Computer networks are critical parts of almost every organization. Network and computer systems administrators are responsible for the day-to-day operation of these networks. They organize, install, and support an organization’s computer systems, including local area networks (LANs), wide area networks (WANs), network segments, intranets, and other data communication systems. Administrators manage an organization’s servers and desktop and mobile equipment. They ensure that email and data storage networks work properly. They also make sure that employees’ workstations are working efficiently and stay connected to the central computer network. In some cases, administrators help network architects design and analyze network models. They also participate in decisions about buying future hardware or software to upgrade their organization’s network. Some administrators provide technical support to computer users, and they also may supervise computer support specialists who help solve users’ problems.
As with many technical roles, network administrator positions require a breadth of technical knowledge and the ability to learn the intricacies of new networking and server software packages quickly. Within smaller organizations, the more senior role of network engineer is sometimes attached to the responsibilities of the network administrator. It is common for smaller organizations to outsource this function.
Purpose of networks
A computer network is a telecommunications network which allows computers to exchange data. In computer networks, networked computing devices exchange data with each other along network links (data connections). The connections between nodes are established using either cable media or wireless media. The best-known computer network is the Internet.
Network computer devices that originate, route and terminate the data are called network nodes. Nodes can include hosts such as personal computers, mobile phones, servers as well as networking hardware. Two such devices can be said to be networked together when one device is able to exchange information with the other device, whether or not they have a direct connection to each other.
Computer networks differ in the transmission media used to carry their signals, the communications protocols to organize network traffic, the network's size, topology and organizational intent. In most cases, communications protocols are layered on (i.e. work using) other more specific or more general communications protocols, except for the physical layer that directly deals with the transmission media.
Computer networks support an enormous number of applications such as access to the World Wide Web, video, digital audio, shared use of application and storage servers, printers, and fax machines, and use of email and instant messaging applications as well as many others.
Every piece of hardware in a computer network is called a node. There are various types of nodes which may exist on a network:
- Network Interface Controller (NIC) Card
- Typically when you think of a NIC Card, you should think of an NIC embedded onto the motherboard of your computer or an expansion card that is installed into an ISA,PCI, or PCI-Express slot inside your computer. A NIC could be an interface for a copper (BNC, Cat5/5e, Cat6), radio or microwave, or optical/fiber connection. A NIC can have one or many ports built into the interface.
- One of the limitations of computer networking is found in the transmission medium. Certain cables are only capable of transmitting a certain distance before attenuation comes into play. If the physical distance of a cable or distance between wireless antenna exceed the physical limitations of the medium, a repeater may be placed before the limitation distance to recondition and repeat the signal.
- Hubs are very basic devices that are made up of many NIC ports. They take the electrical signals that a computer transmits into them and repeats them out every port on the device except for the one the signals arrived in. Since hubs offer no services other than repeating signals to multiple ports, they are often called multiport repeaters. A hub works at the physical layer (layer 1) of the OSI model.
- A network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2 switch is often used interchangeably with bridge. Bridges are similar to repeaters or network hubs, devices that connect network segments at the physical layer, however a bridge works by connecting multiple network segments, as opposed to simply rebroadcasting to adjacent network segments. In Ethernet networks, the term "bridge" formally means a device that behaves according to the IEEE 802.1D standard—this is most often referred to as a network switch in marketing literature.
- Low-end network switches appear nearly identical to network hubs, but a switch contains more "intelligence" than a network hub. Network switches are capable of inspecting data packets as they are received, determining the source and destination device of that packet, and forwarding it appropriately. By delivering each message only to the connected device it was intended for, a network switch conserves network bandwidth and offers generally better performance than a hub. It works on OSI layer 2.
- A router allows connectivity to one or more computers, helping create a network. It works on OSI layer 3. For home users, these are particularly useful for taking a single broadband internet account, and spreading it to at least two or more computers. Standard routers require the internet connection from a standalone modem, but modem-routers are increasing in popularity. Modem-routers can be plugged into any broadband-enabled phone line, reducing cable clutter, and only taking up one power socket.
- Full-featured industrial routers form the backbone of the internet. They work rather like telephone exchanges, passing data between network segments to form a connection. The rules they use for handling (routing) traffic are an important part of internet security.
- Each router has a configuration table, or routing table, that contains information about which connections lead to certain groups of addresses, which connections have priority for usage, and rules for handling different kinds of traffic. A typical home/office router has a very small routing table, but the big routers that handle the main internet traffic can have huge complicated routing tables. Each time a router receives a packet of data it will attempt to send it along the best possible route to its destination, based on its routing table. If that connection is not currently available, it will send it along the next best route. In this way, the routers that form the internet adapt to work around any problems with the network.
- A home/office router may have rules limiting how computers outside the network can connect to computers inside the network, as well as preventing private network traffic from spilling into the outside world. Many home routers include additional security features—they scan and filter all traffic that passes through them, usually through an integrated firewall in the hardware. Some may perform other useful roles, such as acting as a print server.
- Wireless routers have become more common. A wireless router does exactly the same job in the home as a regular wired (Ethernet) router, except a computer can be connected to it without needing to run Ethernet cable between the computer and the router. All you need is a wireless network adapter in each PC you want to connect, usually in the form of a card in your PCI slot (or a laptop's PCMCIA card slot) or an adapter for USB. Wireless routers generally have four ports to connect Ethernet cable as well, so computers can be connected by whatever means is most convenient—you might want to use a cable for your desktop PC, which sits close to the router, but use the wireless adapter in your laptop.
- A firewall is a dedicated appliance, or software running on another computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules. A firewall's basic task is to regulate some of the flow of traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ).
- IP Phone
- An IP phone uses Voice over IP technologies allowing telephone calls to be made over an IP network such as the internet instead of the ordinary PSTN system. Calls can traverse the Internet, or a private IP Network such as that of a company.
Also involved in network hardware is the medium by which the nodes are connected. This can be radio waves, infrared signals, the home power network, Ethernet cabling, USB (universal serial bus) cabling, co-ax cabling, satellite, and telephone lines. Also introduced is fiber-optic cabling, which boasts even greater increases in speed and transmission, which also requires a bit of hardware to decode the light-based signal at each node.
- Open Systems Interconnection (OSI) model
- Transmission Control Protocol (TCP) / Internet Protocol (IP) ← EXTREMELY important. Read thoroughly, including linked pages.
- Network Address Translation (NAT)
The OSI model is the basis of networking, it attempts to describe the various networking protocols in a layered approach. This is a useful theory to read at least once in your networking life.
TCP/IP is the predominant protocol of the internet and has replaced other older protocols (see obsolete protocols).
Network Address Translation, often abbreviated NAT, is a way to get a private zone connected to a public zone by rewriting the destination or address of IP packets as they pass through a router or firewall. Its most commonly used so that multiple computers on a network can connect to the internet using one shared public IP address.
Not only is a network administrator responsible for designing and maintaining how nodes communicate with each other on the network, there are typically several critical network services that are provided to the nodes on the network.
Domain Name Service (DNS)
DNS is a service that helps nodes resolve network names into IP addresses.
Network Attached Storage (NAS)
In a workgroup setting there may be file storage that is accessible via the network. This is important for sharing files, disaster recovery for corporate data, and providing "indefinite" storage to users.
Lightweight Directory Access Protocol
LDAP provides directory look-up in an enterprise. In a business setting, a directory may contain a record for each employee with employee id, name, organizational groups, email address, and other related information.
Network address assignment
Network addresses using the TCP/IP protocol, and additionally, IPv4, can be assigned dynamically by a Dynamic Host Configuration Protocol server or can be specified statically. DHCP addresses are best suited for networks in which clients will be connecting and disconnecting frequently, such as users on a wireless connection at an Internet cafe. Static IP addresses create a sense of liability for usage of the network, because each node is assigned a unique IP address. Static IP addresses are ideal for servers that need a dedicated route for clients to access them. Machines that do not change location or address are usually set as a static IP. Examples include: Servers, Gateways, Routers, Printers. Most networks, especially enterprise level networks, will utilize DHCP addressing for client nodes because it minimizes addressing conflicts caused by human error.
Assignment of routing protocols
Routing table configuration
The actual role of the Network Administrator will vary from company to company, but will commonly include activities and tasks such as network address assignment, assignment of routing protocols and routing table configuration as well as configuration of authentication and authorization – directory services. It often includes maintenance of network facilities in individual machines, such as drivers and settings of personal computers as well as printers and such. It sometimes also includes maintenance of certain network servers: file servers, VPN gateways, intrusion detection systems, etc.
The administrator is responsible for the security of the network and for assigning IP addresses to the devices connected to the networks. Assigning IP addresses gives the subnet administrator some control over the professional who connects to the subnet. It also helps to ensure that the administrator knows each system that is connected and who personally is responsible for the system.
Network card drivers and settings
A printer is a driver which is used to control a print device or the actual physical machine used for printing. Mulitple Printers can be assigned to a single print device, to allow for different privileges.
A file server is a central storage space on a network. Advantages of using file servers include: 1) centralization of documents, 2) the ability to back up important data, and 3) the ability to control access to different resources within the company. Most commonly, a file server will simply be a Windows server with shared folders configured. From there, desktops will often be configured to connect to the share as a drive. Many different kinds of servers fall into this category: standard Windows file servers, ftp servers, or more specialized data management systems such as Open Text's Livelink (designed for the engineering industry), SANs, and NASs. These specialized file servers can often be accessed from Web browsers or other proprietary GUIs (Graphical User Interface)s.
Virtual Private Networks enables a secure encrypted connection. This technology enables people to safely connect to a private network remotely. A VPN Tunnel is created using encryption algorithms, making a secure connection across the internet.
In a bus topology, computers in a data network are connected to each other in a linear fashion, or from network card to network card. This topology is the most prone to failure, as a severed link between any of the computers near the middle of the network would break the network into two segments.
In a ring topology, computers are connected in a linear fashion, but either end of the network is connected to the other. This topology provides more protection against failure than a bus topology, as a severed link would result in traffic traveling in the opposite direction around the ring.
In a star topology, a computer or device with multiple network cards/ports acts as a central connection point for all other devices on the network.
An extended star topology functions much like a star topology, but, as the name implies, it offers a hierarchical approach to the network. The best example of an extended star topology is to visualize two or more star networks connected together.
In a partial mesh topology, almost every computer or device has at least one connection to every other device on the network. This is the next best failure resistant topology as it is not as expensive as a full mesh, but more expensive than any of the other topologies.
In a full mesh topology, each computer or device has at least one connection to every other device on the network. This is the most failure resistant topology, but also the most expensive as extra network cards and cable is required as the network grows.
Security in a network can be described as a two pronged approach: Hardware and Software.
Hardware security includes securing the hardware itself (Physical Security), changing vendors/ hardware between nodes (Diversity) and
The most common ways to secure a wireless network is with a WEP or WPA key. A WEP Key requires an encryption key for any network use; wires or not. A WPA (Wireless Protected Access) key only protects against Wireless Network use.
An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. The manipulations may take the form of attacks by crackers.
An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).
An IDS is composed of several components: Sensors which generate security events, a Console to monitor events and alerts and control the sensors, and a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. There are several ways to categorize an IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.
Types of intrusion-detection systems
In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic. In systems, PIDS and APIDS are used to monitor the transport and protocols illegal or inappropriate traffic or constructs of language (say SQL). In a host-based system, the sensor usually consists of a software agent, which monitors all activity of the host on which it is installed. Hybrids of these two systems also exist.
- A network intrusion detection system is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.
- A protocol-based intrusion detection system consists of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system). For a web server this would typically monitor the HTTPS protocol stream and understand the HTTP protocol relative to the web server/system it is trying to protect. Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.
- An application protocol-based intrusion detection system consists of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. For example; in a web server with database this would monitor the SQL protocol specific to the middleware/business-login as it transacts with the database.
- A host-based intrusion detection system consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.
- A hybrid intrusion detection system combines two or more approaches. Host agent data is combined with network information to form a comprehensive view of the network. An example of a Hybrid IDS is Prelude.
Passive systems vs. reactive systems
In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IDS responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. This can happen automatically or at the command of an operator.
Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.
This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system which terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.
IDS evasion techniques
Intrusion Detection System (IDS) evasion techniques bypass detection by creating different states on the IDS and on the targeted computer. The adversary accomplishes this by manipulating either the attack itself or the network traffic that contains the attack.
- "ATIS Telecom Glossary". www.atis.org. Retrieved 2016-02-12.
- IEEE 802.3-2012 Clause 9.1
- Dean, Tamara (2010). Network+ Guide to Networks. Delmar. pp. 256–257.
- E., Decker,; A., Rijsinghani,; K., McCloghrie,; P., Langille,. "Definitions of Managed Objects for Bridges". tools.ietf.org. Retrieved 2016-02-12.CS1 maint: extra punctuation (link)
- "Hubs Versus Switches – Understand the tradeoffs" (PDF). ccontrols.com. 2002. Retrieved 2013-12-10.
- "ATIS Telecom Glossary". www.atis.org. Retrieved 2016-02-12.
- "The TCP/IP Guide - Overview Of Key Routing Protocol Concepts: Architectures, Protocol Types, Algorithms and Metrics". www.tcpipguide.com. Retrieved 2016-02-12.
- "ATIS Telecom Glossary". www.atis.org. Retrieved 2016-02-12.
- Oppliger, Rolf (May 1997). "Internet Security: FIREWALLS and BEYOND". Communications of the ACM 40 (5): 94. doi:10.1145/253769.253802.
- "ATIS Telecom Glossary". www.atis.org. Retrieved 2016-02-13.
- Insert reference material
- Insert reference material
- Insert reference material