From Wikiversity

Network administration is the field of work in which the hardware and software that comprises the network is maintained. This involves ensuring that network services are available and are working efficiently.

Contents 1 Basics of computer networking 1.1 Purpose of networks 1.2 Network Hardware 1.3 Network Standards 2 Common activities 2.1 Network address assignment 2.2 Assignment of routing protocols 2.3 Routing table configuration 2.4 Directory services 3 Maintenance work 3.1 Network card drivers and settings 3.2 Printers 3.3 File Servers 3.4 VPN gateways 4 Network Design 4.1 Accessibility 4.2 Security 4.3 Efficiency 5 Network Security 5.1 Address Spoofing 5.2 Etc... 5.3 References

[edit] Basics of computer networking

[edit] Purpose of networks

To connect nodes together so that information may be shared between them, or that they may share resources available to one node with other nodes that are then connected to it.

[edit] Network Hardware

Every piece of hardware in a computer network is called a node. There are various types of nodes which may exist on a network:

• Switch
• Hub
• Router
• Hardware firewalls

Also involved in network hardware is the medium by which the nodes are connected. This can be radio waves, infrared signals, the home power network, Ethernet cabling, USB (universal serial bus) cabling, co-ax cabling, satellite, and telephone lines. Also introduced is fiber-optic cabling, which boasts even greater increases in speed and transmission, which also requires a bit of hardware to decode the light-based signal at each node.

[edit] Network Standards

General

• Open Systems Interconnection (OSI) model
• Transmission Control Protocol (TCP) / Internet Protocol (IP) ← EXTREMELY important. Read thoroughly, including linked pages.
• Network Address Translation (NAT)

The OSI model is the basis of networking, it attempts to describe the various networking protocols in a layered approch. This is a useful theory to read at least once in your networking life.

TCP/IP is the predominant protocol of the internet and has replaced other older protocols (see obsolete protocols).

Network Address Translation, often abbreviated NAT, is a way to get a private zone connected to a public zone by rewriting the destination or address of IP packets as they pass through a router or firewall. Its most commonly used so that multiple computers on a network can connect to the internet using one shared public IP address.

Wireless

• w:Wi-Fi
• w:Bluetooth

[edit] Common activities

[edit] Network address assignment

Network addresses using the TCP/IP protocol, and additionally, IPv4, can be assigned dynamically by a Dynamic Host Control Protocol server or can be specified statically. DHCP addresses are best suited for networks in which clients will be connecting and disconnecting frequently, such as users on a wireless connection at an Internet cafe. Static IP addresses create a sense of liability for usage of the network, because each node is assigned a unique IP address. Static IP addresses are ideal for servers that need a dedicated route for clients to access them. Machines that do not change location or address are usually set as a static IP. Examples include: Servers, Gateways, Routers, Printers. Most networks, especially enterprise level networks, will utilize DHCP addressing for client nodes because it minimizes addressing conflicts caused by human error.

[edit] Assignment of routing protocols

[edit] Routing table configuration

Cite error: Closing </ref> missing for <ref> tagCite error: Closing </ref> missing for <ref> tag^[1]</ref></ref>

[edit] Directory services

[edit] Maintenance work

[edit] Network card drivers and settings

[edit] Printers

A printer is a driver which is used to control a print device or the actual physical machine used for printing. Mulitple Printers can be assigned to a single print device, to allow for different privelleges

[edit] File Servers

A file server is a central storage space on a network. Advantages of using file servers include centralization of documents, the ability to back up important data, and the ability to control access to different resources within the company. Most commonly, a file server will simply be a Windows server with shared folders configured. From there, desktops will often be configured to connect to the share as a drive. There are many different kinds of servers that fall under this category - standard windows file servers, ftp servers, or more specialized data management systems such as Open Text's Livelink (designed for the engineering industry), SANs, and NASs. These specialized file servers can often be accessed from Web browsers or other proprietary GUIs (Graphical User Interface).

[edit] VPN gateways

Virtual Private Networks enables a secure encrypted connection. This technology enables people to safely connect to a private network remotely. A VPN Tunnel is created using encryption algorithms, making a secure connection across the internet.

[edit] Network Design

[edit] Accessibility

[edit] Security

Security in a network can be described as a two pronged approach: Hardware and Software.

Hardware security includes securing the hardware itself (Physical Security), changing vendors/ hardware between nodes (Diversity) and

The most common ways to secure a wireless netwrok is with a WEP or WPA key. A WEP Key requires an encryption key for any network use; wires or not. A WPA (Wireless Protected Access) key only protects against Wireless Network use.

[edit] Efficiency

[edit] Network Security

[edit] Address Spoofing

An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. The manipulations may take the form of attacks by crackers.

An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

An IDS is composed of several components: Sensors which generate security events, a Console to monitor events and alerts and control the sensors, and a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. There are several ways to categorize an IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.

Types of Intrusion-Detection systems

In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic. In systems, PIDS and APIDS are used to monitor the transport and protocols illegal or inappropriate traffic or constructs of language (say SQL). In a host-based system, the sensor usually consists of a software agent, which monitors all activity of the host on which it is installed. Hybrids of these two systems also exist.

• A network intrusion detection system is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.

• A protocol-based intrusion detection system consists of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system). For a web server this would typically monitor the HTTPS protocol stream and understand the HTTP protocol relative to the web server/system it is trying to protect. Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.

• An application protocol-based intrusion detection system consists of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. For example; in a web server with database this would monitor the SQL protocol specific to the middleware/business-login as it transacts with the database.
• A host-based intrusion detection system consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.

• A hybrid intrusion detection system combines two or more approaches. Host agent data is combined with network information to form a comprehensive view of the network. An example of a Hybrid IDS is Prelude.

[edit] Passive system vs. reactive system

In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IDS responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. This can happen automatically or at the command of an operator.

Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.

This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system which terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.

[edit] IDS evasion techniques

Intrusion detection system evasion techniques bypass detection by creating different states on the IDS and on the targeted computer. The adversary accomplishes this by manipulating either the attack itself or the network traffic that contains the attack.

[edit] Etc...

An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. The manipulations may take the form of attacks by crackers.

An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

An IDS is composed of several components: Sensors which generate security events, a Console to monitor events and alerts and control the sensors, and a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. There are several ways to categorize an IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.

Types of Intrusion-Detection systems

In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic. In systems, PIDS and APIDS are used to monitor the transport and protocols illegal or inappropriate traffic or constructs of language (say SQL). In a host-based system, the sensor usually consists of a software agent, which monitors all activity of the host on which it is installed. Hybrids of these two systems also exist.

• A network intrusion detection system is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.

• A protocol-based intrusion detection system consists of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system). For a web server this would typically monitor the HTTPS protocol stream and understand the HTTP protocol relative to the web server/system it is trying to protect. Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.

• An application protocol-based intrusion detection system consists of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. For example; in a web server with database this would monitor the SQL protocol specific to the middleware/business-login as it transacts with the database.
• A host-based intrusion detection system consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.

• A hybrid intrusion detection system combines two or more approaches. Host agent data is combined with network information to form a comprehensive view of the network. An example of a Hybrid IDS is Prelude.

[edit] Passive system vs. reactive system

In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IDS responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. This can happen automatically or at the command of an operator.

Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.

This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system which terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.

[edit] IDS evasion techniques

Intrusion detection system evasion techniques bypass detection by creating different states on the IDS and on the targeted computer. The adversary accomplishes this by manipulating either the attack itself or the network traffic that contains the attack.

[edit] References

1. ↑ Insert reference material