Review of interconnection hardware – hubs, switches, routers Our design includes hubs, switches and routers in the infrastructure. In this section we will provide a quick overview of these appliances. Network hubs, switch, and router all perform the job of connecting computers. A network hub connects computers to each other, but it is designed with no real understanding of the information that is being transferred through the hub. what it is transferring. Network hubs are usually used in a private network (no Internet access). Hubs are pretty dumb about how they transfer data: a packet of data received from a connected device is broadcast to all other connected devices. Network bandwidth is split between all of the connected computers, which means that the more computers that are attached to a hub, the slower the connection. Hubs should be used with restraint for that matter. A network switch also connects computers to each other, but unlike a hub. hen a switch receives a packet of data, it is smart enough to know what computer or device the packet is destined, for and sends it accordingly. A network router is different from both a switch and a hub. Routers primarily route data packets to other networks. They provide the interfaces between external and internal networks (the Internet and a LAN, for example). A router usually contains other functions such as firewalls, traffic monitoring, VPN, and more services. Security Review According to the SciTechConnect blog [1], “In today’s network infrastructures, it is critical to know the fundamentals of basic security infrastructure. Before any computer is connected to the Internet, planning must occur to make sure the network is designed in a secure manner. Many of the attacks ... ... middle of paper ... ...ss secure network. VPN uses special software to use the public Internet to provide remote users secure access to their organization 's network. We recommend the use of VPN for remote access to DEM intranet for all authorized users. No remote access to DEM intranet should be provided to anyone not using a VPN. 4. Intrusion Detection Systems (IDS) – An IDS is a software, hardware, or combination network appliance that monitors and inspects all inbound and outbound network traffic. An IDS performs pattern matching to identify indicators of attack or suspicious activities. Contrast this with a firewall, which inspects all outbound and inbound traffic to make sure disallowed types of connections are not being initiated. To summarize, we are recommending the use of WPA-2 Enterprise protocols, VPN for remote access, Firewalls, Proxy Servers, and IDS for the DEM network.
The analysis will allow the NIDS to alert on activity which could be a sign of unauthorized access or malicious activity. The IT security team will check the alerts to determine if an event or incident has occurred. Similarly, an HIDS application will be installed on all servers and workstations. The HIDS application will analyze the servers and workstation and check the system logs to determine if any potential unauthorized or malicious activity has occurred and send the information to the NIDS for processing and alert creation.
... access to what and in which sequence. The router connects the LAN to other networks, which could be the Internet or another corporate network so that the LAN can exchange information with networks external to it. The most common LAN operating systems are Windows, Linux, and Novell. Each of these network operating systems supports TCP/IP as their default networking protocol. Ethernet is the dominant LAN standard at the physical network level, specifying the physical medium to carry signals between computers, access control rules, and a standardized set of bits used to carry data over the system. Originally, Ethernet supported a data transfer rate of 10 megabits per second (Mbps). Newer versions, such as Fast Ethernet and Gigabit Ethernet, support data transfer rates of 100 Mbps and 1 gigabits per second (Gbps), respectively, and are used in network backbones.
IDS is a device or software application that monitors a network for an unauthorised attack.
and their use. In Committee on Deterring Cyber attacks: Informing Strategies and Developing Options (Ed.), Proceedings of a Workshop on Deterring Cyber attacks: Informing Strategies and Developing Options for U.S. Policy. Washington, D.C.: National Academies Press.
A Hub is a networking device that allows one to connect multiple PCs to a single network. Hubs may be based on Ethernet, Firewire, or USB connections. “A switch is a control unit that turns the flow of electricity on or off in a circuit. It may also be used to route information patterns in streaming electronic data sent over networks. “
In this topology, all nodes are connected to a central device, usually a hub or a switch. Each connected device has a dedicated, point-to-point connection between the device and the hub. The star network topology is by far the most widely implemented topology in use today.
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
In 1980, James Anderson’s paper, Computer Security Threat Monitoring and Surveillance, bore the notion of intrusion detection. Through government funding and serious corporate interest allowed for intrusion detection systems(IDS) to develope into their current state. So what exactly is IDS? An IDS is used to detect malicious network traffic and computer usage through attack signatures. The IDS watches for attacks not only from incoming internet traffic but also for attacks that originate in the system. When a potential attack is detected the IDS logs the information and sends an alert to the console. How the alert is detected and handled at is dependent on the type of IDS in place. Through this paper we will discuss the different types of IDS and how they detect and handle the alerts, the difference between a passive and a reactive system and some general IDS intrusion invasion techniques.
Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors. In fact, according to several studies, more than half of all network attacks are waged internally. To determine the best ways to protect against attacks, we should understand the many types of attacks that can be instigated and the damage that these attacks can cause to data. The most common types of attacks include Denial of Service (DoS), password, an...
Virtual Private Network presents some advantages over the traditional network technologies. VPN offers direct cost savings over leased lines or long-distance calls for remote access, savings resulting from reduced training requirements and equipment, increased flexibility, scalability, and security. The main advantage of VPN is the cost savings of Internet VPN when compared to networks built using conventional leased lines. Leased lines include tariffs that have an installation fee, a fixed monthly cost, and a mileage charge. The cost to an organization of traditional leased lines may be reasonable at first but can increase exponentially as the organization grows. As an organization grows and more companies must be added to the network, the number of leased lines required increases dramatically. VPN that utilizes the Internet avoids this problem by simply tapping into the geographically distributed access already available. Another way VPN reduces costs is by reducing the need for long-distance telephone charges for remote access. Instead of having the offsite team of a company dial into the corporate modem bank via long distance lines, the company’s VPN allows them to simply place local calls to the ISP’s POP in order to connect to the corporate network.
...vantage of the overall network design and implement usable subnets with virtual local area networks. Use encryption and encapsulation to secure communications of public segments to enable extranets and cross-Internet company traffic. Use items such as intrusion detection systems and firewalls to keep unauthorized users out and monitor activity. Taken together, these pieces can make a secure network that is efficient, manageable, and effective.
Although Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) have been grouped together here (IDPS), there are distinctions between them. On the most basic level, both will monitor the network...
For the most part we have addresses the needs of our sales force on a case by case basis but going forward we really need to ensure we have a defined policy to streamline remote access. To accomplish this there are a few benchmarks we need to achieve. First of all the network has to be reliable or in more technical terms it needs to have high availability. Most importantly we need to make sure that the network is secure as much as it is possible with all the different types of users asking for access. Lastly, we need to address how we handle employees using personal or non-company issued computers and how we ensure that those machines meet of other remote access policies.
The explosive growth of the internet over the past 10 years has fostered an almost equally explosive growth in the need to transmit data across vast distances quickly and reliably. Routers have kept pace with this demand. Routers are the traffic cops and road signs that make sure that the email you send to your friend across the country arrives at it’s intended destination. I have barely scratched the surface of information that is necessary to keep a enterprise router up and running. As we keep an eye to the future amazing things will continue to un-fold in the world of routers.
The network management plan and security plan is important to help the company figure out how they will improve its network and security procedures for the company. Planning involves outlining objectiv...