NETWORKING ESSENTIALS (PART II)

THE REDIRECTOR

THE PROCESS OF FORWARDING REQUESTS IS DONE BY A REDIRECTOR. DEPENDING ON THE NETWORKING SOFTWARE, THIS REDIRECTOR MAY ALSO BE REFERRED TO AS A SHELL OR A REQUESTER. THE REDIRECTOR IS A SMALL SECTION OF CODE IN THE NETWORKING OPERATING SYSTEM THAT:

• INTERCEPTS REQUESTS IN THE COMPUTER.
• DETERMINES IF THEY SHOULD BE LEFT ALONE TO CONTINUE IN THE LOCAL COMPUTER'S BUS OR REDIRECTED OUT TO THE NETWORK TO ANOTHER SERVER.

INSTALLING WINDOWS NT SERVER

THE INSTALLATION PROGRAM IS AN APPLICATION THAT WILL DO THE WORK OF INSTALLING THE NETWORK OPERATING SYSTEM IN A VARIETY OF WAYS, DEPENDING ON:

• THE ENVIRONMENT INTO WHICH IT WILL BE INSTALLED.
• THE SIZE OF THE NETWORK.
• THE TYPES OF JOBS THE SERVER WILL PERFORM IN THE NETWORK.
• THE TYPE OF FILE SYSTEM THE SERVER WILL USE.
• THE IDENTIFICATION OF THE SERVER.
• OPERATING SYSTEMS IN THE SERVER.
• HOW THE SERVER'S HARD DISK SPACE IS DIVIDED.

TCP/IP INSTALLATION

TCP/IP IS A STANDARD, ROUTABLE, ENTERPRISE NETWORKING PROTOCOL FOR WINDOWS NT. CAN BE USED ON THE INTERNET.

WHEN INSTALLING MICROSOFT TCP/IP, YOU NEED THE FOLLOWING THREE CONFIGURATION PARAMETERS TO USE IT IN A ROUTED NETWORK ENVIRONMENT.

• IP ADDRESS, SUBNET MASK, AND DEFAULT GATEWAY.

DHCP (CONFIGURING TCP/IP AUTOMATICALLY)

WINDOWS NT SERVER PROVIDES A SERVICE CALLED THE DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) SERVER SERVICE. WHEN A DHCP SERVER IS CONFIGURED ON THE NETWORK, CLIENTS THAT SUPPORT DHCP (INCLUDING WINDOWS NT WORKSTATION AND WINDOWS NT SERVER) CAN REQUEST TCP/IP CONFIGURATION INFORMATION (IP ADDRESS, SUBNET MASK, DEFAULT GATEWAY, AND SO FORTH) FROM THE DHCP SERVER. THIS CAN GREATLY SIMPLIFY THE CONFIGURATION OF TCP/IP ON THE CLIENT COMPUTER.

TCP/IP UTILITIES

SNMP (SIMPLE NETWORK MANAGEMENT PROTOCOL)

IN AN SNMP ENVIRONMENT, PROGRAMS CALLED AGENTS ARE LOADED ONTO EACH MANAGED DEVICE. THE AGENTS MONITOR NETWORK TRAFFIC AND BEHAVIOR IN THESE KEY NETWORK COMPONENTS IN ORDER TO GATHER STATISTICAL DATA. THIS DATA IS STORED IN A MANAGEMENT INFORMATION BASE (MIB).

• HUBS
• SERVERS
• INTERFACE CARDS
• ROUTERS AND BRIDGES
• OTHER SPECIALIZED NETWORK EQUIPMENT

PLANNING FOR NETWORK SECURITY

LEVEL OF SECURITY

SETTING POLICIES

PREVENTION

AUTHENTICATION

TRAINING

SECURITY ENHANCEMENTS

DISKLESS COMPUTERS HAVE NO FLOPPY DRIVES OR HARD DISKS. THEY CAN DO EVERYTHING A COMPUTER WITH DISK DRIVES CAN DO EXCEPT STORE DATA ON A LOCAL FLOPPY OR HARD DISK. THESE COMPUTERS ARE IDEAL FOR SECURITY BECAUSE USERS CANNOT DOWNLOAD DATA AND TAKE IT AWAY. ALSO, SOME COMPANIES USE DISKLESS COMPUTERS BECAUSE THEY ARE INEXPENSIVE COMPARED TO FULLY-EQUIPPED COMPUTERS.

A DATA ENCRYPTION UTILITY SCRAMBLES DATA BEFORE IT GOES OUT ONTO THE NETWORK. THIS MAKES THE DATA UNREADABLE EVEN IF SOMEONE TAPS THE CABLE AND READS THE DATA AS IT PASSES OVER THE NETWORK. WHEN THE DATA GETS TO THE PROPER COMPUTER, A KEY, THE CODE FOR DECIPHERING DATA, DECODES THE BITS INTO UNDERSTANDABLE INFORMATION. ADVANCED DATA ENCRYPTION SCHEMES AUTOMATE BOTH ENCRYPTION AND THE KEYS. THE BEST ENCRYPTION SYSTEMS ARE HARDWARE-BASED AND CAN BE EXPENSIVE.

DISASTROUS VIRUSES ARE BECOMING MORE COMMON PLACE. THEY MUST BE TAKEN INTO ACCOUNT WHEN DEVELOPING NETWORK SECURITY PROCEDURES. ALTHOUGH NO VIRUS PROTECTION PROGRAM CAN PREVENT ALL VIRUSES, THEY CAN DO SOME OF THE FOLLOWING:

• KEEP THE VIRUS FROM ACTIVATING.
• REMOVE THE VIRUS.
• REPAIR THE DAMAGE THAT A VIRUS HAS CAUSED TO SOME EXTENT.
• KEEP THE VIRUS IN CHECK AFTER IT ACTIVATES.

TAPE BACKUP METHODS

FULL BACKUP - BACKS UP AND MARKS SELECTED FILES, WHETHER OR NOT THEY HAVE CHANGED SINCE THE LAST BACKUP.

COPY - BACKS UP ALL SELECTED FILES WITHOUT MARKING THEM AS BEING BACKED UP.

INCREMENTAL BACKUP - BACKS UP AND MARKS SELECTED FILES ONLY IF THEY HAVE CHANGED SINCE THE LAST TIME THEY WERE BACKED UP.

DAILY COPY - BACKS UP ONLY THOSE FILES THAT HAVE BEEN MODIFIED THAT DAY, WITHOUT MARKING THEM AS BEING BACKED UP.

DIFFERENTIAL BACKUP - BACKS UP SELECTED FILES ONLY IF THEY HAVE CHANGED SINCE THE LAST TIME THEY WERE BACKED UP, WITHOUT MARKING THEM AS BEING BACKED UP.

FAULT TOLERANCE AND DISK ADMINISTRATOR

DISK ADMINISTRATOR IS USED TO CREATE A VARIOUS DISK CONFIGURATIONS, INCLUDING:

• STRIPE SETS WITH PARITY, WHICH ACCUMULATE MULTIPLE DISK AREAS INTO ONE LARGE PARTITION, DISTRIBUTING DATA STORAGE ACROSS ALL DRIVES SIMULTANEOUSLY, ADDING FAULT TOLERANCE PARITY INFORMATION.
• MIRROR SETS, WHICH MAKE A DUPLICATE OF ONE PARTITION AND PLACE IT ONTO A SEPARATE PHYSICAL DISK.
• VOLUME SETS, WHICH ACCUMULATE MULTIPLE DISK AREAS INTO ONE LARGE PARTITION, FILLING THE AREAS IN SEQUENCE.
• STRIPE SETS, WHICH ACCUMULATE MULTIPLE DISK AREAS INTO ONE LARGE PARTITION, DISTRIBUTING DATA STORAGE ACROSS ALL DRIVES SIMULTANEOUSLY. NO FAULT TOLERANCE.

MODEM

COMPUTERS CANNOT SIMPLY CONNECT OVER A TELEPHONE LINE BECAUSE THE COMPUTER COMMUNICATES IN DIGITAL ELETRONIC PULSES (ELETRONIC SIGNALS) AND A TELEPHONE LINE CAN ONLY SEND ANALOG PULSES (SOUND). A MODEM AT THE SENDING END CONVERTS THE COMPUTER'S DIGITAL SIGNALS INTO ANALOG AND TRANSMITS THE ANALOG SIGNALS ONTO THE TELEPHONE LINE. A MODEM AT THE RECEIVING END CONVERTS THE INCOMING ANALOG SIGNALS BACK INTO DIGITAL SIGNALS FOR THE RECEIVING COMPUTER.

MODEM HARDWARE

MODEMS ARE KNOWN AS DATA COMMUNICATIONS EQUIPMENT (DCE) AND SHARE THE FOLLOWING CHARACTERISTICS:

• A SERIAL (RS-232) COMMUNICATIONS INTERFACE
• A RJ-11 TELEPHONE-LINE INTERFACE (A FOUR-WIRE TELEPHONE PLUG)

TYPES OF MODEMS

ASYNCHRONOUS MAY BE THE MOST WIDESPREAD FORM OF CONNECTIVITY IN THE WORLD. THIS IS BECAUSE ASYNC WAS DEVELOPED SO IT COULD USE COMMON TELEPHONE LINES. THIS CHECKS FOR ERRORS ON THE DATA.

SYNCHRONOUS COMMUNICATION

SYNCHRONOUS COMMUNICATION RELIES ON A TIMING SCHEME COORDINATED BETWEEN TWO DEVICES TO SEPARATE GROUPS OF BITS AND TRANSMIT THEM IN BLOCKS KNOWN AS FRAMES. SPECIAL CHARACTERS ARE USED TO BEGIN THE SYNCHRONIZATION AND CHECK ITS ACCURACY PERIODICALLY. IF THERE IS AN ERROR, THE SYNCHRONOUS ERROR DETECTION AND CORRECTION SCHEME SIMPLY IMPLEMENTS A RETRANSMISSION.

PPTP (POINT-TO-POINT TUNNELING PROTOCOL)

PPTP PROVIDES A WAY TO ROUTE IP, IPX, OR NETBEUI PPP PACKETS OVER A TCP/IP NETWORK. PPTP ALLOWS FOR MULTIPROTOCOL ENCAPSULATION THAT ENABLE ANY OF THESE PACKETS TO BE SENT OVER THE TCP/IP NETWORK. THE EXISTING CORPORATE OR ORGANIZATIONAL LAN IS TREATED AS IF IT WERE A PSTN, ISDN, OR X.25 NETWORK. THIS VIRTUAL WAN IS SUPPORTED THROUGH THE PUBLIC NETWORKS SUCH AS THE INTERNET.

NETWORK COMPONENTS

REPEATERS

A REPEATER TAKES A WEAK SIGNAL FROM ONE SEGMENT, REGENERATES IT, AND PASSES IT TO THE NEXT SEGMENT. TO PASS DATA THROUGH THE REPEATER IN A USABLE FASHION FROM ONE SEGMENT TO THE NEXT, THE PACKETS AND THE LOGICAL LINK CONTROL (LLC) PROTOCOLS MUST BE THE SAME ON EACH SEGMENT. THIS MEANS THAT A REPEATER WILL NOT ENABLE COMMUNICATION BETWEEN AN 802.3 LAN (ETHERNET) AND AN 802.5 LAN (TOKEN RING).

REPEATERS DO NOT TRANSLATE OR FILTER ANYTHING. FOR A REPEATER TO WORK, BOTH SEGMENTS THAT THE REPEATER JOINS MUST HAVE THE SAME ACCESS METHOD. THE TWO MOST COMMON ACCESS METHODS ARE CSMA/CD AND TOKEN PASSING. A REPEATER CANNOT CONNECT A SEGMENT USING CSMA/CD TO A SEGMENT USING TOKEN PASSING. THAT IS, THEY CANNOT TRANSLATE AN ETHERNET PACKET INTO A TOKEN RING PACKET.

BRIDGES

LIKE A REPEATER, A BRIDGE CAN JOIN SEGMENTS OR WORKGROUP LANS. HOWEVER, A BRIDGE CAN ALSO DIVIDE A NETWORK TO ISOLATE TRAFFIC OR PROBLEMS. IF THE VOLUME OF TRAFFIC FROM ONE OR TWO COMPUTERS OR A SINGLE DEPARTMENT IS FLODDING THE NETWORK WITH DATA AND SLOWING DOWN THE ENTIRE OPERATION, A BRIDGE COULD ISOLATE THOSE COMPUTERS OR THAT DEPARTMENT. BRIDGES WORK AT THE DATA LINK LAYER OF THE OSI MODEL.

• EXPAND THE DISTANCE OF A SEGMENT.
• PROVIDE FOR AN INCREASED NUMBER OF COMPUTERS ON THE NETWORK.
• REDUCE TRAFFIC BOTTLENECKS RESULTING FROM AN EXCESSIVE NUMBER OF ATTACHED COMPUTERS.

• LINK UNLIKE PHYSICAL MEDIA SUCH AS TWISTED-PAIR AND COAXIAL ETHERNET.

ROUTERS

ROUTERS HAVE ACCESS TO MORE INFORMATION IN PACKETS THAN BRIDGES, AND USE THIS INFORMATION TO IMPROVE PACKET DELIVERIES. ROUTERS ARE USED IN COMPLEX NETWORK SITUATIONS BECAUSE THEY PROVIDE BETTER TRAFFIC MANAGEMENT THAN BRIDGES AND DO NOT PASS BROADCAST TRAFFIC. ROUTERS CAN SHARE STATUS AND ROUTING INFORMATION WITH ONE PASS BROADCAST TRAFFIC. ROUTERS CAN SHARE STATUS AND ROUTING INFORMATION WITH ONE ANOTHER AND USE THIS INFORMATION TO BYPASS SLOW OR MALFUNCTIONAING CONNECTIONS.

• FILTERING AND ISOLATING TRAFFIC
• CONNECTING NETWORK SEGMENTS

BROUTERS

A BROUTER COMBINES THE BEST QUALITIES OF BOTH A BRIDGE AND A ROUTER. A BROUTER CAN ACT LIKE A ROUTER FOR ONE PROTOCOL AND BRIDGE ALL OF THE OTHERS.

BROUTERS CAN:

• ROUTE SELECTED ROUTABLE PROTOCOLS.
• BRIDGE CONROUTABLE PROTOCOLS.
• DELIVER MORE COST-EFFECTIVE AND MORE MANAGEABLE INTERNETWORKING THAN SEPARATE BRIDGES AND ROUTERS.

GATEWAYS

GATEWAYS MAKE COMMUNICATION POSSIBLE BETWEEN DIFFERENT ARCHITECTURES AND ENVIRONMENTS. THEY REPACKAGE AND CONVERT DATA GOING FROM ONE ENVIRONMENT TO ANOTHER SO THAT EACH ENVIRONMENT CAN UNDERSTAND THE OTHER ENVIRONMENT'S DATA. A GATEWAY REPACKAGES INFORMATION TO MATCH THE REQUIREMENTS OF THE DESTINATION SYSTEM. GATEWAYS CAN CHANGE THE FORMAT OF A MESSAGE SO THAT IT WILL CONFORM TO THE APPLICATION PROGRAM AT THE RECEIVING END OF THE TRANSFER. FOR EXAMPLE, ELECTRONIC MAIL GATEWAYS, SUCH AS THE X.400 GATEWAY, RECEIVE MESSAGES IN A ONE FORMAT, TRANSLATE IT, AND FORWARD IN X.400 FORMAT USED BY THE RECEIVER, AND VICE VERSA.

A GATEWAY LINKS TWO SYSTEMS THAT DO NOT USE THE SAME:

• COMMUNICATION PROTOCOLS
• DATA FORMATTING STRUCTURES
• LANGUAGES
• ARCHITECTURE

MULTIPLE PATHS