DF9P34 Network Concepts Adv Without Exam

DF9P 34 Network Concepts Advanced
June 2005
Network Concepts: Advanced
COLEG
COLEG/SQA
Acknowledgements
Microsoft and Windows are registered trademarks of the Microsoft Corporation. Screenshots are reproduced by permission of Microsoft Corporation
Colleges Open Learning Exchange Group (COLEG) and the Scottish Qualifications Authority Material developed by Cardonald College. No part of this publication may be reproduced without the prior written consent of COLEG and SQA.
COLEG/SQA Version 1
DF9P 34
COLEG
Contents
Acknowledgements Introduction to the unit What this unit is about Outcomes Unit structure How to use these learning materials Symbols used in this unit Other resources required Assessment information How you will be assessed When and where you will be assessed You will be assessed by your tutor/assessor under supervised conditions. What you have to achieve Opportunities for reassessment Section 3: Implementing local area networks Introduction to this section Assessment information for this section Server operating systems Network-attached storage Fault tolerance and disaster recovery Firewalls and proxy servers Security measures Remote access 2 5 5 5 6 6 6 8 9 9 9 9 9 9 11 13 14 16 29 30 38 41 47
COLEG/SQA Version 1
DF9P 34
COLEG
Summary of this section Answers to SAQs Section 4: Providing network support Introduction to this section Assessment information for this section Using TCP/IP utilities Troubleshooting network problems Configuring clients to connect to servers Summary of this section Answers to SAQs Glossary
71 72 75 77 77 79 96 121 128 129 132
COLEG/SQA Version 1
DF9P 34
COLEG
Introduction to the unit

What this unit is about
This unit is designed to introduce you to the issues involved in installing and supporting computer networks, internal and external to an organisation. It is intended for candidates undertaking an HNC/D in computing, computer networking or a related area who require a broad knowledge of computer networks. In the first section you will learn about network media and topologies, including logical and physical topologies (star, hierarchical, bus, mesh, ring and wireless) and the feature of technologies such as LLC, Ethernet, token ring, wireless and FDDI. You will also learn about Ethernet characteristics, media types and connectors and network components such as hubs, switches, routers, bridges, gateways, CSU/DSU, interface cards, ISDN adapters, system area network cards, wireless access points, modems. In the second section you will learn about network protocols, including TCP/IP, IPX/SPX and NetBEUI, the seven layers of the OSI Reference Model, network services, WAN technologies, network security and remote access. In the third section you will learn how to implement local area networks, including analysing client requirements and specifying appropriate solutions. You will learn about server operating systems, client workstations, VLANs, network storage, fault tolerance, disaster recovery, security and network settings. In the final section you will learn how to provide network support, including troubleshooting network problems, configuring servers and carrying out hardware implementation tasks. Please note: The first two study sections are contained in the companion volume for this unit entitled: DF9P 34 Network Concepts: Introduction. Study sections 3 and 4 are contained in this book.
Outcomes
On completion of this unit you should be able to: 1. Describe network media and topologies. 2. Describe network protocols and standards. 3. Implement local area networks. 4. Provide network support.
COLEG/SQA Version 1
DF9P 34
COLEG
Unit structure
This unit contains four study sections. You will need two books to cover the whole unit. Study sections 1 and 2 are contained in the companion volume for this unit entitled: DF9P 34 Network Concepts: Introduction. Study sections 3 and 4 are contained in this book. Approximate study time (hours) 16 16 24 24
Section number and title
1 2 3 4
Network media and topologies Network protocols and standards Implementing local area networks Providing network support
How to use these learning materials

This teaching pack contains all the theory required to achieve the unit. There are a number of self assessment questions (SAQs) that assess your knowledge and understanding of the various topics. There are also a number of practical activities that get to you carry out a particular practical piece of work.
Symbols used in this unit

These learning materials allow you to work on your own with tutor support. As you work through the course, you will encounter a series of symbols, which indicate that something follows that youre expected to do. You will notice that as you work through the study sections you will be asked to undertake a series of SAQs, activities and tutor assignments. An explanation of the symbols used to identify these is given below. Self assessed question
This symbol is used to indicate an SAQ. Most commonly, SAQs are used to check your understanding of the material that has already been covered in the sections. This type of assessment is self contained; everything is provided within the section to enable you to check your understanding of the materials. The process is simple: you are set SAQs throughout the study section
COLEG/SQA Version 1
DF9P 34
COLEG
you respond to these, either by writing in the space provided in the assessment itself, or in your notebook on completion of the SAQ, you turn to the back of the section to compare the model SAQ answers to your own if youre not satisfied after checking out your responses, turn to the appropriate part of the study section and go over the topic again
Remember the answers to SAQs are contained within the study materials. You are not expected to guess at these answers. Activity
This symbol indicates an activity which is normally a task you will be asked to do which should improve or consolidate your understanding of the subject in general or a particular feature of it. The suggested responses to activities will follow directly after each activity. Remember that the SAQs and activities contained within your package are intended to allow you to check your understanding and monitor your own progress throughout the course. It goes without saying that the answers to these should only be checked out after the SAQ or activity has been completed. If you refer to these answers before completing the activities, you cannot expect to get maximum benefit from your course. Tutor assignment formative assessment
This symbol means that a tutor assignment is to follow. This is found at the end of the unit. The aim of the tutor assignment is to cover and/or incorporate the main topics of the sections and prepare you for unit (summative) outcome assessment.
COLEG/SQA Version 1
DF9P 34
COLEG
Other resources required

You will need access to a computer system with Windows 2000 with full administrative rights. Access to other operating systems such as Windows 98, NT and XP as well as Unix/Linux and MAC OS would be advantageous. Access to common networking equipment, such as routers, switches and hubs would also be advantageous.
To cover the whole unit, you will need a copy of the companion volume for this unit entitled: DF9P 34 Network Concepts: Introduction.
COLEG/SQA Version 1
DF9P 34
COLEG
Assessment information
How you will be assessed
You will be assessed by either a 50-question restricted-response end-of-unit test or by smaller subtests broken down as follows: In Learning Outcome 1 you will be asked to complete a 10-question restrictedresponse test with a 70% pass mark, to assess your knowledge and understanding. In Learning Outcome 2 you will be asked to complete a 16-question restrictedresponse test with a 70% pass mark, to assess your knowledge and understanding. In Learning Outcome 3 you will be asked to complete an 18-question restrictedresponse test with a 70% pass mark, to assess your knowledge and understanding. Also in LO3 you will be asked to perform practical tasks, which will be recorded by you in a logbook. In Learning Outcome 4 you will be asked to complete a 6-question restrictedresponse test with a 70% pass mark, to assess your knowledge and understanding. Also in LO4 you will be asked to perform practical tasks, which will be recorded by you in a logbook.
When and where you will be assessed

You will be assessed by your tutor/assessor under supervised conditions.
What you have to achieve

You must answer at least 70% of the questions correctly in order to obtain a pass. If subtests are used, they must also score at least 70% in each subtest.
Opportunities for reassessment

Normally, you will be given one attempt to pass an assessment with one reassessment opportunity. Your centre will also have a policy covering 'exceptional' circumstances, for example, if you have been ill for an extended period of time. Each case will be considered on an individual basis, and is at your centre's discretion (usually via written application), and they will decide whether to allow a third attempt. Please contact your tutor for details regarding how to apply.
COLEG/SQA Version 1
DF9P 34
COLEG
COLEG/SQA Version 1
10
DF9P 34
COLEG
Section 3: Implementing local area networks
COLEG/SQA Version 1
11
DF9P 34
COLEG
COLEG/SQA Version 1
12
DF9P 34
COLEG
Introduction to this section

What this section is about You will be given the opportunity to install or witness the installation of a variety of LANs. You should put the information learned in Outcomes 1 and 2 to use here. You will learn how to analyse a clients requirements and be able to offer a number of appropriate solutions. This can be done manually using the advantages and disadvantages of media covered in Outcomes 1 and 2. You should be able to say which networks are appropriate and why other networks are not appropriates for given situations. Outcomes, aims and objectives Outcome 3 deals with the implementation of LANs. Server operating systems: You will learn about the basic capabilities of Unix/Linux, NetWare, Windows and Macintosh operating systems, looking at as many releases as is practical. Client workstations: Capabilities of client workstations with regard to connectivity, local security and authentication will be discussed. You will learn how to identify these and their suitability for given situations. VLANs: Benefits of VLANs (bandwidth management, administration costs, workgroups, security) will be introduced. Network attached storage: Characteristics of network attached storage will be introduced. You will learn how to install this type of storage device. Fault tolerance and disaster recovery: The purpose and characteristics of fault tolerance and RAID hardware and software will be considered. You will look at disaster recovery in terms of its purpose and characteristics and how it fits into the networks fault tolerance plan. Firewalls and proxy servers: You will learn to identify the purpose, benefits and characteristics of using firewalls and proxy servers. Security measures: You will learn how to identify the appropriate level of security for a given network and how this should be implemented. Remote access: Given a remote connectivity scenario (e.g. IP, IPX, dial-up, PPPoE, authentication, physical connectivity etc.), you will learn how to configure the connection. Network configuration: You will be given as much exposure and practice to the installation of different network topologies as is practicable. Given a network configuration, you should be able to select the appropriate NIC and network configuration settings (DHCP, DNS, WINS, protocols, NetBIOS/host name, etc.).
COLEG/SQA Version 1
13
DF9P 34
COLEG
Approximate study time 24 hours. Other resources required A computer running Windows 2000 Professional with a connection to a LAN or WAN.
Assessment information for this section

How you will be assessed This section will be assessed by a restricted-response test and the completion of an activity logbook. Restricted-response test The knowledge and skills component of this section will be examined by 18 questions, two derived from each of the nine items listed above. Each question will be derived from a single item. Logbook The logbook for this section must record that you have successfully completed each of the tasks listed below. 1 Configuring a remote access connection Documentary evidence that the candidate can configure a remote access connection in accordance with a given specification. 2 Selecting network configuration settings Documentary evidence that the candidate can select network configuration settings in accordance with a given specification. When and where you will be assessed You will be assessed by your tutor/assessor at an appropriate location where closed book tests can be taken. What you have to achieve You must achieve a pass mark of 70% or greater in the multiple choice test to pass this outcome. Opportunities for reassessment Normally, you will be given one attempt to pass an assessment with one reassessment opportunity.
COLEG/SQA Version 1
14
DF9P 34
COLEG
Your centre will also have a policy covering 'exceptional' circumstances, for example, if you have been ill for an extended period of time. Each case will be considered on an individual basis, and is at your centre's discretion (usually via written application), and they will decide whether to allow a third attempt. Please contact your tutor for details regarding how to apply.
COLEG/SQA Version 1
15
DF9P 34
COLEG
Server operating systems

There are a number of different operating systems that can be used for servers within a network. We will look at the basic capabilities of Unix/Linux, NetWare, Windows and Macintosh operating systems. Unix/Linux Unix The Unix server operating system is a multi-tasking, multi-user, text-based operating system that was created to run on virtually any hardware platform. It is an operating system that was originally developed in Bell Labs by programmers for programmers, which makes it rather complex to manage. However, because it is powerful and stable, it is used in many different types of environments such as hospitals, university and college campuses and many corporate networks. In a typical Unix network, computers with no hard drive and limited processing and memory capability (known as dumb terminals) are connected to a centralised server which carries out the processing based on commands issued from the dumb terminals. Think of it as several monitors and keyboards connected to the same computer. In more modern networks where Unix systems co-exist with other operating systems such as Windows, network computers will connect to the Unix server via a terminal emulator (such as TELNET). In a Unix operating system, every user executes programs and stores files on the same system, allowing them to share resources in real time. There are many, many different Unix variants. (Linux, Solaris, SunOS, HP-UX, Digital Unix, SCO Open Server, DG-UX, to name just a few.) These variants run on differing type of hardware, from regular PCs to large mainframes. Unix variants are also used in telecommunication systems and many other devices. The network file system (NFS) is also an important part of Unix networking. It allows a Unix machine to mount a directory (share) on a remote computer and treat it as part of the local file system. The main drawback of NFS is that it is not secure. Every file and folder in Unix has an associated set of permissions that determines who can do what. The three types of permissions are Read (r), Write (w), and Execute (x). In order for users of Windows and other non-Unix operating systems to communicate with a Unix server, the SAMBA protocol, an open source software suite that provides file and print services to service message block (SMB) clients, is required. SMB is similar to NFS and is used primarily in Windows networks. The SAMBA protocol allows a Unix server to participate in a Windows domain, so Unix file and folder shares and resources show up in the network neighborhood of clients. Newer versions of SAMBA can also process logon requests for clients in a Windows domain environment and so on, and hence act as a domain controller for the network.
COLEG/SQA Version 1
16
DF9P 34
COLEG
Linux Linux is an open source operating system that is similar to Unix. Open source means that its source code is available to the public under the GNU General Public Licence, which allows anyone to create extension, utilities, graphical user interfaces (GUIs), software and more for the Linux system. Linux was initially created by Linus Torvalds, who wanted to develop a small Unix system in order to improve it. Linux is commonly used to act as an HTTP, FTP or mail server. However, Linux isnt just run on servers, it can also be used on PCs. A variety of user-friendly GUIs are available to make it easier to use for the less technically able. Apart from the fact that it's freely distributed, Linux's functionality, adaptability and robustness, has made it the main alternative for proprietary Unix and Microsoft operating systems. IBM, Hewlett-Packard and other large technology companies have embraced Linux and support its ongoing development. More than a decade after its initial release, Linux is being adopted worldwide, primarily as a server platform; its use as a home and office desktop operating system is also on the rise, however. Computers with processing power as low as a 386-based CPU can install and run a Linux system. Unix/Linux interoperability As mentioned before, open source software such as SAMBA is used to provide Windows users with SMB file sharing. This allows them to connect to the Unix/ Linux server. File and print services As discussed earlier, the NFS within Linux and Unix is a distributed file system that allows users to access files and directories located on remote computers and treat those files and directories as if they were local. There are also print services included with Linux/Unix. LPR/LPD is the primary Unix printing protocol used to submit jobs to the printer. The LPR component initiates commands such as print waiting jobs, receive job, and send queue state, and the LPD component in the print server responds to them. Security With most Unix operating systems, the network services can be individually controlled to increase security.
COLEG/SQA Version 1
17
DF9P 34
COLEG
Novell NetWare NetWare was developed by Novell in the early 1980s and is based on the Xerox Network System. It is a network operating system (NOS) that allows file and printer sharing and mail functionality using a client/server architecture. That is, clients log into the server and use its resources while logged in. NetWare used to be very popular as a NOS, and can still be found in many corporate networks today, but this has now been overtaken largely by the versatility of the Windows operating systems. In NetWare version 4, Novell introduced NetWare Directory Services (NDS), which allow network resources to be grouped together and organised in an ordered and hierarchical way, so they can be easily located and administered. NDS uses the same concept as Microsoft's Active Directory(see below) for the groupings of users, computers and permissions. NetWare operating systems prior to NetWare 4 relied on what was known as the bindery. The NetWare bindery kept server-specific user and group information in a flat file which every network server maintained independent of the bindery on other servers, hence there was no relationship between these objects. The bindery relied heavily on the Service Advertising Protocol to advertise its resources to clients, which would use a large amount of the network bandwidth. In NetWare, there are software modules called NetWare loadable modules (NLMs) that can be added to a NetWare server installation to provide additional functionality. In order to communicate between Novell operating systems and other computers using Windows operating systems, Microsoft developed NWLink, which is their implementation of IPX/SPX. This allows Windows clients to communicate with NetWare servers. NetWare protocol suite Although current versions of Novell NetWare use TCP/IP, before NetWare version 5, IPX was the protocol in NetWare networks. The NetWare protocol suite is a suite of several protocols for different functions; before version 5 this was IPX and SPX. IPX/SPX was a small and easy to implement routable protocol developed by Novell and based on the Xerox Network System. IPX is similar to the IP (Internet protocol) from the TCP/IP suite: it is a connectionless layer 3 (Network layer) protocol used to transfer packets between hosts and networks. SPX is the Transport protocol used to provide reliable transport for IPX datagrams, as TCP does for IP. IPX/SPX networks support up to approximately 300 hosts per segment. A key part of Novell NetWare networking is the NetWare Core Protocol (NCP). This protocol operates on the upper three layers of the OSI-model, and provides services to client redirectors such as the NetWare Shell. Services include file and printer access, security and name services. Some of the most important Application layer services are the Message-Handling Services (MHS), a simple electronic messaging system, and NDS.
COLEG/SQA Version 1
18
DF9P 34
COLEG
The latest version of Novells NetWare suite (currently version 6.5) contain Novell eDirectory, which is a high-end directory service that simplifies the management of identities and security access for employees, customers and partners. NetWare 6.5 also includes Novell iManager, a convenient browser-based administration tool. iManager provides a global view of the network, no matter how widely dispersed it is. Client support NetWare 5 comes with Novell Client software for three client platforms: DOS and Windows 3.1x, Windows 95/98, and Windows NT. Interoperability You can set the Novell Clients for Windows operating systems to work with one of three network protocol options: IP only, IP and IPX, or IPX only. File and print services NetWare offers two choices of mutually compatible file services: Novell Storage Services (NSS) and the traditional NetWare file system. Both kinds of file services let you store, organise, manage, access, and retrieve data on the network. NSS gathers all unpartitioned free space that exists on all the hard drives connected to your server, together with any unused space in NetWare volumes, and places it into a storage pool. You create NSS volumes from this storage pool during server installation or later through NWCONFIG. Novell Distributed Print Services (NDPS) is the default and preferred print system in NetWare. NDPS supports IP-based as well as IPX-based printing. Security Novell has support for a public key infrastructure built into version of NetWare 5 onwards, which uses a using a public certificate, developed by RSA Security. Windows Windows NT The windows operating system is probably the most commonly used operating system today, although Linux has started making inroads in some areas. Microsoft released Windows NT Advanced Server version 3.1 in 1993 (the NT stands for 'new technology'). The user interface was immediately familiar, as it was the same as the one used in Windows 3.x. Windows NT progressed through versions 3.5 and 3.51 before Microsoft released Windows NT version 4.0 in 1996. This had a similar user interface to Windows 95 at the time. The introduction of NT allowed Microsoft to attack NetWares huge market share. NT is a 32-bit network operating system that can run both 32-bit and legacy 16-bit Windows
COLEG/SQA Version 1 19 DF9P 34
COLEG
programs. In addition, it can run DOS, OS/2 and POSIX applications, which makes it more flexible than other server operating systems. NT can be used for file and print services but also provides an excellent application server platform. It supports multiple processors and can be run on RISC as well as Intel x86 based systems. The main features of NT are as follows: A sophisticated security system NT servers can be grouped into 'domains'; a single domain security database is used to add user details and provides access to resources on any of the servers The use of a domain simplifies and centralises administration The NT file system (NTFS) provides enhanced reliability and excellent file and folder security NT supports IPX/SPX, NetBEUI and TCP/IP, AppleTalk and DLC protocols Clients supported include DOS, Windows, OS/2, Unix and Apple Macintosh
Directory Services in NT In Windows NT, computers can be grouped together in domains. This provides for centralised management of user and group accounts, together with a centralised security and system policy which can be used to set security and policy for computers throughout the domain. NT was very robust and was not prone to crashing, but the downside of was its poor handling of hardware resources with no plug and play support. Thus installing new hardware could at times be tricky and frustrating. The Windows 2000 family Windows NT was the main NOS product from Microsoft for many years, and over those years Microsoft added more features to try and address users needs through updates called service packs. With Windows 2000, they have made considerable enhancements to the product. Windows 2000 Professional is the preferred 32bit desktop environment, providing a combination of Windows 98 usability and Windows NT 4 reliability. New features include support for power management, plug and play and support for new file system features, including Encrypting File System (EFS). The main features of Windows 2000 are as follows: Support for the file systems FAT16, FAT32 and NTFS Increased uptime of the system and significantly fewer operating system crashes requiring a reboot
COLEG/SQA Version 1
20
DF9P 34
COLEG
The implementation of Windows Installer, which tracks applications installations and recognises and replaces missing components Protection of the memory of individual applications and processes to avoid a single application bringing the system down Encrypted file systems to protect sensitive data Secure VPN supports tunnelling into a private LAN over the Internet Personalised menus adapt to the way users work The multilingual version allows switching of the user interface and Help language, based on logon Includes broader support for high-speed networking devices, including native ATM and cable modems Support for universal serial bus (USB) and IEEE 1394 for a greater range of bandwidth devices
There are three types of Windows 2000 Server, each with features appropriate to the target audience. All share the same core features as Windows 2000 Professional, but have additional features. The Windows 2000 Server is the standard entry-level server platform, providing similar power to the Windows NT 4 Server. However, it also includes support for Terminal Services and Active Directory. Windows 2000 Server has the ability to handle up to two processors. Users requiring more power and greater scope for scalability should opt for Windows 2000 Advanced Server, which is similar in power to Windows NT 4 Enterprise Server. It provides enhanced scalability and clustering support. Windows 2000 Advanced Server has the ability to handle up to eight processors. Users who need an enterprise-size database or web servers should opt for the Windows 2000 DataCenter Server. This is currently the most powerful server product in the range. It is used for real-time transaction processing and database services and provides the capabilities of Windows 2000 Advanced Server plus more scalability. Windows 2000 DatacenterServer has the ability to handle up to 32 processors. Directory services in Windows 2000 In Windows 2000, the directory service is provided by Active Directory, a centralised and standardised system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. As with Windows NT, domains provide the primary grouping of users, groups and computers. However, delegation of administration is provided by organisational units, and geographic considerations are implemented using site objects.
COLEG/SQA Version 1
21
DF9P 34
COLEG
Combining NT and NetWare Microsoft provides two possible solutions for the integration of NT and NetWare servers. These can be described as a client-based solution and a server-based solution. Client-based solution This solution may be applied to both Windows 9x and NT Workstation/Windows 2000 Professional; the client requires an additional redirector installed to allow it to talk to the NetWare servers. Assuming that the client is currently running the Microsoft redirector (client for Microsoft networks) and a protocol other than IPX/SPX (NWLink), the following is required: Add the IPX/SPX (NWLink) protocol For NT Workstation/Windows 2000 add Client Services for NetWare (CSNW) or for Windows 9x add the Client for NetWare networks
Server-based solution The server-based solution leaves the client configuration unchanged and uses the Windows NT Server/Windows 2000 Server to pass requests to the NetWare server. The Windows server requires: The IPX/SPX (NWLink) protocol Gateway Services for NetWare (GSNW)
You will also need to create a user account on the NetWare server with sufficient permissions to access resources on behalf on the clients. In addition, this account must be a member of a group, on the NetWare server, called NTGATEWAY. Client support Windows 2000 supports Windows 3.x, Windows 95, Windows 98, and Windows NT Workstation 4.0. Interoperability Windows 2000 Server supports Unix, Novell NetWare, Windows NT Server 4.0, and Macintosh. Authentication Successful user authentication in a Windows 2000 computing environment consists of two separate processes: interactive logon, which confirms the user's identification to either a domain account or a local computer, and network authentication, which confirms the user's identification to any network service that the user attempts to access. Types of authentication that Windows 2000 supports are as follows:
COLEG/SQA Version 1
22
DF9P 34
COLEG
Kerberos V5 is used with either a password or a smart card for interactive logon. It is also the default method of network authentication for services. The Kerberos V5 protocol verifies both the identity of the user and network services. Secure Socket Layer/Transport Layer Security (SSL/TLS) authentication, is used when a user attempts to access a secure Web server.
File and print services You can add and maintain printers in Windows 2000 using the print administration wizard, and you can add file shares using Active Directory management tools. Windows 2000 also offers Distributed File Services, which let you combine files on more than one server into a single share.
COLEG/SQA Version 1
23
DF9P 34
COLEG
Security User-level security protects shared network resources by requiring that a security provider authenticate a users request to access resources. The domain controller grants access to the shared resource by verifying that the user name and password are the same as those on the user account list stored with the network security provider. Because the security provider maintains a network-wide list of user accounts and passwords, each client computer does not have to store a list of accounts. Share-level security protects shared network resources on the computer with individually assigned passwords. For example, you can assign a password to a folder or a locally attached printer. If other users want to access it, they need to type in the appropriate password. If you do not assign a password to a shared resource, every user with access to the network can access that resource. Apple Macintosh Mac OS X Server, is Apples NOS, which was introduced to rival Windows NT, Novell NetWare, and Linux operating systems. Mac OS X Server provides file and print sharing, a web server, and multimedia content streaming services to Apple Macintosh-based networks. Mac OS X Server also introduces NetBoot and Macintosh Management Services, features designed to ease the administrative tasks involved with Macintosh networks and save IT administrators time. The first Macintosh NOS is a robust server that will fulfil the networking needs of Macintosh web design shops, companies supporting Macintosh clients, and Macintosh workgroups or labs. Client support Mac OS X supports TCP/IP file sharing with Macintosh clients using Network File System (NFS), and File Transfer Apple File Protocol 3.0. Interoperability Mac OS X Server uses SAMBA to provide Windows users with SMB file sharing. NFS lets you make folders available to Unix and Linux users. Authentication Kerberos is used to support centralised login authentication. File and print services Mac OS X Server provides support for native Macintosh, Windows, Unix, and Linux file sharing. Protocols supported include: Apple file services (AFP 3.0) from any AppleShare client over TCP/IP Windows (SMB/CIFS) file sharing using SAMBA
24
COLEG/SQA Version 1
DF9P 34
COLEG
NFS for Unix and Linux file access Internet (FTP)
Built-in print services can spool files to any PostScript-capable printer over TCP/IP, AppleTalk, or USB. Macintosh customers can use the LPR support in Print Center or the Desktop Printer utility to connect to a shared printer. Windows users can use their native SMB/CIFS protocol to connect to a shared printer. Print services for OS X Server are as follows: Macintosh and Unix: LPR/LPD Windows: SMB/CIFS
Security Mac OS X server provides a multiple-user architecture and user-level access privileges. SSL support provides encrypted and authenticated client/server communications. Secure shell (SSH) provides encryption and authentication for secure remote administration. Kerberos provides support for centralised login authentication.
COLEG/SQA Version 1
25
DF9P 34
COLEG
3.1. 1
Write a short description of the major NOS (network operating systems), summarising their major points. Include Unix, Linux, Novell, Microsoft and Apple Macintosh in your description.
COLEG/SQA Version 1
26
DF9P 34
COLEG
VLANs We looked at networking devices earlier in this unit and we looked at hubs, switches and routers in particular. We looked at how hubs create one broadcast domain and one collision domain. Switches also create one single broadcast domain, but they do segment the network by breaking the segment up into a series of collision domains. As we learned earlier, a router can break a segment up into separate collision domains and broadcast domains. In a large network, using hubs or switches throughout the network means that broadcast packets will be propagated through the network, in some cases bringing the network down to unacceptable performance levels. The network may be segmented by the use of routers, which stop broadcast packets from being propagated. However, extensive use of routers (which can add a lot of latency or delay) can result in unacceptable delays of data transfer over the network. A solution to this problem is to use what is known as a virtual LAN (VLAN). A VLAN is a logical grouping together of host computers where broadcasts are limited to the VLAN only and not to other hosts outside of the VLAN. You can set up many VLANs on the same switch, depending on your needs. VLANs divide the switched network into separate broadcast domains, giving the advantages of a router but without the latency problems. VLANs within a switch must be programmed by a network administrator and this can be a lot of work in a complicated network configuration. This is not just related to the initial setup, but also to keeping track of users computers and their MAC addresses, as members of the VLAN are commonly assigned by their MAC address. Users within a VLAN do not need to be grouped in the same area, as VLANs allow members of teams that are on different floors within a building to be logically grouped within a VLAN. Thus VLANs provide independence from the physical topology of the network by allowing workgroups in different areas to be logically connected within a single broadcast domain. A VLAN network forwards frames only to the intended recipients, and broadcast frames only to other members of the VLAN. This allows the network administrator to segment users requiring access to sensitive information into VLANs that are separate from the rest of the general user community regardless of physical location, thus enhancing security. If two hosts on two different VLANs want to communicate with each other, this requires the use of a router, as routers work at layer 3 of the OSI model (i.e. IP addresses) and do not take into account the VLAN information that resides at layer 2 (i.e. MAC addresses) The bandwidth shared between users across the VLANs is greatly enhanced due to the reduction in the number of broadcasts that are being sent.
COLEG/SQA Version 1
27
DF9P 34
COLEG
Figure 33 shows how users on different switches and possibly in different locations can be connected to the same VLAN.
Switch Switch
PC PC PC PC
PC
Switch
PC
VLAN1
VLAN2
VLAN3
Figure 33 Users on different switches connected to the same VLAN
3.2
Describe what a VLAN is and how it is beneficial in a network.
COLEG/SQA Version 1
28
DF9P 34
COLEG
Network-attached storage
Network-attached storage Network-attached storage (NAS) is a network hard disk storage mechanism that is set up with its own network address rather than being attached to a server that is serving applications to a network's workstation users. Think of NAS as an optimised file server: by removing storage access and its management from the server, both application programming and files can be served faster because they are not competing for the same processor resources. A network-attached storage device is attached to a LAN, nowadays typically an Ethernet network, and assigned an IP address. Requests for files come to the main server as normal, but these file requests are then forwarded by the main server to the NAS file server. NAS usually consists of hard disk storage, which may include multi-disk RAID systems (we will look at RAID later in this unit). NAS systems also contain software for configuring and mapping file locations to the network-attached device. NAS is an enhancement to file serving and can be regarded as a stepping stone to a more sophisticated storage system known as a storage area network (SAN), where network storage devices are commoned together and consolidated. Many NAS devices are based on Linux or Unix derivatives and are usually easily installed, configured and managed using a web browser. NAS can communicate with the network using TCP/IP, IPX/SPX, NetBEUI or AppleTalk. The primary advantage of this wide variety of supported protocols is that Windows, Unix/Linux, MacOS, and Novell clients, can all use the same storage and can access and share the same files. Below is a list of the operating systems and the file access protocols that NAS can support: Windows systems access files using either SMB or common Internet file system (CIFS) Unix/Linux systems access files using the NFS Novell systems access files using the NetWare Core Protocol (NCP) Apple systems access files using AppleShare
In addition to these protocols, most NAS devices also support file access through HTTP, and often optional, FTP as well.
COLEG/SQA Version 1
29
DF9P 34
COLEG
Fault tolerance and disaster recovery

Fault tolerance Fault tolerance is a process by which a duplicate system or service runs alongside the existing system or service so that, in the event of a failure, the duplicate can re-create the system or service. There are many levels of fault tolerance, the lowest being the ability to continue operation in the event of a power failure. Many fault tolerant computer systems mirror all operations, that is duplicate every operation on two or more duplicate systems, so if one fails the other can take over. Fault tolerance refers to software or hardware options that allow a system to continue operating in case a particular component fails. Below are some of the most common fault tolerant configurations. Redundant network connections A faulty NIC (network interface card) or cable can prevent an entire server from providing its services to users. To prevent a NIC, and the connection, from being a single-point of failure for the entire server, an extra NIC can be installed. These NICs can be combined to provide load balancing so that they can share the load of traffic and/or fault tolerance. Mirrored servers A more advanced solution is to mirror complete servers using two or more nodes (servers). If a node fails another node takes over its duties. This process is known as failover. In modern configurations, the nodes connect to a shared storage device using fibre optic cabling. Some editions of Windows 2003 support up to eight nodes in a cluster. RAID RAID stands for Redundant Array of Inexpensive (or Independent) Disks, and is commonly used on servers in corporate environments. It allows multiple hard disks to be combined in many combinations, some offering speed enhancements, some offering backup of data should one disk fail, and some both. We will look at RAID levels 1 to 7 and also raid 53 and the properties, benefits and disadvantages of each RAID 0 is known as a stripe set. It requires at least two hard disks, but does not offer any fault tolerance; it's merely a method of combining hard disks to allow for larger volumes and performance enhancements. When a file is written to a RAID 0 stripe set with two disks, the first block is written to the first disk, the second block to the second disk, the third data block is written on the first disk, the fourth to the second disk and so on. If one of the hard disks in the stripe set fails, then the data from the entire stripe set is lost and needs to be rebuilt and restored from a backup. RAID 1 is also known as disk mirroring or disk duplexing. This configuration requires two, in some cases identical, hard disks. When the operating system
30 DF9P 34
COLEG/SQA Version 1
COLEG
writes data to the hard disk, the same data is also written to the mirrored disk. This usually slows down write performance, but increases read performance since data can be read form both disks at the same time. Duplexing is when each disk has its own hard disk controller, providing an extra level of redundancy. When a disk fails, the other disk can continue to operate; in some configurations this process occurs entirely automatically. In Windows NT and higher, when the main disk fails, you need to manually configure the system to use the mirrored disk. RAID 2 is known as error correction coding. It is not a typical implementation and is rarely used. In Raid level 2, the data is striped at the bit level rather than the block level. Each bit of data word is written to a data disk drive. Each piece of data written has an error correction code (ECC) recorded on the disk. When the hard drive is being read, the ECC code verifies correct data or can correct single disk errors. This is known as data correction in running or on the fly. With Raid2, extremely high data transfer rates are possible. RAID2 has a relatively simple controller design compared to RAID levels 3, 4 and 5, but it can be inefficient. Also, entry-level costs can be very high; because of this, RAID 2 needs a very high transfer rate requirement to justify its cost of implementation. RAID 3 is similar to RAID 1 with the exception that it adds redundant information in the form of parity to a striped data set. This redundant information or parity permits regeneration and rebuilding of data in the event of a disk failure. One strip of parity protects corresponding strips of data on the remaining disks. RAID 3 provides very high data transfer rates and high data availability, however it requires a minimum of three drives for implementation. Also, with RAID 3, the controller design is fairly complex and it is very difficult and resource intensive to implement with an operating system only configuration of RAID 3; it is better to implement with a hardware based RAID controller. RAID 4 is a commonly used implementation of RAID. It provides block-level striping (like RAID 0) with a single parity disk used to protect data. If a data disk fails, the parity data is used to create a replacement disk. A disadvantage to RAID 4 is that the dedicated parity disk can create write bottlenecks, as when each piece of data is written there has to be parity information written to the parity disk. It is for this reason that RAID 4 is seldom used without accompanying technologies such as write back caching to speed up the write time. RAID Level 4 requires a minimum of three drives to implement. RAID 5 is also known as a stripe set with parity. When data is written to the RAID 5 set, it is distributed over several disks, depending on how many disks are employed. Parity information about data blocks on one disk are stored across the other disks. In case of a disk failure, the parity information can be used to reconstruct the data that was on the missing disk. Due to the fact that data is spread out over several disks, RAID 5 offers better read performance than single or mirrored disks. Every write to the array requires a parity calculation, which leads to the write performance being slower, especially when RAID 5 is implemented in
COLEG/SQA Version 1
31
DF9P 34
COLEG
software. If two disks in a RAID 5 set fail, you will need to replace the disks and restore the information from backup. RAID 53 is implemented as a striped (RAID level 0) array whose segments are RAID 3 arrays. RAID 53 has the same fault tolerance as RAID 3 as well as the same fault tolerance overhead. RAID Level 53 requires a minimum of five drives to implement. The advantage of RAID 53 is that high data transfer rates are achieved because it uses RAID 3 array segments and high I/O rates for small requests are achieved thanks to its RAID 0 striping. Raid 53 is a good solution for implementations where RAID 3 might have been chosen, but an additional performance boost is required. RAID 53 can be very expensive to implement, all disk spindles must be synchronised, which limits the choice of drives. Byte striping also results in poor utilisation of formatted capacity thus there can be wasted space on the drive. RAID 6 is essentially an extension of RAID 5 that allows for additional fault tolerance by using a second independent distributed parity scheme (twodimensional parity). The advantage of RAID 6 is that data is striped on a block level across a set of drives, just like in RAID 5, and a second set of parity is calculated and written across all the drives and so provides for an extremely high data fault tolerance and can sustain multiple, simultaneous drive failures. However, RAID 6 has a very complex controller design, the controller overhead to compute parity addresses is extremely high, which leads to very poor write performance. RAID 7 has the features of optimised asynchrony which results in high I/O rates as well as high data transfer rates. As all of the input and outputs are asynchronous, independently controlled and cached, overall write performance is 25% to 90% better than single spindle performance and 1.5 to 6 times better than other array levels. Host interfaces are scalable for connectivity or increased host transfer bandwidth. Small reads in multi-user environments have very high cache hit rate resulting in near zero access times. Write performance improves with an increase in the number of drives in the array. The disadvantage of RAID 7 is that it is a onevendor proprietary solution by Storage Computer Corporation. There is also an extremely high cost per megabyte . Also the power supply implemented must be an uninterruptible power supply (UPS) to prevent loss of cache data in the event of a power failure.
Hot-spare Fault tolerance RAID configurations implemented in hardware usually offer hot-swappable drives. This means you can pull out and replace a drive while the system is running, and it will perform the reconstruction of the data automatically. In general hot-spare devices are fully configured devices that are kept in storage that are identical to devices that are currently implemented ones and these can be used to replace the running system in case of a disaster. Examples include routers, switches and complete servers or disks in a hardware configured RAID array. Hot-spare systems are also known as standby systems.
COLEG/SQA Version 1
32
DF9P 34
COLEG
UPS A UPS (uninterruptible power supply) is a hardware device that is placed between the power socket and the computer system. The computer system is usually some form of critical network device which includes servers, routers and switches. A UPS is a battery backup device that is constantly being charged when power is being supplied to a device. When the main power fails, the UPS battery backup system takes over and keep the devices running. Usually a UPS will only function long enough to keep the system running so that the system can be properly shut down. In the best case only is it used to run until the main power is restored. Disaster recovery Even if you have fault tolerance built into your system, it doesn't mean you have complete disaster recovery. You must still plan your disaster recovery and look on it as an essential task, no matter the level of fault-tolerance. Backing up data to tape regularly is the most common method to prepare for disaster recovery. Below are some important practices to consider when developing a tape backup strategy. Tape rotation scheme Ensure you use a carefully planned tape rotation scheme. You want to avoid data on tapes from being overwritten too frequently; problems with data occur long before they are discovered. On the other hand, using a new tape for every single day is often too costly. A common rotation scheme is called the grandfatherfatherson (GFS). For example, a son tape is used for daily incremental backups on Monday to Thursday; these four tapes are reused weekly. A father tape is used for a full backup on Friday; a different tape exists for every Friday in a month. These five tapes are then reused monthly. A grandfather tape is used to perform a full backup on the last business day of each month in a quarter, these three tapes are reused quarterly. This strategy provides you with the ability to restore data from the last week, plus any Friday over the last month, plus any month for as many monthly tapes as you have.
COLEG/SQA Version 1
33
DF9P 34
COLEG
The GFS scheme is shown in Figure 34. (The most recent backups are shown in bold)
Monday 31 Month1 7 Monday 14 Monday 21 Monday 28 Monday Tuesday 1 Tuesday 8 Tuesday 15 Tuesday 22 Tuesday 29 Tuesday Wednesday 2 Wednesday 9 Wednesday 16 Wednesday 23 Wednesday 30 Month2 Thursday 3 Thursday 10 Thursday 17 Thursday 24 Thursday 25 Week4 18 Week3 11 Week2 4 Week1 Friday
Figure 34 Grandfatherfatherson tape rotation scheme It is a good idea to store backup tapes at an off-site location for safety, then should the building storing the server computers goes up in flames, the backup tapes will be safely stored in another building. Having employees storing backup tapes at home is generally not a good idea, however. Storage tapes should be locked in a fireproof safe; this doesn't mean they will be completely safe from fire, as the heat can get so intense that the tapes melt.
Backup types To understand what is meant above paragraphs by full, differential and incremental common backup types, you need to understand the archive file attribute. If a file has this attribute, it means it has changed since the previous time the archive attribute was turned off. An archive attribute can be turned off by performing certain types of backup, or manually by using the 'attrib' command line utility or Windows Explorer, for example. Below is a list of the most common backup types: Normal/full Backs up every selected file, regardless of the archive attribute setting, and clears the archive attribute. The normal backup type is best when a large amount of data changes between backups or to provide a baseline for the other backup types. The advantages of full backup are: Files are easy to find because they are always on a current backup of your system or on one medium.
COLEG/SQA Version 1
34
DF9P 34
COLEG
File recovery requires only one medium or set of media. It is very time-consuming, as all files are backed up this make take a lot of time. If files do not change frequently, full backups are redundant as files that havent changed are backed up and they would have been on the previous backup as well.
The disadvantages of full backup are:
Copy Backs up every selected file, regardless of the archive attribute setting. Does not clear the archive attribute. The advantages of copy backup are: Daily Backs up every selected file that has changed that day, regardless of the archive attribute setting. Does not clear the archive attribute. While this may not sound especially useful, it can be helpful if you want to take work home and need a quick way to select all the files that you worked on that day. The advantages of daily backup are: It allows you to backup files worked on that day. A restore of the data can take time, as the full backup and all daily backups must be restored. It is not a commonly used backup type as its use is limited. The disadvantages of daily backup are: Files are easy to find because they are always on a current backup of your system or on one medium. File recovery requires only one medium or set of media. Only files that are wanted are backup thus it is quicker. It is time-consuming because you must specify which files are to be backed up.
The disadvantages of copy backup are:
Incremental Backs up only those files created or changed since the last normal or incremental backup, and clears the archive attribute. This method is used in combination with a periodic full backup, for example, a normal/full backup on Mondays and an incremental backup on the remaining days of the week. In case of a restore, you need the last normal backup as well as all incremental backups since the last normal backup. The incremental backup type is best to record the progression of frequently changed data. The advantages of incremental backup are:
COLEG
It requires the least data storage space. It is the least time-consuming. Files can be difficult to find, because they can be on several media.
The disadvantages of incremental backup are:
Differential Backs up only those files created or changed since the last normal or incremental backup, but does not clear the archive attribute. This method is also used in combination with a periodic full backup, for example, a normal/full backup on Mondays and a differential backup on the remaining days of the week. In case of a restore, you need the last normal backup and the last differential backup. The differential backup type simplifies the process for restoring files. The advantages of differential backup are: Recovery requires only the last normal backup medium and last differential medium. It is less time-consuming than normal backups. Recovery takes longer than if files were on a single medium. If large amounts of data change daily, backups can consume more time than incremental backups.
The disadvantages of differential backup are:
COLEG/SQA Version 1
36
DF9P 34
3.3
Network Concepts: Advanced COLEG
?
Write your answers to the questions below on a piece of paper. When you are finished, check your answers with the ones at the end of the section. If there is anything you are not sure about, re-read the material and ask your tutor for clarification if necessary. 1 What does NAS stand for? 2 What is meant by the term fault tolerance? 3 Explain what RAID 0 is. 4 Explain what RAID 1 is 5 Explain what RAID 5 is 6 What does UPS stand for and what is it used for? 7 What does a full backup do? 8 What does an incremental backup do? 9 What does a differential backup do?
COLEG/SQA Version 1
37
DF9P 34
COLEG
Firewalls and proxy servers

In its simplest form, a firewall is a device that may be hardware or software based that prevents data packets from entering or leaving a network device that is attached to the firewall. The firewall will have a set of rules and each packet must be checked against the firewalls criteria before it is either forwarded or blocked. There are two types of firewall: Filtering firewalls Filtering firewall block selected network packets based on set criteria
Proxy servers Proxy servers intercept all messages entering and leaving the network. The proxy server effectively makes network connections for you, thus hiding you from the outside world. Packet filtering firewalls A filtering firewall works at the network layer of the OSI model. Data is only allowed to enter or leave the system if the firewall rules allow it. As packets arrive or leave the firewall they are filtered by a number of factors that the administrator may set, such as their type, source address, destination address, and port information contained in each packet. Because very little data is analysed and logged, filtering firewalls take less CPU power and create less latency in your network. Firewalls can be found on most network routers. Filtering firewalls do not provide for password controls. Users cannot identify themselves; the only identity a user has is the IP number assigned to their workstation. This can be a problem if you are going to use DHCP (dynamic host configuration protocol). This is because rules are based on IP numbers, so you have to adjust the rules as new IP numbers are assigned or devise a system whereby certain users are always allocated a certain type of IP address for them to be recognised by the firewall. Filtering firewalls are more transparent to the user. The user does not have to set up rules in their applications to use the Internet. Figure 35 shows a common configuration for a firewall. It sits between users on a LAN and the Internet and prevents unwanted traffic from the Internet filtering through to the LAN.
COLEG/SQA Version 1
38
DF9P 34
COLEG
Firewall
Internet
LAN
Figure 35 A common firewall configuration Stateful inspection is an advanced firewall technique that can be used in a firewall. Stateful inspection provides enhanced security by keeping track of data and communication packets over a period of time. Both incoming and outgoing packets are examined. Outgoing packets that request specific types of incoming packets are tracked and only those incoming packets constituting a proper response are allowed through the firewall. In contrast to static packet filtering, in which only the header information of the packets are checked, stateful inspection analyses packets right up to the application layer. In a firewall that uses stateful inspection, the network administrator can set the parameters to meet specific needs. In a typical network connected to the Internet, ports are normally closed unless an incoming packet requests connection to a specific port, and then only that port is opened to the packet. This prevents port scanning, a well-known technique used by hackers to gain entry to networks and individual computers connected to the Internet. Proxy servers Proxy servers are mostly used to control, or monitor, outbound traffic. The user requests a webpage and this request goes via the proxy server. The proxy server then checks to see if it has the requested data stored in its cache. If it does, it responds with the cache data. If the data is not in its cache, then the proxy server goes out on the Internet, retrieves the required information and stores it in its cache. The proxy server then forwards this to the user. This lowers bandwidth requirements and decreases the access time for the same data for the next user. It also gives evidence of what was transferred. There are two types of proxy servers: Application proxies, that do the work for you SOCKS proxies, that cross wire ports
COLEG/SQA Version 1
39
DF9P 34
COLEG
Application proxy The application proxy goes and gets the data for you and stores it in its cache. Because proxy servers are handling all the communications, they can log everything they (you) do. For HTTP (web) proxies, this includes every URL that you see. For FTP proxies, this includes every file you download. They can even filter out inappropriate words from the sites you visit or scan for viruses. Application proxy servers can authenticate users. Before a connection to the outside is made, the server can ask the user to login first. To a web user this would make every site look like it required a login. SOCKS proxy A SOCKS server is a lot like an old switch board. It simply cross wires your connection through the system to another outside connection. Most SOCKS servers only work with TCP type connections, and, like filtering firewalls, they don't provide for user authentication. They can however record where each user connected to. Figure 36 shows how a simple web page request is handled by the proxy server.
Requests to get Microsoft home page at Http://www.microsoft.com
Proxy PC Web browser

The proxy server forwards the locally cached page to the web browser
server
The proxy server fetches the page for the browser and also stores it in its cache for future use
Microsoft webserver
Figure 36 A proxy server handling a simple web page request
COLEG/SQA Version 1
40
DF9P 34
COLEG
Security measures
Any network that shares data or resources can be subject to a threat from attack by people wanting to gain unauthorised access or to hack or cause harm to the network or devices attached to it. However, any network faces lots of threats from the people that are actually authorised to use it. Users with good intentions are far more likely to cause you trouble than any hacker. So, the first task of any network administrator is to think about the types of threats that face the average network. After the threats have been defined, a decision can be made with regard to which tools and methods will be used to protect the network from intentional harm. There are a lot of factors that make something a threat on a network. The basic common denominator is that a threat is perceived to be something that prevents users from accessing the resources they need to get work done. This includes the external hacker who brings the network down externally, but may also include bad server or hardware configurations, permission errors, viruses, and unintentional corruption of data by users. Threats Threats are all the things internal or external users or computers do to networks to keep them from sharing resources properly. Internal threats may not be as intriguing as external threats, but they are far more likely to bring a network down, and theyre the ones we need to be most vigilant to prevent. Here are the most common threats: Unauthorised access Accidental deletion of data Administrative access System crash/hardware failure
Unauthorised access The most common of all network threats is unauthorised access. This can occur when a user accesses resources in an unauthorised way. This might be by snooping about the network and seeing what they can access or it might be down to the network administrator not implementing the correct settings. The unauthorised access on its own does not actually damage the data; the person is usually just accessing data in a way that they shouldnt, possibly reading employee personnel files or high-level meeting minutes. Not all unauthorised access is malicious, it may be quite innocent in that the user does not know they are not supposed to be accessing a particular resource. Once a user has unauthorised access to a resource, they might just see more than they should, or worse, it can lead to accidental deletion of data. The job of the network administrator is to protect these users from themselves. The unauthorised access may come from an outside user who has found a loophole in your network security and has access to your system.
COLEG/SQA Version 1
41
DF9P 34
COLEG
Accidental deletion of data An extension of unauthorised access, accidentally erasing or corrupting data is just as it sounds: a user may have permissions to access a particular shared folder and may accidentally delete the contents of the shared file that is there. It is the network administrators responsibility to ensure that the users do not have the rights to delete the file. Many users believe that systems are configured in such a way that the network would not allow them to do anything inappropriate. As a result, users often assume theyre authorised to make any changes they believe are necessary when working on a piece of data. Therefore it is the network administrators responsibility to ensure data is locked down appropriately but not so far that it prevents users from doing their work; it can be a difficult task for an administrator to quantify this and there is a fine line between being to lenient and being over zealous. Administrative access Every NOS contains a number of administrative tools and functionality. Network administrators need these tools to get all kinds of work done, but it is equally important to keep these capabilities out of the reach of those who dont need them. Clearly giving regular users administrator rights is a bad idea. Protecting administrative programs and functions from access and abuse by users is fairly easy, but giving users the necessary rights for them to do their job properly is a real challenge and one that requires an extensive knowledge of the NOS being used. System crash/hardware failure Servers and network devices, like any other modern technology, will fail usually when you can least afford for it to happen. Hard drives can crash losing data or servers lock up; even something such as a power failure can cause problems. Therefore redundancy must be built into areas prone to failure (for example, installing UPS in case of a power failure). The system must have the ability to make data backups. Preventing threats The majority of prevention techniques related to internal threats will be on policies and permissions rather than technology. Even the smallest network will have a number of user accounts and groups scattered about with different levels of rights/permissions. Every time you give a user access to a resource, you create potential loopholes that can leave your network vulnerable to unauthorised access, data destruction and other administrative nightmares. To protect your network from internal threats, you need to implement the right controls over passwords, user accounts, permissions, and policies. Passwords Passwords are the ultimate key to protecting your network. A user account with a valid password will get you into any system. Even if the user account only has limited permissions, you still have a security breach.
COLEG
You must protect your password system. Never give out passwords over the phone. If a user loses a password, an administrator should reset the password to a complex combination of letters and numbers, and then allow the user to change the password to something they want. All of the stronger NOS have this capability. Windows 2000 Server, for example, provides a setting called User must change password at next logon. Make your users choose good passwords. Its is frightening how many people, even socalled computer experts use obvious passwords, like their childrens names or their pets name, which are very easy to guess. So make sure you use and enforce strong passwords: at least six to eight characters in length, including letters, numbers, and punctuation symbols. To increase security, make sure you make your users change their passwords regularly and not to be able to reuse an old password. Physical protection Most network administrators/technicians consider the installation of a firewall and introducing password and policies a critical step in securing the network. But physical security must be a major consideration for the protection of your network. It is very simple to protect your networking equipment and servers: simply put them under lock and key with very strict access. Large organisations have special server rooms, complete with locks and tracking of anyone who enters or exits. Smaller organisations will at least have a locked closet. Physical server protection doesnt stop with a locked door. One of the most common mistakes made by technicians and administrators is walking away from a server while it is still logged on. Therefore make a point of always logging off your server when it is not in use. As a precaution against forgetting this, add a password-protected screen saver. Users can find a way into a system by misuse of passwords, so tell users to be vigilant about their work areas. It is very common to find users leaving passwords available. If you walk into any workroom and open a few desk drawers, you will commonly find passwords written on small pieces of paper. Get users to remember their passwords or at the very least and in the worst case scenario, to keep a password in a locked drawer. Port filtering Port filtering, also called port blocking is a way of preventing any TCP or UDP packets getting through any ports other than the ones allowed by the system administrator. Port filtering is effective, but it requires some serious configuration to work properly. The question is always, Which ports do I allow into the network? No one has problems with the well-known ports like 80 (HTTP), 20/21 (FTP), 25 (SMTP), and 110 (POP), but there is a large number of lesser-known ports that networks often want opened. Some applications need a certain port to be opened; if this application is critical to the business then open it, otherwise leave it blocked. Port filters have many different interface types ranging from a web-based interface to textbased command line interfaces which are common on high end CISCO routers.
COLEG/SQA Version 1
43
DF9P 34
COLEG
Packet filtering Port filtering deals only with port numbers; it completely disregards IP addresses. If an IP packet comes in with a filtered port number, the packet is blocked, regardless of the IP address. Packet filtering works in the same way, except it only looks at the IP addresses. Packet filters, also known as IP filters, will block any incoming or outgoing packet from a particular IP address or range of IP addresses. Encryption The growth of online purchases via the Internet and the storage of sensitive data has brought a need for some form of protection for this information to make it secure. The security of such data can be ensured by using a form of encryption. Encryption can be thought of as the translation of data into a coded form that can only be decrypted by authorised people. To open a piece of encrypted data, an authorised user must have access to a secret key or password that enables them to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text. Encryption can be used to further protect data from unauthorised viewing. Two methods to achieve encryption are data encryption standard and public key encryption. Figure 37 shows a simple example of encryption/decryption Original message: Hello, your password for the service is P@ssw0rd
Encryption process using a key Encrypted message: dhffrncncd/g;ytygfghfgh[]hlrlfee345bdd Decryption process using the same key
Decrypted message: Hello, your password for the service is P@ssw0rd Figure 37 An example of encryption/decryption
COLEG/SQA Version 1
44
DF9P 34
COLEG
Data encryption standard Data encryption standard (DES) divides message into blocks and processes the blocks into multiple iterations. Both parties have to know the key that encrypted the message. DES is a widely used method of data encryption using a private (or secret) key. There are 72,000,000,000,000,000 or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key. DES applies a 56-bit key to each 64-bit block of data. The process can run in several modes and involves 16 rounds or operations. Although this is considered to be strong encryption, many companies use triple DES, which applies three keys in succession. This is not to say that a DES-encrypted message cannot be broken. Early in 1997,RivestShamir-Adleman, owners of another encryption approach, offered a $10,000 reward for breaking a DES message. A cooperative effort on the Internet of over 14,000 computer users trying out various keys finally deciphered the message, discovering the key after running through only 18 quadrillion of the 72 quadrillion possible keys! Few messages sent today with DES encryption are likely to be subject to this kind of code-breaking effort. DES originated at IBM in 1977 and was adopted by the US Department of Defense. It is specified in the ANSI X3.92 and X3.106 standards and in the Federal FIPS 46 and 81 standards. Concerned that the encryption algorithm could be used by unfriendly governments, the US government has prevented export of the encryption software. However, free versions of the software are widely available on bulletin board services and web sites. Since there is some concern that the encryption algorithm will remain relatively unbreakable, NIST (National Institute of Standards and Technology) has indicated that DES will not be recertified as a standard and submissions for its replacement are being accepted. Public key encryption Public key encryption (PKE) is an encryption scheme where each person gets a pair of keys, called the public key and the private key. Each person's public key is published while the private key is kept secret. Messages are encrypted using the intended recipient's public key and can only be decrypted using their private key. This is often used in conjunction with a digital signature. A digital certificate is basically a piece of information that says that the web server is trusted by an independent source known as a certificate authority. The certificate authority acts as a middleman that both computers trust. It confirms that each computer is in fact who it says it is, and then provides the public keys of each computer to the other The need for sender and receiver to share secret information (keys) via some secure channel is eliminated: all communications involve only public keys, and no private key is ever transmitted or shared. PKE can be used for authentication, confidentiality, and integrity.
COLEG/SQA Version 1
45
DF9P 34
COLEG
3.4
Write your answers to the questions below on a piece of paper. When you are finished, check your answers with the ones at the end of the section. If there is anything you are not sure about, re-read the material and ask your tutor for clarification if necessary. 1 What is the purpose of a firewall? 2 What does a proxy server do? 3 What is the purpose of port filtering? 4 Explain what a packet filter does 5 What does encryption mean in relation to a network?
COLEG/SQA Version 1
46
DF9P 34
COLEG
Remote access
Remote access is used in most business over the world because there is a need to access or share information outside of the actual workplace. There are four common types of remote access: Dial-up to the Internet: using a dial-up connection to connect to your Internet service provider (ISP) Private dial-up: using a dial-up connection to connect to your private network VPN: using an Internet connection to connect to a private network Dedicated connection: using a non-dial-up connection to another private network or the Internet
In this section we will look at configuring these four types of connections in a Windows environment. We will also look at security and authentication protocols and learn how to configure these. Dial-up to the Internet Dialling up to the Internet is the oldest, cheapest, and the most common way for home and small office users to connect to the Internet. Dial-up requires you to have some method for creating a connection to your ISP. At the very least, you need: The telephone number to dial to connect to your ISPs servers A modem to make the connection A user name and password (provided to you by the ISP) Type of connection protocol to take care of the transmission (PPP or SLIP) IP address information (provided to you by the ISP)
Also keep in mind that you might have more than one dial-up connection. Your operating system needs a way to create and store multiple connections for you to choose from depending on which dial-up connection you want to make at a given moment. Every version of Microsoft Windows since Windows 95 comes with some tool to help you set up your dial-up connections. This tool has had many names. Its called Dial-Up Networking (DUN) in Windows NT and 9x and it treats dial-up connections separately from other network connections. Windows 2000 calls it Network and Dial-up Connections; Windows XP calls it Network Connections, combining dial-up connections into the same dialog box as your other network connections. Whichever operating system you use, and whatever the name of it, the aim of the tool is to get you to create dial-up connections. Although these programs have different names, they are accessed the same way, going to START then PROGRAMS then ACCESSORIES then COMMUNICATIONS then choosing the name of the tool, whether is it Dial Up Networking or Network Connections All of these tools have a Make new connection icon (or Create a new connection option in Windows XP) that starts a wizard which guides you through the steps to make the
COLEG
connections you need. Every version of Windows has a slightly different wizard. Even though these wizards may each have their own look, they all do the same thing which is to make a new connection. The screen shots below take you through the process for creating a dial-up connection in Windows 2000. The Windows 2000 Network Connection Wizard is an intelligent wizard that changes based on how youre connected to the network (domain vs. workgroup) and other settings. We will now go through the process for configuring a dial-up connection to the Internet.
Figure 38 Network Connection Wizard welcome screen Once you run the wizard, you will see a screen like that shown in Figure 38 telling you what the wizard will do.
COLEG/SQA Version 1
48
DF9P 34
COLEG
Figure 39 Choosing type of network connection Once you click Next on the initial screen, you will see a screen similar that in Figure 39, where you can either dial into a private network, dial up to the Internet, connect to a private network through the Internet (VPN) or connect directly to another computer via serial, parallel or infrared connections, that is, not via a network card. We are going to set up the dial-up connection to the Internet so select the Dial-up to the Internet and click Next.
Figure 40 Selecting a modem The screen shown in Figure 40 pops up and asks what modem we would like to use for our connection. In this case, choose the modem connected to your computer. Some computers may have more than one modem or more than one way to connect to the Internet, so it is important to make the correct choice here.
COLEG/SQA Version 1
49
DF9P 34
COLEG
Figure 41 The screen shown in Figure 41 displays the welcome page for the Internet Connection Wizard. As some people that connect to the Internet are not experts, the wizard gives the user the choice for more automated setups for common ISPs, either built into Windows (like MSN) or via CDs provided by the ISP. As we are (or should be) fairly familiar with how to make a connection, well set up the connection manually. Note that if you connect to the Internet via a LAN, you would make the same choice. Now click Next and choose how you want to connect to the Internet using the screen shown in Figure 42.
COLEG/SQA Version 1
50
DF9P 34
COLEG
Figure 42 Choosing a modem or LAN connection As we want to set up a modem connection, I connect through a phone line and modem is the correct choice. (If you were setting up a connection to the Internet, you would choose I connect through a LAN).
Figure 43 Selecting a modem
COLEG/SQA Version 1
51
DF9P 34
COLEG
In the screen shown in Figure 43, the wizard may ask which modem you want to use to connect to the Internet.
Figure 44 Providing connection information The wizard is now prompting you for a telephone number, as shown in Figure 44, which will be used to connect to your ISP. You can select your country/region name and code from the drop-down list. Enter your details and click Next. You will see the term dialling rules here. A dialling rule is a set of rules that tells the modem how to dial from your current location. For instance, a lot of corporate phone systems require users to dial 9 to get an outside line. Or sometimes you may wish to disable the call waiting option so that an incoming call wont hang up the Internet connection. Also many ISPs require the caller ID to be shown and many users wish to withhold this information, this can be set here. The wizard now prompts you for the user name and password you use to connect to your ISP, as shown in Figure 45. These details together with the phone number will be supplied by your ISP. Simply fill in these details and click Next.
COLEG/SQA Version 1
52
DF9P 34
COLEG
Figure 45 Providing user details The wizard now prompts you for a name for the connection that you have just created, as shown in Figure 46. Choose a name that means something to you, especially if you create multiple connections to different ISPs.
Figure 46 Creating connection name
COLEG/SQA Version 1
53
DF9P 34
COLEG
The wizard now asks you if you want to create an Internet Mail account as shown in Figure 47. If your ISP has provided details for your mail server, this is where you should enter them. I have chosen to say no to this option. You can always go into your mail client software and set Internet mail up from there.
Figure 47 Internet mail account
Figure 48 Completion of the Internet Connection Wizard

COLEG
Figure 48 shows that the wizard has completed the process. It is fairly straightforward to set up a connection like this to a remote device. You typically need the settings from your ISP such as phone number, user name and password and the default settings in Windows should take care of the rest for you. ISP connections are fairly robust and should accept different types of setup. Dial-up to a private network Another option you could have chosen at the start of the wizard is Dial-up to a private network. A private dial-up connection connects a remote system to a private network via a dial-up connection. Private dial-up requires two systems. One system acts as a RAS (remote access server). The other system is the client running a connection created here. In Windows a RAS is a server dedicated to handling users who are not directly connected to a LAN but who need to access file and print services on the LAN from a remote location. For example, when a user dials into their corporate network from home using a standard modem connection or via an ISDN connection, they will dial into a RAS. Once the user is authenticated, they can access shared drives and printers as if their computer were physically connected to the office LAN. You must set up a server system in your LAN as a RAS server. That system becomes your RAS server, accepting incoming calls and handling password authentication. Creating the client side of a private dial-up connection is identical to setting up a dial-up connection to the Internet. All versions of Windows provide a wizard that prompts for the name of the connection, the telephone number and so forth and creates a new dial-up connection. This new connection resides in the same folder as your other dial-up connections. The only difference is that instead of having an ISP give you IP settings, an account name, and a password to use, the administrator that sets up the RAS server gives you this information. The one area that gets interesting in a private dial-up compared to dialling up to an ISP is how the remote user authenticates to the RAS.
3.1
Using Windows 2000, configure a dial-up connection to a fictitious ISP with the telephone number 0141 12345. The user name is User10 and the password is computer.
COLEG/SQA Version 1
55
DF9P 34
COLEG
Security and authentication The need for good robust authentication methods are important, especially in dial-up situations where a hacker may find this as an easy route in to a network. Any modem configured to accept incoming calls that could effectively be open to the public is a massive security loophole. Therefore a protocol called remote authentication dial-in user service (RADIUS) was introduced. A RADIUS server keeps track of all authorised dial-in users and their passwords, effectively locking out any unauthorised remote access attempts. In the Dial-up to the Internet section, we did not look at the Properties dialogue box in too much detail. However, we will now look at the Security tab here, as that is the area that you would use to configure authentication for private dial-up clients. The Security options area is where you configure an authentication protocol. To see these advanced security settings, choose your dial-up connection and right click it with the mouse and then click Properties. The Properties box will then be displayed, as shown in Figure 49.
Figure 49 Dial-up connection properties
COLEG/SQA Version 1
56
DF9P 34
COLEG
Now click the Security tab. While in the Security tab, click on Advanced (custom settings) and then click the Settings button as shown in Figure 50.
Figure 50 Security settings The authentication protocols that Windows supports are then displayed, as shown in Figure 51.
Figure 51Authentication protocols

57
COLEG/SQA Version 1
DF9P 34
COLEG
Here is a list of the authentication protocols shown on the Advanced Security Settings tab and what they can be used for. Extensible Authentication Protocol (EAP): uses a special device, usually something like a smart card to create the encryption and to identify which source the encryption originated from. This is used to uniquely identify a host. Unencrypted Password (PAP): Password Authentication Protocol is the oldest and most basic form of authentication. Its also the least safe, because it sends all passwords in clear text. Shiva Password Authentication Protocol (SPAP): Shiva is the brand name for a family of popular remote access servers. The SPAP is a unique encrypted protocol used to enable Windows clients to connect to these servers. Challenge Handshake Authentication Protocol (CHAP): the most common remote access protocol. CHAP makes the serving system challenge the common remote client, which must provide an encrypted password. Microsoft CHAP (MS-CHAP): Microsofts variation of the CHAP protocol, which uses a slightly more advanced encryption protocol. Microsoft CHAP Version 2 (MS-CHAP v2) is yet another improvement on MS-CHAP.
Multiple protocols may be ticked here and used simultaneously. If this is the case, the client that is dialling up will be allowed to try a number of authentication protocols until it finds one that the RAS server system will accept. Data encryption We looked at types of data encryption earlier in the unit. Many networks consist of multiple networks linked together by some sort of private connection, which is usually by telephone line using ISDN or T1. Microsofts encryption method of choice for this type of network is called IPSec (derived from IP security). IPSec provides transparent encryption between the server and the client. VPNs We also looked at VPNs (virtual private networks). Many networks do not use a longdistance telephone connection to connect to a network and instead they use a VPN, where they will connect via Internet itself as a way to connect LANs both to individual systems and to each other. The obvious danger with this is the complete exposure of all network data to the Internet. This has led to the development of encryption methods designed to protect data moving between systems. A network employing encryption to use the Internet as if it were a private network is referred to as a VPN. It is very easy to set up a VPN as is shown below. Go back to your Network and Dial up connections window and again click on make a new connection, this time however select the option that allows you to set up a VPN (see screen shot below) First double click the Make New Connection icon, as shown in Figure 52.
COLEG
Figure 52 Making a new connection Select Connect to a private network through the Internet (see Figure 53) and click Next.
Figure 53 Selecting network connection type
COLEG/SQA Version 1
59
DF9P 34
COLEG
The screen shown in Figure 54 is displayed, asking you to specify the host name or IP address of your VPN server. You can type in the full domain name, for example, mydomain.com or IP address, for example, 192.168.0.1.
Figure 54 Specifying destination address
COLEG/SQA Version 1
60
DF9P 34
COLEG
When you click Next, the screen shown in Figure 55 is displayed. This gives you the choice of creating this connection for your user login only or for all users of the particular computer. Again, regarding security, you may want to think carefully about choosing all users as it means everyone, including guest accounts will be able to access the VPN.
Figure 55 Choosing connection availability The wizard then prompts you to enter a name to be used with that connection, as shown in Figure 56. Make this something that is meaningful to your connection, for example, connection to main office.
Figure 56 Creating a name for the connection
COLEG/SQA Version 1
61
DF9P 34
COLEG
You are then prompted to enter the user name and password that will make the connection to the VPN server, as shown in Figure 57. You may choose to also save the password. This is very convenient, but it may not always be the safest option, as an authorised user may get into your PC and be able to make this connection without being prompted for the user name or password.
Figure 57 Providing user name and password details
COLEG/SQA Version 1
62
DF9P 34
COLEG
You will then be able to choose the type of VPN server that you will connect to, either automatic, which will try both types, or if you know the type of encryption the server uses, you can choose between PPTP or L2TP. Point-to-Point Tunnelling Protocol (PPTP) is the Microsoft VPN encryption protocol. Cisco uses its own VPN encryption protocol called Layer 2 Tunnelling Protocol (L2TP). Microsoft with the advent of NT only allowed you to choose their own proprietary PPTP. Later versions of Windows now use both PPTP and L2TP. This screen is shown in Figure 58.
Figure 58 Choosing the type of VPN Server That is all you have to do to create a connection to a VPN server. Again, as for making a dial-up connection, the wizard takes you through the stages, so it is very straightforward.
3.2
Set up a VPN Connection with a Server address of 192.168.0.1 and a user name of VPNUser1, password Secret. Write down the steps you took to complete this task in a logbook.
COLEG/SQA Version 1
63
DF9P 34
COLEG
Network configuration Setting up a standard network configuration is not difficult. If you are connecting to an ISP or to most corporate networks you only need to leave the default settings alone (obtain an IP address automatically and obtain a DNS service automatically, this assumes that a DHCP server will be running and that the DHCP server will give out DHCP, DNS, WINS information. You will also need to have a NetBIOS/hostname., which identifies your computer on the network and will be used if NetBEUI is used in the network. It will also be used when users try and browse the network if you have a network share. WINS, remember, ties up the computers hostname with the current IP address. Setting IP addresses to be obtained automatically using Windows 2000 (other operating systems will take a similar form). From Start, select Programs Accessories Communications Network and Dial-up Connections and the screen shown in Figure 59 appears.
Figure 59 Network and dial-up connections
COLEG/SQA Version 1
64
DF9P 34
COLEG
Click Local Area Connection and wait for the screen shown in Figure 60 to appear.
Figure 60 Local area connection status Now click Properties. The screen shown in Figure 61 is displayed. Click Internet Protocol (TCP/IP).
Figure 61 Selecting Internet Protocol (TCP/IP)
COLEG/SQA Version 1
65
DF9P 34
COLEG
If you are logging onto a network that uses DHCP, which is likely to be the case, then you simply leave the settings as Obtain an IP address automatically, and Obtain DNS server address automatically, as shown in Figure 62. This will ensure that the DHCP allocates the computer an IP address, subnet mask, DNS server, default gateway and, if configured, a WINS server. If you have been issued with a DHCP configured address, you can check this by clicking Start Run, typing CMD then pressing Enter. When the Command Prompt window appears, type IPCONFIG /ALL. This shows information such as your current IP address, subnet mask, default gateway, WINS server, DHCP server and how long your DHCP lease is for.
Figure 62 Obtaining IP and DNS server addresses
COLEG/SQA Version 1
66
DF9P 34
COLEG
However, in some cases you may wish to specify a static IP address. This is an address that has been entered manually and is not given by a DHCP server. The IP address of a server is an example of the use of a static IP address. It is not good practice to change the IP address of a server. If a server IP address was allowed to change, then users on the network wouldnt know what IP address to use to get their email or to get their DNS information. Therefore the server IP address must stay the same. Some networks simply do not have or use a DHCP server, so must use a static addressing scheme throughout the network. In a static configuration, you must tell the computer what its own IP address, subnet mask and default gateway are, and which DNS servers it is to use (see Figure 63).
Figure 63 Specifying addresses
COLEG/SQA Version 1
67
DF9P 34
COLEG
Of course, if you are using a WINS server in your network, you must enter a static WINS server address to the TCP/IP settings. To do this you must click the Advanced button to see the dialogue box shown in Figure 64. To set the WINS server click the WINS tab. You then must click the Add button.
Figure 64 Setting the WINS server When you click Add, the dialogue box below appears (Figure 65). Type in the address of your WINS server and then click Add, as shown in Figure 65.
Figure 65 Adding the address You can now see that the WINS server has been added. You may add more than one WINS server and set the order that the computer will search for these, as shown in Figure 66.
COLEG/SQA Version 1
68
DF9P 34
COLEG
Figure 66 Adding more servers To set the host name for your computer, right-click the My Computer icon on the desktop and click Properties. When the dialogue box appears, as shown in Figure 67, click the Network Identification tab and then click Properties.
Figure 67 Setting host name
COLEG/SQA Version 1
69
DF9P 34
COLEG
When you click Properties, the dialogue box shown in Figure 68 appears. You can now change your computers host name and also which domain or workgroup it belongs to.
Figure 68 Changing host name and domain
3.3
Set up a LAN connection that will connect to a default gateway to access the Internet. There is no DHCP server, so your settings will be as follows: IP address 10.0.0.18 Subnet Mask 255.0.0.0 Default Gateway 10.0.0.1 DNS Server 10.0.0.2 WINS Server 10.0.0.3
Write down the steps you took to complete this task in a logbook.
COLEG/SQA Version 1
70
DF9P 34
COLEG
Summary of this section

Server operating systems We looked at the basic capabilities of Unix/Linux, NetWare, Windows and Macintosh operating systems. Client workstations We looked at the capabilities of client workstations with regard to connectivity, local security and authentication. VLANs We learned about the benefits of VLANs. Network-attached storage We looked at the characteristics of NAS. Fault tolerance and disaster recovery We learned the purpose and characteristics of fault tolerance and RAID devices, their uses and differences. We also looked at disaster recovery and the importance of a good disaster recovery plan and backups. Firewalls and proxy servers We learned about the purpose, benefits and characteristics of using firewalls and proxy servers. Security measures We looked at the appropriate level of security for a given network and how this should be implemented. Network and remote access configurations We learned how to configure a number of remote access connections and. Given a network configuration, we learned how to select the appropriate NIC and network configuration settings (DHCP, DNS, WINS, protocols, NetBIOS/host name, etc.).
COLEG/SQA Version 1
71
DF9P 34
COLEG
Answers to SAQs
SAQ 3.1 Unix Unix is a multi-tasking, multi-user, text-based operating system that was created to run on virtually any hardware platform. It is an operating system that was originally developed in Bell Labs by programmers for programmers, which makes it rather complex to manage, but because it is powerful and stable, it is used in many different types of environments such as hospitals, university and college campuses and many corporate networks. In a typical Unix network, computers with no hard drive and limited processing and memory capability (known as dumb terminals) are connected to a centralised server which carries out the processing based on commands issued from the dumb terminals. Think of it like several monitors and keyboards to the same computer. In more modern networks where Unix systems co-exist with other operating systems such as Windows, network computers will connect to the Unix server via a terminal emulator (such as TELNET) Linux Linux is an open source operating system that is similar to Unix. Linux is commonly used to act as an HTTP, FTP or mail server. It can also be used on PCs as well as servers, and a variety of user-friendly GUIs are available to make it easier to use. The functionality, adaptability and robustness of LINUX, has made it the main alternative for Unix and Microsoft operating systems. Computers with processing power as low as a 386-based CPU can install and run a Linux system. The ongoing development of LINUX is supported by IBM, Hewlett-Packard and other large technology companies. Microsoft Windows Windows 2000 Professional is the preferred 32bit desktop environment, providing a combination of Windows 98 usability and Windows NT 4 reliability. New features include support for power management, plug and play and support for new file system features, including Encrypting File System (EFS). Main Features of Windows 2000 are: Support for the file systems FAT16, FAT32 and NTFS Increased uptime of the system and significantly fewer operating system crashes requiring a reboot The implementation of Windows Installer, which tracks applications installations and recognises and replaces missing components
COLEG/SQA Version 1
72
DF9P 34
COLEG
Protection of the memory of individual applications and processes to avoid a single application bringing the system down Encrypted file systems to protect sensitive data Secure VPN supports tunnelling into a private LAN over the Internet Personalised menus adapt to the way users work The multilingual version allows switching of the user interface and Help language, based on logon Includes broader support for high-speed networking devices, including native ATM and cable modems Support for universal serial bus (USB) and IEEE 1394 for a greater range of bandwidth devices
Novell NetWare NetWare was developed by Novell in the early 1980s and is based on the Xerox Network System. It is a NOS (network operating system) that allows file and printer sharing and mail functionality using a client/server architecture. That is, clients log into the server and use its resources while logged in. NetWare used to be very popular as a network operating system, and can still be found in many corporate networks today, but this has now been overtaken largely by the versatility of the windows operating systems Apple Macintosh Mac OS X Server, is Apples NOS. It was introduced to rival Windows NT, Novell NetWare, and Linux operating systems. Mac OS X Server provides file and print sharing, a web server, and multimedia content streaming services to Apple Macintosh-based networks. Mac OS X Server also introduces NetBoot and Macintosh Management Services, features designed to ease the administrative tasks involved with Macintosh networks and save network administrators time. The first Macintosh NOS is a robust server that will fulfil the networking needs of Macintosh web design shops, companies supporting Macintosh clients, and Macintosh workgroups or labs. SAQ 3.2 A VLAN segments a switched network, by allowing broadcasts to propagate with the VLAN only. This improves the speed of the network and also improves security, as a host on VLAN1 cannot communicate with a host on VLAN2 without the use of an intermediate router.
COLEG/SQA Version 1
73
DF9P 34
COLEG
SAQ 3.3 1 Network attached storage. 2 Fault tolerance is a process by which a duplicate system or service runs alongside the existing system or service so that, in the event of a failure, the duplicate can re-create the system or service. 3 RAID 0 is also known as disk striping. Here data is striped across two or more disks. This improves speed but has no redundancy, so if one disk fails then all data has to be restored from a backup. 4 RAID 1 is also known as disk mirroring. Raid 1 usually uses two or more disks, it mirrors the data from one disk across to another disk. Thus if one disk fails the other contains the same data and can be used to restore the data 5 RAID 5 is a stripe set with parity. This brings the benefits of speed increase of a stripe set, but contains redundancy information so that if one disk fails, the data can be reproduced from the other disks and the redundancy information. 6 UPS stands for uninterruptible power supply. It is used to take over in case of a power failure. They usually give enough time to save data and bring a server down safely, it is not meant as a long term backup of power. 7 A full backup backs up all files. 8 An Incremental backup backs up all files changed since last back up and clears the archive bit. 9 A differential backup backs up all files changed since last back up keeps the archive bit. SAQ 3.4 1 A firewall blocks packets coming in and out, based on set criteria. 2 Proxy servers are mostly used to control, or monitor, outbound traffic. The user requests a webpage and this request goes via the proxy server. The proxy server then checks to see if it has the requested data stored in its cache. If it does, it responds with the cache data. If not, it goes out on the Internet, retrieves the required information and stores it in its cache. The proxy server then forwards this to the user. This lowers bandwidth requirements and decreases the access time for the same data for the next user. It also gives evidence of what was transferred. 3 Port filtering, also called port blocking, is a way of preventing any TCP or UDP packets getting through any ports other than the ones allowed by the system administrator 4 A packet filter works at the Network layer of the OSI model. Data is only allowed to enter or leave the system if the firewall rules allow it. As packets arrive or leave the firewall, they are filtered by a number of factors that the administrator may set, such as their type, source address, destination address, and port information contained in each packet. 5 It is the encryption of data before it is transferred over the network, to prevent unauthorised access to the data.
COLEG/SQA Version 1
74
DF9P 34
COLEG
Section 4: Providing network support
COLEG/SQA Version 1
75
DF9P 34
COLEG
COLEG/SQA Version 1
76
DF9P 34
COLEG
Introduction to this section

What this section is about In this section you will look at what is involved in providing network support. You will examine the use of a structured troubleshooting strategy. You will learn how to troubleshoot network problems, and how to use TCP/IP utilities to test IP connectivity and isolate the source of network problems. You will also learn how to configure clients to connect to servers Outcomes, aims and objectives Outcome 4 deals with providing network support. There are three objectives to this section: Use TCP/IP utilities. Troubleshoot network problems. Configure clients to connect to servers.
Approximate study time 24 hours. Other resources required Access to a PC on a network.
Assessment information for this section

How you will be assessed This section will be assessed by a restricted response test and the completion of an activity logbook. Restricted response test Your knowledge and understanding of the section will be examined by a six question restricted-response test. Two questions will be derived from each of the three items listed below. Each question must be derived from a single item. 1 Use TCP/IP utilities: Select appropriate utilities (TRACERT, PING, ARP, NETSTART, NBTSAT, IPCONFIG, WINIPCFG, NSLOOKUP). Identify and interpret output from utilities. 2 Troubleshoot network problems: Troubleshooting strategy, troubleshoot problems in different topologies, identify cause of network failures, troubleshoot connectivity
COLEG/SQA Version 1
77
DF9P 34
COLEG
problems, interpret visual indicators, troubleshoot wiring/infrastructure problems, select tools. 3 Configure clients to connect to servers: Unix/Linux, NetWare, Windows, Macintosh Logbook The logbook for this section must show that you have successfully completed each of the three tasks listed below: 1 Use TCP/IP utilities: documentary evidence that you can select at least five appropriate utilities (from TRACERT, PING, ARP, NETSTART, NBTSAT, IPCONFIG, WINIPCFG, NSLOOKUP) for a specified purpose and identify and interpret the output from these utilities. 2 Troubleshoot network problems: documentary evidence that you can troubleshoot problems in two different topologies (chosen from: bus, star/hierarchical, mesh, ring, wireless), identify two causes of network failures; troubleshoot two connectivity problems (from: authentication failure, protocol configuration, physical connectivity); interpret visual indicators (link lights, collision lights); troubleshoot wiring/infrastructure problems (bad media, interference, network hardware) and select appropriate tools (wire crimper, media tester/certifier, punch down tool, tone generator, optical tester). 3 Configure clients to connect to servers: documentary evidence that you can configure clients to connect to servers, at least two of: Unix/Linux, NetWare, Windows NT/2000/2003, Macintosh. When and where you will be assessed You will be assessed by your tutor/assessor at an appropriate location where closed book tests can be taken. What you have to achieve You must answer at least 70% of the questions correctly in order to obtain a pass Opportunities for reassessment Normally, you will be given one attempt to pass an assessment with one reassessment opportunity. Your centre will also have a policy covering 'exceptional' circumstances, for example, if you have been ill for an extended period of time. Each case will be considered on an individual basis, and is at your centre's discretion (usually via written application), and they will decide whether to allow a third attempt. Please contact your tutor for details regarding how to apply.
COLEG/SQA Version 1
78
DF9P 34
COLEG
Using TCP/IP utilities

The popularity of TCP/IP on networks means that there needs to be a way of testing IP connectivity. To do this, TCP/IP comes with a set of command line utilities that can be used to manage and troubleshoot a network. These utilities help to fault find and isolate the source of TCP/IP problems. Each tool provides a different view of TCP/IP activity and can be used to give an overall picture of network status. The utilities are: TRACERT PING ARP NETSTAT NBTSTAT IPCONFIG WINIPCFG NSLOOKUP
TRACERT The TCP/IP utility TRACERT is short for trace route. This utility allows a user to find out the route that packets take to reach a particular destination. The command syntax is tracert followed by either an IP address or a DNS name (see Figure 69 for an example of the command output), for example: tracert 212.58.224.121 tracert www.bbc.co.uk
COLEG/SQA Version 1
79
DF9P 34
COLEG
Figure 69 Example tracert command output To get help on this command, you can use the -? switch, for example, TRACERT -?. The TRACERT utility finds the route taken to a destination by sending ICMP (Internet control message protocol) echo packets with time-to-live (TTL) values to the destination. Each router along the path will decrement the TTL on a packet by 1 before forwarding it. If the TTL on a packet reaches 0, the router will send back an ICMP Time Exceeded message to the source system. With reference to Figure 69: The first column is the hop number. Columns two to four contain the round-trip times in milliseconds for an attempt to reach the destination with the TTL value. The fifth column is the host name (if it was resolved) and IP address of the responding device.
An asterisk (*) followed by the words request timed out is not out of the ordinary. If the TRACERT had stopped here and continued to respond with request timed out, then it might indicate a problem at a particular device. However, some routers might not be programmed to identify themselves so one router down the line may reply with * rather than giving out its details.
COLEG/SQA Version 1
80
DF9P 34
COLEG
PING There is some debate about what the term PING stands for. Many believe that it is short for Packet INternet Groper while others argue that it takes its name from the sonar ping used by submarines. The second definition, whether true or not, gives a great visual idea of what the TCP/IP PING utility is all about. Its primary purpose is to find out if a host can or cannot be reached and whether the host can reply. The command syntax is ping followed by either an IP address or a DNS name (see Figure 70 for an example of the command output), for example: ping 212.58.224.121 ping www.bbc.co.uk
Figure 70 Example ping command output PING works by sending an ICMP echo packet (with the TTL value set to the host default) to the host listed on the ping command line. PING expects back an ICMP 'echo reply' packet. The millisecond time displayed is the round-trip time. The TTL=245 above says that the incoming ICMP echo reply packet has its TTL field set to 245. Most computers today initialise the TTL value of outgoing IP Packets 128 or higher. To find out the default TTL setting for your computer, type ping localhost or ping 127.0.0.1 and you will see the TTL reply value on the right-hand side of the screen. For older Windows machines this value is 32. For newer Windows machines, this value is 128.
COLEG
Pinging 127.0.0.1 is known as a loopback check because it checks to see that a workstations NIC can send and receive packets. This is a good test for checking a workstations NIC and also the protocol stack is operational. Ping of death You may have heard the term ping of death (POD). The POD is a DoS (denial of service) attack caused by a weakness that can be exploited in systems by sending an IP packet larger than 65,536 to a machine. Many machines do not know what to do with this oversized packet and may crash because of it. Many ISPs will now block this type of activity and most operating systems have patches installed that prevent it. However it is a method used in the past by hackers to bring a network server down. ARP There are two parts to ARP: Address resolution protocol (ARP) The ARP TCP/IP utility
The function of ARP is to map TCP/IP addresses to Media Access Control (MAC) addresses. ARP performs this function by using broadcasts. ARP works in the following way: When a machine running TCP/IP wants to know which machine on an Ethernet network uses a particular IP address, it will send an ARP request (broadcast) to find the MAC address for the IP. The machine that has that IP address will respond to the machine making the request and will add that information to its own ARP table. The TCP/IP ARP utility can be used to manipulate and view the local machines ARP address resolution table. The command syntax is arp followed by the appropriate switch. One commonly used switch is -a (see Figure 71 for an example of the command output). arp -a
COLEG/SQA Version 1
82
DF9P 34
COLEG
Figure 71 Example arp command output The address resolution table is a list of TCP/IP logical addresses and their associated MAC physical addresses. This table is cached in memory so that the NOS doesnt have to perform ARP lookups for frequently accessed TCP/IP addresses, for example, servers and default gateways. For each ARP entry there is a TTL value. The ARP table holds two kinds of entry: dynamic static.
Dynamic entries are created whenever TCP/IP makes an ARP request and the MAC address is not in the local machines ARP table. The ARP request is broadcast on the local segment. When the MAC address is received, it is added to the local machines ARP table. Periodically, the ARP table is cleared of dynamic entries whose TTL have expired to ensure that the contents of the table are up to date. Static ARP table entries perform the same function as dynamic except that they are entered manually by the network administrator and remain in the ARP table until the machine is rebooted. Using the ARP TCP/IP utility Static ARP entries are useful for speeding access to busy hosts; that is, rather than having a server respond to an ARP request key, hosts will already have this information and thus cut down on unnecessary network traffic. However, static ARP entries are valid only until
COLEG/SQA Version 1
83
DF9P 34
COLEG
the computer is restarted. To make static ARP cache entries permanent, the command can be added to a batch file that runs at start-up. Depending on the operating system you are using, you should be able to use a switch to get help on a TCP/IP utility command. This will either take the format of -? or /? NETSTAT The function of the NETSTAT utility is to show information about the operation of TCP/IP on a computer. The use of NETSTAT differs between operating systems but at its heart is the purpose of displaying a mountain of information about TCP/IP on a machine. The command syntax is netstat followed by the appropriate switch. One commonly used switch is -a (see Figure 72 for an example of the command output). netstat -a
Figure 72 Example netstat command output This utility provides the connection both the local and remote, ports and the state of the connection. The switches used can be displayed by typing netstat /? or netstat -?. The output of NETSTAT is a list of current TCP/IP connections. The information presented on this screen includes the protocol (usually TCP), the local address (the MAC address), the foreign address (the IP address), and the connection state.
COLEG
Typing netstat -a will display all connections and listening ports. The result is a list that tells you which TCP and UDP ports that the local machine knows about, and which of those ports machine is currently listening to. If you are troubleshooting a network problem and want to find out if any TCP/IP packet activity is taking place then you would use netstat -e (The estands for Ethernet statistics). When you use this command, you will see a table showing the number of bytes, unicast packets, non-unicast packets, discards, errors, and unknown protocols sent and received. Typing netstat -s will display a list of Ethernet statistics based on protocol. This information will be similar to the output of netstat -e, but it is divided into IP statistics, ICMP statistics, TCP statistics and UDP statistics. Typing netstat -p {Name of protocol} allows for a more detailed examination of a protocol, for example, netstat -p TCP. Typing netstat -r displays the local machines routing table. NETSTAT displays the information in a table showing a list of the active routes by destination address, net mask, the gateway, the interface, and the metric. NBTSTAT The function of NBTSTAT is to help with troubleshooting NetBIOS name resolution issues. If there is a problem reaching a Windows File Sharing share name, there might be a problem with its NetBIOS name resolution, for example, the desired WINS server might not be accessible, or the WINS server may not be correctly resolving a name. NBTSTAT can also be used to add or remove NetBIOS entries. NBTSTAT is short for NetBIOS over TCP/IP Statistics. This TCP/IP utility depends on the Microsoft's use of NetBIOS in Windows. Every Windows computer is assigned a NetBIOS name to allow them to communicate with each other. Workgroup and domain names are also NetBIOS names. However, the NetBIOS protocol is non-routable, whereas, NetBIOS over TCP/IP is. The command syntax is NBTSTAT followed by the appropriate switch. One commonly used switch is -c (see Figure 73 for an example of the command output). nbtstat -c
COLEG/SQA Version 1
85
DF9P 34
COLEG
Figure 73 Example nbstat command output IPCONFIG The function of the IPCONFIG utility is to display a machines TCP/IP settings. The command syntax is ipconfig on its own or followed by the appropriate switch. One commonly used switch is /all (see Figures 74 and 75 for examples of the command output). ipconfig or ipconfig /all
COLEG/SQA Version 1
86
DF9P 34
COLEG
Figure 74 Example ipconfig command output Typing ipconfig /all displays more detailed information including the IP address, subnet mask, default gateway, WINS and DNS configuration. If DHCP is used, the time the lease was last renewed and when it is due to expire is displayed.
COLEG/SQA Version 1
87
DF9P 34
COLEG
Figure 75 Example ipconfig /all command output WINIPCFG The WINIPCFG utility shows similar information to IPCONFIG. The difference is that it shows it in a graphical interface rather than a command line. WINIPCFG is short for Windows IP Configuration (see Figure 76).
Figure 76 Running the WINIPCFG utility
COLEG/SQA Version 1
88
DF9P 34
COLEG
This command will generate output in the form of a window that shows the Adapter Address, or MAC address of the computer. It also shows IP Address, Subnet Mask, and the Default Gateway (see Figure 77).
Figure 77 IP Configuration screen
COLEG/SQA Version 1
89
DF9P 34
COLEG
The More Info button displays the Host Name, which includes the computer name and NetBIOS name. It also displays the DHCP server address, if used and the date the IP lease starts and ends (see Figure 78). If there are DHCP problems, the release and renew can be used to get a new IP address for the workstation.
Figure 78 IP Configuration: More Info
COLEG/SQA Version 1
90
DF9P 34
COLEG
NSLOOKUP The function of NSLOOKUP (name server lookup) is to query a DNS for information about the specified fully qualified domain name (FQDN) or IP address. nslookup 212.58.228.154 or nslookup bbc.co.uk
Figure 79 Example nslookup command output Typing nslookup {IP address} displays the host name or the FQDN. You can also use NSLOOKUP to do the reverse and find the host name for an IP address you specify. Typing nslookup {host name} displays the IP address. NSLOOKUP works by sending a domain name query packet to a designated DNS server.
COLEG/SQA Version 1
91
DF9P 34
COLEG
4.1
1 Use the appropriate networking utility to find out the FQDN for the following IP addresses? A. 212.58.240.121 B. 217.12.3.11 C. 216.239.57.104 2 Use the appropriate networking utility to find out the IP address of the following FQDN? A. google.com B. microsoft.com C. ibm.com
COLEG/SQA Version 1
92
DF9P 34
COLEG
4.1
Write your answers to the questions below on a piece of paper. When you are finished, check your answers with the ones at the end of the section. If there is anything you are not sure about, re-read the material and ask your tutor for clarification if necessary. 1 Which command produces the following output?
2 Which command produces the following output?
COLEG/SQA Version 1
93
DF9P 34
COLEG
4.2
Make sure that you get the permission of your lecturer/tutor before you do this activity. Using a command prompt enter the following commands: 1 Type IPCONFIG /ALL. Write down the IP address of your machine_____________________ 2 Type ping {IP address of your machine}, for example, ping 192.5.5.1. 3 Type PING 127.0.0.1. 4 Remove the network cable from your machine. 5 Repeat step 2. What happens and why? 6 Repeat step 3. What happens and why? Note: Remember to reconnect the network cable to your workstation once you complete this activity.
COLEG/SQA Version 1
94
DF9P 34
COLEG
4.2
Write your answers to the questions below on a piece of paper. When you are finished, check your answers with the ones at the end of the section. If there is anything you are not sure about, re-read the material and ask your tutor for clarification if necessary. 1 Which TCP/IP utility can be used to check where the connection to a remote web server is failing by listing all routes taken to it? 2 Which TCP/IP utility can be used to show information about TCP/IP operation on a workstation? 3 Which TCP/IP utility can be used to manipulate and view a workstations address resolution table? 4 Which TCP/IP utility can be used to check network connectivity between a workstation and a default gateway?
COLEG/SQA Version 1
95
DF9P 34
COLEG
Troubleshooting network problems

Troubleshooting a medium to large network can be a daunting experience, especially if your job depends on getting a failed network to work again, however, this would be the worst case scenario, the majority of troubleshooting will be on a smaller scale from helping network users connect to the network to tracing and fixing a failed network device such as a switch or hub. The origin of network errors can include network settings on workstations, hardware failure, software failure, security problems and cabling. The secret of not being overwhelmed by the task lies in following a methodical troubleshooting strategy. The steps involved in such a strategy are: 1 Establish the symptoms. 2 Identify the affected area. 3 Establish what has changed. 4 Select the most probable cause. 5 Implement a solution. 6 Test the result. 7 Recognise the potential effects of the solution. 8 Document the solution.
COLEG/SQA Version 1
96
DF9P 34
COLEG
4.3
List, in order, the eight stages of the troubleshooting strategy: Description Establish what has changed Recognise the potential effects of the solution Establish the symptoms Test the result Select the most probable cause Document the solution Implement a solution Identify the affected area Step number
COLEG/SQA Version 1
97
DF9P 34
COLEG
Step 1: Establish the symptoms Before trying to fix a problem, the network administrator must find out exactly what is wrong and not jump to conclusions. By carrying out this step, the network administrator will avoid the trap of fixing the symptoms rather than the underlying problem. This step may also lead to recognition of symptoms that have appeared before in the network and for which a solution already exists. If this is the case, the network administrators time is saved and the network will be working as normal in a shorter time. If the problem originates from a users workstation, the network administrator could try using some testing tools to find out more about the problem and also try the same procedure on another similar users workstation and compare the two. If more than one users workstation is experiencing the problem, the answer may not lie with the workstations but in some other part of the network. Step 2: Identify the affected area The network administrator must isolate the problem area and eliminate areas where it is certain the problem does not exist. This will allow the network administrator to narrow down the area affected, for example, one workstation, a switch or a faulty server. The best place to start the isolation process is with the user who is experiencing the problem, to try and rule out that it is not the user or their workstation which is at fault. For example, the user may not be able to log into the server because the caps lock key is on at the keyboard. Step 3: Establish what has changed This involves keeping track of network status, that is, the user was able to login successfully yesterday but cant today. What has changed in this period of time? The network administrator must find out why today is different from yesterday, and what network changes have been made. For example, the network administrator may have updated a configuration on one of the routers and now the workstations that use that router as a default gateway can no longer access the Internet. A lot of crucial network information can also be gathered by examining the network setting on the users workstation. Step 4: Select the most probable cause During this step it may be useful for the network administrator to duplicate the problem. If the user says that they were not able to access a network resource they can be asked to demonstrate what they did and show the network administrator the fault. If the problem occurs in the same way every time, finding the solution should be straightforward. However, if the error cant be duplicated or the error happens only every now and then this will be harder to track down.
COLEG/SQA Version 1
98
DF9P 34
COLEG
Step 5: Implement a solution Once the network administrator is sure of what the problem is and has an idea about how to fix it, the solution should be implemented. This may involve changing network settings, fixing or changing cables or even hardware. It is important to bear in mind at this time that the proposed solution must not introduce other more serious problems onto the network. Any changes that are made should be reversible. A careful note should be taken of the steps taken to implement the solution. Step 6: Test the result Ignoring this step could lead to disaster. Once the changes are made, a full series of tests should be carried out to make sure that the solution has solved the problem. This will include all of the standard TCP/IP utility checks as well as getting the user to try and do their normal work to prove that the system is up and working. Step 7: Recognise the potential effects of the solution If possible, the network administrator should test the changes in a safe environment one in which changes will not affect the normal day-to-day running of the network. Generally this is not possible, so the network administrator must take into account any implications that the current solution has and monitor the network accordingly. Step 8: Document the solution Like the comprehensive testing step of the strategy, this step is likely to be done poorly or not at all after all, the problem has been fixed. However, this step may be the most important. Not only will complete documentation be invaluable the next time a problem such as this occurs, but it will also record the changes made and how to revise them if the solution does end up affecting network performance. If external help was required, the documentation should be completed so that this help can be easily enlisted again in the case of a similar problem. Details such as telephone numbers, email addresses and web sites used should be recorded. Rather than file the documentation under date (although this information is useful), it should be categorised and stored accordingly. If the documentation is stored on an online database, it should follow a defined standard, as should a paper-based system, with the network administrator completing certain information that will assist in the easy retrieval of the document at a later date, if required.
COLEG/SQA Version 1
99
DF9P 34
COLEG
Troubleshooting problems in different topologies Bus The most common bus topology implementation is Ethernet using coaxial cable with termination at both ends. Most problems occur due to poor cable installation and incorrect termination. To work properly, each end of the bus must be properly terminated with a connector of the appropriate resistance; one of the ends must also be grounded. The end connector is used to absorb signals that reach the end of the bus, if the resistance is incorrect, signal bounce may occur with the signal travelling back down the wire and causing interference. If both ends are grounded, this may cause a ground loop, which can also adversely affect the network. Star/hierarchical The star topology is most common network topology used today ranging from small SOHO (small office or home office) networks to large enterprise networks. The star topology scales well and is generally more cost-effective to set up and run than the other topologies. All that is required in a simple star topology is some machines with NICs connected by cable to a central hub or switch. The strength of a star topology, that of a central hub, is also its main weakness. If this central device is faulty, the whole network will fail. However, if a workstation attached to the hub fails, this will have no effect on the other devices on the network and the network will perform as usual. Mesh In a mesh topology, every device is connected to every other device. A mesh is a very robust topology with a lot of redundancy; however, it is rarely found in the form of a LAN and is more likely to be found in a WAN implementation. The problems beset by the other topologies would not typically affect the mesh because of its in-built redundant links, therefore, if there was a cable break the network would still continue to function. Any problem with a mesh topology would tend to be very serious with a complete centre or node down. Ring All of the devices on a ring topology are dependant on each other. A common ring implementation is token ring, where a token is passed around the network from device to device to allow communication. However, the problem with this is that if a workstation is faulty it may not be able to pass the token; therefore the whole network will be down, as no-one has the required token to be able to transmit. This is in a contrast to the star where it would not matter if a workstation is not working.
COLEG/SQA Version 1
100
DF9P 34
COLEG
The other problem with the ring is the cabling. If the cabling is damaged, the network will fail. One solution to this is to have two rings operating simultaneously but with the token travelling in the opposite direction in each. Wireless The cabling problems found in all of the other topologies do not exist in the wireless topology, but that is not to say that this topology is without its connectivity problems. These problems are generally due to protocol issues and signal interference. The two popular wireless protocols in use are Bluetooth and 802.11. These protocols do not work together and as such a device using Bluetooth will not be able to connect to an 802.11 network and vice versa. Signal interference and signal loss in a wireless topology come about due to other products that operate at the same frequency as the network. This includes items such as cordless phones and microwave ovens. Signal loss can occur due to a user being too far away from a wireless access point (AP).
COLEG/SQA Version 1
101
DF9P 34
COLEG
Troubleshooting SOHO network failure The growth of SOHO (small office/home office) workers goes hand in hand with the advent of high-speed connections to the Internet and to organisations internal networks. The technologies embraced by the SOHO movement include digital cable and DSL services. The rise in use of these technologies has brought many benefits, not the least being the cost savings of having SOHO workers; however, it has also brought new challenges for the network administrator, who prior to this was in control of a network within a single location, usually the same building. Now the network administrator has to deal with external clients to the company LAN. This makes troubleshooting network problems more problematic. There are many ways that a network administrator can allow remote connectivity to the company LAN: Remote node: This works by viewing the SOHO machine as being just a normal machine with the dial-up being just another network cable. A SOHO worker will then be able to log in as normal as if they were at a terminal within the company. Remote control: This works by using a remote control (host) machine within the company LAN, which is remotely controlled by the SOHO machine. Any work carried out by the user is sent to the host machine where all of the processing is carried out. The home machine is only really being used for input and output purposes. SSH (Secure SHell): This is a program that allows the remote logging in to a remote machine. The connection is safe and secure and allows the user to issue encrypted commands to the remote system, although this is invisible to the user. The functionality is similar to that of TELNET, but with complete security. VPNs: This is a popular and secure method of using the Internet to connect to a remote computer. VPN hardware and software are used to create a secure pipeline between the SOHO computer and the company LAN using encryption. The user will login to the remote system as normal and be able to use their home office PC as they would a PC within the company.
Troubleshooting SOHO xDSL Many SOHO users are now turning to broadband digital technology for remote access. The term broadband implies the use of one cable that can handle many signals, as opposed to baseband, where only one signal can travel on the single line. The rise of broadband has led to homes using cable not only for computing purposes but also for television through cable. One broadband technology, DSL, offers high-speed digital connection using pre-existing copper telephone wires. The speed difference can be up to 35 times faster than a normal dial-up connection. Because they are broadband, DSL services are always on, which eliminates the connection problems experienced by dial-up users.
COLEG/SQA Version 1
102
DF9P 34
COLEG
The DSL technology is commonly referred to as xDSL because there are variations on the type of service and system. The most common xDSL technologies are: Asymmetric Digital Subscriber Line (ADSL) Symmetric Digital Subscriber Line (SDSL) Adaptive Rate Digital Subscriber Line (aRDSL) ISDN Digital Subscriber Line (IDSL)
The drawback to DSL provision is distance from the user to their local telephone exchange. The nearer the user is, the more likely it is that they will have DSL services available to them. Typically, if the user is more than approximately 5 kilometres away from the exchange, their DSL options are limited. For the users who are within this limitation they can make use of high-speed DSL services by using the normal copper telephone wire without need for any other connection media. When a problem occurs with DSL is it not usually at the users side. However, there are a few things that can be checked before the network administrator gets in touch with the DSL provider: Is the DSL router switched on? This may seem like common sense but it pays never to overlook the obvious, especially if the network administrator is going to contact the DSL provider. This may be the first question they ask. Are all the correct LEDs on? These will vary between DSL devices, but there should be a WAN and LAN light. The WAN link light should stay on permanently. If this light is off or blinking then there is a problem with the DSL loop. Is the router correctly connected to the SOHO PC? The DSL router should be connected by a cable from its Ethernet port to the PCs, NIC or hub. The link lights on the router and on the local device should be on; if they are not, the problem is usually the patch cable used to connect the devices. The network administrator should try changing the cable or the port on the hub the cable is going into. Does pinging a remote link work? The network administrator will start by pinging the Ethernet port of the DSL router, then the default gateway, and finally an address on the Internet. The point at where the ping fails will help determine where the problem lies.
Troubleshooting SOHO cable The main difference between cable and DSL broadband technologies is that with cable the data travels over a shared loop, which means that transfer rates drop as more users access the resource. However, the connection performance is not only limited by the number of users, but what these users are doing that may affect the data transfer rates. As far as the network administrator is concerned, the main problem with cable is with regards to security in what is basically a shared medium, e.g. the SOHO users LAN may be peer-to-peer, which means that a shared printer on one device would be available to
COLEG/SQA Version 1
103
DF9P 34
COLEG
any of the users using the shared cable. The local user must therefore make sure that the appropriate security measures are in place for high risk items. Troubleshooting cable is similar to troubleshooting DSL in that if there is a fault it will not usually be on the users side. Therefore, the same troubleshooting steps as before should be carried out. One possible difference is concerned with connection to the cable device. In many cases this will be a one-to-one connection from the cable device to PC rather than from a cable box to a hub or a switch and then to the PC. In the case of a direct connection, a further troubleshooting step should be to check the computers IP settings. These settings may give an additional clue to what is wrong. The following are typical errors: IP address missing or set to 0.0.0.0. The network administrator should check the cables from the cable box to the PC and change if required. If this doesnt work then the NIC and its drivers should be checked. IP address is in range 169.254.xxxx.xxxx. This is an APIPA (automatic private IP addressing) allocation and it means that the machine has failed to get an address from a DHCP server. This private address will let the user onto the local machine to work on it, but they will not be able to access the Internet or their company network. The network administrator may be able to fix this by power cycling the systems, making sure that the cable router is turned on first. IP address is in the range 192.168.100.xxxx. This is an IP address allocated by the cable routers inbuilt DHCP server. This allows the user to use the machine and indicates that the cable router is working but is not connecting to the cable provider. The network administrator will have to contact the cable provider.
Troubleshooting SOHO satellite Internet In some cases, satellite Internet may be the only option a SOHO user has to get access to a high-speed digital connection. This technology does not need physical telephone lines or cables but rather needs a satellite dish for digital communication. Satellite is probably about 10 times faster than dial-up connections. The network administrator must be aware that there may be problems getting the satellite system set up because professional installation is not available in all areas. With this in mind, the network administrator should take heed of manufacturers documentation and other advice regarding setup. Once the system is set up and working, the problems that may arise are within the nature of the technology. As with satellite television, satellite Internet is vulnerable to adverse weather conditions and obstacles. The most common problem with satellite is dish placement and alignment. If the reflector is positioned properly, the SOHO user will get a strong signal; however, if it is not then the signal will be weakened. Adjusting the reflector can be aided with the use of satellite diagnostic software. This would primarily be a job for two people. One to make slight changes to the satellite reflector and the other to monitor the progress on computer.
COLEG/SQA Version 1
104
DF9P 34
COLEG
Troubleshooting SOHO wireless The key differences between wire-based and wireless networks is the absence of the physical connection media and the methods used to access the media. Radio waves are used in place of the wires to allow network devices to communicate between each other. There are many wireless standards available, however, the most common in SOHO environments are: IEEE 80211b Wi-Fi (Wireless Fidelity) Home Radio Frequency (HomeRF) Bluetooth Wireless
Generally, the problems for wireless will be exactly the same as that for wired networks. Problems such as incorrectly configured network devices and software will still be present, e.g. TCP/IP settings, and can be solved as stated previously. Similarly, wireless hardware devices such as access points can be visually checked to make sure that the link lights are working and also that the interconnect cable are properly in place. Other problems, specific to wireless networks, come in the form of distance limitations and signal interference. Users must be made aware of these limitations and know that they should stay within the defined area to avoid signal degradation. This would apply to wireless networks that utilise multi-access points as well as single access points. Signal interference can be a problem because of the many normal elements in a SOHO environment that could interfere, such as electrical wires, lights, telephone lines and even kitchen appliances. Therefore, although wireless devices can work through walls, ceilings and floors the user has to realise that there may be hidden elements that could interfere with the network signal. As well as educating the user to this, the network administrator may be able to solve some problems by the repositioning of the access point(s).
COLEG/SQA Version 1
105
DF9P 34
COLEG
Troubleshooting PSTN or POTS When troubleshooting for SOHO users the network administrator must keep in mind that not all connections will be high speed. There may be users that are still using dial-up connections over the telephone system, the derogatory term for which, as we have already seen is plain old telephone system (POTS). Initially, this was the most popular means of remote connection because all that was needed was a modem to connect to each end of the communications link and an operating system that supports dial-up connections, which all of the major ones do. Generally dial-up systems using POTS are quite reliable; however, there may still be problems. The common problems areas are: Logon issues: login user name and password errors Hardware issues: the modem Software issues: the software drivers used Connection issues: the telephone line
Concerning the first item, it is widely recognised that many network problems can be resolved by the user logging on and logging off correctly. The network administrator must make sure that any network changes that could affect the remote user are communicated to them, e.g. a change of domains. The second two issues should not arise if the modem is installed correctly in the first instance. Therefore, it is vital that when a modem is installed the correct drivers are used. If it is feasible, the network administrator should check the modem manufacturers website to ensure that the latest drivers are downloaded. If the local modem is installed correctly, other possible problems involve the company host modem. The network administrator must make sure that the host modem being dialled is available and answering. One way to check this is to use a normal telephone to dial into the host modem. If this is working, the network administrator should hear a high pitched sequence of modem noise. The next step is to see if the local modem is responding to the host modem on dial-up. This can be done through the use of software, such as Hyperterminal, and the use of Hayes AT commands. These commands can be used to check if the local modem is working. The local machines COM port can be ruled out from the process if the other COM port is used. If this fails, a replacement modem can be used to eliminate the local modem as the point of failure. Interference on telephone lines is another area where problems may occur. If a connection is made and the lines are unacceptably slow or there are line drops occurring, special line testers can be used to check the line. However, these tools are extremely expensive and as such the best option is to contact the telephone company and get their help. One final issue to do with telephone lines is that they are at the mercy of intermittent, unforeseen events. These events include weather problems such as storms and extremely hot or cold weather.
COLEG/SQA Version 1
106
DF9P 34
COLEG
Troubleshooting remote connectivity problems Remote access to the private company network is vital for todays users who are constantly on the move. It is vital for the user who is mobile to have a guaranteed connection to the company network. If they do not then they cannot do their job. Troubleshooting RAS The key piece of equipment that must be maintained for remote access is a RAS (remote access server). The main problems users have with the RAS are that they cant connect to the server and they cant access resources beyond the server. RAS connectivity issues There are many reasons for a user not being able to connect to the server. It could be due to physical connection, service configuration or security issues. The most common questions a network administrator should answer to solve connectivity errors are: Is the Routing and RAS service running? The service status of the server should be checked to see that it is active and running as normal. Is the modem working properly? All cables to the modem should be checked as well as the setup on the workstation. Are the appropriate ports enabled for inbound remote access connections? The network administrator must make sure that the settings for dial-up, PPTP and L2TP inbound ports are available. Are the LAN protocols used the same on the RAS server as on the users workstation? The network administrator must ensure that these are the same to allow connectivity. Are the authentication and encryption requirements the same on server and workstation? The network administrator must ensure that at least one common authentication and encryption scheme is used on each system, Is the user entering the correct login details? The network administrator must make sure that the user is entering the correct user name, password and domain.
Unable to access resources beyond RAS server Users may be able to log in and access the RAS, but they may still be blocked form accessing the company LAN and the resources they require. The most common questions a network administrator should answer to solve accessibility errors are: Is IP Routing enabled on the RAS server? The network administrator will have to check that this is enabled to allow remote IP clients to access the company LAN beyond the RAS.
COLEG/SQA Version 1
107
DF9P 34
COLEG
Is the RAS set up to allow remote systems that use IPX and AppleTalk? The network administrator must ensure that these protocols are properly installed if a remote user is likely to require it. Is there any TCP/IP packet filtering preventing TCP/IP packets going beyond the RAS? The network administrator should check the TCP/IP filters such as access control lists (ACLs) to make sure that the remote TCP/IP usage and packets are not restricted.
COLEG/SQA Version 1
108
DF9P 34
COLEG
Troubleshooting VPNs The main problems users have with VPNs are that they cant connect to the VPN server and they cant access resources beyond the server. VPN connectivity issues There are three main reasons that a user may not be able to connect to a VPN server: an authentication failure, an incorrectly configured protocol or a physical connectivity problem. To resolve these issues the network administrator should answer the following questions: Is the Routing & RAS service running on the VPN server? The service status of the server should be checked to see that it is enabled, active and running as it should be. Are the appropriate ports enabled for inbound remote access connections? The network administrator must make sure that the settings for dial-up, PPTP and L2TP inbound ports are available. If IPSec is being used, the network administrator must make sure that the PPTP and L2TP ports are enabled for inbound access. Are the LAN protocols used the same on the RAS server as on the users workstation? The network administrator must ensure that these are the same to allow connectivity. Are the authentication and encryption requirements the same on server and workstation? The network administrator must ensure that at least one common authentication and encryption scheme is used on each system. Is the tunnelling protocol used by the client supported by the VPN server? The network administrator must make sure that the server uses the correct tunnelling protocol to allow remote users access to the company LAN. Is the user entering the correct login details? The network administrator must make sure that the user is entering the correct user name, password and domain. Does the ISP allow VPN use? The network administrator must make sure that the ISP is not filtering PPTP or L2TP packets.
Unable to access resources beyond VPN server Users may be able to log in and access the VPN, but they may still be blocked from accessing the company LAN and the resources they require. The most common questions a network administrator should answer to solve accessibility errors are: Is the VPN server configured with the appropriate LAN protocols to allow access to the entire network? The network administrator has to make sure that the LAN protocols are set up correctly on the VPN server. Is there any TCP/IP packet filtering preventing TCP/IP packets going beyond the VPN server? The network administrator should check the TCP/IP filters to make sure that the remote TCP/IP usage and packets are not restricted.
109 DF9P 34
COLEG/SQA Version 1
COLEG
Is a firewall preventing TCP/IP packets going beyond the VPN? The network administrator should check all port filtering within the network to make sure that remote TCP/IP usage and packets are not restricted.
COLEG/SQA Version 1
110
DF9P 34
COLEG
Interpreting visual indicators Link lights A link light is a small LED that indicates whether a network connection exists between an NIC and another network device such as a hub and a switch. The link light is usually green and should stay on as long as there is a good connection. If the link light is off, this may mean that there is a problem with the network cable, connection or device. Collision lights Collision lights are also known as activity lights and they indicate network activity. If the network is working normally, the collision light on the hub should flicker now and again showing that collisions are occurring. This sporadic activity is quite normal in an Ethernet network using a hub. If the collision light stays on permanently this is an indicating that the network is busy and that collisions are occurring. This may mean a problem on the network such as a broadcast storm. Due to the non-collision nature of the switch there is no activity light only an led to show if there is an active connection for a port.
COLEG/SQA Version 1
111
DF9P 34
COLEG
Troubleshooting wiring/infrastructure problems Bad media The main problems that affect the media and make reduce performance are: Poor or improper installation, including incorrect termination Attenuation and cable lengths Disconnections, including accidental and deliberate
It is widely accepted that cable faults account for around 90% of all network problems and because of this the job of cable installation is vital for the network to function properly. In many instances this task is given to professional cable installers. If you have to do your own cable installations, make sure that every cable is tested thoroughly before being used and that the job is carried out in a systematic and ordered fashion and all of the appropriate documentation is completed. In the instance of fibre optic cable installation, this is a task best left to a network engineer trained in doing so. Certain types of network cable have clearly specified maximum lengths at which cable performance will not be affected due to attenuation, i.e. the loss of signal strength due to the medium it is travelling through. The longer a cable is the more likely that the signal will be affected by attenuation. There are also minimum lengths for cables although most of the problems occur when exceeding the maximum length. This maximum length can be expended by the use of a repeater which will regenerate the signal before passing it on. Table 8 indicates the maximum recommended length for three types of cable: Table 8 Maximum recommended cable lengths Cable type 10BASET Twisted Pair (UTP & STP) 10BASE2 thinnet Coaxial 10BASE5 thicknet Coaxial Maximum length 100 metres 185 metres 500 metres
Interference Two main types of interference are: electromagnetic interference (EMI) radio frequency interference (RFI).
EMI occurs when the magnetic fields from a non-network device cause interference on network cabling. Sources of EMI are common in most work places in devices such as heaters, fluorescent lights and air-conditioners. The best way to cut down on this problem is for the careful placing of network cable. One possible solution is to use shielded cable in the areas affected.
COLEG
RFI occurs when radio signals interfere with network devices, such as workstations. Sources of RFI are radios, televisions, and mobile phones. The best way to avoid RFI is to make sure that network users are aware of the problems it can cause and what type of equipment causes it. Another solution is to use shielded cable throughout the network; this may be a more expensive option, however. One solution that eliminates both EMI and RFI as a network problem is to make complete use of fibre optic cable in the network. As fibre optic cable works with light as its signal method, it is immune to both of these types of interference. The one drawback is that this cabling option is the most expensive.
COLEG/SQA Version 1
113
DF9P 34
COLEG
Troubleshooting network hardware The main network hardware devices that work in a LAN are repeaters, hubs, bridges, switches and routers. Typically, hubs have replaced repeaters because they are essentially multi-port repeaters and switches have replaced bridges because they are multi-port bridges. Therefore, the main network devices that will be found in a working environment are hubs, switches and routers. Hub A hub is a very basic network device that allows a common connection for workstations and problems that can occur with hubs can be related to the physical operation of the device. Usually a hub will simply fail, leaving all users connected to it unable to access network resources. However, another problem that could occur is a single port failure. This may mean that the one workstation connected to that port can no longer use the network and it may also mean that the faulty port could cause a broadcast storm that causes network disruption or failure. In general operation, hubs can be daisy-chained together by using a special patch cable called a crossover cable. Some hubs require the use of a specific port when daisychaining, while others have a button that can change a port from one state to the other. Daisy-chaining hubs in this manner increases the size of the collision domain and broadcast domain, which will overall be detrimental to network performance. Bridge A bridge can be used to connect two or more like network segments (e.g. Ethernet to Ethernet). It must also be noted that although the bridge creates separate collision domains, all devices in the network are still on the same broadcast domain. Therefore, the problem of broadcast storms can still occur on a bridge. As a device, a bridge is as susceptible as a hub to total failure, which again will leave all users connected to it unable to access network resources. However, another problem that could occur is a single port failure. This may mean that the one workstation connected to that port can no longer use the network and it may also mean that the faulty port could cause a broadcast storm that causes network disruption or failure. Switch As a device, a switch is as susceptible as a hub to total failure, which again will leave all users connected to it unable to access network resources. However, another problem that could occur is a single port failure. This may mean that the one workstation connected to that port can no longer use the network and it may also mean that the faulty port could cause a broadcast storm that causes network disruption or failure. As a switch is programmable, there may be a problem with the code or its implementation. This can be checked by accessing the configuration of the switch.
COLEG/SQA Version 1
114
DF9P 34
COLEG
A switch also has an operating system and it is possible that the operating system may be corrupt or missing. Router As a device, a router is as susceptible as a hub to total failure, which again will leave all users connected to it unable to access network resources. However another problem that could occur is a single port failure. This may mean that the one workstation connected to that port can no longer use the network. As a router is programmable, there may be a problem with the code or its implementation. This can be checked by accessing the router configuration. There are many settings in this configuration and each one must be set correctly for the router to operate correctly in your network setup. A router also has an operating system and it is possible that the operating system may be corrupt or missing. This is remedied by loading a new operating system to the router. Router fault finding and troubleshooting follows the procedure of eliminating layer 1 issues first and working up the OSI model in order to find the fault.
4.4
Write your answers to the questions below on a piece of paper. When you are finished, check your answers with the ones at the end of the section. If there is anything you are not sure about, re-read the material and ask your tutor for clarification if necessary. 1 What happens when a device is disconnected from the middle of a bus network? 2 If your Ethernet LAN contains a large number of devices and performance is poor, what type of device(s) would be best to install to create more collision domains? 3 What network device can be used to connect a company LAN to the Internet?
COLEG/SQA Version 1
115
DF9P 34
COLEG
Selecting tools for network troubleshooting In order for a network administrator to be fully effective, they must be armed with the correct tools. There are many different network tools including hardware and software. Some of the most common are discussed below. Wire crimper This handheld tool is used to securely attach wires in cables to connectors. The wires are slid into place in the connector, e.g. an RJ45, and the connector placed into the crimping tool. Pressure is then applied to push the teeth in the connector to pierce the plastic insulator and make contact with the wires. This action will also secure the connector to the cable so that it can't be accidentally pulled off because a secure connection has been made. There are different crimping tools for different types of connections, e.g. the same crimping tool would not be used for coaxial cable and for twisted-pair. Media tester/certifier Media testers/certifiers, e.g. cable testers, can be inexpensive tools that are used to find basic wiring faults. Typical wiring faults are open and short wiring and crossed pairs and reversed pairs. Some media testers/certifiers are more sophisticated and give more detailed information about the cable, e.g. being able to test for crosstalk, attenuation, resistance, collisions and even protocol errors. Typically, the more sophisticated the tester the more expensive they and in some instances it may be cheaper to hire rather than buy. Similar media testing/certifier equipment is available for fibre optic cable. One example of a media tester/certifier is a time domain reflectometer (TDR), which works by sending a signal through a cable to discover breaks and other problems. Punch down tool This tool is used to connect twisted-pair wires to wall points and to patch panels in wiring closets. The individual wires are placed into separate colour-coded insulation displacement connector (IDC) slots of a Type 110-style connector and the tool is used to push the wire into place while at the same time cutting the excess wire. The network administrator must make sure that the correct wiring standards are adhered to, i.e. 568A or 569B. The steps taken to perform the punch down operation are: 1 Remove approximately 1 inch of plastic insulation from the cable. This can be achieved by the small cutting tool that is found on most crimping tools. 2 Untwist and separate the wire pairs.
COLEG/SQA Version 1
116
DF9P 34
COLEG
3 Match the colour of the wire to the colour shown on the 110-style connector. 4 Place the appropriate wire over the IDC and push down the punch down tool until a click is heard and the wire is secured. Tone generators Broken or faulty cables can cause network disruption. When a fault occurs, the network technician must be able to quickly find which cable is faulty and repair or replace it. A tone generator is a very useful tool in networking environments that have poor documentation, e.g. cables poorly or incorrectly labelled. The tone generator allows the detection of cables by sending a signal down the cable to a receiver (tracer) which emits a clear tone if it is connected to the correct cable. Optical tester This device can be used to troubleshoot problems in fibre optic cables. The optical tester detects faults in fibre optic cables, such as breaks and other anomalies. Great care must be taken when fibre optic cables are first installed, e.g. cables shouldnt be tightly bent, especially near connectors. It is also recommended that cables are thoroughly checked with the optical tester before installation because of the time and effort that would be required to fault find and fix the fibre optic cable once it is in place. A common problem with fibre optic installation is that the two fibres used for transmit and receive have the same setting at both ends, i.e. transmit to transmit and receive to receive. The optical tester can be used to check if this is the case by using its light source to shine down one end of the cable. Typically, any light source could do a similar job; however, the optical tester enables the network administrator to test cable lengths of up to 2.25 miles.
COLEG/SQA Version 1
117
DF9P 34
COLEG
Network monitoring Network monitoring tools should form an integral part of a network administrators 'toolkit', enabling the network to be managed, controlled and developed as a result of collected data received from monitoring applications and policies. Benefits of effectively monitoring your network An effectively monitored network can raise awareness of security and acceptable use policy both within the network team, and on an organisational scale, thus enabling a safer, better used network. Quite often fault tracing and incident response times are shortened, as is the amount of time spent pursuing network misuse. In order to achieve this situation, however, a monitoring system must be developed from the outset which is tailored to interact with, and regularly be updated to, your organisations network policies and equipment. Fundamentals Log files form a fundamental basis for network monitoring and are generated from a number of different sources, such as application sources and intrusion detection systems. Logs can answer many questions with regard to network problems, but they cannot alone define what has occurred. A variety of mechanisms such as network packet sniffers and packet reassemblers can reconstruct network sessions to try to ascertain this. In order to fully utilise logs, however, it is important to remember that logging mechanisms should be configured correctly in the first place and kept up to date. Another major consideration is the storage of log files, which can vary enormously according to organisational size. There are also issues regarding data retention and the UK Data Protection Act which must be considered. A general guideline from UKERNA on this topic is as follows: the Data Protection Act also requires that [log files] not be kept any longer than necessary for the specific purpose for which they were collected. In the ISP industry these purposes are normally only billing and the investigation of misuse. Packet sniffers Computer network administrators have used packet sniffers for years to monitor their networks and perform diagnostic tests or troubleshoot problems. Essentially, a packet sniffer is a program that can see all of the information passing over the network it is connected to. As data streams back and forth on the network, the program looks at, or sniffs, each packet. A packet is a part of a message that has been broken up. Normally, a computer only looks at packets addressed to it and ignores the rest of the traffic on the network. But when a packet sniffer is set up on a computer, the sniffer's network interface is set to promiscuous mode. This means that it is looking at everything that comes through. The amount of traffic largely depends on the location of the computer in the network. A client system out on an isolated branch of the network sees only a small segment of the network traffic, while the main domain server sees almost all of it.
COLEG
A packet sniffer can usually be set up in one of two ways: Unfiltered captures all of the packets Filtered captures only those packets containing specific data elements
Packets that contain targeted data are copied onto the hard disk as they pass through. These copies can then be analysed carefully for specific information or patterns. When you connect to the Internet, you are joining a network maintained by your ISP. The ISP's network communicates with networks maintained by other ISPs to form the foundation of the Internet. A packet sniffer located at one of the servers of your ISP would potentially be able to monitor all of your online activities, such as: which websites you visit what you look at on the site whom you send email to what's in the email you send what you download from a site what streaming events you use, such as audio, video and Internet telephony.
From this information, employers can determine how much time a worker is spending online and if that worker is viewing inappropriate material. Desktop monitoring programs work differently from packet sniffers. They can actually monitor every single action you take with your computer. There are actually systems built into every computer that make finding out what you've been doing pretty easy. Log files Your computer is full of log files that provide evidence of what you've been doing. Through these log files, a system administrator can determine what websites you've accessed, who you are sending emails to and receiving emails from and what applications are being used. So, if you are downloading MP3 files, there's more than likely a log file that holds data about that activity. In many cases, this information can be located even after you've deleted what you thought was all the evidence but deleting an email, or a file, doesn't erase the trail. Here are a few places where log files can be found: operating systems web browsers (in the form of a cache) applications (in the form of backups) email
COLEG/SQA Version 1
119
DF9P 34
COLEG
If the hard drives of an employee's computer and a system administrator's computer are connected, a system administrator can view the log files remotely. The system administrator has to have access to the rights to the users drive to check files remotely, otherwise, the system administrator would have to visit the users computer to be able to check it. Therefore it is best for the system administrator to access the users computer either before the employee, ie the user, comes in to work or after the employee leaves for the day. The tools a system administrator might use on a network are ones that allow the administrator to look at node availability (to see which users are currently accessing the network) bandwith utilisation (to see how much network bandwith is currently being used by users) packet sniffing (to see what users on the network are accessing).
Brief protocol explanation There are several protocols in existence in relation to network monitoring. Here we have outlined the most common: SNMP (simple network management protocol): A standardised protocol on network management which is extensively used for network monitoring functions. SNMP works by sending messages called protocol data units (PDUs) to different parts of a network. SNMP gathers information from a single type of management information base (MIB). RMON (remote monitoring): RMON allows network information to be gathered at a single workstation. RMON 1 gathers its information from nine additional MIBs as opposed to the single MIB used by SNMP, and therefore gives a more comprehensive look at the network.
COLEG/SQA Version 1
120
DF9P 34
COLEG
Configuring clients to connect to servers

For this part of the unit we will be turning our attention to the connection of client/server networks. The function of the server is to provide network services and resources to client computers on the network. Common network services provided by the server include file and print services. Connecting to Windows server systems Windows NT/2000/2003 servers support Unix/Linux and Macintosh systems in their own native mode. This means that the Windows server will appear as a Unix/Linux or Macintosh system, so there is no need to make the Unix/Linux computers act like Windows machines. This support is incorporated using services that can be installed when the Windows server is installed. Using Unix/Linux or Macintosh systems in conjunction with a Windows server can cause a few problems when it comes to incorporating Windows domains and Active Directory elements. This is due to the fact that the Windows server services treat Macintosh and Unix/Linux systems as separate entities, excluding them from accessing the same shared folders as the Windows systems on the domain or Active Directory. The tools that Macintosh and Unix/Linux use to access Windows shared resources do support domains. Connecting Macintosh to Windows server shared resources Windows NT/2000/2003 servers provide an AppleTalk protocol and two key services: File Services for Macintosh (FSM) and Print Services for Macintosh (PSM). These facilities give full functionality that is required for seamless interconnectivity for Macintosh computers with pre-Mac OS X operating system versions. Later Macintosh systems running OS X do not require these Microsoft services because their preinstalled native tools are faster and easier to use than their Windows counterparts. The FSM and PSM services can be installed as services from the Windows Components section of the Add/Remove programs applet in the Windows Control Panel. Once youve installed FSM, you need to create a volume that is used solely for storage of files that you want the Macintosh clients to access and specify that it is to be shared by Macintosh clients. All the Macintosh systems will also need to have valid user accounts on the Windows server to be able to use these resources. To use PSM, ensure that the system sharing the printer is running AppleTalk to support Macintosh systems. Once the service is running, Macintosh systems will see the servers shared printers in their Chooser program.
COLEG/SQA Version 1
121
DF9P 34
COLEG
Connecting Unix/Linux systems to Windows server shared resources The key method for allowing a Unix/Linux system access to resources on a Windows system is called SAMBA. This uses TCP/IP installed on the host server and when configured allows that host to interact with a Microsoft Windows client or server as if it were a Windows file and print server. If SAMBA is not used, a Microsoft program called Services for Unix (SFU) can be used. This is a Unix subsystem for Windows that works as a Unix-style shell. SFU includes many key TCP/IP applications for file and print sharing, e.g. NFS and FTP. Connecting to NetWare servers By its very nature, a NetWare server is designed for client accessibility. There is no such thing as a NetWare client operating system, NetWare provides a server NOS. Therefore, all systems, whether they be Windows, Unix/Linux or Macintosh must use some sort of NetWare client software to connect to the server. Connecting Windows systems to NetWare servers Novell has client software for all Windows platforms, which supports mixed NetWare and Windows server environments, and is constantly updating this to use the latest features of NetWare. Novells first client for Windows was called Client32, and although this software is no longer used, the name remains synonymous with any Windows NetWare client software. Microsoft provides its own client software to connect to NetWare Servers. The Windows 9x version is called Microsoft Client for NetWare Networks (MCNN) while it is called Client Service for NetWare (CSNW) for the other Windows versions. This client software comes free with Windows but has to be installed as an option, if required. The drawback with using Microsofts own client software to connect to the NetWare network is that clients cannot connect using TCP/IP but have to use an IPX/SPXcompatible protocol. Therefore, if the network only uses TCP/IP, the client will not be able to connect. Another issue that may cause problems is that the Microsoft client software will not recognise Novell Directory Services (NDS), NetWares default security, or the directory systems for NetWare 4, 5, and 6. The latest versions of NetWare (6.xx) use eDirectory instead of NDS. Microsoft also provides with its Windows NT/2000 Server systems a program called Gateway Services for NetWare (GSNW). This software allows a single Windows server system to act as a gateway to a NetWare network and it is through this gateway that clients can access the NetWare network without needing a NetWare client. Although this seems to be the best of both worlds, it still does not match the performance of Novells Client32 software.
COLEG/SQA Version 1
122
DF9P 34
COLEG
Connecting Macintosh to NetWare servers Connecting a Macintosh client to a NetWare server involves the installation of Macintosh Client for NetWare on the host machine. Once installed, the client has full access to the shared resources provided by the NetWare server, i.e. folders and printers. Due to the fact that Novell ceased support for Macintosh clients in the mid 1990s, there may be difficulties in getting the appropriate client software. However, third-party vendors still produce Macintosh NetWare client software. The client system must also use the same protocol as the server. This is not a problem with modern clients that use TCP/IP, but older systems may have to be set up with IPX drivers to use a NetWare network that uses IPX as its network protocol. Summary of client connection to server Windows NT/2000 Best client: Windows NT/2000 Workstation Windows NT/2000 Workstation works best with Windows NT/2000 Server because of the common NTFS file system and because they are optimised to work with each other. Other contenders: Windows95/98, Windows for Workgroups, DOS, Unix, Macintosh, and even NetWare clients can be connected to a Windows NT environment.
Novell NetWare Clients: Novell NetWare works well with most popular clients such as DOS, Windows 3.11, Windows 9x, Windows NT/2000 Workstation.
Unix Best client: Unix-specific clients such as Sun Sparc workstations work best with their manufacturer's NOS.
COLEG/SQA Version 1
123
DF9P 34
COLEG
4.5
Write your answers to the questions below on a piece of paper. When you are finished, check your answers with the ones at the end of the section. If there is anything you are not sure about, re-read the material and ask your tutor for clarification if necessary. 1 What type of network is composed of a number of computers that connect to a central computer for file storage, printing, and shared applications? 2 Name the three most popular NOS in use today 3 Which operating system uses TCP/IP as its default protocol and which use IPX as their default protocols? 4 Describe some advantages a client/server network has over a peer-to-peer network?
COLEG/SQA Version 1
124
DF9P 34
COLEG
4.6
This SAQ should be used as an overall test of this section. 1 Which of the following includes the troubleshooting PING Utility? A. IPX/SPX B. NetBEUI C. TCP/IP D. RTMP 2 Which of the following is the best to use for displaying the IP address of a workstation? A. IPCONFIG B. NetStat C. TRACERT D. ARP 3 Which of the following utilities displays all current connections and ports? A. ARP B. NBSTAT C. TRACERT D. NETSTAT 4 You have changed a faulty network card in the system and wish to check the local loopback feature of TCP/IP. Which of the following will do this? A. ping 127.0.0.1 B. ping the default gateway C. ping localhost D. ping another workstation on the segment
COLEG/SQA Version 1
125
DF9P 34
COLEG
5 A wireless network user is experiencing a drop in network speed when the laptop is more than 150 feet away from the wireless AP. The wireless network follows the IEEE 802.11b standard. Which of the following could be the problem? A. A cable is disconnected B. The laptop's batteries are dead C. The network adaptor is not working D. The farther away from an access point, the slower the speed 6 You're troubleshooting a system that can communicate with devices on the same segment but is unable to do the same with devices in another segment. Other devices on this machines segment can communicate with remote devices. Which of the following could be the problem? A. The workstation's IP address is incorrect B. The router acting as the default gateway is faulty C. The workstation's subnet mask is incorrect D. The default gateway setting on the workstation is incorrect 7 A UTP cable is faulty and it's suspected that there is a wire break. Which of the following could be used to confirm connectivity of each wire in the cable? A. Crossover cable B. Link light C. Network adaptor card D. Cable tester 8 The link light on a network card flashes intermittently. Which of the following can be ruled out as a possible cause? A. The cable B. The hub C. The IP address D. The network card 9 Looking at the output below, what utility is being used? Reply from 192.5.5.1: bytes=32 time=10ms TTL=128 Reply from 192.5.5.1: bytes=32 time=10ms TTL=128
COLEG/SQA Version 1
126
DF9P 34
COLEG
Reply from 192.5.5.1: bytes=32 time=10ms TTL=128 Reply from 192.5.5.1: bytes=32 time=10ms TTL=128 A. TRACERT B. NETSTATC. PING D. NBTSTAT 10 You can TELNET to a remote site using IP address but not the domain name for the site. What is the problem? A. Incorrect HOST configuration B. Incorrect DHCP configuration C. Incorrect WINS configuration D. Incorrect DNS configuaration 11 Which of the following TCP/IP utilities can be used to view a routing table? A. TRACERT B. NETSTAT C. NBTSTAT D. PING 12 Host computers on a network can transfer files but not connect to the Internet. What is the problem? A. The switch isn't working B. The NIC cards are faulty C. The default gateway isn't configured correctly D. TCP/IP is installed on the network
COLEG/SQA Version 1
127
DF9P 34
COLEG
Summary of this section

Network support In this section we looked at what was involved in providing network support. We examined the use of a structured troubleshooting strategy with eight steps: 1 Establish the symptoms. 2 Identify the affected area. 3 Establish what has changed. 4 Select the most probable cause. 5 Implement a solution. 6 Test the result. 7 Recognise the potential effects of the solution. 8 Document the solution. TCP/IP utilities We learned how to select the appropriate TCP/IP utilities to identify the source of network problems. We leaned to use and interpret the output from the TCP/IP utilities: TRACERT, PING, ARP, NETSTART, NBTSAT, IPCONFIG, WINIPCFG and NSLOOKUP. Troubleshooting network problems We looked at troubleshooting strategy, troubleshooting problems in different topologies, identifying cause of network failures, troubleshooting connectivity problems, interpreting visual indicators, troubleshooting wiring/infrastructure problems, and selecting the appropriate network administration tools. Configuring clients We learned how to configure clients to connect to servers: Unix/Linux, NetWare, Windows, Macintosh.
COLEG/SQA Version 1
128
DF9P 34
COLEG
Answers to SAQs
SAQ 4.1 1 ping. 2 ipconfig. 3 arp -a. 4 winipcfg. SAQ 4.2 1 TRACERT. 2 NETSTAT -A. 3 ARP. 4 PING. SAQ 4.3 The eight steps of the troubleshooting strategy are: Step 1: Establish the symptoms. Step 2: Identify the affected area. Step 3: Establish what has changed. Step 4: Select the most probable cause. Step 5: Implement a solution. Step 6: Test the result. Step 7: Recognise the potential effects of the solution. Step 8: Document the solution. SAQ 4.4 1 When a device is disconnected from the middle of a bus network all of the connected workstations will lose network connectivity. 2 A bridge or a switch would be the best device to use to segment the network and create more collision domains. 3 A router would be the best device to connect a workstation to a company LAN.
COLEG/SQA Version 1
129
DF9P 34
COLEG
SAQ 4.5 1 A network which is composed of a number of computers that connect to a central computer for file storage, printing, and shared applications is a client/server network. 2 The three most popular NOS in use today are: Windows NT/2000 Novell Network Unix/Linux
3 Windows NT/2000 and Unix/Linux use TCP/IP and Novell NetWare uses IPX. 4 Advantages that a client/server network has over a peer-to-peer network: Client/server can be used for many users whereas peer-to-peer works best with a few. Client/server has a central location for data storage and provides high security for users and network resources.
SAQ 4.6 1 C. TCP/IP 2 A. IPCONFIG 3 D. NETSTAT 4 A. ping 127.0.0.1 C. ping localhost 5 D. The farther away from an access point, the slower the speed 6 D. The default gateway setting on the workstation is incorrect 7 D. Cable tester 8 C. The IP address 9 C. PING 10 D. Incorrect DNS configuaration 11 B. NETSTAT 12 C. The default gateway is not configured correctly
COLEG/SQA Version 1
130
DF9P 34
COLEG
Answers for Activity 4.1 1 A. bbc.co.uk B. yahoo.com C. google.co.uk 2 A. 216.239.57.99 B. 207.46.250.119 C. 129.42.16.99 Answers for Activity 4.2 1 Typing ipconfig /all should display detailed information about the workstations IP address, subnet mask, default gateway, WINS, and DNS configuration. If DHCP is used, the time the lease was last renewed and when it is due to expire. 2 The ping should work by sending and replying to four packets. 3 The ping should work by sending and replying to four packets. 4 The network cable should be unplugged from the workstations NIC or the wall. 5 The ping should fail because the workstation is not connected to the network. 6 The ping should work by sending and replying to four packets. Pinging 127.0.0.1 is known as a loopback check that verifies if an NIC is working. Network access is not required for a local loopback ping to work.
COLEG/SQA Version 1
131
DF9P 34
COLEG
Glossary
10BASE2 An Ethernet LAN designed to run on common coaxial RG-58 cabling, almost exactly like the coaxial for cable television. It runs at 10 Mbps and has a maximum segment length of 185 meters. It is also known as thinnet or thin Ethernet. It uses baseband signalling and BNC connectors. 10BASE5 The original Ethernet LAN, designed to run on specialized coax cabling. It runs at 10 Mbps and has a maximum segment length of 500 meters. Also known as thicknet or thick Ethernet, 10Base5 uses baseband signalling running on RG-8 coaxial cable. It uses DIX connectors and external transceivers, known as AUI connectors. 10BASE-T An Ethernet LAN designed to run on UTP cabling, 10BASE-T runs at 10 Mbps. The maximum length for the cabling between the NIC and the hub (or the switch, the repeater, and so forth) is 100 meters. It uses baseband signalling. 100BASEFX An Ethernet LAN designed to run on fibre-optic cabling. It runs at 100 Mbps and uses baseband signalling. 100BASE-T A generic term for any Ethernet cabling system that is designed to run at 100 Mbps on UTP cabling. It uses baseband signalling. 802.3 IEEE Ethernet implementation See Ethernet. 802.11a A wireless standard that operates in the frequency range of 5 GHz and offers throughput of up to 54 Mbps. 802.11b The most popular wireless standard, 802.11b, operates in the frequency range of 2.4 GHz and offers throughput of up to 11 Mbps. 802.11g The newest wireless standard in general use, 802.11g, operates in the frequency range of 2.4 GHz and offers throughput of up to 54 Mbps. 1000BASET Gigabit Ethernet. This is an Ethernet LAN designed to run on UTP cabling. It runs at 1000 Mbps (1 Gbps)and uses two pairs of wires on Cat 5e or better cabling. It uses baseband signalling. Active directory A directory service used in networks with Windows 2000/2003 servers. Activity light An LED (light emitting diode) on a NIC, hub, or switch that blinks rapidly to show data transfers over the network. Address resolution protocol (ARP) A protocol in the TCP/IP suite used to determine the MAC address that corresponds to a particular IP address. Ad-hoc mode Each wireless node in ad-hoc mode is in direct contact with every other node without having to go through a wireless access point. Administrative tools A group of Control Panel tools, including Computer Management, Event Viewer, and Performance, that enable you to handle routine administrative tasks in Windows 2000, Windows XP, and Windows Server 2003 systems. Administrator The person whose job it is to maintain a computer system or network.
COLEG/SQA Version 1
132
DF9P 34
COLEG
Administrator account A user account that has unrestricted access to all system functions, services, and data. A default administrator account, such as the appropriately named Administrator account in Windows, is created when the operating system is installed on the PC. ADSL (Asymmetric Digital Subscriber Line) A fully digital, dedicated connection to the telephone system that provides download speeds of up to 8 Mbps and upload speeds of up to 1 Mbps. Asymmetric means it has different download and upload speeds. Analogue An analogue signal is one in which data is represented by continuously variable, measurable, physical quantities, such as length, width, voltage, or pressure, for example, sound waves. Digital on the other hand uses two values, 1 and 0, to store information. ANSI (American National Standards Institute) The body responsible for standards, such as ASCII. Appletalk A network protocol suite invented to run on Apple computers. Modern Macintosh systems still support Appletalk, but most Macintosh systems use TCP/IP Rather than appletalk. Application A program designed to perform a job for the user of a PC. A word processor and a spreadsheet program are typical applications. Application layer See OSI Reference Model. ASCII (American Standard Code for Information Interchange) The industry standard 8bit characters used to define text characters, consisting of 96 uppercase and lowercase letters, plus 32 non-printable control characters, each of which is numbered. These numbers were designed to achieve uniformity among different computer devices for printing and the exchange of simple text documents. Asynchronous communication A type of communication in which the receiving devices must send an acknowledgement or ack to the sending unit to verify a piece of data has been sent. Asynchronous transfer mode (ATM) A network technology that runs at fast speeds up to 600 Mbps using fibre optic cabling or Cat 5 UTP. AUI (attachment unit interface) connector The standard connector used with 10BASE5 Ethernet. This is a 15-pin female DB connector Authentication A process that proves that a user or piece of data has the correct credentials . Automatic private IP addressing (APIPA) A feature of later Windows operating systems that enables TCP/IP clients to self-configure an IP address and subnet mask in the Class B Private IP range (169.254.x.x, with a subnet mask of 255.255.0.0) automatically when a DHCP server isnt available. Backbone A term defining the primary network cabling and hardware that connect the major parts of the network
COLEG/SQA Version 1
133
DF9P 34
COLEG
Back up To save important data as a safety precaution against the loss of data from servers or host PCs. Bandwidth A piece of the spectrum occupied by some form of signal, whether it is television, voice, fax data, and so on. Signals require a certain size and location of bandwidth to be transmitted. The higher the bandwidth, the faster the signal transmission. As bandwidth if finite, when one user is occupying it, others must wait their turn. Baseband Digital signalling that has only one signal (a single signal) on the cable at a time. The signals must be in one of three states: one, zero, or idle. Baseline A measurement of a networks (or systems) performance when all elements are known to be working properly. Basic rate interface (BRI) The basic ISDN configuration, which consists of two B channels (which can carry voice or data at rate of 64 Kbps) and one D channel (which carries setup and configuration information at 16 Kbps). Bindery Security and account database used by default on Novell NetWare 3.x servers and available to NetWare 4.x, 5.x, and 6.x servers. Binding The process of determining which NICs use which protocols for which transactions. Every protocol installed on a system must be bound to one or more NIC. Every NIC must be bound to one or more specific protocols. Bit (binary digit) A single binary digit, typically represented by 1s and 0s. Any device that can be in either an on or an off state. BNC connector Stands for British naval connector (or Bayonet connector). A cylindrical shaped connector used for 10BASE2 coaxial cable. All BNC connectors have to be locked into place by rotating the locking ring 90 degrees. Bootp (bootstrap protocol) This is a component of TCP/IP that allows computers to discover and receive an IP address from a DHCP server prior to booting the operating system. Other items that may be discovered during the bootp process are the IP address of the default gateway for the subnet and the IP addresses of any name servers. bps (bits per second) A measurement of how fast data is moved from one place to another. In theory and under ideal conditions, a 56 K modem can move 56,600 bits per second. Bridge A device that connects two networks and passes traffic between them based only on the MAC address, so that traffic between nodes on one network does not appear on the other network. For example, an Ethernet bridge only looks at the Ethernet address. Bridges filter and forward packets based on MAC addresses and operate at Level 2 (the Data Link layer) of the OSI seven-layer model. Broadband Analogue signalling that sends multiple signals over the cable at the same time. The best example of broadband signalling is ADSL. The data and voice information exist on the same cable, but occupy different areas of the spectrum. Broadcast A broadcast is a packet addressed to all machines. In TCP/IP, the general broadcast address is 255.255.255.255. A MAC broadcast is FFFF:FFFF:FFFF.
COLEG/SQA Version 1
134
DF9P 34
COLEG
Broadcast address The address a host attaches to a frame when it wants every other device on the network to read it. Browser A software program specifically designed to retrieve, interpret, and display web pages. Bus topology A network topology in which all computers connect to the network via a central bus cable. Byte A byte is 8 bits and the fundamental data unit of personal computers. As the byte stores the equivalent of one character, it is also the basic unit of measurement for computer storage. Cable tester A device that tests the continuity of cables. Some testers also test for electrical short circuits, crossed wires, or other electrical characteristics. Cat 3 Category 3 wire, a TIA/EIA standard for UTP wiring that can operate at up to 16 Mbps. Cat 4 Category 4 wire, a TIA/EIA standard for UTP wiring that can operate at up to 20 Mbps. This is not widely used, except in older token ring networks. Cat 5 Category 5 wire, a TIA/EIA standard for UTP wiring that can operate at up to 100 Mbps. Cat 5e Category 5e wire, a TIA/EIA standard for UTP wiring with improved support for 100 Mbps using two pairs, and support for 1000 Mbps using four pairs. Client A computer program that uses the services of another computer program; software that extracts information from a server. Client/server A relationship in which client software obtains services from a server on behalf of a user. Coax Short for coaxial. Cabling in which an internal conductor is surrounded by another, outer conductor, therefore sharing the same axis, hence coaxial Collision The result of two nodes transmitting data packets at the same time on a multiple access network such as the Ethernet. Data packets that collide become corrupted and are unusable and will have to be re-sent. Collision domain A set of Ethernet segments that receive all traffic generated by any node within those segments. Repeaters, amplifiers, and hubs do not create separate collision domains, but bridges, routers, and switches do. Compression The process of reducing the size of files, allowing them to be stored using less space and transmitted using less bandwidth. Different compression applications use different methods to reduce file size, such as removing blank spaces, redundant characters, and so on.
COLEG/SQA Version 1
135
DF9P 34
COLEG
Concentrator A device that brings hosts together at a common centre point. Connectionless protocol A protocol that does not establish and verify a connection between the hosts before sending data; it just sends the data and hopes it will reach its destination. This is faster than connection-oriented protocols. UDP is an example of a connectionless protocol. Connectionless session A networking session in which packets are sent without first creating a connection-oriented session. Network protocols use connectionless sessions only for data that wont cause problems if it doesnt make it to the intended recipient. Connection-oriented protocol A protocol that establishes a connection between two hosts before transmitting data and verifies receipt before closing the connection between the hosts. TCP is an example of a connection-oriented protocol. Control panel A collection of Windows tools that are used to configure various hardware, software and services in a system. Copy backup A type of backup similar to normal or full, in that all selected files on a system are backed up. This type of backup does not change the archive bit of the files being backed up. Crossover cable A special UTP cable used to connect hubs or to connect network cards without a hub. Crossover cables reverse the sending and receiving wire pairs from one end to the other. Crossover port Special port in a hub that crosses the sending and receiving wires, thus removing the need for a crossover cable to connect the hubs. Crosstalk Electrical signal interference between two cables that are in close proximity to each other. CSMA/CA (carrier sense multiple access with collision avoidance) This access method is used mainly on Apple networks and is also implemented on wireless networks. Before hosts send out data, they send out a signal that checks to make sure that the network is free of other signals. If data is detected on the wire, the hosts wait a random time period before trying again. If the wire is free, the data is sent out. CSMA/CD (carrier sense multiple access with collision detection) The access method Ethernet systems use in LAN technologies, enabling packets of data to flow through the network and ultimately reach address locations. Hosts on CSMA/CD networks send out data after checking to see if the wire is free first. If a collision occurs, then both hosts wait a random time period before re-transmitting the data. CSU/DSU (channel service unit/data service unit) A piece of equipment that connects a leased line from the telephone company to a customers equipment (such as a router). It performs line encoding and conditioning functions, similar to a modem. Daily backup A backup type makes a copy of all files that have been changed on that day without changing the archive bits of those files. Datagram Another term for network packets. Data Link layer See OSI Reference Model.
COLEG/SQA Version 1
136
DF9P 34
COLEG
Default gateway In a TCP/IP network, the nearest router to a particular host. This routers IP address is part of the necessary TCP/IP configuration for communicating with multiple networks using IP. DHCP (dynamic host configuration protocol) A service that enables a DHCP server to set TCP/IP settings automatically for a networks DHCP clients. Differential backup Similar to an incremental backup in that it backs up the files that have been changed since the last backup. This type of backup does not change the state of the archive bit. Disk mirroring Process by which data is written simultaneously to two or more disk drives. read and write speed is decreased but redundancy, in case of catastrophe, is increased. Considered RAID level 1. Disk striping Process by which data is spread among multiple (at least two) drives. it increases speed for both reads and writes of data. Considered RAID level 0, because it does not provide fault tolerance. Disk striping with parity Provides fault tolerance by writing data across multiple drives and includes an additional drive, called a parity drive that stores information to rebuild the data contained on the other drives. Disk striping with parity requires at least three physical disks: two for the data and a third for the parity drive. It provides data redundancy at RAID levels 35 with different options. DIX Acronym identifying the three companies (Digital, Intel, and Xerox) that released the original Ethernet specification in 1980. DNS (Domain Name Service or System) A TCP/IP name resolution service that resolves host names to IP addresses. Domain A term used to describe logical security boundaries that contain groupings of users, computers, or networks. In Microsoft networking, a domain is a group of computers and users that share a common account database and a common security policy. For the Internet, a domain is a group of computers that share a common element in their hierarchical name. Other types of domains also exist, such as collision domains. Domain controller A Microsoft Windows NT/2000/2003 machine that stores the user and server account information for its domain in a central database. On a Windows NT domain controller, the database is called the Security Accounts Manager or SAM database, and is stored as part of the registry. Windows 2000/2003 domain controllers store all account and security information in the Active Directory service. Domain users and groups Users and groups that are defined across an entire network domain. DOS (Disk Operating System) A piece of software that allows a user to interact with a computers hardware. Examples include Windows 2000, Windows XP Download The transfer of information from a remote computer system to the users system. The opposite of upload. DSL (Digital Subscriber Line) A high-speed Internet connection technology that uses a regular telephone line for connectivity. DSL comes in several varieties, including
COLEG
asynchronous (ADSL) and synchronous (SDSL), and many speeds. Typical home-user DSL connections are ADSL with a download speed of up to 8 Mbps and an upload speed of up to 1 Mbps. Dynamic routing Process by which routers in an inter-network automatically exchange information with all other routers, enabling them to build their own list of routes to various networks, called a routing table. Dynamic routing requires a dynamic routing protocol, such as OSPF (open shortest path first) or RIP (routing information protocol). Dynamic routing protocol A protocol that supports the building of automatic routing tables, such as OSPF or RIP. Encapsulation The process of putting the additional information on to segmented packets. For example in the OSI model, data is encapsulated into packets at the Network layer with the addition of IP addressing information. These packets are then encapsulated into frames with the addition of the MAC layer framing information Encryption A method of securing messages by scrambling and encoding each packet as it is sent across an unsecured medium, such as the Internet. Each encryption level provides multiple standards and options. Ethernet Name given by Xerox to the first standard of network cabling and protocols. Ethernet is based on a bus topology. The IEEE defines the Ethernet standards Fault tolerance The capability of any system to continue functioning after some part of the system has failed. RAID is an example of a hardware device that provides fault tolerance. FDDI (fibre distributed data interface) A standard for transmitting data on optical fibre cables at a rate of around 100 Mbps. Fibre optics A high-speed physical medium for transmitting data, which is made of highpurity glass fibres sealed within a flexible opaque tube. Much faster than conventional copper wire such as coaxial cable. Firewall A device or application that restricts traffic between a local network and the Internet based on the type of data transmitted. Frame The type of information added at the Data Link layer of the OSI model, contains physical addressing information. Frame check sequence (FCS) A sequence of bits placed in a frame that is used to check the data for errors. Frame relay An extremely efficient data transmission technique used to send digital information such as voice, data, LAN, and WAN traffic quickly and cost-efficiently to many destinations from one port. Frame relay switches packets end-to-end much faster than X.25 but with no guarantee of data integrity. FTP (file transfer protocol) A service that enables computers to transfer and store data files to and from FTP servers quickly using the FTP protocol. The FTP service is built into all modern network operating systems. Examples of third-party FTP clients include command line FTP and WS-FTP. Full-duplex Describes any device that can send and receive data at the same time.
COLEG/SQA Version 1
138
DF9P 34
COLEG
Gateway 1. A hardware or software setup that translates between two dissimilar protocols. 2. Any mechanism for providing access to another system; for example, a router may the gateway to the Internet for LAN users. Half-duplex Any device that can only send or receive data at any given moment. Most Ethernet transmissions are half-duplex. Handshaking A procedure performed by modems, terminals, and computers to verify that communication has been correctly established. Host A single device (usually a computer) on a TCP/IP network that has an IP address; any device that can be the source or destination of a data packet. This may be a PC, a printer or server. HOSTS file A static text file that resides on a computer and is used to resolve DNS host names to IP addresses. The HOSTS file is checked before the machine sends a name resolution request to a DNS name server. The HOSTS file has no file extension. HTML (hypertext markup language) An ASCII-based script-like language for creating hypertext documents like those on the World Wide Web. HTTP (hypertext transfer protocol) Extremely fast protocol used for network file transfers in the WWW environment. HTTP over SSL (HTTPS) A secure form of HTTP, used commonly for Internet business transactions or any time where a secure connection is required. Hub A hardware device that sits at the centre of a star topology network, providing a common point for the connection of network devices. ICS (Internet connection sharing) A term used to describe the technique of enabling more than one computer to access the Internet simultaneously using a single Internet connection. When you use Internet sharing, you connect an entire LAN to the Internet using a single public IP address. IEEE (the Institute of Electrical and Electronics Engineers) Institute of Electrical and Electronics Engineers. A professional association and standards body covering technical areas such as computer engineering, telecommunications, electric power, and consumer electronics amongst others. The IEEE Project 802 is the group within IEEE responsible for LAN technology standards. Impedance The amount of resistance to an electrical signal on a wire. It is used as a relative measure of the amount of data a cable can handle. Incremental backup A type of backup that backs up all files that have their archive bits turned on, which means they have been changed since the last backup. This type of backup turns the archive bits off after the files have been backed up. Infrastructure mode Wireless networks running in infrastructure mode use one or more wireless access points to connect the wireless network nodes centrally. Wireless nodes cannot connect directly with each other.
COLEG/SQA Version 1
139
DF9P 34
COLEG
Internal threats All the things that a networks own users do to create problems on the network. Examples include accidental deletion of files, accidental damage to hardware devices or cabling, and abuse of rights and permissions. Internet control message protocol (ICMP) ICMP messages consist of a single packet and are connectionless. ICMP packets determine connectivity between two hosts. Internet protocol version 4 (IPv4) IPv4 addresses consist of four sets of numbers, each number being a value between 0 and 255, using a dot to separate the numbers. This is often called dotted decimal format. Examples include 192.168.0.1 and 81.176.19.164. Internet protocol version 6 (IPv6) IPv6 addresses consist of eight sets of four hexadecimal numbers, each number being a value between 0000 and FFFF, using a colon To separate the numbers. An example is EEDC:BA98:7654:3210:0800:200C:00CF:1234. Intranet A private network inside a company or organisation that uses the same kinds of software and services you find on the Internet, but that is only for internal use. I/O (input/output) A general term for reading and writing data to a computer. The term input includes data from a keyboard, pointing device (such as a mouse), and a file from a disk. Output includes writing information to a disk, viewing it on a monitor and printing it to a printer. I/O device Pieces of hardware that enable a user to move data into or out of the computer, such as a mouse or a keyboard. IP (Internet protocol) The Internet standard protocol that provides a common layer over dissimilar networks used to move packets among host computers and through gateways if necessary. IP is part of the TCP/IP protocol suite. IP address The numeric address of a computer connected to a TCP/IP network, such as the Internet. The IP address is made up of four octets of 8-bit binary numbers that are translated by the computer into their shorthand numeric values; for example,11000000.10101000.00000100.00011010 = 192.168.4.26. IP addresses must be matched with a valid subnet mask, which identifies the part of the IP address that is the network ID and the part that is the host ID. IPCONFIG A command-line utility for Windows PCs that displays the current TCP/IP configuration of the machine; similar to Unix/Linuxs IFCONFIG and the graphical WINIPCFG available in Windows 9x and Windows XP. IPSec (IP Security) A group of protocols used to encrypt IP packets. IPSec is most commonly seen on VPNs. See VPN (virtual private network). IPX/SPX (Internetwork Packet Exchange/Sequence Packet Exchange) Protocol suite developed by Novell, primarily for supporting Novell NetWare-based networks. ISDN (Integrated Services Digital Network) The standard that defines a digital method for communications to replace the current analogue telephone system. ISDN is superior to analogue dial-up telephone line connections because it supports up to 128 Kbps transfer rate for sending information from computer to computer. It also allows data and voice to share a common phone line.
COLEG/SQA Version 1
140
DF9P 34
COLEG
ISP (Internet service provider) A company that provides access to the Internet in some form, usually for a fee. Kbps (kilobits per second) Data transfer rate of 1000 bps. Kerberos An authentication standard designed to allow different operating systems and applications to authenticate each other. KHz (kilohertz) A unit of measure that equals a frequency of one thousand cycles per second. LAN (local area network) A group of PCs connected together via cabling, radio, or infrared, and using this connectivity to share resources such as printers and mass storage. Layer A grouping of related tasks involving the transfer of information, related to a particular level of the OSI Reference Model, for example, Physical layer, Data Link layer. LMHOSTS file A static text file that resides on a computer and is used to resolve NetBIOS names to IP addresses. The LMHOSTS file is checked before the machine sends a name resolution request to a WINS name server. The LMHOSTS file has no extension. Localhost An alias for the loopback address of 127.0.0.1, referring to the current machine. Logical address An address that describes both a specific network and a specific machine on that network. Loopback address Sometimes called the localhost, the loopback address is a reserved IP address used for internal testing: 127.0.0.1. MAC (media access control) Unique 48-bit address assigned to each network card. IEEE assigns blocks of possible addresses to various NIC manufacturers to help ensure that each address is unique. Mbps (Megabits per second) Data transfer rate of a million bits per second. Mesh topology Each computer has a dedicated connection to every other computer in a network. Used in networks that have to have redundancy built in. MHz (megahertz) A unit of measure that equals a frequency of 1 million cycles per second. Mirroring Also called drive mirroring. Reading and writing data at the same time to two drives for fault-tolerance purposes. RAID level 1. Modem (modulator/demodulator) A device that converts both digital bit streams into analogue signals (modulation) and incoming analogue signals back into digital signals (demodulation). The antilog communications channel is typically a telephone line and the analogue signals are typically sounds. MSCONFIG A utility found in Windows that enables a user to configure a systems boot files and critical system files. Name resolution A method that enables one computer on the network to locate another and establish a session. All network protocols perform name resolution in one of two ways: by broadcasting or by providing some form of name server.
COLEG/SQA Version 1
141
DF9P 34
COLEG
Name server A computer whose job is to know the name of every other computer on the NAT (network address translation) NAT works hand-in-hand with DHCP to mask the IP address of network clients behind a single public IP address. NAT devices (either dedicated hardware devices such as routers, or a PC with two NICs running the software NAT service) have two interfaces: one that connects to the Internet via an ISP-supplied IP address, and another that connects to the LAN. The NAT service translates the IP addresses and TCP/UDP port numbers of data packets forwarded from the LAN interface from an address in the private IP address range to the public IP address. NAT enables multiple network clients to share a single Internet connection, and provides a level of firewall-like security. NetBEUI (NetBIOS extended user interface) NetBEUI is an extended version of the NetBIOS protocol that operates at the Transport layer of the OSI model. NetBEUI has been overshadowed by other protocols, such as IPX/SPX, mainly because NetBEUI is not routable and therefore unsuitable for connecting to the Internet. From Windows XP onwards, Microsoft is phasing support for NetBEUI out of its products. NetBIOS (network basic input/output system) The NetBIOS protocol creates and manages connections based on the names of the computers involved. NetBIOS operates at the Session layer of the OSI model. NetBIOS name A computer name that identifies both the specific machine and the functions that machine performs. A NetBIOS name consists of 16 characters: the first 15 are an alphanumeric name, and the 16th is a special suffix that identifies the role the machine plays. Network A collection of two or more computers interconnected by telephone lines, coaxial cables, satellite links, radio, and/or some other communication technique. A computer network is a group of computers that are connected together and communicate with one another for a common purpose. Computer networks support people in organisations to share information and allow an addition form of communication Network interface card (NIC) A hardware device that connects the PC to a network. NICs come as internal component cards that install onto the PCs motherboard, or as external devices the use the PCs USB or PC card ports. NICs may have connections for coaxial, STP, UTP, fibre optic cabling, 802.11x or bluetooth-based wireless technology. Network layer See OSI Reference Model. Network topology 1. The physical structures that connect PCs to each other, including cabling, routers, hubs, patch panels, and other pieces of hardware. 2. The logical organisation of a network, such as domains and workgroups. NFS (Network File System) A distributed file system that allows a computer to access files and directories located on remote computers over a network, as if they were on its local disks. Normal backup A full backup of every selected file on a system. This type of backup turns off the archive bit after the backup. NOS (network operating system) An operating system that provides basic file and supervisory services over a network. While each computer attached to the network has its
COLEG
own operating system, the NOS describes which actions are allowed by each user and coordinates distribution of networked files to the users who request them. Novell NetWare A popular and powerful NOS that provides network services ranging from simple file storage and sharing to World Wide Web, email, VPN, and other services. Novell NetWare is the only NOS that adheres to the strict definition of client/server. NWLink Also known as IPX/SPX compatible protocol, this is Microsofts implementation of IPX/SPX. See also IPX/SPX (internetwork packet exchange/sequence packet exchange). Ohm Electrical unit of resistance. The value of resistance through which a potential of one volt will maintain a current of one ampere. OSI (Open Systems Interconnection) An international standard suite of protocols defined by the International Organisation for Standardisation (ISO) that implements the OSI Reference Model for network communications between computers. OSI Reference Model An architecture model based on the OSI protocol suite, which defines and standardizes the flow of data between computers. The seven layers of the OSI model are as follows: Layer 1: The Physical layer defines hardware connections and turns binary into physical pulses (electrical or light). Repeaters and hubs operate at the physical layer. Layer 2: The Data Link layer identifies devices on the Physical layer. MAC Addresses are part of the Data Link layer. Bridges operate at the Data Link layer. Layer 3: The Network layer moves packets between computers on different networks. Routers operate at the Network layer. IP and IPX operate at the Network layer. Layer 4: The Transport layer breaks data down into manageable chunks. TCP, UDP and SPX operate at the Transport layer. Layer 5: The Session layer manages connections between machines. NetBIOS and Sockets operate at the Session layer. Layer 6: The Presentation layer, which can also manage data encryption, hides the differences between various types of computer systems. Layer 7: The Application layer provides tools for programs to use to access the network (and the lower layers). HTTP, FTP, SMTP, and POP3 are all examples of protocols that operate at the Application layer. Packet Basic component of communication over a network. A group of bits of fixed, maximum size and defined format that are transmitted through a network. A packet contains source and destination address, data, and control information. Packet filtering Packet filters, also known as IP filters, will block any incoming or outgoing packet from a particular IP address or range of IP addresses PAP (password authentication protocol) The oldest and most basic form of authentication, its also the least safe because it sends all passwords in clear text. Parity A method of error detection in which a small group of bits being transferred is compared to a single parity bit, which is set to make the total bits odd or even. The receiving. Device reads the parity bit and determines whether the data is valid based on the oddness or evenness of the parity bit.
COLEG/SQA Version 1
143
DF9P 34
COLEG
Password A series of characters that enable a user to gain access to a file, a folder, a PC, or a program. Peer-to-peer networks A decentralised network in which each machine acts as both a client and a server, and maintains its own security over its own shared resources. Permissions Sets of attributes that network administrators assign to resources to define what users and groups can do with them. Physical address A way of defining a specific machine without referencing its location or network. A MAC address is an example of a physical address. Physical Layer See OSI Reference Model. PING (packet Internet groper) Network utility that sends a small network message (ICMP echo request) to a remote computer to check for presence and response time. POP (post office protocol) The way email software such as Outlook Express or Eudora gets its email from a mail server. The current standard is called POP3. Port filtering The prevention of the passage of any IP packets through any ports other than the ones prescribed by the system administrator. Port number Number used to identify the requested service (such as SMTP or FTP) when connecting to a TCP/IP host. Some example port numbers include 80 (HTTP), 20 (FTP), 69 (TFTP), 25 (SMTP), and 110 (POP3). PPP (point-to-point protocol) A protocol that enables a computer to connect to the Internet through a dial-in connection and to enjoy most of the benefits of a direct connection. PPP is considered to be superior to SLIP because of its error detection and data compression features, which SLIP lacks. PPPoE (PPP over Ethernet) A specialised implementation of PPP, specifically designed to allow Ethernet connections to enjoy some of the benefits of PPP, such as encryption. Used exclusively by ADSL. Preamble A 64-bit series of alternating ones and zeroes ending with 11 that begins every Ethernet frame. The preamble gives a receiving NIC time to realise a frame is coming and to know exactly where the frame starts; that is, it aids synchronisation Presentation layer See OSI Reference Model. Protocol A set of rules or standards that governs the procedures used to exchange information between hosts. This usually includes how much information is to be sent, how often it is sent, in what format, how to recover from transmission errors, and who is to receive the information. Protocol stack The actual software that implements the protocol suite on a particular operating system. Protocol suite A set of protocols that are commonly used together and operate at different levels of the OSI model, for example, TCP/IP or IPX/SPX Proxy server A device that fetches Internet resources for a client without exposing that client directly to the Internet. Most proxy servers accept requests for HTTP, FTP, POP3,
COLEG/SQA Version 1
144
DF9P 34
COLEG
and SMTP resources. The proxy server will often cache a copy of the requested resource for later use. PSTN (Public Switched Telephone Network) Also known as POTS (Plain Old Telephone Service). Most common type of phone connection. RAID (redundant array of independent disks) A way of creating a fault-tolerant storage system. There are six official levels. Level 0 uses byte-level striping and provides no fault tolerance. Level 1 uses mirroring or duplexing. Level 2 uses bit-level striping. Level 3 stores error correcting information (such as parity) on a separate disk, and uses data striping on the remaining drives. Level 4 is level 3 with block-level striping. Level 5 uses block-level and parity data striping. Other configurations are possible, such as RAID 10 (a mirrored set of two RAID 5 arrays), but these are uncommon. Many current motherboards sport something called RAID 0+1, a striped mirror that requires four hard drives. Remote Any system that is not local (that is, not on the same network segment) usually meant to mean any host outside the LAN. Remote access The capability to access a computer from outside a building in which it is housed. Remote access requires communications hardware, software, and actual physical links. RAS (remote access server) Refers to both the hardware component (servers built to handle the unique stresses of a large number of clients calling in) and the software component (programs that work with the operating system to allow remote access to the network) of a remote access solution. Repeater A device that takes all of the data packets it receives on one Ethernet segment and re-creates them on another Ethernet segment. This allows for longer cables or more computers on a segment. Repeaters operate at Level 1 (Physical) of the OSI model. RG-6 A type of coaxial cable that is virtually never installed in new networks nowadays, but still has enough of an installed base that you need to know about it. RG-8 Often referred to as thicknet, RG-8 is the oldest and least-used coaxial cabling type still in use. It gets the name thick Ethernet because it is used exclusively for 802.5 thick Ethernet networks. RG-8 is rated at 50 Ohms and has a distinct yellow or orange/brown colour. RG-58 A type of coaxial cable that works with Thin Ethernet or thinnet network technology. It is rated at 50 Ohms. Ring topology A network topology in which all the computers on the network attach to a central ring of cable. RJ-11 Type of connector with four-wire UTP connections; usually found in telephone connections. RJ-45 Type of connector with eight-wire UTP connections; usually found in network connections and used for 10BASE-T networking. Router A device connecting separate networks, which forwards a packet from one network to another based only on the network address for the protocol being used. For
COLEG/SQA Version 1
145
DF9P 34
COLEG
example, an IP router looks only at the IP network number. Routers operate at Layer 3 (Network) of the OSI model. Routing table A list of paths to various networks required by routers. This can be built either manually (static routing) or dynamically (dynamic routing) via one of the routing protocols, such as RIP or OSPF. SAMBA A service that enables Unix-based systems to communicate using SMBs. This, in turn, enables them to act as Microsoft clients and servers on the network. SC connector One of two special types of fibre optic cable used in 10BASEF networks. Server A computer that shares its resources, such as printers and files, with other computers on the network. An example of this is a NFS server that shares its disk space with a workstation that has no disk drive of its own. SSID (service set identification) A 32-bit identification string, sometimes called a network name, thats inserted into the header of each data packet processed by a wireless access point. Session Used in networking to refer to the logical stream of data flowing between two programs and being communicated over a network. Many different sessions may be coming from any one node on a network. Session layer See OSI Reference Model. Share Permissions Share permissions are what are set when you create a share on a network. These share permissions only apply to users obtaining your files across the network and not to other users of your physical computer. SLIP (serial line interface protocol) A protocol that enables a computer to connect to the Internet through a dial-in connection and enjoy most of the benefits of a direct connection. SLIP has been almost completely replaced by PPP, which is considered superior to SLIP because of its error detection and data compression features that SLIP lacks. SMB (server message blocks) Protocol used by Microsoft clients and servers to share file and print resources. SMTP (simple mail transfer protocol) The main protocol used to send email on the Internet. Sneakernet The term used for saving the file on a portable medium and physically walking it over to another computer. SNMP (simple network management protocol) A protocol that enables communication and management of remote network hardware devices such as hubs, routers, and switches. The remote device in question must have the SNMP software installed. Socket A virtual endpoint for a network session. A combination of a port number and an IP address that uniquely identifies a connection. SONET (Synchronous Optical Network) A standard for connecting fibre optic transmission systems. SONET defines interface standards at the Physical layer of the OSI model.
COLEG/SQA Version 1
146
DF9P 34
COLEG
SSL (secure sockets layer) A protocol developed by Netscape for transmitting private documents over the Internet. SSL works by using a public key to encrypt sensitive data. This encrypted data is sent over an SSL connection, and then decrypted at the receiving end using a private key. Star topology A network topology in which all computers in the network connect to a central wiring point. Static routing A process by which routers in an inter-network obtain information about paths to other routers. This information must be configured manually. ST connector One of two special types of fibre optic cable used in 10BASEF networks. STP (shielded twisted pair) A popular cabling for networks composed of pairs of wires twisted around each other at specific intervals. The twists serve to reduce interference the more twists, the less interference. The cable has metallic shielding to protect the wires from external interference. Token ring networks are the only common network technology that uses STP, although token ring more often now uses UTP. Stripe set A group of two or more disk drives that store data sequentially. Striped sets perform faster read and write operations than a single disk, but the threat of data loss is increased because no one disk in a striped set contains all pieces of file data. Subnet Sections of a TCP/IP network sharing a common IP addressing scheme. See Subnet mask. Subnet mask The value used in TCP/IP settings to divide the IP address of a host into its component parts: network ID and host ID. Switch 1. A hardware device that filters and forwards data packets between network segments. 2. Switch also means a parameter or argument when using a command.. Synchronous Describes a connection between two electronic devices where neither need acknowledge (ACK) when receiving data. TCP (transmission control protocol) Part of the TCP/IP protocol suite, TCP operates at Layer 4 (Transport) of the OSI model. TCP is a connection-oriented protocol. TCP/IP (transmission control protocol/Internet protocol) A set of communication protocols, including TCP, IP, UDP, and others, developed by the US Department of Defense, that enables dissimilar computers to share information over a network. TELNET A service that enables users on the Internet to log on to remote systems from their own host systems. Terminal A dumb device connected to a computer network that acts as a point for entry or retrieval of information. Terminal emulation Software that enables a PC to communicate with another computer or network as if it were a specific type of hardware terminal. Terminator A device that absorbs signals at the end of bus networks and prevents the electrical signals from being sent back up the line.
COLEG/SQA Version 1
147
DF9P 34
COLEG
Token The token is a frame that enables the systems on a token ring network to decide who can transmit data. The rule is that no device can transmit data unless its currently holding the token. When it has finished transmitting it passes the token on to the next host in the ring. Token passing The system used by token ring networks to control access to the ring. Topology 1. The pattern of interconnections in a communications system among devices, nodes, associated input and output stations. 2. Also describes how computers connect to each other without regard to how they actually communicate. See Network topology. TRACERT (also TRACEROUTE) A command-line utility used to follow the path a packet takes between two hosts. Transceiver The devices that transmit and receive signals on a cable. Transport layer See OSI Reference Model. Trivial file transfer protocol (TFTP) A protocol that transfers files between servers and clients. Unlike FTP, TFTP requires no user login. Devices that need an operating system, but have no local hard disk (for example, diskless workstations and routers), often use TFTP to download their operating systems. UDP (user datagram protocol) Part of the TCP/IP protocol suite, UDP is an alternative to TCP. UDP is a connectionless protocol. UNC (universal naming convention) Describes any shared resource in a network using the convention \\<server name>\<name of shared resource>. Unix A powerful, open source network operating system originally developed by Bell Laboratories in the 1970s. Unix is widely used on many types of server systems. UPS (uninterruptible power supply) A device that takes mains power in and uses it to charge batteries. These batteries then supply power to the device. Thus it supplies continuous clean power to a computer system the whole time the computer is on. It also protects against power cuts and sags. URL (uniform resource locator) A URL is an address that defines the location of a resource on the Internet and World Wide Web. URLs are in the format: protocol://IP address or domain name/resource name. Examples are http://www.bbc.co.uk/weather. Or http://212.58.224.121/weather. User Anyone who uses a computer. User account A container that identifies a user to the application, operating system, or network, including name, password, user name, groups to which the user belongs, and other information based on the user and the operating system or NOS in use. Usually defines the rights and roles a user plays on a system. User datagram protocol (UDP) A protocol used by some older applications, most prominently TFTP (trivial FTP), to transfer files. UDP packets are both simpler and smaller than TCP packets, and they do most of the behind-the-scenes work in a TCP/IP network.
COLEG/SQA Version 1
148
DF9P 34
Node
COLEG
User profiles A collection of settings that corresponds to a specific user account and may follow the user, regardless of the computer at which they log on. These settings enable the user to have customised environment and security settings. UTP (unshielded twisted pair) A popular cabling for telephone and networks composed of pairs of wires twisted around each other at specific intervals. The twists serve to reduce interference. The cable has no metallic shielding to protect the wires from external interference, unlike the similar STP, 10BASE-T uses UTP, as do many other networking technologies. UTP is available in a variety of grades, called categories or Cat. Virtual LAN (VLAN) A LAN that, using VLAN-capable switches, can break up broadcast domains. VPN (virtual private network) A network configuration that enables a remote user to access a private network via the Internet. VPNs employ an encryption methodology called tunnelling which protects the data from interception. WAN (wide area network) A geographically dispersed network created by linking various computers and LANs over long distances, generally using leased phone lines. There is no firm dividing line between a WAN and a LAN. Web server A server that enables access to HTML documents by remote users using the HTTP protocol. Windows A powerful and flexible NOS developed by Microsoft in the 1980s. Windows comes in a variety of desktop and server versions, including Windows 9x (95, 98, 98SE, Me), Windows NT Workstation and Server, Windows 2000 Professional and Server, Windows XP Home and Professional Editions, and Windows Server 2003. Many of these versions also have their own variations, such as Windows Server 2003 Small Business Edition, Terminal Server, Enterprise Edition and Datacenter. WINS (Windows Internet Name Service) A name resolution service that resolves NetBIOS names to IP addresses. Winsock (windows sockets) Microsoft Windows implementation of the TCP/IP sockets interface. Wireless access point Connects wireless network nodes to wireless or wired networks. Many wireless access points are combination devices that act as high-speed hubs, switches, bridges, and routers, all rolled into one. Workgroup A convenient method of organising computers under Network Neighborhood/My Network Places in Windows operating systems. Workgroups have flat namespaces and contain no method for applying security. Workstation A term used to differentiate a network client system from a server system.
COLEG/SQA Version 1
149
DF9P 34

DF9P34 Network Concepts Adv Without Exam

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

DF9P34 Network Concepts Adv Without Exam

Încărcat de

Drepturi de autor:

Formate disponibile

DF9P 34 Network Concepts Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

71 72 75 77 77 79 96 121 128 129 132

Network Concepts: Advanced

Introduction to the unit

Network Concepts: Advanced

Section number and title

How to use these learning materials

Symbols used in this unit

Network Concepts: Advanced

Network Concepts: Advanced

Other resources required

Network Concepts: Advanced

When and where you will be assessed

What you have to achieve

Opportunities for reassessment

Network Concepts: Advanced

Network Concepts: Advanced

Section 3: Implementing local area networks

Network Concepts: Advanced

Network Concepts: Advanced

Introduction to this section

Network Concepts: Advanced

Assessment information for this section

Network Concepts: Advanced

Network Concepts: Advanced

Server operating systems

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

NFS for Unix and Linux file access Internet (FTP)

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Figure 33 Users on different switches connected to the same VLAN

Describe what a VLAN is and how it is beneficial in a network.

Network Concepts: Advanced

Network Concepts: Advanced

Fault tolerance and disaster recovery

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

Network Concepts: Advanced

The disadvantages of full backup are:

The disadvantages of copy backup are:

Network Concepts: Advanced

The disadvantages of incremental backup are:

The disadvantages of differential backup are:

Network Concepts: Advanced

Firewalls and proxy servers

Network Concepts: Advanced

Network Concepts: Advanced

Proxy PC Web browser

Figure 36 A proxy server handling a simple web page request