CHAPTER FOUR

NETWORK DESIGN AND IMPLEMENTATIONS CONCEPTS

 CHAPTER OUT LINES

© Network Topologies (read for your self)

© Network Designing overview
© Network Design Approaches
© Network Design Methodologies
© Details of hierarchical network design approaches
© Thinks we should considering during network design
© Network designing documents
 Network Design Overview

 Most businesses actually they have only a few requirements for their network. the following are
requirements of any networks:-

 The network should stay up all the time, even if failure is there.

 The network should reliably deliver services and provide reasonable response times.

 The network should be secure.

 The network should be easy to manage.

 Because failures occasionally occur, troubleshooting should be easy.

 When we examine carefully, these requirements translate into four fundamental

network design goals: 1. Scalability, 2. Availability, 3. Security, 4. Manageability
 Fundamental Design Goals

 Scalability: Scalable network designs can grow to include new user groups and remote sites and can support
new applications without impacting the level of service delivered to existing users.

 Availability: A network designed for availability is one that delivers consistent, reliable performance, 24
hours a day, 7 days a week. In addition, the failure of a single link or piece of equipment should not
significantly impact network performance.

 Security: is a feature that must be designed into the network, not added on after the network is complete.
Planning the location of security devices, filters, and firewall features is critical to safeguarding network
resources.

 Manageability: No matter how good the initial network design is, the available network staff must be able to
manage and support the network. A network that is too complex or difficult to maintain cannot function
effectively and efficiently
 Network Design Approaches

1. Hierarchical Network Design

 In networking, a hierarchical design is used to group devices into multiple networks.
The networks are organized in three basic layers:
 Core Layer - Connects Distribution Layer devices

 Distribution Layer - Interconnects the smaller local networks

 Access Layer - Provides connectivity for network hosts and end devices

 Benefit of dividing a flat network into smaller, more manageable blocks is that traffic
remains local.
2. Flat Network design
 In a flat network layer 2 devices provide little opportunity to control broadcasts or to
filter undesirable traffic.
 As more devices and applications are added to a flat network, response times
degrade until the network becomes unusable
 Flat Vs. Hierarchical Networks

Flat Network

Hierarchical Network
 Network Design Methodologies

 Step 1: Identify the network requirements.

 The network designer works closely with the customer to document the goals of the
project. Goals could be:
 Business Goals – how to make the business successful
 Technical Requirements – how the technology is implemented
 Step 2: Characterize the existing network.
 Information about the current network and services should be gathered and analyzed.

 The designer determines whether any existing equipment, infrastructure, and protocols
can be re-used, and what new equipment and protocols are needed to complete the
design.
 Cont’d …

 Step 3: Design the network topology and solutions.

 A common strategy for network design is to take a top-down approach.

 In this approach, the network applications and service requirements are identified,
and then the network is designed to support them.
 When the design is complete, a prototype or proof-of-concept test is performed. This
approach ensures that the new design functions as expected before it is
implemented.
 A common mistake made by network designers is the failure to correctly determine the
scope of the network design project.
 Failure to understand the impact of a particular requirement often causes a project scope
to expand beyond the original estimate. This oversight can greatly increase the cost and
time required to implement the new design.
 Cont’d …

Determining the Scope of the Project

 While gathering requirements, the designer identifies the issues that affect the entire
network and those that affect only specific portions.

 Network requirements that affects the entire network  Requirements that may only affect a portion of
include: the network include:
 Adding new network applications.  Improving Internet connectivity and adding
 Improving the efficiency of network addressing or bandwidth.
routing protocol changes.  Updating Access Layer LAN cabling
 Integrating new security measures.  Providing redundancy for key services
 Adding new network services.  Supporting wireless access in defined areas
 Relocating servers to a data center server farm
 1. What happens at the core layer

 The Core Layer is sometimes called the network backbone.

 Routers and switches at the Core Layer provide high-speed connectivity.

 The Core Layer includes one or more links to the devices at the enterprise edge in order to support
Intranet, extranet, Virtual Private Networks (VPNs), and WAN access.

 Core Layers aimed to Provide 100% uptime, Maximize throughput, and Facilitate network growth.

Core Layer Technologies are :-

 Routers or multilayer switches that combine routing and switching in the same device

 Redundancy and load balancing.

 High-speed and aggregate links.

 Routing protocols and Full/Partial Mesh connectivity

 Core Layer Design Considerations

1. Preventing Failures

 The network designer must able to provide a network that is resistant to failures and can recover quickly in
the event of a failure. Core routers and switches can contain:

 Dual power supplies and fans

 Additional management modules

3. Network Convergence
2. Reducing Human Error  It is occurs when all routers have complete and
 40% of network failures are caused by accurate information about the network. Factors
human error that affect convergence time include:
 It is critical to have written policies and  The speed at which the routing updates reach
procedures in place to govern how changes all of the routers in the network
are approved, tested, installed, and  The time that it takes each router to perform the
documented. calculation to determine the best paths
 2. Distribution Layer design consideration
 It represents a routing boundary between the Access Layer and the Core Layer.
 It also serves as a connection point between remote sites and the Core Layer.
 The Access Layer is commonly built using Layer 2 switching technology, but Distribution Layer is built
using Layer 3 devices.
Design Goals for distribution layer
 Filtering and managing traffic flows

 Enforcing access control policies

 Summarizing routes before advertising the routes to the Core

 Isolating the Core from Access Layer failures.

 Traffic Filtering at Distribution Layer

 Access control lists (ACLs) are a tool that can be used at the Distribution Layer to limit access
and to prevent unwanted traffic from entering to the Core network.
 An ACL is a list of conditions used to test network traffic that attempts to travel through a
router interface.
 Using Cisco IOS software, there are three complex ACL features that can be configured:
 Dynamic ACL - requires a user to use Telnet to connect to the router and authenticate

 Reflexive ACL - allows outbound traffic and then limits inbound traffic to only responses to
those permitted requests.
 Time-based ACL - permits and denies specified traffic based on the time of day or day of
the week.
 Routing Protocols at the Distribution Layer

 Another important function that occurs at the Distribution Layer is route summarization, also
called route aggregation or supernetting.

 Route summarization has several advantages for the network, such as:

 One route in the routing table represents many other routes.

 Less routing update traffic on the network

 Lower overhead on the router

 Classless routing protocols such as RIPv2, EIGRP, OSPF, and IS-IS, support route summarization
based on subnet addresses on any boundary.
 3. Access Layer Design Considerations

 Physical location of equipment

 Wiring closets

 Converged networking

 Availability
 What Need to be Considered when Designing the Access Layer of a Network

 Naming structures
 VLAN architecture
 Traffic patterns
 Prioritization strategies
 Security risks at the network.
 Authentication

 Wireless security

 Physical security (finger print and biometers)

 Strong passwords

 Security policy

Functions of VLANs:
 Separate and classify traffic

 Control broadcasts
 Server Farms and Security

Server Farms
 Defined entry and exit points for network traffic
 Redundant, high-capacity links
 Load balancing
 Lower cost of providing services
Security Implications of Creating Server Farms
 Firewalls
 LAN switch security features
 Intrusion and prevention systems
 Network analysis and management devices
 Building redundancy for high availability
 Virtualization
 Thinks we will Considered during implementation of a wireless network design

Customer requirements:
 Roaming

 Authentication (Open guest access vs. secured employee

access)

 Services and applications

 Encryption

 Coverage and number of users

 Physical and Logical WLAN design

 Site survey
 Factors that Affect the VPNs network design

 Cost of bandwidth

 QoS

 Security

 Remote access

 Interconnection options:

 Traditional WAN technologies

 Newer WAN technologies

 Design the Local-Area Network

LAN Protocols
 You need to understand the characteristics of LAN protocols, including physical distance
 LAN uses the following technologies to satisfy the requirements :
 Ethernet , Fast Ethernet, Gigabit Ethernet and Token Ring.
 Ranging from user workstations to high-bandwidth servers.
LAN Physical Design
 Select the equipment to be used, keeping in mind the LAN technologies and the number of
ports required for the network.
Repeaters:
 Cisco 1500 hubs
 FastHub 100, 200, and 300 families
 Design the Wide-Area Network

 Transport Selection

 Decide on the WAN technology to use. The following list will help you make this decision:

 Use leased lines where traffic flows are constant between point-to-point locations.

 Use Frame Relay as a high-bandwidth, cost-effective transport.

 Use ATM when high bandwidth (155+ Mbps) is required on the core.

 ATM offers different

 Quality of Service (QoS) types,

 allowing traffic with varying tolerances for bandwidth

 latency to travel over the same network.

 The Design Document

 The design document helps the designer to explain how the solution meets the requirements
of the project. It consists of the following primary sections:

 Executive Summary

 Design Requirements

 Design Solution

 Summary

 Appendixes

 Cost of Proposed Design (optional)

 CHAPTER FIVE
Network Items Specification
 Outline

 Linux background  Working with Files

 Components of Linux OS  File Redirection

 Architecture of Linux OS  File Permissions

 Windows vs Linux  Remote Login

 Linux Basic Commands

Background on Linux

 Open Source Operating System

 Free Software

 Source Code Available

 Components of Linux System

Linux OS has the following components :-

1. Kernel is a main program of Unix system. it controls hard wares, CPU, memory, hard
disk, network card etc.
2. System Library − System libraries are special functions or programs using
which application programs or system utilities accesses Kernel's features. These
libraries implement most of the functionalities of the operating system and do not
requires kernel module's code access rights
3. System Utility − System Utility programs are responsible to do specialized,
individual level tasks.
 Architecture of Linux System

✓ Hardware layer − Hardware consists of all

peripheral devices (RAM/ HDD/ CPU etc.).
✓ Kernel − It is the core component of Operating
System, interacts directly with hardware.
✓ Shell − an interface to kernel, hiding complexity
of kernel's functions from users. The shell takes
commands from the user and executes kernel's
functions.
✓ Utilities − Utility programs that provide the user
most of the functionalities of an operating systems
 What the kernel does

The kernel has 4 jobs:

1. Memory management: Keep track of how much memory is used to
store what, and where
2. Process management: Determine which processes can use the central
processing unit (CPU), when, and for how long
3. Device drivers: Act as mediator/interpreter between the hardware and
processes
4. System calls and security: Receive requests for service from the
processes
 LINUX VS WINDOWS

Parameters Windows
Linux
Price The majority of Linux variants are available for Microsoft Windows can run between $50.00 - $150.00
free or at a much lower price than Microsoft US dollars per each license copy.
Windows.

Ease Although the majority Linux variants have Microsoft has made several advancements and changes
improved dramatically in ease of use, Windows that have made it a much easier to use operating
is still much easier to use for new computer system, it is still Easier than Linux.
users.

Reliability The majority of Linux variants and versions are Although Microsoft Windows has made great
reliable and can often run for months and years improvements in reliability over the last few versions of
without needing to be rebooted. Windows, it still cannot match the reliability of Linux.

Software Linux has a large variety of available software Because of the large amount of Microsoft Windows
programs, utilities, and games. However, users, there is a much larger selection of available
Windows has a much larger selection of software programs, utilities, and games for Windows.
available software.
Hardware Linux companies and hardware manufacturers have Because of the amount of Microsoft Windows users
made great advancements in hardware support for Linux and the broader driver support, Windows has a
and today Linux will support most hardware devices. much larger support for hardware devices and a
However, many companies still do not offer drivers or good majority of hardware manufacturers will
support for their hardware in Linux. support their products in Microsoft Windows.

Security Linux is and has always been a very secure operating Although Microsoft has made great improvements
system. Although it still can be attacked when compared over the years with security on their operating
to Windows, it much more secure. system, their operating system continues to be the
most vulnerable to viruses and other attacks.
Open Source Many of the Linux variants and many Linux programs are Microsoft Windows is not open source and the
open source and enable users to customize or modify the majority of programs are not open source
code however they wish to. Windows .
Support Although it may be more difficult to find users familiar Microsoft Windows includes its own help section,
with all Linux variants, there are vast amounts of has vast amount of available online documentation
available online documentation and help, available and help, as well as books on each of the versions
books, and support available for Linux. of Windows.
 Linux Distributions

Ubuntu
 Canonical started sending out free compact discs with Ubuntu Linux in 2004 and
quickly became popular for home users (many switching from Microsoft Windows).
Canonical wants Ubuntu to be an easy to use graphical Linux desktop without need to
ever see a command line. Of course they also want to make a profit by selling support
for Ubuntu.
Debian

 There is no company behind Debian. Instead there are thousands of well organized
developers that elect a Debian Project Leader every two years. Debian is seen as one
of the most stable Linux distributions. It is also the basis of every release of Ubuntu.
Debian comes in three versions: stable, testing and unstable.
 Cont’d …
Other

 Distributions like Oracle Enterprise Linux and Scientific Linux are based on
Red Hat Enterprise Linux and share many of the same principles, directories
and system administration techniques.

 Linux Mint, Edubuntu and many other buntu named distributions are based
on Ubuntu and thus share a lot with Debian. There are hundreds of other
Linux distributions.
 Server Vs Desktop
33

Ubuntu Desktop Ubuntu server

 Graphical user Interface  Command Line interface

 contains applications suited to  focus on server requirements.
general use: multimedia Ubuntu Server can run as an
software, and web browser etc. email server, file server, web
 Installing Ubuntu Desktop is server, and samba server.
essentially like any other  Ubuntu Server uses a process-
software install. driven menu instead.
 it has potentially less system  it has potentially better system
performance. performance.
 File system hierarchy

 Many Linux distributions partially follow the File system Hierarchy Standard. The
FHS may help make more Unix/Linux file system trees conform better in the
future.
 The root directory /
 All Linux systems have a directory structure that starts at the root directory. The
root directory is represented by a forward slash, like this: /. Everything that exists
on your Linux system can be found below this root directory. Let's take a brief
look at the contents of the root directory.
/bin
 This directory contains a number of essential commands that are available to
unprivileged. The /bin directory also houses the shells (such as bash files).
/lib
 This is where all kernel modules needed for system boot libraries that are required by root
system commands (commands found in /bin and /sbin.). Binaries found in /bin and /sbin
often use shared libraries located in /lib.
/opt
 The purpose of /opt is to store optional software. In many cases this is software from
outside the distribution repository. You may find an empty /opt directory on many
systems.
/boot

 Contains all files needed to boot the computer. These files don't change very often. On
Linux systems you typically find the /boot/grub directory here. /boot/grub contains
/boot/grub/grub.cfg (older systems may still have /boot/ grub/grub.conf) which defines
the boot menu that is displayed before the kernel starts.

/etc

 All of the machine-specific configuration files should be located in /etc.

 Many times the name of a configuration files is the same as the application, or protocol
with .conf added as the extension.
Directory Structure
 Files are put in a directory.

 All directories are in a hierarchical structure

(tree structure).
 User can put and remove any directories on
the tree.
 Top directory is “/”, which is called slash or
root.
 Users have their own directory. (home
directory)
Important Directories

 /bin This contains files that are essential for correct operation of the system. These are
available for use by all users.

 /home This is where user home directories are stored.

 /var This directory is used to store files which change frequently, and must be available to
be written to.

 /etc Various system configuration files are stored here.

 /dev This contains various devices as files, e.g. hard disk, CD-ROM drive, etc.

 /tmp Temporary files.

 Linux Basic Commands

Listing Files and Directories

 ls (list) - Lists directory contents

 ls [option] [file]

 ls – list files in the current directory

 ls /etc – list content of /etc directory

 ls –a – list all files (including hidden files)

 ls –l – use long listing format when displaying the list

 ls –l-h It shows the numbers (file sizes) in a more human readable

format.
 Creating Directories

 mkdir (make directory)

 Syntax: mkdir directoryname
 mkdir ICT: create the directory ICT in the current directory
 mkdir /home/ SA: Create the directory SA in the /home directory
Creating Files
Touch
 Syntax: Touch Filename
 touch IT: create the file IT in the current directory
 touch /home/ IT/SA: Create the file SA in the /home/IT directory
 Changing to a Different Directory

 cd (change directory)
 Syntax: cd directory name
 Change the current working directory to 'directory'.
cd .. : change to parent directory)
 Example:
 cd ICT: Change to the directory ICT
 cd /home/ SA

 Path names
 pwd (print name of current/working directory)

 Syntax:
pwd [options]
 Example:
 Summary of very basic commands

ls list files and directories

ls -a list all files and directories
mkdir make a directory
cd directory change to named directory
cd change to home-directory
cd ~ change to home-directory
cd .. change to parent directory

pwd display the path of the current directory

 Working with Files

 Linux is case sensitive; this means that FILE1 is different from file1, and /etc/hosts is
different from /etc/Hosts
Copying Files
 Syntax: cp source destination
 Copy the file Source to Destination
 Example:
 cp file1 /home/ict2: copy the file file1 to the directory /home/ict2
 cp –r /home/ict2 ict: copy the directory (with all its file) /home/ict2 to the directory
ict
 cp /home/ict2/file1: copy the file file1 from the directory /home/ict2 to the current
directory
 Moving/renaming Files

 Syntax: mv source destination

 Example:

 mv file1 flie2: Renames the file file1 to file2( If you move it with in the
same directory giving it different name it actually renames the file)

 mv /home/ict/ file1 ict/file2: Move the file file1 from /home/ict directory
to ict directory
 Removing Files and Directories

 rm - remove files and directories

 Syntax: rm File

 Example:

 rm ict/file1: remove the file file1 from the directory ict

 rm –r /home/ict2: delete the directory /home/ict2 along with its files

 rmdir - remove empty directory

 Syntax: rmdir directory

 Example:

 rmdir ict: delete the empty directory ict

 Displaying Content of Files on Screen

 cat - concatenate files and print on std output

 Syntax: cat [option] [file]
 Example:
 cat file1: display the content of file1 on the screen
 ~$ echo one > part1
 ~$ echo two > part2
 ~$ echo three > part3
 ~$ cat part1 part2 part3
 one
 two
 three
 Displaying …
more and less
 The more command is useful for displaying files that take up more than one
screen. More will allow you to see the contents of the file page by page. Use the
space bar to see the next page, or q to quit.
 less

 Syntax: less [option] file

 Example:
 Less file1

 more

 Syntax: more [option] file

 Example:
 more file1
 Displaying….

head
 You can use head to display the first ten lines of a file.

 paul@laika:~$ head /etc/passwd

 The head command can also display the first n lines of a file.
 paul@laika:~$ head -4 /etc/passwd
Tail
 Similar to head, the tail command will display the last ten lines of a file.

 paul@laika:~$ tail /etc/services

 Searching the contents of a file
 grep – print lines matching a pattern

 Syntax: grep [options] pattern [file]

 Example: search for the word localhost in the file /etc/hosts

 grep localhost /etc/hosts

 Simple searching using less

 Use the less command to display the content of the file and then type
/search string

 Example: (search for the word localhost in the file /etc/hosts)

 less /etc/hosts/localhost
 Summary – Working with files

cp file1 file2 copy file1 and call it file2

mv file1 file2 move or rename file1 to file2
rm file remove a file
rmdir directory remove a directory
cat file display a file
more file display a file a page at a time

head file display the first few lines of a file

tail file display the last few lines of a file

 Pipe

Use the pipe (|) symbol to give the output of one command as an input to another
command.
Example
ls /etc | grep resolv.conf (list the content of the file /etc and display lines
containing the name resolv.conf)
Summary – Redirection
command > file redirect standard output to a file
command >> file append standard output to a file
command < file redirect standard input from a file
pipe the output of command1 to the
command1 | command2
input of command2
cat file1 file2 > file0 concatenate file1 and file2 to file0
 File Permissions
 The long version of a file listing (ls -l) will display the file permissions:

-rwxrwxrwx
Other permissions
Group permissions
Owner permissions
4/24/2021 Directory flag (d=directory; l=link) 52
 Changing File Permissions

 Use the chmod command to change file permissions

 The permissions are encoded as an octal number

chmod 755 file # Owner=rwx Group=r-x Other=r-x

chmod 500 file2 # Owner=r-x Group=--- Other=---
chmod 644 file3 # Owner=rw- Group=r-- Other=r--

chmod +x file # Add execute permission to file for all

chmod o-r file # Remove read permission for others
chmod a+w file # Add write permission for everyone

4/24/2021 53
 File compressions commends

gzip –gunzip

 If users never have enough disk space, so compression comes in handy using gzip.

 The gzip command can make files take up less space.

bzip2 -bunzip2
 Files can also be compressed with bzip2 which takes a little more time than gzip, but
compresses better.
 Package Management

Apt-Get

 The apt-get command is a powerful command line tool used to work with Ubuntu's
Advanced Packaging Tool (APT) performing such functions as installation of new
software packages, upgrade of existing software packages, updating of the package
list index, and even upgrading the entire Ubuntu system.
 Package Management

 apt-get update – refresh available updates

 apt-get upgrade – upgrade all packages
 replacements; upgrade Ubuntu version
 Apt-cache policy pkg-check weather the pkg installed or not
 Apt-cache search pkg-check the availability of the pkg
 apt-get install pkg – install pkg
 apt-get purge pkg – uninstall pkg
 apt-get autoremove – remove obsolete packages
 apt-get -f install – try to fix broken packages
 dpkg --configure -a – try to fix broken packages
 dpkg

 dpkg is a package manager for Debian based systems. It can install, remove, and build
packages, but unlike other package management system's it can not automatically
download and install packages and their dependencies. This section covers using dpkg
to manage locally installed packages:

 To list all packages installed on the system, from a terminal prompt enter: dpkg -l
 Adding and Deleting user

To add a user account

 sudo adduser username

To delete a user account and its primary group, use the following syntax:

 sudo deluser username

 You can delete the user yanina with userdel. The -r option of userdel will
also remove the home directory.

 # userdel -r yanina
 Remote login

 The secure shell or ssh is a collection of tools using a secure protocol for
communications with remote Linux computers.
 secure shell Avoid using telnet, rlogin and rsh to remotely connect to your
servers. These older protocols do not encrypt the login session, which means
your user id and password can be sniffed by tools like wireshark or
tcpdump.
 The ssh protocol is secure in two ways. Firstly the connection is encrypted
and secondly the connection is authenticated both ways.

59
 CHAPTER SIX
SYSTEM AND NETWORK ADMIN ISSUES
 CHAPTER OUTLINE

 Windows server 2008  Mail access protocol

 Directory services  Mail transfer protocol

 Active directory  DNS server

 FTP server  DHCP server

 Email server  Samba server

 WINDOW SERVER 2008

Windows Server 2008 roles :

 File and Printer sharing  File Transfer Protocol (FTP) Server

 Web server  Active Directory

 Routing and Remote Access Services  Distributed File System (DFS)

(RRAS)  Fax Server

 Domain Name System (DNS)

 Dynamic Host Configuration Protocol

(DHCP)
 Windows Server 2008 Editions

 Windows Server 2008 Standard Edition

 Smaller organizations consisting of a few hundred users or less
 Windows Server 2008 Enterprise Edition
 Larger companies with more needs
 Windows Server 2008 Datacenter Edition
 Companies that run high powered servers with considerable resources
 Windows Web Server 2008
 Similar to Standard. User base varies from small businesses to corporations with large
departments
 Windows 2008 Standard Edition

 Up to 4 physical processors allowed

 Available in 32-bit or 64-bit versions

 32-bit version supports up to 4 GB of RAM, 64-bit version up to 32 GB

 Lacks more advanced features, such as clustering

Windows Server 2008 Enterprise Edition

 All the features of Standard Edition

 Up to 8 physical processors

 32-bit version supports 64 GB RAM; 64-bit version supports 2 TB

 Can be clustered; up to 16 cluster nodes permitted

 Windows Server 2008 Datacenter Edition

 All the features of Enterprise Edition

 Up to 32 physical processors in 32-bit version, 64 processors in 64-bit

 Extra fault tolerance features: hot-add and hot-replace memory or CPU

 Can’t be purchased as individual license, only through volume license

 Unlimited number of virtual instances

Windows Web Server 2008

 Designed to run Internet Information Services (IIS)

 Hardware support similar to Standard Edition

 Lacks many of the features present in other editions

 Typically used when roles such as Active Directory or Terminal Services are not required
 Directory Services

 A directory service is a database that contains information about all objects on the
network.

 Directory services contain data and metadata.

 Metadata is information about data.

 For example: A user account is data. Metadata specifies what information is included in every
user account object.

 Information within directories is organized hierarchically. This means that there is a strict
set of rules as to where certain data is located within the directory based on the
properties of that data.
 What objects are tracked via Directory Services?

 Objects for administration:  Objects for shared resources:

 Users  Servers,

 User/Group access  Printers;

 Network resources  Applications

 Management of domains, applications,  Files

services, security policies, and just about

everything else in your network.
 Directory Services Common Features:

 Provide file shares

 Authenticate users

 Provide services, such as Email, Access to the internet, Print services etc.

 Control access to services and shares.

 Managing users and group inside the system

 Managing devices or resources in the system

 Active Directory

 Provides a single point of administration of resources (Users, groups, shared printers, etc.)
 Provides centralized authentication and authorization of users to network resources
 Along with DNS, provides domain-naming services and management for a Windows
domain.
 Enables administrators to assign system policies, deploy software to client computers, and
assign permissions and rights to users of network resources
 Active Directory, in addition to providing a place to store data and services to make that
data available, active directory
 protects network objects from unauthorized access

 replicates information about objects across the entire network

 so that information about objects is not lost if one domain controller fails.
 FTP server

 It is a protocol used to transfer files between an FTP host/server and an FTP client computer
on the Internet.
 FTP is oldest and the most commonly used to download files from the World Wide Web.

 It is an alternative choice to HTTP protocol for downloading and uploading files to FTP

servers.
Common features of FTP server:
 Uploading webpages to web servers for publishing on the Internet

 Browsing and downloading files from public software sites

 Transferring large files among two parties that are too large for email attachments

 Downloading and uploading content like university’s assignments via an FTP server

 Distributing the latest revisions of programs by software developers

 E-MAIL SERVER

 E-Mail server is an electronic way of exchanging massages through different protocols like SMTP(simple
mailing transfer protocol), POP (Post Office Protocol), and IMAP (Interactive mail access protocol).

 Today, email is delivered using a client/server

architecture.

 An email message is created using a mail client

program. This program then sends the message
to a server.

 The server then forwards the message to the

recipient's email server, where the message is
then supplied to the recipient's email client.
 Mail Transport Protocols

• Mail delivery from a client application to the server, and from an originating server
to the destination server, is handled by the Simple Mail Transfer Protocol (SMTP).

• The primary purpose of SMTP is to transfer email between mail servers.

• One important point to make about the SMTP protocol is that it does not require
authentication. This allows anyone on the Internet to send email to anyone else or
even to large groups of people.
 Mail Access Protocols
 There are two primary protocols used by email client applications to retrieve email from mail servers:

1. Post Office Protocol (POP) 2. Internet Message Access Protocol (IMAP).

 When using an IMAP mail server, email messages remain on
 When using a POP server, email messages
the server where users can read or delete them. It also
are downloaded by email client applications.
allows client applications to create, rename, or delete mail
 By default, most POP email clients are
directories on the server to organize and storage of email.
automatically configured to delete the
 IMAP is particularly useful for those organization who access
message on the email server after it has
their email using multiple machines.
been successfully transferred.
 The protocol is also convenient for users connecting to the
 For added security, it is possible to use mail server via a slow connection, because only the email
Secure Socket Layer (SSL) encryption for header information is downloaded for messages until
opened.
client authentication and data transfer  The user also has the ability to delete messages without
sessions. viewing or downloading them.
 Email Program Classifications

 In email application there are three classifications 1. MTA 2. MDA 3. MUA

 Each classification plays a specific role in the process of moving and managing email messages. While
most users are only aware of the specific email program they use to receive and send messages, each
one is important for ensuring that email arrives at the correct destination.

1. Mail Transport Agent(MTA) 2. Mail Delivery Agent(MDA) 3. Mail User Agent(MUA)

 MTA transports email messages  An MUA is a program that allows a user
 MDA is call by the MTA to file incoming
between hosts using SMTP. A message
to read and compose email messages.
may involve several MTAs as it moves to email in the proper user's mailbox. In
its intended destination.  MUA is synonymous with an email client
many cases, the MDA is actually a Local
 While the delivery of messages application like client browser.
between machines may seem rather Delivery Agent (LDA).
straightforward, the entire process of  Many MUAs are capable of retrieving
 Any program that actually handles a
deciding if a particular MTA can or messages via the POP or IMAP protocols,
should accept a message for delivery is message for delivery to the point where
quite complicated setting up mailboxes to store messages,
it can be read by an email client
and sending outbound messages to an
application can be considered an MDA.
MTA.
 Remote access administration

 It is the way of accessing, controlling or managing computer device remotely through the
help of network.
 It refers to any method of controlling a computer from a remote location.

 Software that allows remote administration is becoming increasingly common and is often
used when it is difficult or impossible to be physically near a system in order to use it.

 Technical support professionals also use remote access to connect to users' computers from
remote locations to help them for resolve issues with their systems or software.

 A computer must have software that enables it to connect and communicate with a system
or resource hosted by the organization's remote access service.
 Once the user's computer is connected to the remote host, it can display a window with the
target computer's desktop.
 Remote access protocols

Common remote access protocols include the following:

❖ Point-to-Point Protocol (PPP): enables hosts to set up a direct connection between two
endpoints.
❖ Internet Protocol Security (IPsec ): security protocols used to enable authentication
and encryption services to secure the transfer of IP packets over the internet.
❖ Point-to-Point Tunneling (PPTP) : one of the oldest protocols for implementing
virtual private networks, but PPTP is not very secure.
❖ Terminal Access Controller Access Control System (TACACS): remote authentication
protocol which is common to Unix networks that enables a remote access server to
forward a user's password to an authentication server to determine whether access to a
given system should be allowed or not.
❖ Remote Authentication Dial-In User Service (RADIUS) : it is designed to enable remote
access servers to communicate with a central server to authenticate dial-in users and
authorize their access to the requested system or service.
 DNS server
 A DNS server is a computer server that contains a database of public IP addresses and their
associated hostnames, In most cases serves to resolve, or translate, those names to IP addresses as requested.
 DNS servers run special software and communicate with each other using special protocols. In most cases, a
primary and a secondary DNS server are configured on the router or computer when you connect to the
internet service provider.
 There are two DNS servers in case one of them happens to fail, in which case the second is used to resolve
hostnames requested.
 Domain Name System (DNS) is a most important of Internet services which converts host names into
IP addresses and vice versa. If a host name includes its complete domain name, it is said to be a Fully
Qualified Host Name (FQHN). The DNS client is called the ‘resolver’, and the DNS server is called the ‘name
server’.
 Why DNS ?
 It is easier to remember a host name than it is to remember an IP address.
 Name has more meaning to a user than a 4 byte number.
 Applications such as FTP, HTTP, email, etc., all require the user to input a destination.
 The application takes the host name supplied by the user and forwards it to DNS for translation to an IP
address.
 How does DNS work?
 DNS works by exchanging messages between client and server machines.
 A client application will pass the destination host name to the DNS process to get the IP address.
 The application then sits and waits for the response to return.
 Most of the time DNS were used as distribution rather than the centralized format
 Why DNS not used as a centralized format:-
 Single point of failure and Distant centralized database

 Traffic volume and Maintenance

Root DNS Servers
 Top-level domain (TLD) servers:
 Responsible for com, org, net, edu, etc, and all top-
level country domains uk, fr, ca, jp.
 Network solutions maintains servers for .com TLD
org DNS servers edu DNS servers
 Educause for edu TLD com DNS servers
 Authoritative DNS servers:
 Organization’s DNS servers, providing authoritative poly.edu umass.edu
hostname to IP mappings for organization’s servers yahoo.com amazon.com
pbs.org
DNS servers DNS servers
(e.G., Web, mail). DNS servers DNS servers
DNS servers
 Can be maintained by organization or service
provider Distributed , Hierarchical DB
 DHCP server
 Is a network server that automatically provides and assigns IP addresses, default gateways and
other network parameters to client devices.
 It relies on the standard protocol known as Dynamic Host Configuration Protocol or DHCP to
respond to broadcast queries by clients.
 A DHCP server automatically sends the required network parameters for clients to
properly communicate on the network. We can use routers/switches as DHCP server.
 A better approach to manage client IP is to use DHCP on our router/switch and making it as
centralized DHCP server.
 This is particularly true for network environments that require support of both DHCP for IPv4 and
DHCP for IPv6 at the same time.
 Virtually all DHCP server vendors support both protocols(IPv4 and IPv6) so you can use the
same management interface.
 Common features of DHCP servers

DHCP Terminology
Four Key benefits to DHCP server are :
 DHCP client - A computer that obtains its configuration
 Centralized administration of IP configuration.
information from DHCP server.
 Dynamic host configuration.
 DHCP server - A computer that provides DHCP configuration
 Seamless IP host configuration. information to multiple clients in the network.
 Flexibility and scalability.  The IP addresses and configuration information that the
DHCP Messages DHCP server makes available to the client are defined

 All DHCP messages are carried in User Datagram by the DHCP administrator.

Protocol (UDP) using the well-known port numbers  DHCP lease - This defines the duration for which a DHCP
server assigns an IP address to a DHCP client.
67 (from the server) and 68 (to the client).
 The lease duration can be any amount of time between
 UDP operates at the Transport Layer of the
1 minute and 999 days, or it can be unlimited.
OSI model.
 The default lease duration is eight days.
 Automatic Private IP Addressing (APIPA)

 If the DHCP client is unable to locate a DHCP server and is not configured with an alternate
configuration, the computer configures itself with a 169.254.0.0/255.255.0.0 IP address.
 The auto-configured computer then tests to verify that the IP address it has chosen is not already in
use by using a gratuitous ARP broadcast.
 If the chosen IP address is in use, the computer randomly selects another address. The computer
makes up to 10 attempts to find an available IP address.
DHCP Scoping
 Determines which IP addresses are allocated to clients.
 Defines a set of IP addresses and associated configuration information that can be supplied to a client.
 A scope must be defined before DHCP clients can use the server for dynamic TCP/IP configuration.
 Administrator can configures many scopes on a DHCP server as needed for the network environment.
 The IP addresses defined in a DHCP scope must be contiguous and are associated with a subnet mask.
 DHCP Options

 DHCP options are additional client-configuration parameters that a DHCP server can assign
when serving leases to DHCP clients.
 DHCP options are configured using the DHCP console and can apply to scopes.
 There are four types of DHCP options in Windows Server 2008:
1. Server options: apply to all clients of the DHCP server. Admin can uses these options for
parameters as common across all scopes on the DHCP server.
2. Scope options: apply to all clients within a scope and are the most used set of options.
Scope options override server options.
3. Class options: provide DHCP parameters to DHCP clients based on type either vendor
classes or user classes.
4. Client options apply to individual clients. Client options override all other options
(server, scope, and class).
 Proxy Server

 A proxy server is a dedicated computer or a software system running on a computer that

acts as an intermediary between an endpoint device, such as a computer, and another
server from which a user or client is requesting a service.

 The proxy server may exist in the same machine as a firewall server or it may be on a
separate server, which forwards requests through the firewall.

 An advantage of a proxy server is that its cache can serve all users.

 If one or more network site are frequently requested, these are likely to be in the
proxy's cache, which will improve user response time.

 A proxy can also log its interactions, which can be helpful for troubleshooting.
 SAMBA SERVER

 Samba is an open source implementation of the Server Message Block (SMB) protocol.

 It allows the networking of Microsoft Windows, Linux, UNIX, and other operating systems together.

 This means you can use a Linux server to provide file sharing, printing, and other services to other
non-native Linux clients such as Microsoft Windows.

 Samba's use of SMB protocol that allows it to appear as a Windows server to Windows clients.
 CHAPTER SEVEN

SYSTEM AND NETWORK SECURITY

 Chapter outlines

 Computer security concepts

 Goal of computer security
 Computer system attack types
 OSI model security architecture
 Computer security mechanisms
 Encryption techniques
 Computer Security concept

 The prevention and protection of computer assets from unauthorized access, use,
alteration, and other threats.
 It refers to techniques for ensuring that data stored in a computer cannot be read or
compromised by any individuals without authorization.
 Most computer security measures involve data encryption and passwords. The following
are main goal of computer security:-
 To maintain information Confidentiality
 To ensure the Integrity and Reliability of data resources
 To ensure the Availability.
 To prevent Non-repudiation of information.
 Cont’d…
 Confidentiality
 Ensuring that no one can read the message except the intended receiver.
 Preserving authorized restrictions on information access and disclosure (detection), including
means for protecting personal privacy and proprietary information. A loss of confidentiality
is the unauthorized disclosure of information.
 integrity
 Assuring the receiver that the received message has not been altered in any way from the
original.
 Guarding against improper information modification or destruction, including ensuring
information nonrepudiation and authenticity. A loss of integrity is the unauthorized
modification or destruction of information.
 Availability: Ensuring timely and reliable access to and use of information. A loss of
availability is the disruption (confusion) of access to or use of information or an information
 THE OSI SECURITY ARCHITECTURE

The OSI security architecture focuses on security attacks, mechanisms, and services. These
can be defined briefly as
 Security attack: Any action that compromises the security of information owned by an
organization.
 Security mechanism: A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack.
 Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services
are intended to counter security attacks, and they make use of one or more security
mechanisms to provide the service.
 Types of Computer system attack

some common types of computer attacks are :-

1) Network Attacks
 Packet sniffing: leads to other attacks like password sniffing.
 man-in-the-middle: Insert a router in the path between client and server, and change
the packets as they pass through the router.
2) Web attacks
 Phishing: An evil website which is expected to be a trusted website.
 Cross Site Scripting: writing a complex JavaScript program that steals sensitive data
left by other sites that you have visited in same browsing session.
 Denial of service attack(DOS)
3) OS, applications and software attacks
Virus, Trojan, Worms, Rootkits, Buffer Overflow
 Types of Computer system attack
 Virus
 A malicious code that replicates and hides itself inside other programs usually without
your knowledge.
 A virus is a piece of software that can "infect" other programs by modifying them.
 Worm
 A worm is a program that can replicate itself and send copies from computer to
computer across network connections.
 Trojan horse
 Program that contains unexpected additional functionality. It does not replicate itself.
 Rootkit
 Set of hacker tools used after attacker has broken into a computer system and gained
root-level access
 A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage
capacity of the memory buffer. As a result, the program attempting to write the data to
the buffer overwrites adjacent memory locations.
 Categories of computer attacks

 Interruption: An attack on availability  Modification: An attack on integrity

 Interception: An attack on confidentiality  Fabrication: An attack on authenticity

Source

Destination

Attack Normal flow of information

Interruption Interception

Modification Fabrication
 Security Attacks Class

A useful means of classifying security attacks is in terms of passive attacks and active attacks..
Passive Attacks
 A passive attack attempts to learn or make use of information from the system but does not
affect system resources
 Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted. Two types of passive attacks
are there:- release of message contents and traffic analysis.
Active Attacks
 Active attacks involve some modification of the data stream or the creation of a false stream .
 Masquerade of one entity as some other with false identity.
 Replay previous message
 Modification: edit sender message and send to receiver.
 Denial of service (DoS): preventing normal use
 Computer Security Mechanisms / Controller

 Encipherment( encryption): The use of mathematical algorithms to transform data into a

form that is not readily intelligible.
 Digital Signature: Data appended to or a cryptographic transformation of a data unit
that allows a recipient of the data unit to prove the source and integrity of the data unit a
protect against forgery (e.g., by the recipient).
 Access Control: A variety of mechanisms that enforce access rights to resources.
 Data Integrity: messages should be modified or altered only by authorized parties.
 Authentication Exchange: A mechanism intended to ensure the identity of an entity by
means of information exchange.
 Encryption Techniques

 1. Symmetric encryption is a form of cryptosystem in which encryption and decryption are performed using the same key.
It is also known as conventional encryption.
 Symmetric encryption transforms plaintext into ciphertext using a secret key and an encryption algorithm. Using the same
key and a decryption algorithm, the plaintext is recovered from the cipher text.
 The two types of attack on an encryption algorithm: cryptanalysis, based on properties of the encryption algorithm, and
brute-force, which involves trying all possible keys.
 A symmetric encryption scheme has five components :
 Plaintext, Encryption algorithm
 Secret key, Cipher text, and Decryption algorithm
 2. asymmetric encryption techniques: is a form of cryptosystem in which encryption and decryption are performed
using different key.
 in asymmetric encryption plaintext is transformed in to cipher using public secret key and an encryption algorithms,
using the privet key and decryption algorithms the cipher text is transformed into plaintext.
 A Model For Network And System Security

There are four basic tasks in designing a particular security service:

1. Design an algorithm for performing the security-related transformation.

 The algorithm should be such that an opponent cannot defeat its purpose.

2. Generate the secret information to be used with the algorithm.

3. Develop methods for the distribution and sharing of the secret information.

4. Specify a protocol to be used by the two principals that makes use of the security algorithm
and the secret information to achieve a particular security service.
 Network And System Intrusions

What Is an Intrusion?
A network intrusion is an unauthorized penetration of a computer in your enterprise or an
address in your assigned domain. An intrusion can be passive (in which penetration is
gained without detection) or active (in which changes to network resources are affected).
Hacker vs. Cracker
 Hacker - Within the subculture of computer science and software developers, the term

“Hacker” usually refers to a particular kind of programmer.

 Someone who programs creatively

 Someone who programs for pure enjoyment (most programmers who work on Linux are
hackers in this case)
 Cracker - Is someone who breaks into computers, often to do something malicious such as
steal credit card information.
 Way of Preventing Network & System Intrusions

 Backup and Recovery

 Controlling User Access (Authentication, Authorization, Accounting)
 Closing Ports
 Firewall. Aim is to protect the network premises from Internet-based attacks and provide
a single choke point where security and auditing can be imposed.
 Firewall techniques provides the following access control to the network:-
 Service control – determines the types of internet services that can be accessed,
inbound or outbound.
 Direction control – determines the direction in which particular service requests may be
initiated and allowed to flow through the firewall.
 User control – controls access to a service according to which user is attempting to
access it.
 Behavior control – controls how particular service are used.
 QUIZ-2(5%)

1. List functions of firewall(1pt)

2. What is the difference between hacker and crackers(2pts)

3. What is the difference between active attack and passive attack(2pts)

END The Course