Posts Tagged computer network
Securing Data over Computer Networks
When designing a network, data security must be included in the design plan because protecting data while it is transmitted is very important especially if is is sensitive data. additionally, authenticating users when trying to open protexted pages is also very important to avoid stoling data. finally receiver must assure that the data is received as transmitted. the previous points are explained below separately.
When transmitting data across a network, many attackers exist that can intercept the data and read it. the data are transmitted in the form of binary signals. any one having a detector can read this pulses on the line. the data transmitted can be very sensitive especially in milattery applications.
The solution to the above problem is to scrample the data before transmitting them according to some rules. on the receiver, these rules must be known in order to extract the original data from the scrambled data. this process of scrampling is called encryption. encrypting data involves replacing each block of data with different block or shifting a block to the place of another block.
Another issue for network security is user authentication. when some one opens a protected page on a site or download a protected file, he must provide the server first with the username and password. this is done to know that the person who atempting to open the page or download the file is a known person who is allowed to do so. this process is called authentication. generally, authentication involves matching the user credentials with a set of credentials stored on the server.
The last issue concerned with data security over a computer network is integrity. integrity involves assuring that data is received as transmitted without being altered. this is because that an attacker can intercept the data, modify it and re-transmit it. this will decept the receiver because he receives the wrong data. to avoid this attack, a signature mmust be inserted along with the data before transmission. the signature is function of the bits forming the data. at the receiver, this signature is calculated and if it is the same, the data is received as transmitted.
Tags: attackers, binary signals, computer network, computer networks, data security, pulses, scrambled data, sensitive data, set of credentials, user authentication
Easy to Understand Definition of a Computer Network
By definition a network is a group or system that interconnects components together. A network of retail stores, for example, implies some sort of relationship between the stores. A railroad network suggests that the tracks interconnect at different points. And a computer network interconnects computers.
By far the most famous computer network in the world is the Internet. The Internet is, in fact, a collection of smaller networks that are interconnected together – a network of networks if you can imagine that.
But computer networks don’t necessarily have to be large or complex. By definition, the smallest possible computer network would include just two interconnected computers. The interconnection can be achieved using a cable or by wireless technology. Whatever the medium, as long as the computers can communicate together they are part of a network.
Surprisingly, the Information Technology industry doesn’t define networks by size, rather, by location. Computers that are interconnected in a small geographical location such as a home or an office are said to be in a LAN (Local Area Network). A LAN can have two computers or two thousand computers.
Conversely, computers that are connected across a wide geographical area such as between cities or countries are said to be in a WAN (Wide Area Network). Strictly speaking a WAN actually interconnects LANs. Five computers in a New York office are in a LAN, however, the New York office also connects to an Office in Chicago who hosts ten other computers. All together, that network is said to be a WAN spanning New York to Chicago. But individually each office is a LAN in its own right. One LAN in New York and one LAN in Chicago. This is why we say that strictly speaking a WAN interconnects LANs.
A description of how the network is wired together can be provided using a physical network topology. Network topologies are used to describe the different ways to connect computers together. A bus topology, for example, describes computers connected across a common wire in a linear fashion. A star topology describes computers connected to a common central device such as a switch. Other types of common topologies include ring topology as well as mesh and partial mesh topology.
But possibly the most important working components of a computer network are the protocols. A protocol is a set of rules. In order to communicate correctly, computers must talk the same protocol so that they understand what is being received and know how to send information in return. The IT industry has successfully established TCP/IP as the dominant network protocol across the world. The standardization of TCP/IP in computers has allowed the internet to thrive because is provides a common language that computers can use to communicate with each other.
Tags: computer network, famous computer, five computers, geographical area, information technology industry, local area network, network topologies, network topology, railroad network, wide area network
Computer Networking – Higher Education Programs Online
Computer networking has become an integral part of everyday life. Networks are used by multitudes of people from the businessmen that share information with each other to the teenager uploading photos to a social networking site. The role of online education in computer networking is to teach students to keep networks working and usable. Education is obtainable from numerous online universities that offer several concentrations.
The connection between computers that share information defines the industry of computer networking. This is a complex system that needs the constant work of specialists. Online training encompasses many aspects of the field, which includes network design, troubleshooting, maintenance, and information protection. Based on career trends, having an education is quickly becoming a standard due to continually advancing technology. Students learn how to be specialists that provide daily support, train individuals to use a system, and develop a network for a company. These are only a few areas that are covered through courses in a program. Education is available through concentrations that include:
Computer Network Engineering
Computer Network Management
Network Support
Network Systems
Each available training option provides students with the knowledge needed to carry out specific functions. Online colleges give students the ability to work through programs at the associate’s, bachelor’s, and master’s degree level. Graduate level training at the master’s degree is not a career requirement but students will fare better in their career with the advanced knowledge gained. Earning an associate’s or bachelor’s degree is the educational standard for the industry’s professionals.
Problem solving is one of the main roles of a computer networking professional. Students that participate in an online program in network support will gain the necessary skills for this function. Specific coursework explores how to create, design, install, manage, and fix a network when it stops working or needs updated software. Online courses help students develop their computer, technology, and management skills. Subjects on computer programming, data security, and software integration are a few topics discussed inside a program.
Computer network management programs are another area available that teaches students a core role of the industry. Students learn the process of configuring, establishing, and managing a system of networks. The software and hardware of the industry is evaluated from a management standpoint. Students learn to oversee and maintain local area networks and wide area networks. Online courses in information security, remote access, data communication, and computer architecture are some training areas students can expect to complete as a regular part of education.
The available programs prepare students to enter a career as a computer networking specialist. An accredited online education in each concentration area gives students a foundational knowledge of the field while building a particular set of skills. Full accreditation is provided by agencies like the Accreditation Commission of Career Schools and Colleges of Technology (ACCSC) to programs that meet certain criteria and offer a quality education. Students can utilize the accessibility of the Internet to research available degree programs and online computer networking schools that will help them reach their objectives.
Tags: advancing technology, available training, career trends, computer network, computer network engineer, computer network engineering, computer network management, computer networking, computer networking schools, engineering computer network, level graduate, network design, network support, online computer networking, program education, social networking site, train individuals
IT Consulting and Networking Services Richmond, VA
IT service management (ITSM or IT services) is a discipline for managing information technology (IT) systems, philosophically centered on the customer’s perspective of IT’s contribution to the business. ITSM stands in deliberate contrast to technology-centered approaches to IT management and business interaction.
BEL Network Integration & Support provides small business network security services, IT Web Hosting services, internet marketing consulting services, and computer and server data backup to businesses and non-profits organization nationwide. Our services are designed to help the business owner Grow, Manage, and Protect the organization they’ve worked so hard to build.
We are entrepreneurs just like you, so we know that your time and resources are precious and that you need to be focused on what’s most important. Leverage our small business IT support solutions and passion for small business success to your advantage – whether that’s providing IT support and computer security services to your employees, protecting your critical data, or developing an Internet marketing campaign that brings leads in the door.
IT Support & Management – A Case Study
Alex Gordon is a wholesale stationery supplier located in Richmond, VA. Having inherited the business from his father, Gordon’s company has been supplying stationery to almost 45% of the Richmond market for over 75 years.
Gordon’s office had a network of 12 computers primarily used to process orders, keep a track of delivery schedules, stock position and payments. Because of the large volumes involved, Gordon and his staff were totally dependent on the 12 networked computers. Each morning, Gordon would arrive to work a little early, switch on all the computers and pray to God they were all working. If any computer faltered, Gordon would have to begin a process he hated the most – call the local network support company. He had done it so many times that he knew the routine well – wait for the automated message system to kick in, punch in the appropriate code etc., etc. If Gordon was lucky, someone from the IT support firm would call him before noon to find out details of the problem and then hopefully, send someone over to fix it before the end of the day.
Two years ago Gordon came into contact with BEL Network Integration & Support, LLC (BELNIS) and then his World changed. To begin with, BELNIS sent a senior networking engineer to Gordon’s office. After a detailed FREE, no-obligation systems analysis, BELNIS created a special presentation for Gordon who liked what was on offer so much, that he inked the deal immediately.
Today, Gordon’s major customers no longer place orders on the phone – instead they use the internet to login to Gordon’s new network and enter their requirements. Simultaneously, thanks to the new network and software in place, Gordon has introduced SMS-your-order facility. Small and medium sized businesses as well as individuals now SMS their orders. Such SMSs are instantly and automatically logged into Gordon’s network. Gordon’s suppliers benefited as well – they can now securely log into Gordon’s network and get an instant update on Gordon’s stock requirements. No need for phone calls, no need to receive hard copies of stock requirements and then re-key it into their own computer. The local delivery agency too was given access to Gordon’s new network and was able to save time and money by planning delivery schedules more accurately. Logistically, the entry of BELNIS brought a great deal of success (and smiles) to Gordon, his suppliers, the delivery agency and more importantly, his customers.
Let’s take a look at the financial impact:
Until the new networking system was designed and installed, Gordon had 4 telephone operators. Now he needs only one. He had 12 poorly networked computers – now he has just 5 well networked computers that provide ultra secure access to his clients, suppliers and delivery agency. Thanks to the new networking and state-of-the-art inventory management software, Gordon now physically stocks about 16% less goods – this despite his business having increased by 14% every since the new network was put in place. In total, Gordon now has 10 less staff than before and because the number of computers has reduced to less than half, he also pays less for IT support.
Thanks to the Managed IT Service deal that Gordon has signed with BELNIS, Gordon can’t even remember when was the last time he had to call BELNIS to report a problem. The regular preemptive maintenance service from BELNIS is so good that they are able to catch any hardware, software or security weakness within the system before it becomes a cause for concern. It’s now two years since BELNIS designed and implemented the new network. During these two years, Gordon has suffered exactly zero down time.
For BEL Network Integration & Support, LLC, IT Support & Management is about delivering Computer Disaster Recovery and integration support to our customers and then maintaining it at 100% efficiency levels by regular preemptive maintenance.
Click for : network support services and small business computer network
Tags: business computer network, business interaction, computer network, computer security services, internet marketing consulting, managing information technology, marketing consulting services, network security services, network support, richmond market, small business computer network, small business network, small business success, stationery supplier
Technologies Used To Secure Data And Network In The Organization
In this document I have discussed various technologies which can be used for improving security in the organization.
They are
1.Window AD Authentication
2.DLP Solution
3.File/HDD Encryption
4.Antivirus
5.Token/Biometric Access System
6.VPN/IPSEC
7.NAC
8.CSA
DLP Solution-
DLP is Data Loss Prevention. The DLP comprises of identifying, monitoring and protecting the data. The data can be in use (e.g. endpoint), in motion (e.g. network) and
Can be at rest (e.g. SAN-Storage Area Network).The DLP can find out the sensitive data through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.). The DLP systems are designed to detect and prevent the unauthorized use and transmission of confidential (sensitive) information.
a.Network DLP
These are the systems usually installed near to the Internet connection of the organizations network and analyze network traffic for sensitive information transmission. That includes email, Chat, FTP,IM, HTTP, HTTPS. These can also work as a Storage DLP systems
b.Host DLP
These systems run on end user workstations and servers in the organization. They can be used to control the information flow between groups or types of users. They can also be used to control email and other forms of communication. Host systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities e.g. pendrives) and in some cases can access information before it has been encrypted.
[removed]// [removed]
[removed]
[removed]
[removed][removed]
[removed][removed]
[removed]// [removed]
Windows AD environment
All the hosts connected will have a domain environment which gives flexibility, scalability, security to the network and to the users. Windows uses robust Kerberos based authentication which is difficult to break. The network gives manageability as the rights management becomes easy. The rights can be assigned to individual users or group of users. Also severalauthentication methods like biometric or token based systems can be directly integrated with the AD system.
File/HDD encryption
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
It can be mainly of two types
a. File Encryption
b. Disk Encryption
File Encryption- It is the process used to encrypt the files. The owner will encrypt the files and keep it in an encrypted form. If the data gets stolen or in the wrong hands the stealer will not be able to find out what the real content of the file is.
Disk Encryption-It’s also called as Volume Encryption. In this type of encryption the data on the whole disk is encrypted with a specific algorithm. The encryption will be transparent to the user i.e. the user will not be able to make out whether the data is getting encrypted or not. If the disk gets stolen the thief will not be able to get the contents as the whole disk will be encrypted.
Antivirus
Antivirus can be of two types a. Signature based Antivirus, b. Behavior based Antivirus
a. Signature based Antivirus- These AV’s detect the viruses based on the signatures given to them by the database system. These databases get updated but if any signature is missing then the virus/ worm will be active up to that time.
b. Behavior based Antivirus- These AV’s detect the behavior of the application and if it finds the behavior as suspicious then it marks it as a virus and takes appropriate action. These type of AV’s can be used to prevent zero day attacks for which the solution has not been released by the AV vendor yet.
[removed]// [removed]
[removed]
[removed]
[removed]// [removed]
Token/Biometric Based Authentication
Security tokens are used to prove one’s identity electronically. The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something. It can be abiometric based token e.g. a token with fingerprints
There are four types of tokens:
1. Static Password. 2. Synchronous Dynamic Password
3. Asynchronous Password
4. Challenge Response
In these Challenge Response and Synchronous Dynamic Password are bit difficult to hack.These are also called dual factor authentications as the user will have to give what he is having (a token) and what he knows ( a password). This type of security gives an edge over the other technologies.
IPSEC VPN
IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3. IPsec can be used for protecting any application traffic across the Internet or any private network. Applications need not be specifically designed to use IPsec.
The IPsec suite is a framework of open standards. IPsec uses the following protocols to perform various functions:
a. A security association (SA) set up by Internet Key Exchange (IKE and IKEv2) or Kerberized Internet Negotiation of Keys (KINK) by handling negotiation of protocols and algorithms and to generate the encryption andauthentication keys to be used by IPsec.
b. Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.
c. Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.
NAC –Network Admission Control
Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. It attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or systemauthentication and network security enforcement so that the access to the network and other resources gets restricted from hackers.
Goals of NAC
Mitigation of zero-day attacks
The key value proposition of NAC solutions is the ability to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of computer worms.
Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes.
Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.
CSA-Cisco Security Agent
CSA is an endpoint intrusion prevention system software which is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack.
CSA uses a two or three-tier client-server architecture. The Management Center ‘MC’ (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur.
In this document I have discussed various technologies which can be used for improving security in the organization.
They are
1.Window AD Authentication
2.DLP Solution
3.File/HDD Encryption
4.Antivirus
5.Token/Biometric Access System
6.VPN/IPSEC
7.NAC
8.CSA
DLP Solution-
DLP is Data Loss Prevention. The DLP comprises of identifying, monitoring and protecting the data. The data can be in use (e.g. endpoint), in motion (e.g. network) and
Can be at rest (e.g. SAN-Storage Area Network).The DLP can find out the sensitive data through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.). The DLP systems are designed to detect and prevent the unauthorized use and transmission of confidential (sensitive) information.
a.Network DLP
These are the systems usually installed near to the Internet connection of the organizations network and analyze network traffic for sensitive information transmission. That includes email, Chat, FTP,IM, HTTP, HTTPS. These can also work as a Storage DLP systems
b.Host DLP
These systems run on end user workstations and servers in the organization. They can be used to control the information flow between groups or types of users. They can also be used to control email and other forms of communication. Host systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities e.g. pendrives) and in some cases can access information before it has been encrypted.
[removed]// [removed]
[removed]
[removed]
[removed][removed]
[removed][removed]
[removed]// [removed]
Windows AD environment
All the hosts connected will have a domain environment which gives flexibility, scalability, security to the network and to the users. Windows uses robust Kerberos based authentication which is difficult to break. The network gives manageability as the rights management becomes easy. The rights can be assigned to individual users or group of users. Also severalauthentication methods like biometric or token based systems can be directly integrated with the AD system.
File/HDD encryption
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
It can be mainly of two types
a. File Encryption
b. Disk Encryption
File Encryption- It is the process used to encrypt the files. The owner will encrypt the files and keep it in an encrypted form. If the data gets stolen or in the wrong hands the stealer will not be able to find out what the real content of the file is.
Disk Encryption-It’s also called as Volume Encryption. In this type of encryption the data on the whole disk is encrypted with a specific algorithm. The encryption will be transparent to the user i.e. the user will not be able to make out whether the data is getting encrypted or not. If the disk gets stolen the thief will not be able to get the contents as the whole disk will be encrypted.
Antivirus
Antivirus can be of two types a. Signature based Antivirus, b. Behavior based Antivirus
a. Signature based Antivirus- These AV’s detect the viruses based on the signatures given to them by the database system. These databases get updated but if any signature is missing then the virus/ worm will be active up to that time.
b. Behavior based Antivirus- These AV’s detect the behavior of the application and if it finds the behavior as suspicious then it marks it as a virus and takes appropriate action. These type of AV’s can be used to prevent zero day attacks for which the solution has not been released by the AV vendor yet.
[removed]// [removed]
[removed]
[removed]
[removed]// [removed]
Token/Biometric Based Authentication
Security tokens are used to prove one’s identity electronically. The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something. It can be abiometric based token e.g. a token with fingerprints
There are four types of tokens:
Static Password.
Synchronous Dynamic Password
Asynchronous Password
Challenge Response
In these Challenge Response and Synchronous Dynamic Password are bit difficult to hack.These are also called dual factor authentications as the user will have to give what he is having (a token) and what he knows ( a password). This type of security gives an edge over the other technologies.
IPSEC VPN
IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3. IPsec can be used for protecting any application traffic across the Internet or any private network. Applications need not be specifically designed to use IPsec.
The IPsec suite is a framework of open standards. IPsec uses the following protocols to perform various functions:
a. A security association (SA) set up by Internet Key Exchange (IKE and IKEv2) or Kerberized Internet Negotiation of Keys (KINK) by handling negotiation of protocols and algorithms and to generate the encryption andauthentication keys to be used by IPsec.
b. Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.
c. Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.
NAC –Network Admission Control
Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. It attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or systemauthentication and network security enforcement so that the access to the network and other resources gets restricted from hackers.
Goals of NAC
Mitigation of zero-day attacks
The key value proposition of NAC solutions is the ability to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of computer worms.
Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes.
Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.
CSA-Cisco Security Agent
CSA is an endpoint intrusion prevention system software which is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack.
CSA uses a two or three-tier client-server architecture. The Management Center ‘MC’ (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur.