Archive for August, 2009

The Fundamentals of Computer Network and Its Support Services Put Simply Speaking

August 28th, 2009

Hardware is the term given to the computer machinery and the various individual pieces of the computer. It refers to the physical devices of the computer system. The same hardware can be loaded with different software to make a computer system perform different types of jobs to produce useful outputs. 

In a computer system hardware and software must work together .If you find some problem with the computer components you look for hardware solutions. There are many companies who take annual maintenance charges from the customer and provide complete software and hardware solutions to them. They have their own trained engineers in both the fields (hardware or software) that find the problem and give solution for it. 

Many online websites and PC manufacturing companies are providing hardware solutions in there questionnaire and support their customers by sending representative to monitor the problem of your hardware and give the solution of the same. 

In order to understand the work of network installation service, we should know about computer networking. A computer network is a network of geographically distributed multiple computers connected to each other in a manner to enable meaningful transmission and exchange of information among them. 

The network installation service refers to the way in which the nodes of the network are linked together. The network installation services determine the data paths, which may be used between any pair of nodes in the network. There are several organizations such as banks, insurance companies, hospitals, railways etc. that need on-line processing of large number of transactions and require many computer system to communicate and interact with each other on the same network. In such a computing environment the role of network installation services is vital. 

There are several types of physical channels through which the data can be transmitted from one point to another. Most common data transmission medium are wire pairs, coaxial cable, microwave system, communication satellite and optic fibres.

 

Network security and support services design and maintain numerous services through which you can protect your PCs from viruses by getting firewalls installed in them, reporting spam etc. 

The network security and support services give you assistance in maintaining the various networks and give solution for any troubleshooting situation in the network.




By: Smit Mathur

Securing Ad Hoc Networks

August 28th, 2009

1 Introduction

Ad hoc networks are a new paradigm of wireless communication for mobile hosts (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Node mobility in an ad hoc network causes frequent changes of the network topology. Military tactical operations are still the main

Application of ad hoc networks today. For example, military units (e.g., soldiers, tanks, or planes), equipped with wireless communication devices, could form an ad hoc network when they roam in a battlefield. Ad hoc networks can also be used for emergency, law enforcement, and rescue missions. Since an ad hoc network can be deployed rapidly with relatively low cost, it becomes an attractive option for commercial uses such as sensor networks or virtual classrooms.

1.1 Security goals

Security is an important issue for ad hoc networks, especially for those security-sensitive applications. To secure an ad hoc network, we consider the following attributes: availability, confidentiality, integrity, authentication, and non-repudiation.

Availability ensures the survivability of network services despite denial of service attacks. A denial of service attack could be launched at any layer of an ad hoc network. On the physical and media access control layers, an adversary could employ jamming to interfere with communication on physical channels. On the network layer, an adversary could disrupt the routing protocol and disconnect the network. On the higher layers, an adversary could bring down high-level services. One such target is the key management service, an essential service for any security framework.

Confidentiality ensures that certain information is never disclosed to unauthorized entities. Network transmission of sensitive information, such as strategic or tactical military information, requires confidentiality. Leakage of such information to enemies could have devastating consequences. Routing information must also remain confidential in certain cases, because the information might be valuable for enemies to identify and to locate their targets in a battlefield.

Integrity guarantees that a message being transferred is never corrupted. A message could be corrupted because of benign failures, such as radio propagation impairment, or because of malicious attacks on the network.

Authentication enables a node to ensure the identity of the peer node it is communicating with. Without authentication, an adversary could masquerade a node, thus gaining unauthorized access to resource and sensitive information and interfering with the operation of other nodes.

Finally, non-repudiation ensures that the origin of a message cannot deny having sent the message. No repudiation is useful for detection and isolation of compromised nodes. When a node A receives an erroneous message from a node B, non-repudiation allows A to accuse B using this message and to convince other nodes that B is compromised.

There are other security goals (e.g., authorization) that are of concern to certain applications, but we will not pursue these issues in this paper.

1.2 Challenges

The salient features of ad hoc networks posses both challenges and opportunities in achieving these security goals.

First, use of wireless links renders an ad hoc network susceptible to link attacks ranging from passive eavesdropping to active impersonation, message replay, and message distortion. Eavesdropping might give an adversary access to secret information, violating confidentiality. Active attacks might allow the adversary to delete messages, to inject erroneous messages, to modify messages, and to impersonate a node, thus violating availability, integrity, authentication, and non-repudiation.

Secondly, nodes, roaming in a hostile environment (e.g., a battlefield) with relatively poor physical protection, have non-negligible probability of being compromised. Therefore, we should not only consider malicious attacks from outside a network, but also take into account the attacks launched from within the network by compromised nodes. Therefore, to achieve high survivability, ad hoc networks should have a 2 distributed architecture with no central entities. Introducing any central entity into our security solution could lead to significant vulnerability; that is, if this centralized entity is compromised, then the entire network is subverted.

Thirdly, an ad hoc network is dynamic because of frequent changes in both its topology and its membership (i.e., nodes frequently join and leave the network). Trust relationship among nodes also changes, for example, when certain nodes are detected as being compromised. Unlike other wireless mobile networks, such as mobile IP [21, 48, 34], nodes in an ad hoc network may dynamically become affiliated with administrative domains. Any security solution with a static configuration would not suffice. It is desirable for our security mechanisms to adapt on-the-fly to these changes.

Finally, an ad hoc network may consist of hundreds or even thousands of nodes. Security mechanisms should be scalable to handle such a large network.

1.3 Routing Protocol and Threats

Routing protocols for ad hoc networks are still under active research. There is no single standard routing protocol. Therefore, we aim to capture the common security threats and to provide guidelines to secure routing protocols. In most routing protocols, routers exchange information on the topology of the network in order to establish routes between nodes. Such information could become a target for malicious adversaries who intend to bring the network down. There are two sources of threats to routing protocols. The first comes from external attackers. By injecting erroneous routing information, replaying old routing information, or distorting routing information, an attacker could successfully partition a network or introduce excessive traffic load into the network by causing retransmission and inefficient routing.

The second and also the more severe kind of threats come from compromised nodes, which might advertise incorrect routing information to other nodes. Detection of such incorrect information is difficult: merely requiring routing information to be signed by each node would not work, because compromised nodes are able to generate valid signatures using their private keys.

To defend against the first kind of threats, nodes can protect routing information in the same way they protect data traffic, i.e., through the use of cryptographic schemes such as digital signature. However, this defense is ineffective against attacks from compromised servers. Worse yet, as we have argued, we cannot neglect the possibility of nodes being compromised in an ad hoc network. Detection of compromised nodes through routing information is also difficult in an ad hoc network because of its dynamically changing topology: when a piece of routing information is found invalid, the information could be generated by a compromised node, or, it could have become invalid as a result of topology changes. It is difficult to distinguish between the two cases.

On the other hand, we can exploit certain properties of ad hoc networks to achieve secure routing. Note that routing protocols for ad hoc networks must handle outdated routing information to accommodate the dynamically changing topology. False routing information generated by compromised nodes could, to some extent, be considered outdated information. As long as there are sufficiently many correct nodes, the routing protocol should be able to find routes that go around these compromised nodes. Such capability of the routing protocols usually relies on the inherent redundancies — multiple, possibly disjoint, routes between nodes — in ad hoc networks.

2. Key Management Service

We employ cryptographic schemes, such as digital signatures, to protect both routing information and data traffic. Use of such schemes usually requires a key management service. We adopt a public key infrastructure because of its superiority in distributing keys and in achieving integrity and non-repudiation. Efficient secret key schemes are used to secure further communication after nodes authenticate each other and establish a shared secret session key. In a public key infrastructure, each node has a public/private key pair. Public keys can be distributed to other nodes, while private keys should be kept confidential to individual nodes. There is a trusted entity called Certification Authority (CA) [11, 47, and 26] for key management. The CA has a public/private key pair, with its public key known to every node, and signs certificates binding public keys to nodes. The trusted CA has to stay on-line to reflect the current bindings, because the bindings could change over time: a public key should be revoked if the owner node is no longer trusted or is out of the network; a node may refresh its key pair periodically to reduce the chance of a successful brute-force attack on its private key. It is problematic to establish a key management service using a single CA in ad hoc networks. The CA, responsible for the security of the entire network, is a vulnerable point of the network: if the CA is unavailable, nodes cannot get the current public keys of other nodes or to establish secure communication with others. If the CA is compromised and leaks its private key to an adversary, the adversary can then sign any erroneous certificate using this private key to impersonate any node or to revoke any certificate.

A standard approach to improve availability of a service is replication. But a naive replication of the CA makes the service more vulnerable: compromise of any single replica, which possesses the service private key, could lead to collapse of the entire system. To solve this problem, we distribute the trust to a set of nodes by letting these nodes share the key management responsibility.

3. Push! Photo: Informal Photo Sharing in Ad-Hoc Networks

As mobile camera phones become ubiquitous the practice of photography changes. Camera phone pictures are usually taken with sharing in mind. Meanwhile, publicly sharing photographs online has become increasingly popular with websites such as Flickr. Push! Photo is a mobile photo sharing application where photos can be made public and immediately accessed by anyone nearby. The application also automatically searches for photos on nearby devices to find interesting and relevant photos. Push! Photo shows how it is possible to share digital photos just as easy as paper photos.

Shoot!

Publicize!

Discover!

Enjoy!

3.1 THE PUSH! PHOTO PROTOTYPE

The current prototype of Push! Photo allows photos to be made public, and users can browse their own photo collection as well as those of others nearby. When devices are in proximity of one another, they will automatically start to search each other’s public photo collections for

Photographs relevant to one self. These photos are shown as a multi-picture slideshow, which is extended as new photos are found. To browse photos from an event shown in a particular photo the user can click on that picture in the slideshow. The application will then download all photos from nearby devices taken at that event. In this way, if a user spots an interesting picture in the slideshow, she can easily find more photos from the same occasion. To decide

Whether two photos are from the same event, information about whom else was around and the time of shooting is used. The application implements a discovery service to find other devices when they are within Wi Fi-range. Thus the application is always aware of who else (using Push!Photo) is around at a particular time. As a photograph is taken, the resulting picture is tagged with this information together with the time and the identity of the photographer. The current prototype is an application running on

Pocket PCs with WiFi-cards and external SD-cameras

3.2 RELATED WORK

In previous work with Push! Music [2] music files were replaced with so called media agents which were enabled to autonomously copy themselves between devices over a wireless ad hoc network. The media agents try to find their

way to potential listeners as users meet, and as a song is copied it automatically enters the play list. In this way the users discover new music while passively listening. Other projects have looked at mobile photo sharing. Davis et al. in MM2 uses the notion of co-presence to simplify the decision of with whom to share [1]. Photos are then uploaded automatically to a central web server where the sharing recipients can access the photos. Kohno and Rekimoto instead use GPS information and time stamps to decide if pictures are from the same event or not [4]. This is used to let users easily browse each others photos when standing in a group to serve as a topic of discussion. The system also let users drag and drop pictures between your own and other’s devices. As a contrast, Push! Photo aims to look into how mobile sharing can be simplified by allowing seamless sharing, and using context and tagging to automatically find interesting and relevant photographs

4 Conclusions

In this paper, we have analyzed the security threats an ad hoc network faces and presented the security objectives that need to be achieved. On one hand, the security-sensitive applications of ad hoc networks require high degree of security; on the other hand, ad hoc networks are inherently vulnerable to security attacks. Therefore, security mechanisms are indispensable for ad hoc networks. The idiosyncrasy of ad hoc networks poses both challenges and opportunities for these mechanisms. This paper focuses on how to secure routing and how to establish a secure key management service in an ad hoc networking environment. These two issues are essential to achieving our security goals. Besides the standard security mechanisms, we take advantage of the redundancies in ad hoc network topology and use diversity coding on multiple routes to tolerate both benign and Byzantine failures. To build a highly available and highly secure key management service, we propose to use threshold cryptography to distribute trust among a set of servers. Furthermore, our key management service employs share refreshing to achieve proactive security and to adapt to changes in the network in a scalable way. Finally, by relaxing the consistency requirement on the servers, our service does not rely on synchrony assumptions. Such assumptions could lead to vulnerability. A prototype of the key management service has been implemented, which shows its feasibility. The paper represents the first step of our research to analyze the security threats, to understand the security requirements for ad hoc networks, and to identify existing techniques, as well as to propose new mechanisms to secure ad hoc networks. More work needs to be done to deploy these security mechanisms in

an ad hoc network and to investigate the impact of these security mechanisms on the network performance.

5 Acknowledgments

I would like to thank my friends for their invaluable contributions to this work. I am also grateful to my family and the anonymous reviewers for their comments and suggestions that helped to improve the quality of the paper.

I am grateful to Almighty for His blessings upon me.

6 References

[1] E. Ayanoglu, C.-L. I, R. D. Gitlin, and J. E. Mazo. Diversity coding for transparent self-healing and

fault-tolerant communication networks. IEEE Transactions on Communications, 41(11):1677–1686,

November 1993.

[2] M. Castro and B. Liskov. Practical Byzantine fault tolerance. In Proceedings of the 3rd USENIX

Symposium on Operating System Design and Implementation (OSDI’99), pages 173–186, New Orleans,

LA USA, February 22–25, 1999. USENIX Association, IEEE TCOS, and ACM SIGOPS.

[3] Y. Desmedt. Threshold cryptography. European Transactions on Telecommunications, 5(4):449–457,

July–August 1994.

[4] Y. Desmedt and Y. Frankel. Threshold cryptosystems. In G. Brassard, editor, Advances in Cryptology—

Crypto’89, the 9th Annual International Cryptology Conference, Santa Barbara, CA USA, August 20–24,

1989, Proceedings, volume 435 of Lecture Notes in Computer Science, pages 307–315. Springer, 1990.

[5] Y. Desmedt and S. Jajodia. Redistributing secret shares to new access structures and its applications.

Technical Report ISSE TR-97-01, George Mason University, July 1997.

[6] A. Ephremides, J. E. Wieselthier, and D. J. Baker. A design concept for reliable mobile radio networks

with frequency hopping signaling. Proceedings of the IEEE, 75(1):56–73, January 1987.

[7] P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proceedings of the 28th

Annual Symposium on the Foundations of Computer Science, pages 427–437. IEEE, October 12–14,

1987.

[8] M. J. Fischer, N. A. Lynch, and M. S. Peterson. Impossibility of distributed consensus with one faulty

processor. Journal of the ACM, 32(2):374–382, April 1985.

[9] Y. Frankel, P. Gemmel, P. MacKenzie, and M. Yung. Optimal resilience proactive public-key cryptosystems.

In Proceedings of the 38th Symposium on Foundations of Computer Science, pages 384–393,

Miami Beach, FL USA, October 20–22, 1997. IEEE.

[10] Y. Frankel, P. Gemmell, P. MacKenzie, and M. Yung. Proactive RSA. In B. S. Kaliski Jr., editor,

Advances in Cryptology—Crypto’97, the 17th Annual International Cryptology Conference, Santa Barbara,

CA USA, August 17–21, 1997, Proceedings, volume 1294 of Lecture Notes in Computer Science,

pages 440–454. Springer, 1997.

[11] M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The digital distributed systems security architecture.

In Proceedings of the 12th National Computer Security Conference, pages 305–319, Baltimore,




By: raji

Network Design Process – Effective Network Planning and Design

August 28th, 2009

Overview

The network planning and design methodology describes a process with 9 specific steps and a sequence for those activities. As mentioned it is an engineering life cycle that supports technical initiatives such as Windows  migration, IP telephony and wireless design to name a few examples. The methodology begins with examining company business requirements. It is absolutely essential that you understand the company business model, business drivers and how they are growing from a business perspective. That will build the foundation for a design proposal that serves the business, technical and operational requirements of the company.

STEP 1: Business Requirements

Any design project starts with an understanding of what the company does and what they need to accomplish from a business perspective. This begins with an understanding of their business model, which really describes how their company works from an operational and business perspective to generate revenues and reduce costs. Many vendors today have conducted their own return on investment (ROI) studies for new implementations such as Unified Communications and Telephony. It is an effective sales tool that illustrates the cost benefits compared with investment over a specified period of time.

This is a list of some typical business drivers:

 • Reduce Operating Costs

 • Generate Revenue

 • Client Satisfaction

 • Employee Productivity

This is a list of some typical project business requirements:

 • Budget Constraints

 • Office Consolidations

 • Company Mergers and Acquisitions

 • Business Partner Connectivity

 • Telecommuter Remote Access  

 • Implement New Offices and Employees

 • New Data Center Applications

 • Reduce Network Outage Costs

 • Cost Effective Network Management

 • Vendor Contracts

STEP 2: Design Requirements

Now that you understand the basic business requirements of the company, you can determine the standard and specific design requirements. The design requirements process is focused on defining requirements from a technical perspective. Those requirements along with the business requirements will build the framework that is used to define infrastructure, security and management. Design requirements are defined as standard and miscellaneous. The standard design requirements are generic and represent those considered with many design projects. Miscellaneous requirements are those that aren’t defined with any of the standard requirements.

Standard Design Requirements

 • Performance

    

 • Availability

 • Scalability

 • Standards Compatibility

 • Rapid Deployment

STEP 3: Network Assessment

A network assessment is conducted after we have finished the business and design requirements of the company. A network assessment provides a quick snapshot of the current network with an examination of the infrastructure, performance, availability, management and security. That information is utilized for making effective strategy recommendations and design proposals to the client concerning specific information systems modifications. The network assessment model has 3 sequential activities, which are assessment, analysis and recommendations. The current network is examined using five primary surveys: infrastructure, performance, availability, management and security. When the surveys are completed, the information collected is then reviewed for trends, problems and issues that are negatively affecting the network.

STEP 4: Infrastructure Selection

After doing an network assessment we are ready to start selecting specific infrastructure components for the network design. This phase starts building the infrastructure with a specific sequence that promotes effective equipment selection and design. It is important that you consider business requirements, design requirements and the network assessment when building your infrastructure.

The following numbered list describes the specific infrastructure components and their particular sequence.

 1. Enterprise WAN Topology

 2. Campus Topology

 3. Traffic Model

 4. Equipment Selection

 5. Circuits

 6. Routing Protocol Design

 7. Addressing

 8. Naming Conventions

 9. IOS Services

10. Domain Name Services

11. DHCP Services

STEP 5: Security Strategy

We must now define a security strategy for securing the infrastructure. The need for enterprise network security shouldn’t be ignored with the proliferation of the Internet. Companies are continuing to leverage the public infrastructure for connecting national and international offices, business partners and new company acquisitions. The security requirements and network assessment recommendations should drive the selection of security equipment, protocols and processes. It identifies what assets must be protected, what users are allowed access and how those assets will be secured.

STEP 6: Network Management Strategy

 

This section will define a network management strategy for managing all equipment defined from infrastructure and security. It is necessary to define how the equipment is going to be monitored and determine if the current management strategy is adequate or if new applications, equipment, protocols and processes must be identified. Management components are then integrated with infrastructure and security to finish building the proposed design. These primary elements comprise any well-defined management strategy and should be considered when developing your strategy. 

 • 7 Management Groups

 • SNMP Applications

 • Monitored Devices and Events

STEP 7: Proof of Concept  

All infrastructure, security and management components must now be tested with a proof of concept plan. It is important to test the current design, configuration and IOS versions in a non-production environment or on the production network with limited disruption. Implementation of newer network modules at a router, for instance, could require that you change the current IOS version that is implemented. Making those changes could affect WAN or campus modules already installed at production routers. That is the real value of doing a proof of concept and certifying that the new equipment and IOS versions integrate with each device as well as the network. The following list describes the advantages of doing a proof of concept with your network design.  The proof of concept test results should be examined and used to modify current infrastructure, security and management specifications before generating a design proposal. The proof of concept model suggested here involves prototype design, equipment provisioning, defining tests, building equipment scripts and examining test results.  

 1. Prototype Design

 2. Provision Equipment

 3. Define Tests

 4. Build Equipment Scripts

 5. Review Test Results

STEP 8: Design Proposal/Review 

With the proof of concept finished, you are now ready to build a design proposal for the design review meeting. Your intended audience could be the Director, CIO, CTO, Senior Network Engineer, Consultant or anyone that is approving a budget for the project. It is important to present your ideas with clarity and professionalism. If a presentation is required, power point slides work well and could be used to support concepts from the design proposal document. The focus is on what comprises a standard design proposal and the sequence for presenting that information.

The working design proposal is presented to the client after addressing any concerns from proof of concept assurance testing. The design review is an opportunity for you to present your design proposal to the client and discuss any issues. It is an opportunity for the client to identify concerns they have and for the design engineer to clarify issues. The focus is to agree on any modifications, if required, and make changes to the infrastructure, security and management before implementation starts. Business and design requirements can change from when the project started which sometimes will necessitate changes to infrastructure, security and management specifications. Any changes should then go through proof of concept testing again before final changes to the design proposal.

STEP 9: Implementation

The final step will have us defining an implementation process for the specified design. This describes a suggested implementation methodology of the proposed design, which should have minimal disruption to the production network. As well it should be efficient and as cost effective as possible. As with previous methodologies there is a sequence that should be utilized as well.

Once the implementation is finished, there is monitoring of the network for any problems. Design and configuration modifications are then made to address any problems or concerns.

Network Planning and Design Guide is available at amazon.com and eBookmall.com

Shaun Hummel is an author of various technical books and has a web site focused on information technology job search solutions and certifications.

http://www.networkjobsolutions.com




By: Shaun Hummel

Four in 10 Company Networks in the US are not Secure

August 27th, 2009

In a poll of 455 IT executives in US SMBs, 42% said their networks were not secure even though 96% and 93% of respondents respectively said they had anti-virus and a firewall installed. 80% said they also used spam filtering. This may indicate that small and medium sized businesses are starting to doubt the effectiveness of traditional perimeter security products in protecting them from other security threats, including data leakage and network breaches.

Conducted by eMediaUSA on behalf of GFI Software, an international developer of network security, content security and messaging software, 39% of respondents to the survey said email viruses are the greatest risk to network security, followed by internet downloads (22%) and hacker attempts (10%). Only 7% considered insider attacks and the threat of portable storage devices – such as USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods, digital cameras – to be the greatest risk.

The survey also reveals that 32% of the US companies surveyed had suffered a breach over the past 12 months mainly due to a virus attack (69%), followed by infected internet downloads (30%) and loss of hardware, such as laptops (24%). Only 2% reported a breach involving some form of fraud or identity threat.

Commenting on the results, Andre Muscat, GFI’s Director of Engineering, said: “Email viruses top the ‘greatest threat to network security’ list and this does not come as a surprise. It is one of the easier attack routes and this is confirmed by those respondents who reported a breach. While companies are aware of, and are focused on, tackling viruses and malware, they appear to be giving sparse attention to other equally dangerous threats such as data theft and leakage from endpoints such as connected USB sticks, iPods and PDAs on the network.”

According to the survey, only 19% of the respondents said they had deployed an endpoint security solution on their network. This indicates that few companies may consider the fact that an employee’s iPod or USB stick can be a threat and used to copy data from the network or else install unauthorized software or upload viruses and malware.

“There are other issues as well. How many companies are aware of vulnerabilities on their network that are not addressed through Microsoft’s regular updates? At the end of the day, it boils down to education – from the top of the organization down to the users – Our survey shows that just under half of the respondents believe security could improve if employees were more aware of security issues, while 25% believe that management should also have a better understanding of security matters,” Mr. Muscat added.

On a daily basis, IT executives are most concerned with downtime (71%) while more than half of the respondents said daily user support was a concern. One in five said compliance was a daily concern; while a mere 3% indicated eDiscovery to be a daily issue.

When it comes to choosing the type of security measure to adopt, just under 90% said they used a software solution with 55% opting for a combination of software, appliances and hosted services.

The full survey can be found at: http://www.gfi.com/documents/rv/smbsurvey.pdf




By: Jesmond Darmanin