Introduction to Computer Networks and Computer

Systems

Michelle Murillo, Greg Shore, James BruntLTER Network Office

21 October 2004EcoInformatics Workshop

Albuquerque, NM

Agenda

• WAN• LAN• LAN components• Server • Backups• Security

Networks and Computers:Why do we need them?

• To facilitate research by increasing communication and access to data, metadata, and applications for synthesis and integration across broad spatial and temporal scales.

What is a network?• A network is a communication

system for interconnecting users and devices such as computers, terminals, printers, telephones, ...

• A network allows people or devices to share information or data.

• In addition a network must be able to transmit this information quickly, with reliability and efficiency.

Types of Networks

• Local Area Network or LAN– A LAN covers a small region of space, typically a

single building.

• Metropolitan Area Network or MAN– A MAN is a collection of LANs within the same

geographical area, for instance a city.

• Wide Area Network or WAN– A WAN is a computer network that spans a

relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs).

WAN

Wide-Area Network (WAN)

• Computers connected to a wide-area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet.

WAN: Leased lines – A permanent telephone connection between two points

set up by a telecommunications common carrier. – Unlike normal dial-up connections, a leased line is

always active. – The fee for the connection is a fixed monthly rate. – The primary factors affecting the monthly fee are

distance between end points and the speed of the circuit.

– Because the connection doesn't carry anybody else's communications, the carrier can assure a given level of quality.

– You can divide the connection into different lines for data and voice communication or use the channel for one high speed data circuit.

WAN: Leased line bandwidth examples:

T-1/DS1 1.544 Mbps.

T-3/DS3 43 Mbps

OC3 51.85 Mbps

OC 12 155.52 Mbps

OCx Up to 2.48 Gbps

• The bandwidth of a network is similar to a highway: a one-lane road has less bandwidth than a four-lane road

WAN: Wireless• Satellite

– http://www.networkcomputing.com/netdesign/wireless1.html

• Microwave• Spread Spectrum

– http://www.sss-mag.com/ss.html

• RF (radio frequency)– See also:

• www.sierrawireless.com/news/docs/2130273_WWAN_v_WLAN.pdf

WAN: Other methods

– Cable modem: A modem designed to operate over cable TV lines. Because the coaxial cable used by cable TV provides much greater bandwidth than telephone lines, a cable modem can be used to achieve extremely fast access to the World Wide Web. Cable modems can offer speeds up to 2 Mbps

– DSL: refers collectively to all types of digital subscriber lines. DSL technologies use sophisticated modulation schemes to pack data onto existing copper telephone lines. Supports data transfer rates up to 32 Mbps for upstream traffic, and from 32 Kbps to over 1 Mbps for downstream traffic.

WAN: Other methods

– ISDN: Abbreviation of integrated services digital network, an international communications standard for sending voice, video, and data over digital telephone lines or normal telephone wires. ISDN supports data transfer rates of 64 Kbps (64,000 bits per second).

– Modem: A modem is a device or program that enables a computer to transmit data over, for example, telephone or cable lines. The fastest modems run at 57,600 bps, although they can achieve even higher data transfer rates by compressing the data.

WAN: Considerations• Availability:

– Metro – located within a metropolitan area phone system whereT1 and higher speed connections are easily available

– City – located near a city that is equipped to provide T1 service but may or may not have available ISP to cover the internet connection

– Rural – outside of a regular metropolitan phone system but close enough that connections can be made into a metropolitan system

– Remote – area where only basic telephone service is typically provided

– Backcountry – area where not even basic telephone services are available

WAN: Other Considerations

• Upload and download speed required?• Costs:

– Equipment– Installation– Monthly? Yearly?– Contract?

• ISP services and resources provided?• Your needs

LAN

LAN: Local-area Network

• Most LANs connect workstations and personal computers.

• Each node (individual computer ) in a LAN has its own CPU with which it executes programs, but it also is able to access data and devices anywhere on the LAN. This means that many users can share expensive devices, such as laser printers, as well as data.

• Users can also use the LAN to communicate with each other, by sending e-mail or engaging in chat sessions.

LAN: Local-area Network

• LANs are capable of transmitting data at very fast rates, much faster than data can be transmitted over a telephone line; but the distances are limited, and there is also a limit on the number of computers that can be attached to a single LAN.

• There are many different types of LANs, Ethernets being the most common for PCs. Most Apple Macintosh networks are based on Apple's AppleTalk network system, which is built into Macintosh computers.

LAN: Ethernet

• A local-area network (LAN) architecture developed by Xerox Corporation in cooperation with DEC and Intel in 1976.

• Ethernet supports data transfer rates of 10 Mbps.

• A newer version of Ethernet, called 100Base-T (or Fast Ethernet), supports data transfer rates of 100 Mbps.

• The newest version, Gigabit Ethernet supports data rates of 1 gigabit (1,000 megabits) per second.

• We can now connect to the WAN using our ISP and our LAN…but what really makes up our LAN?

• What do we do to build our LAN?• What do we need to know to

maintain our LAN?

LAN: Some components• Desktops and Workstations• Printers, Plotters, Scanners• Servers• NAS/Storage units• Tape Arrays/Tape Drives• RAID Arrays• UPSs• An overabundance of cables• An overabundance of software, utilities,

and applications

Some quick definitions• Workstation: A type of computer used for

engineering applications (CAD/CAM), desktop publishing, software development, and other types of applications that require a moderate amount of computing power and relatively high quality graphics capabilities.

• Server: A computer or device on a network that manages network resources. For example, a file server is a computer and storage device dedicated to storing files.

• Client: part of a client-server architecture. Typically, a client is an application that runs on a personal computer or workstation and relies on a server to perform some operations. For example, an e-mail client is an application that enables you to send and receive e-mail.

• Desktops, workstations, printers, plotters, scanners depend on…– Your (or system administrator)

expertise– Cost or affordability– User requirements– User preferences– Historical

• Servers, arrays, disks, UPSs, NASs…– Require more thought and long-term

planning– A good strategy is to:

• Plan• Prototype• Evaluate• Implement• Evaluate• Plan

• The ideal scalable system is one that is a ‘framework’ wherein the components are modular and can be upgraded through time without a complete overhaul of the system.

• Modularity and scalablity:– Consider putting services on individual servers

as much as possible• Mail• FTP• Web• File• Compute• Backup• Patch

– This allows for the ability to upgrade individual servers as needed

– Distributes/reduces the load– If one server crashes, all services are not lost– If need a new server function, easy to add new

server without disrupting other services or overloading an existing server

Example scalable design

DEDICATED NETWORK

Server decision issues• Do not skimp on the hardware: a desktop is NOT a server!

– Performance issues– Disk I/O performance and stability (RAID arrays)– Tape drive– CPU:

• XEON hyper-threaded chips• More caching• Multiple CPUs

– More RAM– GB NIC (Network Interface Card)– Maintenance agreements

• Use vendor resources to gather information and costs

Other server considerations• Footprint – rack, floor, desktop• Operating system – Unix, Linux, or Windows…• Mass storage (how much?)• Total cost of ownership (total cost over time?)• Power supply (enough for all equipment?)• Air conditioning (sufficient for cooling?)• UPS (size, number?)• Surge protectors – ethernet and power• Physical security

Unix vs. Windows• Cost• Level of support

– Support level required• Technical knowledge

– Knowledge of system administration • Preference

– User preference• Usability

– Ease of use• Historical

– Habit• Vulnerability issues

– Virus, worms• Requirements for system

- SQL Server

Mass storage: NAS• A network-attached storage (NAS) device is a server

that is dedicated to nothing more than file sharing.• NAS does not provide any of the activities that a server

in a server-centric system typically provides, such as e-mail, authentication or file management.

• NAS allows more hard disk storage space to be added to a network that already utilizes servers without shutting them down for maintenance and upgrades.

• With a NAS device, storage is not an integral part of the server. Instead, in this storage-centric design, the server still handles all of the processing of data but a NAS device delivers the data to the user.

• A NAS device does not need to be located within the server but can exist anywhere in a LAN and can be made up of multiple networked NAS devices.

Mass storage: tape

• Storing data on tapes is considerably cheaper than storing data on disks.

• Tapes have large storage capacities, ranging from a few hundred kilobytes to several gigabytes.

• Accessing data on tapes is much slower than accessing data on disks. – tapes are sequential-access media– disks are random-access media

• Because tapes are so slow, they are generally used only for long-term storage and backup. Data to be used regularly is almost always kept on a disk.

• Tapes are also used for transporting large amounts of data.

Computer: Total Cost of Ownership

• Purchase price• Training costs• Application costs• Maintenance and support costs• Environmental change costs• Contracted technical support costs• Connectivity• System Administration

Computer: System Administration

• System monitoring– Network and email traffic, system logs, disk

utilization

• Software and OS maintenance• Backup and recovery; disaster recovery• Hardware maintenance• Preventative maintenance• User support• Administrative• System documentation

• A recently released Gartner study on the five year (TCO - Total Cost of Ownership) of a $2,000 PC, shows that when administration and management costs are added into the equation the actual cost is more like $21,000!!!

• A good summary article:– http://www.wilsonmar.com/1tco.htm

Computer: Total Cost of Ownership

Backups

Backup Best Practices

• Backup: To copy files to a second medium (a disk or tape) as a precaution in case the first medium fails. One of the cardinal rules in using computers is back up your files regularly.

• Backup data and system information – multiple times• Keep a set of backups off-site• If time and money allows – duplicate your backups,

then move one of the copies off-site• Backup daily, weekly, monthly, quarterly and yearly• Print out copies of configuration and other important

files• TEST!!!! Then TEST some more!

Backup solutions

• Tape • Online• Off-site providers• CD• Zip• Jaz• External hard drive

Backup utilities and programs• Costs range from free to very expensive• Native (free)

– Unix• ufsdump and ufsrestore (also dump and restore)• tar• cpio

– Windows• Windows Backup Utility• ASR (Automated System Recovery)

– Both• COPY!!!

• Native: BEWARE!!! These utilities usually do not back up any open files!– (except MS XP uses a shadow copy, which will

back up open files)

• Vendor applications:– Legato Networker

• http://www.legato.com/products/networker/– Veritas Backup Exec

• http://www.veritas.com/index.html– Arkeia:

• http://www.arkeia.com/

Backup utilities and programs

Backup types• Full backup: Full backup is the starting point for all

other backups, and contains all the data in the folders and files that are selected to be backed up. Because full backup stores all files and folders, frequent full backups result in faster and simpler restore operations. Remember that when you choose other backup types, restore jobs may take longer.

• Differential backup: A differential backup contains all files that have changed since the last FULL backup. The advantage of a differential backup is that it shortens restore time compared to a full backup or an incremental backup. However, if you perform the differential backup too many times, the size of the differential backup might grow to be larger than the baseline full backup.

Backup Types

• Incremental backup: An incremental backup stores all files that have changed since the last FULL OR DIFFERENTIAL backup. The advantage of an incremental backup is that it takes the least time to complete. However, during a restore operation, each incremental backup must be processed, which could result in a lengthy restore job.

• For windows definitions:– http://windows.about.com/library/weekly/

aa010624a.htm

Security

Security• “Security is vigilance”• Security incidents have been

increasing as the technical knowledge required to prevent security breaches increases while the sophistication of hacker tools increases.

The problem: as viewed by System Administrators

• Lack of management understanding and guidance

• Arbitrary priorities• Lack of time, resources, and

qualified staff• New and mutating attacks, new

vulnerabilities• Insecure products, bad patches

Network Security Threats

• Any internet connection is vulnerable to:– Unauthorized access to the network– Denial of Service attacks– Viruses– Capture of private data and passwords– Offensive and/or unwanted content

Top Vulnerabilities to Windows Systems

1. Web Servers & Services2. Workstation Service3. Windows Remote Access Services4. Microsoft SQL Server (MSSQL)5. Windows Authentication6. Web Browsers7. File-Sharing Applications8. LSAS Exposures9. Mail Client10.Instant Messaging

Top Vulnerabilities to UNIX Systems

1. BIND Domain Name System2. Web Server3. Authentication4. Version Control Systems5. Mail Transport Service6. Simple Network Management Protocol

(SNMP)7. Open Secure Sockets Layer (SSL)8. Misconfiguration of Enterprise Services

NIS/NFS9. Databases10.Kernel

The Ten Worst Security Mistakes Information Technology People

Make1. Connecting systems to the Internet before

hardening them. 2. Connecting test systems to the Internet

with default accounts/passwords 3. Failing to update systems when security

holes are found. 4. Using telnet and other unencrypted

protocols for managing systems, routers, firewalls, and PKI.

5. Giving users passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated.

1. Failing to maintain and test backups. 2. Running unnecessary services, especially

ftpd, telnetd, finger, rpc, mail, rservices 3. Implementing firewalls with rules that don't

stop malicious or dangerous traffic-incoming or outgoing.

4. Failing to implement or update virus detection software

5. Failing to educate users on what to look for and what to do when they see a potential security problem.

The Ten Worst Security Mistakes Information Technology People

Make

The Five Worst Security Mistakes End Users Make

1. Failing to install anti-virus, keep its signatures up to date, and apply it to all files.

2. Opening unsolicited e-mail attachments without verifying their source and checking their content first, or executing games or screen savers or other programs from untrusted sources.

3. Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape.

4. Not making and testing backups. 5. Using a modem while connected through a local

area network.

The Seven Worst Security Mistakes Senior Executives Make

1. Assigning untrained people to maintain security and providing neither the training nor the time to make it possible to learn and do the job.

2. Failing to understand the relationship of information security to the business problem-they understand physical security but do not see the consequences of poor information security.

3. Failing to deal with the operational aspects of security: making a few fixes and then not allowing the follow through necessary to ensure the problems stay fixed

4. Relying primarily on a firewall. 5. Failing to realize how much money their information and

organizational reputations are worth. 6. Authorizing reactive, short-term fixes so problems re-

emerge rapidly. 7. Pretending the problem will go away if they ignore it.

Ten Essential Security Measures

1. Develop a Security Policy. And let everyone know about it. Develop online warnings to inform users of the rules for accessing your network.

2. Use strong passwords. Choose passwords that are difficult or impossible to guess. Give different passwords to all accounts.

3. Make regular backups of critical data. Backups must be made on a regular basis and that restoration is possible.

4. Use virus protection software. Install the software, check regularly for new virus signature updates, and scan all files periodically.

5. Use a firewall as a gatekeeper between your computer and the Internet. Firewalls can be hardware or software products.

6. Enable Logging for all important systems. Often Logging is turned off by default making it impossible to tell what happened.

Ten Essential Security Measures

7. Do not open e-mail attachments from strangers, Be suspicious of any unexpected e-mail attachment from someone you do know.

8. Regularly download security patches from your software vendors. Visit www.windowsupdate.com and other update sites regularly. Don’t forget network devices (routers, hubs, etc).

• Document your network and conduct vulnerability scans.

• Educate your users and yourself. Security is a continual process.

Ten Essential Security Measures

Security: Summary

1. You can’t be totally secure, but there is a lot that you can do (relatively cheaply) to make your network more secure.

2. Most attacks play on well-known vulnerabilities.

3. Education is the key to a secure network.

4. Security is a continual process

Security: More Resources

1. SANS – SANS Institute- (www.sans.org)

2. CERT – Computer Security Coordination Center at Carnegie Mellon- (www.cert.org)

3. CSI – Computer Security Institute- (www.goCSI.com )

4. CoSN - (www.cosn.org)