backup solutions with Bacula or BackupPC.
Interoperability features of Ubuntu with the existing Windows Workstations
Computer networks are often comprised of diverse systems, some network environments must consist of both Ubuntu and Microsoft Windows systems working together in harmony. Successfully networking Ubuntu system with Windows clients involves providing and integrating with services common to Windows environments. Such services assist the sharing of data and information about the computers and users involved in the network, and may be classified under three major categories of functionality:
File and Printer Sharing Services
Using the Server Message Block (SMB) protocol to facilitate the sharing of files, folders, volumes and printers throughout the network.
Sharing vital information about the computers and users of the network with such technologies as the Lightweight Directory Access Protocol (LDAP) and Microsoft Active Directory.
Authentication and Access
Establishing the identity of a computer or user of the network and determining the information the computer or user is authorized to access using such principles and technologies as file permissions, group policies, and the Kerberos authentication service.
Fortunately, Ubuntu system may provide all such facilities to Windows clients and share network resources among them. One of the principle pieces of software for Ubuntu system includes for Windows networking is the SAMBA suite of SMB server applications and tools.
- Windows can connect to it natively without installing third-party software.
- Assists in network browsing. With or without NetBIOS.
- Acts as a Windows NT-style Primary Domain Controller (PDC).
- Acts as a Backup Domain Controller (BDC) for a Samba-based PDC.
- Acts as an Active Directory domain member server.
- Joins a Windows NT/2000/2003 PDC.
In addition to the SAMBA suite of file and printer sharing server applications, Ubuntu also includes other powerful server applications designed to provide additional network server functionality to Windows clients similar to the functionality provided by actual Windows servers.
For example, Ubuntu offers centralized management of network resources such as computers and users via Directory Services, and facilitates the identification, and authorization of computers and users via Authentication Services.
Ubuntu includes client applications and capabilities for accessing network resources shared with the SMB protocol.
For example, a utility called smbclient allows for accessing remote shared file-systems, in a manner similar to a File Transfer Protocol (FTP) client. To access a shared folder resource known as documents offered by a remote Windows computer named bill using smbclient.
To make full use of winbind as a source of local users and groups on Linux requires a fair bit of effort. The Name Service Switch (NSS) framework needs to be configured to resolve users and groups against winbind. The Pluggable Authentication Module (PAM) stack similarly needs to be configured to funnel authentication requests through winbind. The behaviour of winbind itself is configurable to a large extent, and getting the intended result may involve tweaking its configuration considerably. Likewise Open consolidates all these operations in a single tool and delivers a clean configuration for the common use-case in a few easy steps.
Advantages of Likewise Open
- No software to install on the Active Directory, and no change to its configuration required.
- Centralised authentication use existing user and group when deploying Ubuntu, no need to maintain duplicate user database.
- Unix user and group id are coherent across all machines running Likewise Open, no need to maintain an id map.
- Disconnected operation enables mobile users to authenticate using their Active Directory credentials.
- No control over assignment of Unix user and group id; they are computed algorithmically by Likewise Open.
- No fine-grained control over which Active Directory users and groups are exposed by Likewise open client.
- Integration limited to identity management and authentication (but see the sub-section on Likewise Enterprise at the end of this white paper for information on a more feature full alternative.)
Performance, security, support, and maintenance
Ubuntu Global Support Services are deployed around the world to enable a true 24x7 support infrastructure. They always ensure the most time and cost effective solution is configured and deployed for user. Unlike support offered through licensed subscriptions, only Canonical offers the right technical expertise and escalation support for customer to get the best desktop experience from open source software.
Included in every support service is access to Landscape, Canonical's easy-to-use systems management tool. Landscape allows user to manage all Ubuntu servers and desktops through a central interface, simplifying the tasks of systems management and monitoring.
Standard business and mission critical support
Canonical offers enterprise level support for both mission critical and standard business needs. they give the flexibility to choose the type of support for the number of servers user require without the restrictions other vendors apply to site wide licenses.
Tap knowledge bank
Engaging Canonical support gives customers organisation access to Ubuntu and Linux experts. They will transfer knowledge to customers staff, empowering them to setup and run complex systems with the ease of Ubuntu.
Consultancy, Support & Training
Most organization wants the reassurance of having a professional service behind them, thats why Canonical provides exceptional services for Ubuntu Server Edition.
Multi-lingual support is available from a dedicated team of Linux experts who are just a call away, 24 / 7. They don't make support compulsory for deployments but they absolutely recommend it. If customer prefer, their skilled consultants can also assist with Ubuntu Server deployments. Dedicated training on how to deploy an Ubuntu Server and Ubuntu Enterprise Cloud is available through structured courses reveal the steps to a successful deployment.
Performance and security:
Ubuntu users enjoy the unprecedented performance and security that Linux provides.
Because they care about customers business. They have ensured that the Ubuntu Server Edition:
- Easily integrates with existing networks.
- Provides a low total cost of ownership.
- Offers multiple life cycle scenarios for customer to choose from.
- Is provided with free life maintenance.
- Is backed by Canonical's world-class support.
Zero license & maintenance costs
While the zero license and maintenance cost of Ubuntu Server Edition certainly plays a part in the reduction of our global spending, they recognize that the administration and upgrade costs are another significant part of IT business spending, so they have made customer server as easy to maintain as possible. As they aim to make operating system as low maintenance as possible, they provide customer with the tools that let them set it up once and then forget about it.
The APT (advanced packaging tool) package management system allows customer to get fast and reliable automated update mechanisms that customer can control fully, and it covers not only the operating system but the entire open source packages that customer install on top of it. Moreover, administrator can easily learn how to package any program and publish them in a private repository, so they manage the system as one unique component.
Canonical's work with software partners also makes use of the APT functionalities so that added packages from the partner repository get updated at the same time. Additionally Canonical's Landscape allows customer to manage these updates on multiple systems as easily as on one system.
Automated, controlled and fully-integrated package management
Deploying new systems is time consuming and a reptile process that can be fully automated to easily provision new server in the most complex setups, the flexibility of the debian installer will allow fast network deployments or creation of custom cds, including any special configuration that may be required.
Of course, the evolution of customer systems over time also plays a big part in their overall IT budget. For this reason their unique product life-cycle ensures that customer can perform system upgrades in place time after time, at the pace customer choose, without compromising the work customer have put in setting them up. The upgrade management is one of the amazing features in Ubuntu specially tune it to allow seem less upgrades from one LTS release to another, including configuration upgrades.
Also, when the time will come for customer to migrate the services to new equipment, the versatility of their operating system and its wide coverage of hardware will ensure that customer have real choices in terms of equipment and a seamless transition from one platform to the other.
Research and produce a comprehensive project plan for the implementation of a VPN within the company.
This should include the following:
- A brief overview of current VPN technologies (both hardware and software).
- Design a suitable VPN using appropriate Internet Service Providers (IPS) for the requirements of the bank.
- Identify and list the hardware and software required to implement the banks VPN.
- Produce a schedule for the implementation of the VPN, detailing the installation of any necessary hardware, network operating system upgrades and associated applications software required.
- Write a section of the report on the responsibilities and level of service required from an ISP in order to implement a successful VPN within the company.
Project plan for the implementation of VPN
The bank wants to consider a good VPN solution for its extranet operations. After researching about various VPN technologies, I produce this project plan for implementing the appropriate VPN solution for the bank.
- A brief overview of current VPN technologies
- Design of the VPN using ISP for the requirements of the bank.
- List of the hardware and software required to implement the banks VPN.
- Schedule for the implementation of the VPN, detailing the installation of necessary hardware, network operating system upgrades and associated applications software required.
- Report on the responsibilities and level of service required from an ISP in order to implement a successful VPN within the company.
A brief overview of current VPN technologies:
Virtual private network technology is based on the idea of tunneling. VPN tunneling involves establishing and maintaining a logical network connection (that may contain intermediate hops). On this connection, packets constructed in a specific VPN protocol format are encapsulated within some other base or carrier protocol, then transmitted between VPN client and server, and finally de-encapsulated on the receiving side.
Types of VPN Tunneling:
VPN supports two types of tunneling - voluntary and compulsory. Both types of tunneling are commonly used.
In voluntary tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider (an ISP in the case of Internet VPNs). Then, the VPN client application creates the tunnel to a VPN server over this live connection.
In compulsory tunneling, the carrier network provider manages VPN connection setup. When the client first makes an ordinary connection to the carrier, the carrier in turn immediately brokers a VPN connection between that client and a VPN server. From the client point of view, VPN connections are set up in just one step compared to the two-step procedure required for voluntary tunnels.
VPN Tunneling Protocols:
Several computer network protocols have been implemented specifically for use with VPN tunnels. The most popular VPN tunneling protocols listed below continue to compete with each other for acceptance in the industry.
Multi-Protocol Label Switching is a technology being standardized by the IETF, which provides high-speed data forwarding and bandwidth reservation. The underlying principle is that packets are forwarded through an MPLS tunnel by switching on attached labels, without looking at the contents of the IP header. The tunnel ingress node adds a label to the packet, and subsequent nodes forward based on the incoming interface and label, sending the packet on to the next node with a new label value. The last node in the MPLS tunnel removes the label before forwarding the packet to its final destination. The path followed by the data is known as a Label Switched Path (LSP).
Point-to-Point Tunneling Protocol (PPTP)
Several corporations worked together to create the PPTP specification. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in client support for this protocol. The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use.
Layer Two Tunneling Protocol (L2TP)
The original competitor to PPTP for VPN tunneling was L2F, a protocol implemented primarily in Cisco products. In an attempt to improve on L2F, the best features of it and PPTP were combined to create a new standard called L2TP. Like PPTP, L2TP exists at the data link layer (Layer Two) in the OSI model -- thus the origin of its name.
Internet Protocol Security (IPsec)
IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution or simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer (Layer Three) of the OSI model. PPTP - Point-to-Point Tunneling Protocol - extends the Point to Point Protocol (PPP) standard for traditional dial-up networking. PPTP is best suited for the remote access applications of VPNs, but it also supports LAN internetworking. PPTP operates at Layer 2 of the OSI model.
RFC2003 describes a mechanism for tunneling IP packets over IP. Although the scalability of this is good in one sense no tunnel setup is required, and no state needs to be maintained the main problem is that multiplexing is not possible, and so a different IP address is needed for each tunnel endpoint.
The Generic Routing Encapsulation (GRE) protocol was originally defined in RFC1701, but was later updated in RFC2784 with less function. To put it simply, GRE allows you to tunnel any protocol inside any protocol. The main use of GRE in the VPN context is to carry IP in IP. As with RFC2003, this has the advantages that there is no need to signal any connection, and no resources are consumed by the GRE tunnel.
The following table shows the main properties of the different tunnel types. The features of the tunnels that are considered are:
- Do the tunnels have the scalability advantage of a multiplexing capability?
- How secure are the tunnels?
- Can traffic engineering be applied to the tunnels to provide QoS for the VPN?
- Do the tunnels require stored state, and if so, which nodes need to store state?
We can run a VPN server on Ubuntu, of course, but that is completely the other end of the system from what we're talking about here.
There is more than one way to VPN - any system that can establish a secure channel between one and other workplace, and then route all your communications over that channel, constitutes a VPN. Naturally, several groups have designed VPN 'protocols'. The one we will want to use will depend on the type that our organization uses, and to find that out we will have to ask our administrator. If we don't know offhand, but we do have our connection details, we might be able to ascertain the type of VPN protocol our organization uses because the different types require different connection details. This page covers the following types:
- Microsoft's Point to Point Tunneling Protocol (PPTP), common with small business networks and Windows servers, requires host, username and password.
- Cisco's VPN (VPNC) requires host, group username and group password, as well as username and password.
Once we have ascertained the VPN protocol we need to use, we'll need a client program to handle our end of the secure connection. For each protocol, there's a separate client program. They are not included with a default Ubuntu install. but they are easy to install.
The VPN client will run invisibly in the background, maintaining our end of the VPN connection - that is, it doesn't have any windows or anything helpful like that for you to communicate with it. However, we're going to have to interact with it to tell it our connection details, and to tell it when to connect and disconnect.
Under Windows (XP, at least), we could do this by using the 'Add New Connection' wizard, and choosing 'connect to my workplace (VPN)'. Under Ubuntu, automatic set-up of this sort is developing fast, but we may have problems. (10)
To fully implement the MPLS-VPN solution into PE equipment, the following ZebOS modules are required:
- ZebOS Network Services Module
- ZebOS BGP Protocol Module with the optional VPN extensions
- ZebOS MPLS-LDP Module
- ZebOS MPLS Forwarder Module
Together, these modules provide the complete MPLS-VPN solution. Optional modules are available for OSPFv2, OSPFv3, RIP, and RIPng to support both IPv4 and IPv6 routing solutions along with MPLS-VPN. The ZebOS Advanced Routing Suite is being integrated into a number of network processing environments. These implementations will allow MPLS-VPN to be supported on standard network processors and will assist equipment manufacturers in quickly getting their products to market. The ZebOS MPLS-VPN solution supports a variety of operating systems and processors.
The key to a successful project is in the planning. Without the project plan we cannot achieve a good result .Creating a project plan is the first thing we should do when undertaking any kind of project. Project plan saves time, money and many problems. This time Schedule will help to do all the work within the allocated time.
The purpose of the pre-study phase is to gain enough knowledge about the project to define its objectives and the methods that should be used. To get a general knowledge of the project topic, background reading material was collected and studied. During the study, the material was divided into several different topics. In this stage I research about various options to implement the Banks VPN.
The first part of this phase is to create a checklist of the service requirements .The second part is to define a test specification according to specific requirement in the checklist. The checklist and test specification could be changed during the implementation stage. I create a list of hardware and software which are needed to implement the Banks VPN.
In this stage, I Design a suitable VPN using appropriate Internet Service Providers (IPS) for the requirements of the bank. Include the method of VPN will be used with both hardware and software. The responsibilities for user authentication, device authentication, encryption, logging, and audit must be specified as part of the design of any practical VPN.
Implementation and testing
During this phase the actual testing will take place. The testing will be done at DIIT lab. After the testing phase analysis of the results will be done and conclusions will be drawn. In order to measure the network performance, at least some basic metrics must be known. Necessary operating software update done in this stage
This stage is for monitor all the hardware and software is working correctly.
Responsibilities and level of service
Network security is increasing in importance for companies of all sizes. The types of Connections that must be secured are increasingly more varied and complex.
There are some of the responsibilities and level of services is given below which is required from an ISP in order to implement a successful VPN within the company.
Addressing and load sharing
The VPN may provide address assignment, presumably with DHCP. It also may provide network address translation (NAT), network address and port translation (NAPT), and load-shared network address translation (LSNAT). DNS services may be associated with the VPN, and operated by the service provider. While VPNs can appear as a single IP prefix, single prefixes will not scale to large size. The Internet service provider may set up multiple prefixes to serve user connectivity requirements. If there are multiple prefixes, it needs to be specified if routing among them is provider responsibility.
Frame Sequencing and MTU Support
There may be requirements to deliver frames or packets in chronological sequence. In addition, there may be a requirement to support, efficiently, larger MTUs that the provider might normally handle.
An Internet service provider may place service-provider operated equipment at a customer site, and present a LAN or serial interface to the customer. Anything beyond the provider device is contractually a provider responsibility, but it cannot be directly controlled by the customer.
Users may be responsible for cryptographic security, transparently to the Internet service provider. Alternatively, the VPN provider may offer encryption. If the user operates firewalls, VPN tunnels typically will terminate at the firewall. If the firewall is operated by the service Internet service provider, or if the user has stringent security requirements requiring end-to-end encryption, there may be compatibility issues of authenticated firewall traversal.
Internet service providers can use registered addresses internally in their networks. These may or may not be visible to the enterprise. When they are not, there should be a well-defined operational procedure that allows the user to request trace routes through IP infrastructures. When the provider uses VPN identifiers to distinguish between routing tables for different VPNs, the same addresses, especially from the private address space, may be reused. Internet service provider engineers should take care that.
Non-IP Protocol SupportMostly, the enterprise will provide the tunneling necessary to carry non-IP protocols over the enterprise. When the VPN is offered as a service, however, the provider may offer appropriate encapsulation services. If the infrastructure is layer 2 and supports a protocol type field, it may be appropriate for the provider to encapsulate non-IP traffic with explicit protocol identification.
When a specific availability requirement is defined for the enterprise VPN, it is a provider responsibility to ensure the infrastructure has the component reliability, diversity, etc., to meet these needs. It can be useful to distinguish between availability in the access part of a VPN, such as modem pools, and the backbone which carries the tunnels over the long-haul shared infrastructure.
I have to prepare a short report on Network Security covering:
- Trojan horses, Worms, Viruses and the major network security issues.
- Why there should be a Network security policy in place in all the networked companies.
Network security is a major concern of every company that has a computer and is connected to a network. A network security that has been compromised means that a competitor or any hacker can gain entry to the sensitive or critical data and they may delete or make off with the information resulting in data loss or complete system destruction. The terms information security and network security are most of the time used to represent the same meaning. Network security, though, is more specifically taken as the provision protection from outside intruders.
A destructive program that can be masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid a computer of viruses but instead introduces viruses onto a computer.
Trojan horses are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horses are:
- Remote Access Trojans
- Data Sending Trojans
- Destructive Trojans
- Proxy Trojans
- FTP Trojans
- security software disabler Trojans
- denial-of-service attack (DoS) Trojans
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes and it may do so without any user intervention. This is due to the poor security the computers infected. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Worms can replicate in great volume. For example, a worm can send out copies of itself to every contact in your e-mail address book, and then it can send itself to all of the contacts your contact's e-mail address books.
Some worms spread very quickly. They clog networks and can cause long waits for user to view Web pages on the Internet.
To help prevent infections by and to get rid of computer worms:
- Use a firewall.
- Update operating system and the software that you use.
- Use antivirus and antispyware software, such as Microsoft Security Essentials, a free download from Microsoft.
- Be careful with e-mail attachments and links on Web sites.
- Use a standard user account instead of an administrator account.
A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, adware, and spyware programs that do not have the reproductive ability. Malware includes computer viruses, worms, Trojans, most root kits, spyware, dishonest adware, crime ware, and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or go unnoticed.
Network security issues
Network security deals with the requirements needed for a company, organization or a network administrator to help in protecting the network, computer systems and the resources that are network accessible. They are protected from any unauthorized entry, malicious components as well as monitoring continuously, consistently and measuring the effectiveness or lack of effectiveness of the network.
Worms and viruses:
Computer worms and viruses remain the most common security threat, with 75 percent of small and medium businesses affected by at least one virus in the last year [Maritz Research, 2005].
Information theft is big business today. Malevolent hackers break into business networks to steal credit card or social security numbers for profit. Small and medium-sized businesses are at risk because they are seen as an easier mark than large corporations. Protecting the perimeter of the network is a good start, but it isnt enough, since many information thefts have help from a trusted insider, such as an employee or contractor. Information theft can be costly to small and medium-sized businesses, since they rely on satisfied customers and a good reputation to help grow their business. Businesses that dont adequately protect their information could face negative publicity, government fines, or even lawsuits.
Computer worms and viruses can drastically affect the reliability of network resources, which in turn affects businesses ability to respond quickly to their customers; but worms and viruses are not the only threat to business availability. With networks so critical to day-to-day business operations, cyber-terrorists have begun targeting businesses for blackmail, threatening to bring down Websites and e-commerce operations unless their demands are met. These denial-of-service (DoS) attacks send large volumes of traffic to a critical network element, either causing it to fail or to be unable to process legitimate traffic. Once again, the results are disastrous: data and orders are lost and customer requests are not answered. While most of the publicity surrounding DoS outages has focused on major banks and global 500 companies, small and medium-sized businesses are not immune. They are viewed as less prepared for attacks than large corporations. There are many others less dramatic but more likely attacks that threaten small and medium business availability and therefore profitability and customer satisfaction.
With every new advance in computing and communications, some malicious hacker finds new ways to exploit that technology for gain or mischief. New hardware or software releases present a new opportunity. Peer-to-peer networking and Internet Messaging (IM) were still relatively new applications when their users were attacked by malicious code written specifically for them. Mobile phones are now targets of viruses. No one knows whats coming next, but the best defense is one that will be able to easily adapt to future threats without breaking the bank.
Aside from these malicious security threats, new laws and regulations require that small and medium-sized businesses protect the privacy and integrity of the information entrusted to them. Unfortunately, many smaller businesses find their resources only stretch so far. Yet customers want assurance that the information they entrust to businesses is kept private. All businesses must take steps to secure their business infrastructure, but small and medium-sized businesses in particular require simple, right-sized, affordable solutions.
Network security policy
Network security experts agree that well-run corporations need a written security policy. The policy sets appropriate expectations regarding the use and administration of corporate IT assets. However, the conventional wisdom holds that composing and maintaining these documents bog down in a morass of bureaucratic inefficiency and pointless wrangling, which never ends and produces nothing useful.
This paper lays out a common-sense approach to writing corporate security policies that makes them easier to draft, maintain, and enforce. Our "question and answer" approach requires no outside consultants. Instead, you can use your in-house knowledge and resources to yield a brief, usable, and most importantly understandable policy document, in a reasonable amount of time. To help you generate such a policy, this paper clears away some misconceptions about the purpose of network security; details the process of writing the policy; then explains how to keep refining the drafted policy.
In the ever-changing world of global data communications, inexpensive Internet connections, and fast-paced software development, security is becoming more and more of an issue. Security is now a basic requirement because global computing is inherently insecure. As your data goes from point A to point B on the Internet, for example, it may pass through several other points along the way, giving other users the opportunity to intercept, and even alter, it. Even other users on your system may maliciously transform your data into something you did not intend. Unauthorized access to your system may be obtained by intruders, also known as "crackers", who then use advanced knowledge to impersonate you, steal information from you, or even deny you access to your own resources.