From Wikiversity

Network administration is the field of work in which the hardware and software that comprises the network is maintained. This involves ensuring that network services are available and are working efficiently.

Contents 1 Purpose of networks 2 Network Hardware 2.1 Network Interface Controller (NIC) Card 2.2 Repeater 2.3 Hubs 2.4 Bridges 2.5 Switches 2.6 Routers 2.7 Firewalls 2.8 Other Devices 3 Network Standards 4 Common activities 4.1 Network address assignment 4.2 Assignment of routing protocols 4.3 Routing table configuration 4.4 Directory services 5 Maintenance work 5.1 Network card drivers and settings 5.2 Printers 5.3 File Servers 5.4 VPN gateways 6 Network Design 6.1 Network Topologies 6.1.1 Bus 6.1.2 Ring 6.1.3 Star 6.1.4 Extended Star 6.1.5 Partial Mesh 6.1.6 Full Mesh 6.2 Accessibility 6.3 Security 6.4 Efficiency 7 Network Security 7.1 Address Spoofing 7.2 Etc... 7.3 References

[edit] Purpose of networks

To connect nodes together so that information may be shared between them, or that they may share resources available to one node with other nodes that are then connected to it.

[edit] Network Hardware

Every piece of hardware in a computer network is called a node. There are various types of nodes which may exist on a network:

[edit] Network Interface Controller (NIC) Card

• Typically when you think of a NIC Card, you should think of an NIC embedded onto the motherboard of your computer or an expansion card that is installed into an ISA,PCI, or PCI-Express slot inside your computer.

[edit] Repeater

• One of the limitations of computer networking is found in the transmission medium. Certain cables are only capable of transmitting a certain distance before a concept called Attenuation comes into play. If the distances of a cable run exceed the physical limitations of the medium, a repeater may be placed before the limitation distance to recondition and repeat the signal so that it may run the rest of the length of the cable.

[edit] Hubs

• Hubs are very basic devices that are made up of many NIC ports. They take the electrical signals that a computer transmits into them and repeats them out every port on the device except for the one the signals arrived in. Since hubs offer no services other than repeating signals to multiple ports, they are often called multiport repeaters.

[edit] Bridges

• A network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2 switch is often used interchangeably with bridge. Bridges are similar to repeaters or network hubs, devices that connect network segments at the physical layer, however a bridge works by using bridging where traffic from one network is managed rather than simply rebroadcast to adjacent network segments. In Ethernet networks, the term "bridge" formally means a device that behaves according to the IEEE 802.1D standard—this is most often referred to as a network switch in marketing literature.

[edit] Switches

• Low-end network switches appear nearly identical to network hubs, but a switch contains more "intelligence" (and comes with a correspondingly slightly higher price tag) than a network hub. Network switches are capable of inspecting data packets as they are received, determining the source and destination device of that packet, and forwarding it appropriately. By delivering each message only to the connected device it was intended for, a network switch conserves network bandwidth and offers generally better performance than a hub.

[edit] Routers

• A router allows connectivity to one or more computers, helping create a network. For home users, these are particularly useful for taking a single broadband internet account, and spreading it to at least two or more computers. Standard routers require the internet connection from a standalone modem but modem-routers are increasing in popularity, which can be plugged into any broadband-enabled phone line, reducing cable clutter, and only taking up one power socket.
• In the telecoms industry, industrial routers form the backbone of the internet. They work rather like telephone exchanges, passing data between network segments to form a connection. Each router has a configuration table, or routing table, containing information on which connections lead to certain groups of addresses, which connections have priority for usage, and rules for handling different kinds of traffic. A typical home/office router has a very small routing table, but the big routers that handle the main internet traffic can have huge complicated routing tables. Each time a router receives a packer of data it will attempt to send it along the best possible route to its destination, based on its routing table. If that connection is not currently available, it will send it along the next best route. In this way, the routers that form the internet can reconfigure the paths packages take to work around any problems with the network.
• The rules for handling traffic are an important part of internet security. A home/office router may have rules limiting how computers outside the network can connect to computers inside the network, as well as preventing private network traffic from spilling into the outside world. Many home routers include additional security features - they scan and filter all traffic that passes through them, usually through an integrated firewall in the hardware. Some may carry out other useful roles such as acting as a print server.
• Wireless routers have become more common. A wireless router does exactly the same job in the home as a regular wired (Ethernet) router, with the difference that a computer can be connected to it without needing to run Ethernet cable between the computer and the router. All you need is a wireless network adapter in each PC you want to connect, usually in the form of a card in your PCI slot (or a laptops PCMCIA card slot) or an adapter for USB. Wireless routers generally have four ports to connect Ethernet cable as well, so computers can be connected by whatever means is most convenient - you might want to use a cable for your desktop PC, which sits right next to the router, but use the wireless adapter in your laptop.

[edit] Firewalls

• A firewall is a dedicated appliance, or software running on another computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules. A firewall's basic task is to regulate some of the flow of traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ).

[edit] Other Devices

• IP Phone

An IP phone uses Voice over IP technologies allowing telephone calls to be made over an IP network such as the internet instead of the ordinary PSTN system. Calls can traverse the Internet, or a private IP Network such as that of a company.

Also involved in network hardware is the medium by which the nodes are connected. This can be radio waves, infrared signals, the home power network, Ethernet cabling, USB (universal serial bus) cabling, co-ax cabling, satellite, and telephone lines. Also introduced is fiber-optic cabling, which boasts even greater increases in speed and transmission, which also requires a bit of hardware to decode the light-based signal at each node.

[edit] Network Standards

General

• Open Systems Interconnection (OSI) model
• Transmission Control Protocol (TCP) / Internet Protocol (IP) ← EXTREMELY important. Read thoroughly, including linked pages.
• Network Address Translation (NAT)

The OSI model is the basis of networking, it attempts to describe the various networking protocols in a layered approch. This is a useful theory to read at least once in your networking life.

TCP/IP is the predominant protocol of the internet and has replaced other older protocols (see obsolete protocols).

Network Address Translation, often abbreviated NAT, is a way to get a private zone connected to a public zone by rewriting the destination or address of IP packets as they pass through a router or firewall. Its most commonly used so that multiple computers on a network can connect to the internet using one shared public IP address.

Wireless

• w:Wi-Fi
• w:Bluetooth

[edit] Common activities

[edit] Network address assignment

Network addresses using the TCP/IP protocol, and additionally, IPv4, can be assigned dynamically by a Dynamic Host Control Protocol server or can be specified statically. DHCP addresses are best suited for networks in which clients will be connecting and disconnecting frequently, such as users on a wireless connection at an Internet cafe. Static IP addresses create a sense of liability for usage of the network, because each node is assigned a unique IP address. Static IP addresses are ideal for servers that need a dedicated route for clients to access them. Machines that do not change location or address are usually set as a static IP. Examples include: Servers, Gateways, Routers, Printers. Most networks, especially enterprise level networks, will utilize DHCP addressing for client nodes because it minimizes addressing conflicts caused by human error.

[edit] Assignment of routing protocols

[edit] Routing table configuration

^[1][2][3]

[edit] Directory services

[edit] Maintenance work

The actual role of the Network Administrator will vary from company to company, but will commonly include activities and tasks such as network address assignment, assignment of routing protocols and routing table configuration as well as configuration of authentication and authorization – directory services. It often includes maintenance of network facilities in individual machines, such as drivers and settings of personal computers as well as printers and such. It sometimes also includes maintenance of certain network servers: file servers, VPN gateways, intrusion detection systems, etc.

The administrator is responsible for the security of the network and for assigning IP addresses to the devices connected to the networks. Assigning IP addresses gives the subnet administrator some control over the professional who connects to the subnet. It also helps to ensure that the administrator knows each system that is connected and who personally is responsible for the system.

[edit] Network card drivers and settings

[edit] Printers

A printer is a driver which is used to control a print device or the actual physical machine used for printing. Mulitple Printers can be assigned to a single print device, to allow for different privileges.

[edit] File Servers

A file server is a central storage space on a network. Advantages of using file servers include centralization of documents, the ability to back up important data, and the ability to control access to different resources within the company. Most commonly, a file server will simply be a Windows server with shared folders configured. From there, desktops will often be configured to connect to the share as a drive. There are many different kinds of servers that fall under this category - standard windows file servers, ftp servers, or more specialized data management systems such as Open Text's Livelink (designed for the engineering industry), SANs, and NASs. These specialized file servers can often be accessed from Web browsers or other proprietary GUIs (Graphical User Interface).

[edit] VPN gateways

Virtual Private Networks enables a secure encrypted connection. This technology enables people to safely connect to a private network remotely. A VPN Tunnel is created using encryption algorithms, making a secure connection across the internet.

[edit] Network Design

[edit] Network Topologies

[edit] Bus

In a bus topology, computers in a data network are connected to each other in a linear fashion, or from network card to network card. This topology is the most prone to failure, as a severed link between any of the computers near the middle of the network would break the network into two segments.

[edit] Ring

In a ring topology, computers are connected in a linear fashion, but either end of the network is connected to the other. This topology is provides more protection against failure than a bus topology, as a severed link would result in traffic traveling in the opposite direction around the ring.

[edit] Star

In a star topology, a computer or device with multiple network cards/ports acts as a central connection point for all other devices on the network.

[edit] Extended Star

An extended star topology functions much like a star topology, but, as the name implies, it offers a hierarchical approach to the network. The best example of an extended star topology is to visualize two or more star networks connected together.

[edit] Partial Mesh

In a partial mesh topology, almost every computer or device has at least one connection to every other device on the network. This is the next best failure resistant topology as it is not as expensive as a full mesh, but more expensive than any of the other topologies.

[edit] Full Mesh

In a full mesh topology, each computer or device has at least one connection to every other device on the network. This is the most failure resistant topology, but also the most expensive as extra network cards and cable is required as the network grows.

[edit] Accessibility

[edit] Security

Security in a network can be described as a two pronged approach: Hardware and Software.

Hardware security includes securing the hardware itself (Physical Security), changing vendors/ hardware between nodes (Diversity) and

The most common ways to secure a wireless netwrok is with a WEP or WPA key. A WEP Key requires an encryption key for any network use; wires or not. A WPA (Wireless Protected Access) key only protects against Wireless Network use.

[edit] Efficiency

[edit] Network Security

[edit] Address Spoofing

An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. The manipulations may take the form of attacks by crackers.

An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

An IDS is composed of several components: Sensors which generate security events, a Console to monitor events and alerts and control the sensors, and a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. There are several ways to categorize an IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.

Types of Intrusion-Detection systems

In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic. In systems, PIDS and APIDS are used to monitor the transport and protocols illegal or inappropriate traffic or constructs of language (say SQL). In a host-based system, the sensor usually consists of a software agent, which monitors all activity of the host on which it is installed. Hybrids of these two systems also exist.

• A network intrusion detection system is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.

• A protocol-based intrusion detection system consists of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system). For a web server this would typically monitor the HTTPS protocol stream and understand the HTTP protocol relative to the web server/system it is trying to protect. Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.

• An application protocol-based intrusion detection system consists of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. For example; in a web server with database this would monitor the SQL protocol specific to the middleware/business-login as it transacts with the database.
• A host-based intrusion detection system consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.

• A hybrid intrusion detection system combines two or more approaches. Host agent data is combined with network information to form a comprehensive view of the network. An example of a Hybrid IDS is Prelude.

[edit] Passive system vs. reactive system

In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IDS responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. This can happen automatically or at the command of an operator.

Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.

This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system which terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.

[edit] IDS evasion techniques

Intrusion detection system evasion techniques bypass detection by creating different states on the IDS and on the targeted computer. The adversary accomplishes this by manipulating either the attack itself or the network traffic that contains the attack.

[edit] Etc...

An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. The manipulations may take the form of attacks by crackers.

An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

An IDS is composed of several components: Sensors which generate security events, a Console to monitor events and alerts and control the sensors, and a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. There are several ways to categorize an IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.

Types of Intrusion-Detection systems

In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic. In systems, PIDS and APIDS are used to monitor the transport and protocols illegal or inappropriate traffic or constructs of language (say SQL). In a host-based system, the sensor usually consists of a software agent, which monitors all activity of the host on which it is installed. Hybrids of these two systems also exist.

• A network intrusion detection system is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.

• A protocol-based intrusion detection system consists of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system). For a web server this would typically monitor the HTTPS protocol stream and understand the HTTP protocol relative to the web server/system it is trying to protect. Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.

• An application protocol-based intrusion detection system consists of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. For example; in a web server with database this would monitor the SQL protocol specific to the middleware/business-login as it transacts with the database.
• A host-based intrusion detection system consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.

• A hybrid intrusion detection system combines two or more approaches. Host agent data is combined with network information to form a comprehensive view of the network. An example of a Hybrid IDS is Prelude.

[edit] Passive system vs. reactive system

In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IDS responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. This can happen automatically or at the command of an operator.

Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.

This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system which terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.

[edit] IDS evasion techniques

Intrusion detection system evasion techniques bypass detection by creating different states on the IDS and on the targeted computer. The adversary accomplishes this by manipulating either the attack itself or the network traffic that contains the attack.

[edit] References

1. ↑ Insert reference material
2. ↑ Insert reference material
3. ↑ Insert reference material