560 likes | 813 Views
Introduction to Computer Networks and Computer Systems. Michelle Murillo, Greg Shore, James Brunt LTER Network Office 21 October 2004 EcoInformatics Workshop Albuquerque, NM. Agenda. WAN LAN LAN components Server Backups Security. Networks and Computers: Why do we need them?.
E N D
Introduction to Computer Networks and Computer Systems Michelle Murillo, Greg Shore, James Brunt LTER Network Office 21 October 2004 EcoInformatics Workshop Albuquerque, NM
Agenda • WAN • LAN • LAN components • Server • Backups • Security
Networks and Computers:Why do we need them? • To facilitate research by increasing communication and access to data, metadata, and applications for synthesis and integration across broad spatial and temporal scales.
What is a network? • A network is a communication system for interconnecting users and devices such as computers, terminals, printers, telephones, ... • A network allows people or devices to share information or data. • In addition a network must be able to transmit this information quickly, with reliability and efficiency.
Types of Networks • Local Area Networkor LAN • A LAN covers a small region of space, typically a single building. • Metropolitan Area Network or MAN • A MAN is a collection of LANs within the same geographical area, for instance a city. • Wide Area Network or WAN • A WAN is a computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs).
Wide-Area Network (WAN) • Computers connected to a wide-area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet.
WAN: Leased lines • A permanent telephone connection between two points set up by a telecommunications common carrier. • Unlike normal dial-up connections, a leased line is always active. • The fee for the connection is a fixed monthly rate. • The primary factors affecting the monthly fee are distance between end points and the speed of the circuit. • Because the connection doesn't carry anybody else's communications, the carrier can assure a given level of quality. • You can divide the connection into different lines for data and voice communication or use the channel for one high speed data circuit.
WAN: Leased line bandwidth examples: • The bandwidth of a network is similar to a highway: • a one-lane road has less bandwidth than a four-lane road
WAN: Wireless • Satellite • http://www.networkcomputing.com/netdesign/wireless1.html • Microwave • Spread Spectrum • http://www.sss-mag.com/ss.html • RF (radio frequency) • See also: • www.sierrawireless.com/news/docs/2130273_WWAN_v_WLAN.pdf
WAN: Other methods • Cable modem: A modem designed to operate over cable TV lines. Because the coaxial cable used by cable TV provides much greater bandwidth than telephone lines, a cable modem can be used to achieve extremely fast access to the World Wide Web. Cable modems can offer speeds up to 2 Mbps • DSL: refers collectively to all types of digital subscriber lines. DSL technologies use sophisticated modulation schemes to pack data onto existing copper telephone lines. Supports data transfer rates up to 32 Mbps for upstream traffic, and from 32 Kbps to over 1 Mbps for downstream traffic.
WAN: Other methods • ISDN: Abbreviation of integrated services digital network, an international communications standard for sending voice, video, and data over digital telephone lines or normal telephone wires. ISDN supports data transfer rates of 64 Kbps (64,000 bits per second). • Modem: A modem is a device or program that enables a computer to transmit data over, for example, telephone or cable lines. The fastest modems run at 57,600 bps, although they can achieve even higher data transfer rates by compressing the data.
WAN: Considerations • Availability: • Metro – located within a metropolitan area phone system whereT1 and higher speed connections are easily available • City – located near a city that is equipped to provide T1 service but may or may not have available ISP to cover the internet connection • Rural – outside of a regular metropolitan phone system but close enough that connections can be made into a metropolitan system • Remote – area where only basic telephone service is typically provided • Backcountry – area where not even basic telephone services are available
WAN: Other Considerations • Upload and download speed required? • Costs: • Equipment • Installation • Monthly? Yearly? • Contract? • ISP services and resources provided? • Your needs
LAN: Local-area Network • Most LANs connect workstations and personal computers. • Each node (individual computer ) in a LAN has its own CPU with which it executes programs, but it also is able to access data and devices anywhere on the LAN. This means that many users can share expensive devices, such as laser printers, as well as data. • Users can also use the LAN to communicate with each other, by sending e-mail or engaging in chat sessions.
LAN: Local-area Network • LANs are capable of transmitting data at very fast rates, much faster than data can be transmitted over a telephone line; but the distances are limited, and there is also a limit on the number of computers that can be attached to a single LAN. • There are many different types of LANs, Ethernets being the most common for PCs. Most Apple Macintosh networks are based on Apple's AppleTalk network system, which is built into Macintosh computers.
LAN: Ethernet • A local-area network (LAN) architecture developed by Xerox Corporation in cooperation with DEC and Intel in 1976. • Ethernet supports data transfer rates of 10 Mbps. • A newer version of Ethernet, called 100Base-T (or Fast Ethernet), supports data transfer rates of 100 Mbps. • The newest version, Gigabit Ethernet supports data rates of 1 gigabit (1,000 megabits) per second.
We can now connect to the WAN using our ISP and our LAN…but what really makes up our LAN? • What do we do to build our LAN? • What do we need to know to maintain our LAN?
LAN: Some components • Desktops and Workstations • Printers, Plotters, Scanners • Servers • NAS/Storage units • Tape Arrays/Tape Drives • RAID Arrays • UPSs • An overabundance of cables • An overabundance of software, utilities, and applications
Some quick definitions • Workstation: A type of computer used for engineering applications (CAD/CAM), desktop publishing, software development, and other types of applications that require a moderate amount of computing power and relatively high quality graphics capabilities. • Server: A computer or device on a network that manages network resources. For example, a file server is a computer and storage device dedicated to storing files. • Client: part of a client-server architecture. Typically, a client is an application that runs on a personal computer or workstation and relies on a server to perform some operations. For example, an e-mail client is an application that enables you to send and receive e-mail.
Desktops, workstations, printers, plotters, scanners depend on… • Your (or system administrator) expertise • Cost or affordability • User requirements • User preferences • Historical
Servers, arrays, disks, UPSs, NASs… • Require more thought and long-term planning • A good strategy is to: • Plan • Prototype • Evaluate • Implement • Evaluate • Plan
The ideal scalable system is one that is a ‘framework’ wherein the components are modular and can be upgraded through time without a complete overhaul of the system.
Modularity and scalablity: • Consider putting services on individual servers as much as possible • Mail • FTP • Web • File • Compute • Backup • Patch • This allows for the ability to upgrade individual servers as needed • Distributes/reduces the load • If one server crashes, all services are not lost • If need a new server function, easy to add new server without disrupting other services or overloading an existing server
DEDICATED NETWORK Example scalable design
Server decision issues • Do not skimp on the hardware: a desktop is NOT a server! • Performance issues • Disk I/O performance and stability (RAID arrays) • Tape drive • CPU: • XEON hyper-threaded chips • More caching • Multiple CPUs • More RAM • GB NIC (Network Interface Card) • Maintenance agreements • Use vendor resources to gather information and costs
Other server considerations • Footprint – rack, floor, desktop • Operating system – Unix, Linux, or Windows… • Mass storage (how much?) • Total cost of ownership (total cost over time?) • Power supply (enough for all equipment?) • Air conditioning (sufficient for cooling?) • UPS (size, number?) • Surge protectors – ethernet and power • Physical security
Unix vs. Windows • Cost • Level of support • Support level required • Technical knowledge • Knowledge of system administration • Preference • User preference • Usability • Ease of use • Historical • Habit • Vulnerability issues • Virus, worms • Requirements for system - SQL Server
Mass storage: NAS • A network-attached storage (NAS) device is a server that is dedicated to nothing more than file sharing. • NAS does not provide any of the activities that a server in a server-centric system typically provides, such as e-mail, authentication or file management. • NAS allows more hard disk storage space to be added to a network that already utilizes servers without shutting them down for maintenance and upgrades. • With a NAS device, storage is not an integral part of the server. Instead, in this storage-centric design, the server still handles all of the processing of data but a NAS device delivers the data to the user. • A NAS device does not need to be located within the server but can exist anywhere in a LAN and can be made up of multiple networked NAS devices.
Mass storage: tape • Storing data on tapes is considerably cheaper than storing data on disks. • Tapes have large storage capacities, ranging from a few hundred kilobytes to several gigabytes. • Accessing data on tapes is much slower than accessing data on disks. • tapes are sequential-access media • disks are random-access media • Because tapes are so slow, they are generally used only for long-term storage and backup. Data to be used regularly is almost always kept on a disk. • Tapes are also used for transporting large amounts of data.
Computer: Total Cost of Ownership • Purchase price • Training costs • Application costs • Maintenance and support costs • Environmental change costs • Contracted technical support costs • Connectivity • System Administration
Computer: System Administration • System monitoring • Network and email traffic, system logs, disk utilization • Software and OS maintenance • Backup and recovery; disaster recovery • Hardware maintenance • Preventative maintenance • User support • Administrative • System documentation
Computer: Total Cost of Ownership • A recently released Gartner study on the five year (TCO - Total Cost of Ownership) of a $2,000 PC, shows that when administration and management costs are added into the equation the actual cost is more like $21,000!!! • A good summary article: • http://www.wilsonmar.com/1tco.htm
Backup Best Practices • Backup: To copy files to a second medium (a disk or tape) as a precaution in case the first medium fails. One of the cardinal rules in using computers is back up your files regularly. • Backup data and system information – multiple times • Keep a set of backups off-site • If time and money allows – duplicate your backups, then move one of the copies off-site • Backup daily, weekly, monthly, quarterly and yearly • Print out copies of configuration and other important files • TEST!!!! Then TEST some more!
Backup solutions • Tape • Online • Off-site providers • CD • Zip • Jaz • External hard drive
Backup utilities and programs • Costs range from free to very expensive • Native (free) • Unix • ufsdump and ufsrestore (also dump and restore) • tar • cpio • Windows • Windows Backup Utility • ASR (Automated System Recovery) • Both • COPY!!!
Backup utilities and programs • Native: BEWARE!!! These utilities usually do not back up any open files! • (except MS XP uses a shadow copy, which will back up open files) • Vendor applications: • Legato Networker • http://www.legato.com/products/networker/ • Veritas Backup Exec • http://www.veritas.com/index.html • Arkeia: • http://www.arkeia.com/
Backup types • Full backup: Full backup is the starting point for all other backups, and contains all the data in the folders and files that are selected to be backed up. Because full backup stores all files and folders, frequent full backups result in faster and simpler restore operations. Remember that when you choose other backup types, restore jobs may take longer. • Differential backup: A differential backup contains all files that have changed since the last FULL backup. The advantage of a differential backup is that it shortens restore time compared to a full backup or an incremental backup. However, if you perform the differential backup too many times, the size of the differential backup might grow to be larger than the baseline full backup.
Backup Types • Incremental backup: An incremental backup stores all files that have changed since the last FULL OR DIFFERENTIAL backup. The advantage of an incremental backup is that it takes the least time to complete. However, during a restore operation, each incremental backup must be processed, which could result in a lengthy restore job. • For windows definitions: • http://windows.about.com/library/weekly/aa010624a.htm
Security • “Security is vigilance” • Security incidents have been increasing as the technical knowledge required to prevent security breaches increases while the sophistication of hacker tools increases.
The problem: as viewed by System Administrators • Lack of management understanding and guidance • Arbitrary priorities • Lack of time, resources, and qualified staff • New and mutating attacks, new vulnerabilities • Insecure products, bad patches
Network Security Threats • Any internet connection is vulnerable to: • Unauthorized access to the network • Denial of Service attacks • Viruses • Capture of private data and passwords • Offensive and/or unwanted content
Top Vulnerabilities to Windows Systems • Web Servers & Services • Workstation Service • Windows Remote Access Services • Microsoft SQL Server (MSSQL) • Windows Authentication • Web Browsers • File-Sharing Applications • LSAS Exposures • Mail Client • Instant Messaging
Top Vulnerabilities to UNIX Systems • BIND Domain Name System • Web Server • Authentication • Version Control Systems • Mail Transport Service • Simple Network Management Protocol (SNMP) • Open Secure Sockets Layer (SSL) • Misconfiguration of Enterprise Services NIS/NFS • Databases • Kernel
The Ten Worst Security Mistakes Information Technology People Make • Connecting systems to the Internet before hardening them. • Connecting test systems to the Internet with default accounts/passwords • Failing to update systems when security holes are found. • Using telnet and other unencrypted protocols for managing systems, routers, firewalls, and PKI. • Giving users passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated.
The Ten Worst Security Mistakes Information Technology People Make • Failing to maintain and test backups. • Running unnecessary services, especially ftpd, telnetd, finger, rpc, mail, rservices • Implementing firewalls with rules that don't stop malicious or dangerous traffic-incoming or outgoing. • Failing to implement or update virus detection software • Failing to educate users on what to look for and what to do when they see a potential security problem.
The Five Worst Security Mistakes End Users Make • Failing to install anti-virus, keep its signatures up to date, and apply it to all files. • Opening unsolicited e-mail attachments without verifying their source and checking their content first, or executing games or screen savers or other programs from untrusted sources. • Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape. • Not making and testing backups. • Using a modem while connected through a local area network.