TYPES OF NETWORK CABLES



[pic][pic]

PREFACE

This book gives partly,the detailed coverage of the program matter of System Engineering Project work to the level expected of A+ and N+ course in the discipline field.The book deals exclusively with the Microsoft.

It is therefore the strongest belief of the Author that, this book, when studied assiduously,will not only enhance academic and practical knowledge in System Engineering, but will also guarantee marvellous performance in the setting up networks in companies, organisations and small offices. This book is also recommended as a reference to System Engineering students and tutors.

The book consist of comprehensive notes with illustrations, practical and challenging exercises. This is the first book i have written to cover the System Engineering Theory and practical syllabus, Students are therefore advised to get the book in other to have complete coverage of the course.

It is hoped that these book will help students gain confidence and better insight in the course and above all,to perceive the study of System Enginneering and how to networked an office as both exciting and rewarding.

God richly bless u for using this book.

ADOMAH BERNARD

Page 1

DEDICATION

This book is wholeheartedly dedicated to:

1.The Lord Jesus Christ in whom are hidden all treasures of wisdom and knowledge(col.2:3)

2.My mother, Nana Lucy Akua Yeboah and my father Mr. Yaw Nyame for their love and ever available financial support towards my education

3.Rev .Moses Addae (Pentecost Church of Ghana) for his moral and spiritual support throughout these years.

4.My instructor ,Mr.Omari Francis (IPMC college of technology,Ring Road branch.Accra.) for his good teachings and training.

Page 2

ACKNOWLEDGEMENT

I give thanks to the Almighty God for his unchanging grace and absolute substanance in my research works.

I thank the IPMC college of technology for granting me opportunity in my publications.

My sincere thanks go to Prince Sowah, Osei Hans and Peprah Elvis who helped and contributed in the production of this book(project work).

I am also indebted to Mr. Omari Francis and Mr. Ernest, Department of System Engineering(IPMC, Ring Road).I owe them much gratitude.

Lastly, I am thankful to Mr. Decko (website internet cafe Ltd.) for the typesetting and design.

ADOMAH BERNARD.

Page 3

CASE STUDY

Eco bank is a fast growing financial institution which has many branches in almost all the regions in Ghana.Their focus is on providing high quality products and services to their customers which comprises of individual,small and medium scale companies,large local corporate,parastatal,non governmental organizations and multi-national companies.In addition to the traditional products and services,Ecobank offers products and services including internet banking,telephone banking and Eco bank regional cards.

Following acquisition of a new branch office,management of the bank has requested a design and installation of networked computers on the office block to enable it to expand and meet their customers where ever they are.

Scenario

You are an employee of Eco bank and an IT Pan,your department is in charge of PC/computer server system installation and mentainance.the site has all structures in place without computer network installations.your department instructor Omari-Sarfo has assigned you to that site.

The following components and operating system(OS) will be used install networked computers on the site of Eco bank.

Task 1.

With detailed information list the operating system required for desktops and servers,give the features and hardware requirement of these systems.Also write the steps in installing them on the computer and support your explanations with screen shorts

Task 2.

Explain your understanding on networks,network wiring,network designs,Ethernet networks and which one would you recommend for Eco bank limited's site.

Task 3.

network interface cards and modems,Tcp/Ip suite,DHCP and DNS server will be required on the network? Give detail information about these devices and server implementation.

Task 4.

Explain wireless networks,wireless networking and wireless technologies with their specific network devices used.

Task 5.

security threats and threat mitigation and recommend an appropriate security steps u will take in protecting Eco bank's networked system.

Page 4

Chapter 1

NETWORKING

There are as many definitions for the term “network” as there are networks. However, most people would agree that networks are collections of two or more connected computers. When their computers are joined in a network, people can share files and peripherals such as modems, printers, tape backup drives, and CD-ROM drives. When networks at multiple locations are connected using services available from phone companies, people can send e-mail, share links to the global Internet, or conduct video conferences in real time with other remote users on the network.

WANs, LANs, and MANs

Some other terms that you will hear often are LAN, WAN, and MAN.

A local area network (LAN) typically is confined to a single building, such as an office building,your home network, or a college campus.

A wide area network (WAN) spans multiple geographic locations and is typically made up of multiple LANs. For example, I have a company with an office in Osu in Greater Accra that has 100 computers all connected together. This would be considered a LAN. Now if we expand the company and create an office in Ring Road,the network in Ring Road also would be considered a LAN. If we want to allow the two offices to share information with one another, we would connect the two LANs together, creating a WAN.

The term metropolitan area network (MAN) is not used often anymore; it refers to a network that exists within a single city or metropolitan area. If we had two different buildings within a city that were connected together, it would be considered a MAN

Every network includes:

• At least two computers

• A network interface on each computer (the device that lets the computer talk to the network—usually called a network interface card [NIC] or adapter)

• A connection medium—usually a wire or cable, but wireless communication between networked computers and peripherals is also possible

Page 5

Chapter 2

• Network operating system software—such as Microsoft Windows 95 or Windows NT, Novell NetWare, Apple Share, or Artisoft LANtastic

Most networks—even those with just two computers—also have a hub or a switch to act as a connection point between the computers.

COMPONENTS ON A NETWORK

Routers

Routers route data packets from one network to another network using the network address of the packet.Routers essentially create broadcast and collision domains and route data destined for a particular network.

Modems

A modem is a communications device that enables a computer to talk to another computer through a standard telephone line. The modem converts digital data from the computer to analog data for transmission over analog telephone lines. The analog signal is then converted back to digital data by the modem on the receiving computer.

Network Operating System(NOS)

software on the on the client or server computers.it is the program that controls the hardware of the computer system.it is mainly on a disc or a drive.Examples are windows 2008 server,Suse linux server.

Hubs

Hubs enable you to connect systems together at a central point; they have been popular devices on networks for many years. Because hubs send data to all ports on the hub, they have been replaced by switches on networks today. A switch only sends data to the port where data needs to go, not to all the ports like with a hub.The simple filtering features increase overall performance on the network.

Switches

Switches filter traffic by sending the data only to the port where the data should go,essentially not using the bandwidth of the other ports. This is different from a hub,which sends the data to all ports no matter what.

Network Interface card(NIC).

it is a hardware that accept,send data and translate it to a format that the computer can understands it.It is also kown as network adapter card and is usually intergrated in some motherboards of a computer.

Page 6

Bridges

Bridges are intelligent devices used to filter traffic on LANs by forwarding packets to specific network segments based on the source and destination MAC addresses of the packet. Bridges have been popular in the past and seem to have been replaced by switches on today’s networks.

Operating System Software Network interface card(NIC)

[pic] [pic]

Modem Hub

[pic] [pic]

Switches Router

[pic] [pic]

Page 7

DHCP Server Firewall

[pic] [pic]

Wireless Access point Computers(workstations)

[pic] [pic]

Repeater Network Cables or Mediums

[pic] [pic]

Page 8

Chapter 3

A STRUCTURE OF NETWORK

[pic]

TYPES OF NETWORK

Clients(Peer-Peer) and Servers

Often, as a network grows and more computers are added, one computer will act as a server—a central point storage for files or application programs shared on the network.

Servers also provide connections to shared peripherals such as printers. Setting up one computer as a server prevents you from having to outfit every networked computer with extensive storage capability and duplicate costly peripherals. The computers that connect to the server are called clients.

Note that you don’t need to have a dedicated server in your network. With only a few computers connected, networking can be “peer to peer.” Users can exchange files and e-mail, copy files onto each others’ hard drives and even use printers or modems connected to just one computer,As more users are added to the network, however, having a dedicated server provides a central point for management duties such as file backup and program upgrades.

Page 9

Chapter 4

NETWORK CABLES OR MEDIUMS

There are different types of a Network cables or mediums,these are as follows:

Twisted Pair Cable

Twisted-pair cable is a type of cabling that is used for telephone communications and most modern Ethernet networks. A pair of wires forms a circuit that can transmit data. The pairs are twisted to provide protection against crosstalk, the noise generated by adjacent pairs. When electrical current flows through a wire, it creates a small, circular magnetic field around the wire. When two wires in an electrical circuit are placed close together, their magnetic fields are the exact opposite of each other. Thus, the two magnetic fields cancel each other out. They also cancel out any outside magnetic fields. Twisting the wires can enhance this cancellation effect. Using cancellation together with twisting the wires, cable designers can effectively provide self-shielding for wire pairs within the network media.

Two basic types of twisted-pair cable exist: unshielded twisted pair (UTP) and shielded twisted pair (STP). The following sections discuss UTP and STP cable in more detail.

UTP Cable

UTP cable is a medium that is composed of pairs of wires UTP cable is used in a variety of networks. Each of the eight individual copper wires in UTP cable \is covered by an insulating material. In addition, the wires in each pair are twisted around each other.

Unshielded Twisted-Pair Cable

[pic]

Page 10

UTP cable relies solely on the cancellation effect produced by the twisted wire pairs to limit signal degradation caused by electromagnetic interference (EMI) and radio frequency interference (RFI). To further reduce crosstalk between the pairs in UTP cable, the number of twists in the wire pairs varies. UTP cable must follow precise specifications governing how many twists or braids are permitted per meter (3.28 feet) of cable.

UTP cable often is installed using a Registered Jack 45 (RJ-45) connector). The RJ-45 is an eight-wire connector used commonly to connect computers onto a local-area network (LAN), especially Ethernets.

When used as a networking medium, UTP cable has four pairs of either 22- or 24-gauge copper wire. UTP used as a networking medium has an impedance of 100 ohms; this differentiates it from other types of twisted-pair wiring such as that used for telephone wiring, which has impedance of 600 ohms. it continues to grow in popularity.

Disadvantages also are involved in using twisted-pair cabling, however. UTP cable is more prone to electrical noise and interference than other types of networking media, and the distance between signal boosts is shorter for UTP than it is for coaxial and fiber-optic cables.

Although UTP was once considered to be slower at transmitting data than other types of cable, this is no longer true. In fact, UTP is considered the fastest copper-based medium today. The following summarizes the features of UTP cable:

• Speed and throughput—10 to 1000 Mbps

• Average cost per node—Least expensive

• Media and connector size—Small

• Maximum cable length—100 m (short)

Commonly used types of UTP cabling are as follows:

• Category 1—Used for telephone communications. Not suitable for transmitting data.

• Category 2—Capable of transmitting data at speeds up to 4 megabits per second (Mbps).

Page 11

• Category 3—Used in 10BASE-T networks. Can transmit data at speeds up to 10 Mbps.

• Category 4—Used in Token Ring networks. Can transmit data at speeds up to 16 Mbps.

• Category 5—Can transmit data at speeds up to 100 Mbps.

• Category 5e —Used in networks running at speeds up to 1000 Mbps (1 gigabit per second [Gbps]).

• Category 6—Typically, Category 6 cable consists of four pairs of 24 American Wire Gauge (AWG) copper wires. Category 6 cable is currently the fastest standard cable.

Shielded Twisted-Pair Cable

[pic]

Shielded twisted-pair (STP) cable combines the techniques of shielding, cancellation, and wire twisting. Each pair of wires is wrapped in a metallic foil The four pairs of wires then are wrapped in an overall metallic braid or foil, usually 150-ohm cable. As specified for use in Ethernet network installations, STP reduces electrical noise both within the cable (pair-to-pair coupling, or crosstalk) and from outside the cable (EMI and RFI). STP usually is installed with STP data connector, which is created especially for the STP cable. However, STP cabling also can use the same RJ connectors that UTP uses.

Shielded Twisted-Pair Cable

Although STP prevents interference better than UTP, it is more expensive and difficult to install. In addition, the metallic shielding must be grounded at both ends. If it is improperly grounded, the shield acts like an antenna and picks up unwanted signals. Because of its cost and difficulty with termination, STP is rarely used in Ethernet networks. STP is primarily used in Europe. The following summarizes the features of STP cable:

Page 12

• Speed and throughput—10 to 100 Mbps

• Average cost per node—Moderately expensive

• Media and connector size—Medium to large

• Maximum cable length—100 m (short)

When comparing UTP and STP, keep the following points in mind:

• The speed of both types of cable is usually satisfactory for local-area distances.

• These are the least-expensive media for data communication. UTP is less expensive than STP.

• Because most buildings are already wired with UTP, many transmission standards are adapted to use it, to avoid costly rewiring with an alternative cable type.

COAXIAL CABLES

Coaxial cable consists of a hollow outer cylindrical conductor that surrounds a single inner wire made of two conducting elements. One of these elements, located in the center of the cable, is a copper conductor. Surrounding the copper conductor is a layer of flexible insulation. Over this insulating material is a woven copper braid or metallic foil that acts both as the second wire in the circuit and as a shield for the inner conductor. This second layer, or shield, can help reduce the amount of outside interference. Covering this shield is the cable jacket.

[pic]

Coaxial Cable

Page 13

Coaxial cable supports 10 to 100 Mbps and is relatively inexpensive, although it is more costly than UTP on a per-unit length. However, coaxial cable can be cheaper for a physical bus topology because less cable will be needed. Coaxial cable can be cabled over longer distances than twisted-pair cable. For example, Ethernet can run approximately 100 meters (328 feet) using twisted-pair cabling. Using coaxial cable increases this distance to 500m (1640.4 feet).

For LANs, coaxial cable offers several advantages. It can be run with fewer boosts from repeaters for longer distances between network nodes than either STP or UTP cable. Repeaters regenerate the signals in a network so that they can cover greater distances. Coaxial cable is less expensive than fiber-optic cable, and the technology is well known; it has been used for many years for all types of data communication. small diameter, Thinnet no longer is commonly used in Ethernet networks.The most common connectors used with Thinnet are BNC, short for British Naval Connector or Bayonet Neill Concelman, connectors The basic BNC connector is a male type mounted at each end of a cable. This connector has a center pin connected to the center cable conductor and a metal tube connected to the outer cable shield. A rotating ring outside the tube locks the cable to any female connector. BNC T-connectors are female devices for connecting two cables to a network interface card (NIC). A BNC barrel connector facilitates connecting two cables together.

Thinnet and BNC Connector

The following summarizes the features of coaxial cables:

• Speed and throughput—10 to 100 Mbps

• Average cost per node—Inexpensive

• Media and connector size—Medium

• Maximum cable length—500 m (medium)

Page 14

FIBER OPTIC CABLE

[pic]

BRIEF OVER VIEW OF FIBER OPTIC CABLE ADVANTAGES OVER COPPER:

• SPEED: Fiber optic networks operate at high speeds - up into the gigabits

• BANDWIDTH: large carrying capacity

• DISTANCE: Signals can be transmitted further without needing to be "refreshed" or strengthened.

• RESISTANCE: Greater resistance to electromagnetic noise such as radios, motors or other nearby cables.

• MAINTENANCE: Fiber optic cables costs much less to maintain. In recent years it has become apparent that fiber-optics are steadily replacing copper wire as an appropriate means of communication signal transmission. They span the long distances between local phone systems as well as providing the backbone for many network systems. Other system users include cable television services, university campuses, office buildings, industrial plants, and electric utility companies. There are three types of fiber optic cable commonly used: single mode, multimode and plastic optical fiber (POF).

Transparent glass or plastic fibers which allow light to be guided from one end to the other with minimal loss.

[pic]

Page 15

Chapter 5

[pic]

Fiber optic cable functions as a "light guide," guiding the light introduced at one end of the cable through to the other end. The light source can either be a light-emitting diode (LED)) or a laser.

While fiber optic cable itself has become cheaper over time - a equivalent length of copper cable cost less per foot but not in capacity. Fiber optic cable connectors and the equipment needed to install them are still more expensive than their copper counterparts.

Network Topologies

Bus, ring, star, and other types of network topology

In networking, the term "topology" refers to the layout of connected devices on a network. This article introduces the standard topologies of computer networking.

Topology in Network Design

One can think of a topology as a network's virtual shape or structure. This shape does not necessarily correspond to the actual physical layout of the devices on the network. For example, the computers on a home LAN may be arranged in a circle in a family room, but it would be highly unlikely to find an actual ring topology there.

Network topologies are categorized into the following basic types:

• bus

• ring

• star

• tree

• mesh

Page 16

More complex networks can be built as hybrids of two or more of the above basic topologies.

Bus Topology

Bus networks (not to be confused with the system bus of a computer) use a common backbone to connect all devices. A single cable, the backbone functions as a shared communication medium that devices attach or tap into with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message.

Ethernet bus topologies are relatively easy to install and don't require much cabling compared to the alternatives. 10Base-2 ("ThinNet") and 10Base-5 ("ThickNet") both were popular Ethernet cabling options many years ago for bus topologies. However, bus networks work best with a limited number of devices. If more than a few dozen computers are added to a network bus, performance problems will likely result. In addition, if the backbone cable fails, the entire network effectively becomes unusable.

Illustration - Bus Topology Diagram This diagram illustrates the bus network topology. A bus topology such as 10Base-2 or 10Base-5 Ethernet uses a single communication backbone for all devices.

Image 1 of 5

[pic]

Bus Network Topology

Ring Topology

In a ring network, every device has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (either "clockwise" or "counterclockwise"). A failure in any cable or device breaks the loop and can take down the entire network.

Page 17

To implement a ring network, one typically uses FDDI, SONET, or Token Ring technology. Ring topologies are found in some office buildings or school campuses.

Illustration - Ring Topology Diagram

This diagram illustrates the ring network topology. A ring topology such as FDDI or SONET sends messages clockwise or counterclockwise through the shared link.

Gallery Index

Image 2 of 5

[pic]

Ring Network Topology

Star Topology

Many home networks use the star topology. A star network features a central connection point called a "hub" that may be a hub, switch or router. Devices typically connect to the hub with Unshielded Twisted Pair (UTP) Ethernet.

Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN. (If the hub fails, however, the entire network also fails.)

Illustration - Star Topology Diagram

This diagram illustrates the star network topology. A star topology typically uses a network hub or switch and is common in home networks.

Gallery Index

Image 3 of 5

Page 18

[pic]

Star topology

Tree Topology

Tree topologies integrate multiple star topologies together onto a bus. In its simplest form, only hub devices connect directly to the tree bus, and each hub functions as the "root" of a tree of devices. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub connection points) alone.

Illustration - Tree Topology Diagram

This diagram illustrates the tree network topology. A tree topology integrates the star and bus topologies in a hybrid approach to improve network scalability.

Gallery Index

Image 4 of 5

[pic]

Tree Network Topology

Page 19

Mesh Topology

Mesh topologies involve the concept of routes. Unlike each of the previous topologies, messages sent on a mesh network can take any of several possible paths from source to destination. (Recall that even in a ring, although two cable paths exist, messages can only travel in one direction.) Some WANs, most notably the Internet, employ mesh routing.

A mesh network in which every device connects to every other is called a full mesh. As shown in the illustration below, partial mesh networks also exist in which some devices connect only indirectly to others.

Illustration - Mesh Topology Diagram

This diagram illustrates the mesh network topology. A mesh topology provides redundant communication paths between some or all devices (partial or full mesh).

Gallery Index

Image 5 of 5

[pic]

Mesh Network Topology

Page 20

Chapter 6

Summary

Topologies remain an important part of network design theory. You can probably build a home or small business network without understanding the difference between a bus design and a star design, but understanding the concepts behind these gives you a deeper understanding of important elements like hubs, broadcasts, and routes. Since we are setting up a network for Ecobank and looking at the merits and demerits of the all the types of topologies in this chapter Mess topology should be implemented.

Top of Form

[pic]

Wireless Communication

Wireless communication uses radio frequencies (RF) or infrared (IR) waves to transmit data between devices on a LAN. For wireless LANs, a key component is the wireless hub, or access point, used for signal distribution.

[pic]

Wireless Network

To receive the signals from the access point, a PC or laptop must install a wireless adapter card (wireless NIC). Wireless signals are electromagnetic waves that can travel through the vacuum of outer space and through a medium such as air. Therefore, no physical medium is necessary for wireless signals, making them a very versatile way to build a network. Wireless signals use portions of the RF spectrum to transmit voice, video, and data. Wireless frequencies range from 3 kilohertz (kHz) to 300 gigahertz (GHz). The data-transmission rates range from 9 kilobits per second (kbps) to as high as 54 Mbps.

The primary difference between electromagnetic waves is their frequency. Low-frequency electromagnetic waves have a long wavelength (the distance from one peak to the next on the sine wave),

Page 21

Chapter 7

while high-frequency electromagnetic waves have a short wavelength.

Some common applications of wireless data communication include the following:

• Accessing the Internet using a cellular phone

• Establishing a home or business Internet connection over satellite

• Beaming data between two hand-held computing devices

• Using a wireless keyboard and mouse for the PC

Another common application of wireless data communication is the wireless LAN (WLAN), which is built in accordance with Institute of Electrical and Electronics Engineers (IEEE) 802.11 standards. WLANs typically use radio waves (for example, 902 megahertz [MHz]), microwaves (for example, 2.4 GHz), and IR waves (for example, 820 nanometers [nm]) for communication. Wireless technologies are a crucial part of the today's networking.

Ethernet

[pic]

To start us out, I first want to point out that network architecture is something that

came about one day when someone sat down and said, “We are going to design a

network architecture; let’s use CAT 3 cabling, a star topology, and CSMA/CD as an

access method. Oh, and let’s call this architecture 10BaseT!”In this example, 10BaseT was the name assigned to the architecture because 10 Mbps is the transfer rate of the network,

Page 22

Chapter 8

baseband communication is the technique used to transmit the signal, and the T means our cable type in this case twisted-pair. Now, we have discussed different types of twisted-pair cabling,but CAT 3 is the one that runs at 10 Mbps, so it is the cable used in 10BaseT

Network Type of Type of Transfer Access

Architecture Topology Cable Rate Method

10Base2 Bus Thinnet 10 Mbps CSMA/CD

10Base5 Bus Thicknet 10 Mbps CSMA/CD

10BaseT Star CAT 3 10 Mbps CSMA/CD

100BaseT Star CAT 5 100 Mbps CSMA/CD

1000BaseTX Star CAT 5, 5e, 6 1 Gbps CSMA/CD

10GBaseLR Star Fiber (single ) 10 Gbps CSMA/CD

Token Ring Star ,ring UTP 4 Mbps/16 Mbps Token passing

Types of Ethernet Traffic

Ethernet traffic consists of three different types of packets: unicast, multicast, and broadcast. How much of each type of traffic you have on your network can be important in determining whether you need a switch or a hub and types of switch features.

Unicast packets are addressed to a single destination. This type typically comprises the bulk of traffic on an Ethernet LAN.

Multicast refers to a single transmission sent to a group of users.This capability lightens the load on the server and the network because only one data stream is sent rather than one per user.At the other extreme, broadcast packets are sent to all nodes within a single network segment and can be a major source of congestion.

TCP/IP

This ability of computers and networks all over the world to share information was made possible by two important communication protocols - the Transmission Control Protocol (TCP) and the Internet Protocol (IP). Together they are often referred to as TCP/IP, and together they make the

Page 23

Internet known as a "packet-switched network.". Transmission Control Protocol/Internet Protocol (TCP/IP) is the most common protocol used today. A routable protocol, TCP/IP is the protocol on which the Internet is built. TCP/IP is very robust and commonly is associated with UNIX and Linux systems.

TCP/IP originally was designed in the 1970s to be used by the Defense Advanced

Research Projects Agency (DARPA) and the U.S. Department of Defense (DOD)

to connect dissimilar systems across the country. This design required the capability

to cope with unstable network conditions. Therefore, the design of TCP/IP included

the capability to reroute packets. One of the major advantages of TCP/IP was the fact that it could be used to connect heterogeneous (dissimilar) environments together, which is why it has become the protocol of the Internet—but what are its drawbacks? TCP/IP has two major drawbacks:

Configuration TCP/IP is a protocol that requires configuration, and to administer it, you need to be familiar with IP addresses, subnet masks, and default gateways—not complicated topics once you are familiar with them, but there is a bit of a learning curve compared to installing NetBEUI.

Security Because of the open design of TCP/IP, it has become a very insecure protocol. If security is of concern, you need to make certain that you implement additional technologies to secure the network traffic or systems

[pic]

Page 24

Chapter 9

Dynamic Host Configuration Protocol (DHCP)

Configuring IP addressing on a large TCP/IP-based network can be a nightmare, especially if machines are moved from one network to another frequently. The Dynamic Host Configuration Protocol (DHCP) can help with the workload of configuring systems on a network by assigning addresses to systems on boot-up automatically.The process of dynamically assigning IP addresses is managed via a DHCP server.The DHCP server is configured with a set of usable IP addresses, called a scope. The scope can also include the subnet mask, IP addresses of the default gateway, DNS servers, WINS servers, and other necessary addresses. When a PC comes online and is set up to use a DHCP server, it requests an IP address by transmitting a broadcast request packet looking for any DHCP servers on the network (known as DHCP Discovery). The DHCP server responds with an offer containing an IP address that the client can lease (known as the DHCP Offer). The client then accepts the offer by sending a request message for that address from the DHCP server (known as the DHCP Request), When configuring the DHCP server, you will need to configure a scope with the following settings:

IP addresses The DHCP server issues an IP address to each DHCP client system on the network. Each system connected to a TCP/IP-based network is identified by a unique IP address. As you learned in this chapter, the IP address consists of four 8-bit octets separated by periods. The IP address is normally shown in dotted-decimal notation—for example, 192.10.24.62.

Subnet mask The IP address actually consists of two parts: the network ID

and the host ID. The subnet mask is used to identify the part of the IP address that is the network ID and the part that is the host ID. Subnet masks assign 1s to the network ID bits and 0s to the host ID bits of the IP address.

Default gateway A default gateway is required when the client system needs to communicate outside its own subnet. Normally, the default gateway is a router connected to the local subnet, which enables IP packets to be passed to other network segments

Internet address As you have learned how messages are transmitted from one computer to another, every computer in the Internet must have a unique and specific address.

Page 25

Chapter 10

An Internet or IP address, as it is sometimes called, consists of four numbers separated by periods. The smallest address would be 0.0.0.0 while the biggest would be 1234.5678.9101.1121. Don't worry, only computers are expected to remember all these numbers without getting confused. For humans, we use the Domain Name System (DNS).

Domains Like IP addresses which are numerical, the alphabetical domain names are also separated by periods or dots. Thus, the U.S. Library of Congress will have an IP address of 140.147.248.7 and the domain name will be .  Domain names have the format: hostname.-level-domain. My school's domain name, for example, is ocean.otr.usm.edu. This naming structure will give you clues about the address.

SERVER AND CLIENTS OPERATING SYSTEM.

Once you have connected the cables to the hubs and the clients to the cables,it is time to install a network operating system. The network operating system is responsible for providing services to clients on the network. These services could be the sharing of files or printers; the server could be providing name resolution through DNS services or logon services by being a directory server.Let’s take a look at some of the popular network operating systems that provide

network services to their clients. For this discussion, any time that we mention Windows 2000 or Windows Server 2003, we can also include Windows NT Server,because Windows 2000 and Windows Server 2003 were built off Windows NT technologies and are the successors to Windows NT.

Page 26

[pic]

You have learned about networking hardware components such as routers, switches, hubs, and network cabling thus far in the book. Being able to identify these components and connect them together is just a small part of implementing the network; you also need to install and configure the network operating system (NOS) on the server to publish resources out to the network.

In this chapter you will learn to implement a network by installing the network operating system, creating user accounts and groups, and subsequently assigning permissions to those user accounts for network resources such as files, folders, and printers.ertification Objective 10.01

Installing a Network

Installing the network is one of the first job responsibilities that you may have as a network professional. This duty may include purchasing server hardware, the server NOS, and client desktop systems. You will also need to make choices regarding the type of network you wish to install—will you choose a Novell, Microsoft, or Linux networking environment? Will you go with a peer-to-peer or client/server network?

Will you have a mixed environment with a few Microsoft servers and a few Linux or Novell servers? This section will help you answer these questions.

Networking Options

Looking back to Chapter 1, you learned the difference between a peer-to-peer networking environment and a server-based one. You will now need to choose which type of network you intend to build. If you choose to build a peer-to-peer network, you will not be required to purchase server hardware and the network operating system, thereby reducing cost. The disadvantage of a peer-to-peer network is that it is typically limited to ten systems.

Page 27

If you choose to go with a server-based network, you will need to purchase the server hardware and the server network operating system, so you can expect some additional cost. You will also need to obtain client access licenses. A client access license (CAL) is needed to allow the client to connect to the network operating system. It is important to understand that just because you have purchased the server operating system, that does not mean that you can allow everyone to access data on the server. You will need to purchase a CAL for each client connecting.

Let us say that we have decided to go with a server-based network. When it comes to server-based networking environments, you have three popular types to choose from—Microsoft, Novell, and Linux.

Microsoft Networking

When it comes to networking, Microsoft networking environments have a big market share these days, with Windows Server 2003 being the most popular Windows server version on existing networks. Windows Server 2008 is the newest version of Microsoft’s network operating system as of the date of this writing. When you install a Microsoft server, you will have to make a number of choices such as deciding whether to install a standalone server, a member server, or a domain controller.

Standalone System A standalone server is a server that has a local Security Accounts Manager (SAM) database similar to a Windows XP system. The SAM database is a database of accounts that resides on the local system and is used to access resources on the local system only. This is very similar to having a number of Windows XP systems in a workgroup (peer-to-peer) environment—the accounts are not “network” accounts; they are local accounts. You may install a standalone server if this server is to act as your web server or firewall system. Typically, these systems are not part of the normal “Microsoft network,” otherwise called a domain, because they are connected to the Internet.

Domain Controller A domain controller (DC) is a server that has Microsoft’s directory service installed, known as Active Directory. The Active Directory database is the term used by Microsoft for the network account database. If you are authenticated by, or you log on to, the Active Directory database, you can access resources across the network. The account is not used just to access resources on the local system, as is the case with the standalone system. When a user logs on to the network,

Page 28

Chapter 11

the logon request is sent to the domain controller on the network where the account information is verified.

Once the domain controller has verified the information, the user can access network resources to which they have access anywhere on the network. The term for this Microsoft network is a domain.

Network Requirements

This section introduces the hardware and software requirements for building a network. We will review the hardware that is required and then discuss the software requirements needed for a network. This section is in effect a summary of the network components you have already learned about in above chapters.

Networking Hardware

The first thing that you will need in each of the systems or hosts that will participate on the network is a network interface card, which is the means the system uses to send and receive data on the network. You will also need to have a hub or a switch to act as a central connection point for all the systems. If your systems are going to send data to another network, you will need a router as well. Figure 10-3 displays the general setup of the networking hardware. The networking server will also need to have its specs measured out. Today’s server will include a RAID controller card that connects and manages the RAID drives. There should be more than 1GB of RAM, depending on the role of the server. If the server is intended to act as a mail server or a database server, you may want a few gigabytes of memory as well as multiple CPUs on the motherboard.

Networking Software

It is extremely important to understand what the network’s software requirements are Certainly, you will need all four of the following software components somewhere on the network.

Service A service is what is being provided to clients on the network—it is typically the reason for the network. For example, most networks have a server that offers file and printer sharing services, or maybe web services that offer web pages to web clients on the network. Without a service there is no purpose to the network.

Page 29

Client A client is a piece of software that connects to the service and makes the network request. For example, Internet Explorer is a client that makes requests to a web server (service) for different web pages on the web server. Another example is the Client for Microsoft Networks (shown in Figure below),which allows users to connect to any Microsoft file and print server.

Protocol A protocol is the networking language that a system uses to send the request from the client to the service. If you want two systems to communicate, they will need to speak the same language (protocol), such as TCP/IP or NetBEUI.

Network card driver In order for all of this to work, you will need to make sure that the network card driver has been installed on the system so that the system can send and receive data. If the network card driver has not been installed, you will be unable to configure the system for clients, protocols, or services. You can verify that you have the software components to network the Microsoft operating system by going to your LAN Connection properties as shown in Figure below.

[pic]

Page 30

Installing a Network Server

In this section you will learn to install a network server by installing Windows Server 2003 and then configure it as a domain controller for glensworld.loc. After the installation of this server, you will learn to create users and groups on the server.When installing a Windows server, you want to make sure that you plan for installation by deciding on a number of settings and other issues, such as

Server name You will need to decide what the name of the server will be.Clients will connect to the server by name when accessing folders and printers.

Domain name If your server will be joining a domain, you will need to type

in the name of the domain. If you are joining a domain, you will also need to know the username and password of the administrator account that has permission to add servers to the domain. If you will be a domain controller for a domain, you will accomplish that with the dcpromo.exe command, so you

should have planned in advance what

Server as domain controller You will need to know before you start the installation whether or not the server will be a domain controller, because if the server is to be a domain controller, you will install it as a standalone server and then run dcpromo.exe to promote it to a domain controller.

Hardware support Make sure that your server hardware (network card, video card, and the like) will work with the server operating system by checking out the Windows Server Catalog

.

Partition setup During the installation, you will have the opportunity to create and delete the partitions on the hard disk of the server. Plan your partition strategy before the installation so that you are prepared for this step during installation.

File system After partitioning the disk, you will need to format the partition with a file system such as FAT32 or NTFS. For security reasons you should always go with the NTFS file system on Microsoft servers.

Licensing When installing a Windows server, you will have to choose either Per Seat or Per Server licensing. With Per Server licensing, you obtain a client access license (CAL) for each connection to the server. During the installation of the server you will need to specify how many simultaneous

connections you expect. With Per Seat licensing,

Page 31

Chapter 12

you purchase a license for each individual client that will access the server.

The difference between the two is illustrated in this example: If you have ten users accessing two different servers, with Per Server licensing you need 20 licenses, while with Per Seat licensing you only need ten licenses, or one license for each client, no matter how many servers are being accessed.In order to install the Windows Server operating system, you will first need to

place your Windows Server 2003 CD in the CD-ROM drive and then power on the computer. The system boots off the CD and then starts the installation. There are two phases to the installation process:

Text-mode phase The first is the text-mode portion of the installation,where you partition the disk and format the partition. Then the setup files are copied from the CD-ROM to the hard drive.

GUI-mode phase The GUI-mode portion of the installation will ask for information such as your product key, computer name, and administrator password. your domain name.

Let’s walk through the steps to install Windows Server 2003, and then you will create a domain controller that runs the Active Directory database. This domain controller will be referred to in all the remaining discussions and exercises in this chapter.

1. Place your Windows Server 2003 CD in the drive and then power on the computer.

2. After some setup files are copied to the system, the Welcome To Setup screen appears (as shown in Figure below). To install Windows Server 2003press enter.

[pic]

Page 32

3. Press f8 to agree to the license agreement.

4. You will be shown a list of drives and partitions on which Windows Server 2003 can be installed (as shown in the Figure); make sure that the first drive is selected. Choose C to create a partition.

[pic]

5. Type 15000 MB as the partition size (because of limitations on my system I will choose 4000 as shown in Figure above) and press enter.

6. The newly created partition is displayed; select it and press enter to install the OS to that partition.

7. You will now format (quick) the partition for NTFS by selecting the option shown in the Figure below and pressing enter.

[pic]

Page 33

8. The partition is formatted, and setup files are copied to the hard disk. After that, the GUI portion of the installation starts and installs Windows.

9. Select Next to accept the English language.

10. Type your name and organization as shown in Figure and then choose Next.

11. Type your product key and then choose Next.

The GUI-mode portion of the installs prompts for name and organization.

[pic]

12. Choose to have 100 Per Server licenses (as shown in Figure ) and choose Next. This will allow for 100 clients to connect to the server at one time.

13. Type win2003-A as your computer name and P@ssw0rd as the password. Click Next.

14. Choose your time zone and click Next.

15. Choose Typical for the network settings and click Next.

16. Choose No to being part of a domain and choose Next.

17. Setup finishes, and then you are presented with the Windows Logon screen.

Log on as Administrator, type a password of P@ssw0rd (case sensitive), and click OK.Once you have logged on,

Page 34

Chapter 13

you will want to ensure that you have statically assigned an IP address to your server.

Go to your LAN Connection properties and change the IP address. I will use the IP address of 192.168.5.1 for this walkthrough and a subnet mask of 255.255.255.0. You may leave the default gateway entry empty, but set your primary DNS Server setting to 192.168.5.1 as well

Installing a Network

Microsoft has three types of servers: standalone, member, and domain controller. A standalone server is not part of a domain and sits on its own. It relies on its own security database known as the SAM database for user and group management and authentication services. A member server is a member of a domain but does not have the Active Directory database installed. A member server typically runs applications such as Exchange or SQL Server.

A domain controller is a server that holds the Active Directory database. To have communication on a network, you need to have a network client, protocol, and network card driver installed.

Creating User Accounts

There are two types of accounts: built-in and administrator-created. Built-in accounts are accounts that are created during the installation of the operating system. There is typically an administrative account built in to the operating system and a guest account that is disabled by default. The built-in administrative account in Windows is called Administrator, and the one built into Linux/UNIX is called root. You can create a user account in Active Directory with the Active Directory

Users and Computers console. You may create a user account in Linux with the Red Hat User Manager.

You should create a password policy that enforces strong passwords. A strong password consists of upper and lowercase characters and has a minimum of six characters and a mix of letters, numbers, and symbols.

Page 35

Managing Groups

Groups are used to organize users into administrative units.

There are built-in groups in Windows such as Administrators, Backup Operators, Account Operators, and Print Operators.

Backup Operators can perform backups, Printer Operators can install and configure printers, and Account Operators can create and manage user accounts

Global groups are used to organize users within a domain, domain local groups are used for permissions or rights assignment, and universal groups are used to organize users across domains.

Security groups are used for security or e-mail, and distribution groups are used only for e-mail.

Securing Files and Folders

1.Use NTFS partitions so that you can configure NTFS permissions on folders.

2.Use share permissions when creating the shared resource.

3.When NTFS and share permissions conflict—the most restrictive wins.

4.In Linux, you can configure permissions with the chmod command.

5.The Full Control permission allows a user to modify the file contents and modify permissions, while the Modify permission only allows a user to modify the file contents—not permissions.

You can connect to a folder with a UNC path.

Page 36

Chapter 14

The UNC path has the following syntax: \\computername\sharename.

Installing Printers

Microsoft terms the print device as the machine that holds the paper and ink and prints the content on paper, whereas the printer is the software interface to the print device.

A print server is a machine that has a shared printer and receives print requests from clients.

A printer (or queue in other network environments) is where the print job is stored while trying to print.

Working with Network Hardware

Because computers are affected by temperature, moisture, vibrations, and electrical interference, you need to create a controlled environment and be in control of each of these elements.

Watch cable distance on the different cable types and be familiar with the components that can create interference in your environment.

Network-attached storage (NAS) is a popular choice for mass storage devices such as RAID drives and CD-ROMs.

Windows Servers

Developed from the VMS platform many years ago, Microsoft Windows NT and its successors, Windows Server 2003 and 2008, have grown into very popular network operating systems that provide a number of built-in network services, including

File and print services These allow the administrator to share files and printers among Windows clients.

DNS and WINS services These allow the administrator to configure DNS and NetBIOS name resolution.

DHCP services These allow the administrator to configure the server to assign IP addresses to clients on the network.

Directory services These allow the administrator to build a central list of objects, such as user accounts that may be used by clients to log on to the network. Microsoft’s directory service is known as Active Directory.

Web services These allow the administrator to build Internet or corporate intranet sites that are hosted on the server.

Page 37

E-mail services These allow the administrator to configure the server to send e-mail using the Simple Mail Transfer Protocol (SMTP). This feature was designed to allow application developers to build e-mail functionality into their applications.

Group policies These allow an administrator to deploy settings down to the client operating systems from a central point. Some of the types of settings that can be applied to clients through group policies are folder redirection, file permissions, user rights, and installation of software. operating systems, such as Windows 98, Windows 2000 Professional, and Windows XP Professional. This dramatically reduces the learning curve that someone new to network operating systems has to go through. Figure below the user interface of a Windows server.

Windows user interface

[pic]

The fact that the user interface on the server operating system is the same as that on the client operating system means that the learning curve for the server operating system is dramatically reduced. The other thing that led to the rapid growth of the installed base for Windows-based servers is the fact that Windows servers made it very easy to configure the services that were mentioned previously. For example, to install a DNS server, WINS server, or DHCP server, you simply go to Add/Remove

Programs and install those services as you would install solitaire on a desktop operating system.

Page 38

Chapter 15

Clients and Resources

A major component of successful networking with NOS is the client operating system. The client operating system needs to have client software installed known as the redirector. The term redirector comes from the fact that when the client makes the request for a network resource, the redirector redirects the request from the local system to the network server. Whether the workstations are in a workgroup environment (peer-to-peer) or a client/server environment, you need to have client software installed on the client operating systems to connect to the servers. Some examples of client operating systems that can connect to a Windows server are Windows XP Professional, Windows 2000 Professional, Windows NT Workstation 4.0, Windows 95/98, and Windows for Workgroups. Another reason Windows servers have been so successful is that they support many different client operating systems. Not only can Windows clients such as

Windows 98 and Windows XP connect to the Windows servers, but also non-Microsoft clients such as Macintosh clients, NetWare clients, and UNIX clients can connect to Microsoft servers. Microsoft has been very focused on coexisting with other environments.

SECURITY THREATS AND MITIGATIONS

In this chapter we are going to talk about various threats,how this threats gets into a network and how to secure your network from such threats.It is the most important aspect a sys admin must take note after installing a complete network.

Although viruses are common threats that we hear about all the time,but there are other nasty things out there as well.Bad guys who create threats to a network generally have one or two purpose in mind:destruction and reconnaissance.They are seeking to destroy data or deny access,and maybe even nick information that you definitely don’t want them to have.Since Ecobank is a financial institutions their data on the network must be secure from attackers or hackers.

There are several common approaches that attackers and hackers use to breach the security of our precious networks.

Page 39

some of these approaches are as follows.

Denial of service (Dos);It prevents users from accessing the network or its resources.Dos attacks comes in a variety of flavors such as;

1.The Ping of Death

2.Smurf

3.SYN Flood,TFN Flood and TFN2K .

VIRUSES;They basically little programs that cause a variety of very bad things to happen on your system,ranging from merely annoying to total devastating.They can display a message,delete files,or even send out huge amount of meaningless data over a network to block legitimate messages.A key trait of viruses is that they can’t themselves to other computers or systems without a user doing something like opening an executable attachment in an email to propagate them.There are also variety of viruses.

1.File Viruses;It attacks executable application and system programs files like those ending in .COM, .EXE, and .DLL.

2.Macro Viruses;It is basically a script of commonly enacted commands used to automatically carry out tasks without requiring a user to initiate them.

3.Boot Sector Viruses;It works their way into the master boot record that’s essentially the ground-zero sector on your hard disk where applications aren’t suppose to live.

4.Multipartite Viruses;This virus affects both the boot sector and files on your system,making such a virus particularly dangerous and exasperatingly difficult to remove.

WORMS;Functionally,worms are like viruses and they are much harder to stop.It can actively replicate without requiring you to do anything like open an infected file.However,worms can activate,propagate and destroy all by themselves.

TROJAN HORSE;A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves.

BLENDED THREAT: Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities.

Page 40

Chapter 16

Hackers or Attackers uses tools like IP spoofing,Application Layer attacks,Active-X attacks,Autorooters,Backdoors,Network Reconnaissance,Packet Sniffers,Password attacks,Brute-Force attacks,Port-Redirection attacks,Trust-Exploitation attacks,Man-in-the Middle attack,Rogue Access Points and Social Engineering(Phishings).Becareful about all this tools.

MITIGATION TECHNIQUES

However,Mitigation is simply how to make your network or systems safe from hackers and attackers that’s “Safe Net”.Safe Networking techniques falls into three major categories:Policies and Procedures,Training,Patches and Upgrade.

Moreover,there are three main ways to detect an intruder and defence yourself against one.

1.ACTIVE DETECTION:It involves constantly scanning the network for possible break-ins

2.PASSIVE DETECTION:which involves logging all network events to a file

3.PROACTIVE DEFENSE METHOD;This also involve using tools to shore up your network walls against attacks.

STEPS TO MAKE YOUR NETWORK SECURED

1. Get a network security application

It doesn’t have to be a $100K purchase, nor will it necessarily be something you download from an open source website. What it will be is one that can run in your environment, is easy for you to start using, has support and updates included, and can help you to automate and perform many of the tasks that are in this list. A good network security application is a key part of any security program, and with so much to do and so little time, not an option.

2. Use a vulnerability scanner

Vulnerability scanners are tools that can scan systems over the network looking for security issues that you need to remediate.

Page 41

Vulnerability scanners include databases of known vulnerabilities for all kinds of systems and applications,

and it is critical to keep that database up-to-date so your vulnerability scanner can look for the latest discovered issues. Use your vulnerability scanner to scan every new system before it is approved for production, before the firewall ports on the Internet are open, and whenever the configuration is changed. You should also use your vulnerability scanner to assess your entire network. Run it from the Internet against your DMZ to see everything an attacker outside would see. Run it internally against your entire network to be sure every system is up-to-date. Regular use is key to ensure nothing slips through the cracks.

3. Lock down defaults

Vulnerability scanners can also help you to identify default settings. These are the things that the vendor sets up out-of-the-box, and that often can be used by attackers to find a back door into your network or to access data on devices. Examples include default passwords, running services that you don’t need, open shares that contain sensitive information and protocols that don’t use encryption. Finding these defaults and either securing or disabling them reduces your exposure and takes away an easy in for any attacker to exploit.

4. Patch

It’s as simple as that. Patch. Patch everything. Patch operating systems on servers and workstations, third party applications, drivers, network devices, firmware and anything else you can. Keeping all of your systems 100% updated on patches closes the largest number of vulnerabilities of any action you can take. In support of this fact, your vulnerability scanner will identify many unpatched systems and list the patches they need. It may not find them all, but it will find the ones most attackers would find too. Seriously, if you do nothing else on this list, patch. If you have more systems than you have fingers, then you need patch management software to keep up with everything. Look for patch management software that includes vulnerability scanning so you can get a two for one solution.

5. Use good passwords

That means using strong, easy-to-remember but hard-to-guess passwords on every system, and training your users to do the same. It also means using different passwords on different systems,

Page 42

and changing those passwords regularly. It also means resetting any default passwords,

and never sharing them. Each user should have his or her own access to any system, and no one should know another user’s password.

6. Practice least privilege

The concept of least privilege is pretty straightforward. Don’t give out any access to someone unless they need that access. Only give them the minimum access they need to do their job. Take away that access when it is no longer required.

7. Document

One of the most difficult tasks for many sys admins is one of the most important. Documenting your systems, your network, your configurations, and your best practices is a critical part of maintaining your systems. Without documentation, how do you know what you have? How can you be sure you didn’t miss something? Never put off documentation until ‘later’. ‘Later’ will never come.

8. Establish baselines

Each system will have its own particular behaviours. How busy is it? How much RAM is it using? What services is it running? How quickly is it running out of disk space? Make sure that you establish baselines for every new system while you are still paying close attention to it and before you declare it production-ready, and add those into the documentation. When the server varies from its baseline, it’s a good indication that something might be wrong. Whether that is an errant app, an underestimated load, or an uninvited guest remains to be seen, but consider spikes in CPU and RAM, and rapidly diminishing disk space all to be your early warning system.

9. Set up alerts

If you have central monitoring, it is easy to stay on top of these baselines and also to automate reviews of logs. Smaller shops aren’t so well equipped. Setting up alerts on your systems for things like failed logons, spikes in CPU, low disk space, etc., not only helps you with the sys admin tasks of maintaining the systems, but can also call to your attention issues that might indicate a security incident is happening.

Getting these nine steps in place now, consistently and across all systems,

Page 43

will immensely help you in securing your systems.

You would cover the majority of things that could be exploited by an attacker, and set yourself up to stay informed on what is happening with your systems.

Page 44

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download