Network & Internet Basics 101Network & Internet Basics 101

SIMS 2003 Users ConferenceSIMS 2003 Users Conference

by Steve Ryckman, SIMS Inc.by Steve Ryckman, SIMS Inc.

Email: steve@simsware.comEmail: steve@simsware.com

Networking OverviewNetworking Overview

• Novell NetWare SFTIII is still the Novell NetWare SFTIII is still the recommended network for SIMS.recommended network for SIMS.

• SIMS “should” run on any network that SIMS “should” run on any network that supports DOS/Windows workstations.supports DOS/Windows workstations.

• Peer to peer networks are discouraged Peer to peer networks are discouraged for all but the smallest sites.for all but the smallest sites.

Novell NetWare is DeadNovell NetWare is Dead

• Although Microsoft keeps spreading this Although Microsoft keeps spreading this rumor, it is just that – a rumor.rumor, it is just that – a rumor.

• Novell has had some hard times, just Novell has had some hard times, just like any other company in the like any other company in the technology sector, but they are on the technology sector, but they are on the up-swing now.up-swing now.

NetWare SFTIII is DeadNetWare SFTIII is Dead

• SFTIII and NetWare 4.2 are far from SFTIII and NetWare 4.2 are far from dead. The current Novell product life-dead. The current Novell product life-cycle chart shows products scheduled cycle chart shows products scheduled for discontinuation through 2004 and for discontinuation through 2004 and neither NetWare 4.2 or SFTIII are on it.neither NetWare 4.2 or SFTIII are on it.

• Rumor is there will be a NetWare 4.2 or Rumor is there will be a NetWare 4.2 or 4.3 with SFTIII released later this year.4.3 with SFTIII released later this year.

IPX is slower than TCP/IPIPX is slower than TCP/IP

• Another rumor, in fact the opposite is Another rumor, in fact the opposite is true for applications like ours. TCP/IP true for applications like ours. TCP/IP has a much smaller frame size making has a much smaller frame size making it good for the internet that has a high it good for the internet that has a high loss of packet ratio compared to in-loss of packet ratio compared to in-house networks. For networks like ours house networks. For networks like ours though, IPX provides much better though, IPX provides much better throughput, almost twice as fast.throughput, almost twice as fast.

I need a GB or 10GB networkI need a GB or 10GB network

• False in a big way. Very few False in a big way. Very few environments will get any benefit from a environments will get any benefit from a GB or 10GB network. Most 2ghz GB or 10GB network. Most 2ghz computers still can only move about computers still can only move about 130mb/s to a network card. It isn’t until 130mb/s to a network card. It isn’t until you go to server class machines with you go to server class machines with multiple network cards that GB or 10GB multiple network cards that GB or 10GB even becomes achievable.even becomes achievable.

Switches are better than HubsSwitches are better than Hubs

• True. Switches provide better collision True. Switches provide better collision protection and less network chatter than protection and less network chatter than hubs. It is generally acknowledged that hubs. It is generally acknowledged that a 10mb switch gets the same a 10mb switch gets the same throughput as a 100mb hub would.throughput as a 100mb hub would.

• In an SFTIII environment this is even In an SFTIII environment this is even more true because 18 times per second more true because 18 times per second the servers send packets to eachother.the servers send packets to eachother.

.NET is the way of the future.NET is the way of the future

• Microsoft marketing hype again. .NET Microsoft marketing hype again. .NET (pronounced DOT NET) is Microsoft’s (pronounced DOT NET) is Microsoft’s plan to take the client/server network plan to take the client/server network model onto the Internet to provide model onto the Internet to provide “services”. This might be great if you “services”. This might be great if you are running an on-line store, but it has are running an on-line store, but it has no place in a central station and gives no place in a central station and gives no benefit over current technologies that no benefit over current technologies that are available from other vendors.are available from other vendors.

What is the Internet ?What is the Internet ?

• Just a real big network consisting of Just a real big network consisting of millions of computers.millions of computers.• It is NOT the “Web”. The “Web” and other It is NOT the “Web”. The “Web” and other

protocols run on the Internet.protocols run on the Internet.

• Has been in use since the late 60’s but Has been in use since the late 60’s but has only become popular since the has only become popular since the “Web” made it easy to navigate it.“Web” made it easy to navigate it.• ArpaNet and MilNet were original networks.ArpaNet and MilNet were original networks.

How big is it ?How big is it ?

• No one really knows.No one really knows.• Thousands of servers, workstations and Thousands of servers, workstations and

other devices are connected to it each day.other devices are connected to it each day.• Email, Web Sites, Video feeds, Audio Email, Web Sites, Video feeds, Audio

streams, even alarm messages are all sent streams, even alarm messages are all sent across the Internet.across the Internet.

The Internet Collapse hypeThe Internet Collapse hype

• Collapse of Internet was supposed to Collapse of Internet was supposed to occur because of it’s massive growth.occur because of it’s massive growth.• Minor routing glitches occasionally but no Minor routing glitches occasionally but no

massive failures like AOL or other much massive failures like AOL or other much smaller networks have experienced.smaller networks have experienced.

• ISP’s are spending millions setting up ISP’s are spending millions setting up redundant links and peering connections redundant links and peering connections with other ISP’s to ensure stability.with other ISP’s to ensure stability.

Is it safe ?Is it safe ?

• Security risks are over-publicized but Security risks are over-publicized but they do occur, just like actual burglaries they do occur, just like actual burglaries vs the number of alarms received.vs the number of alarms received.• Most corporate security violations are the Most corporate security violations are the

work of disgruntled/fired employees or of work of disgruntled/fired employees or of completely unguarded networks.completely unguarded networks.

• There is a real threat, SIMS receives five to There is a real threat, SIMS receives five to ten attempted security breaches a week.ten attempted security breaches a week.

Are you a target ? YESAre you a target ? YES

• Unfortunately any company in the Unfortunately any company in the “security” industry is a little more of a “security” industry is a little more of a target than other small business.target than other small business.

• Any company is a target though, by Any company is a target though, by accident or intentionally.accident or intentionally.

Is it worth the risk ?Is it worth the risk ?

• Just like the Yellow Pages, the Internet Just like the Yellow Pages, the Internet is a means of consumers to locate and is a means of consumers to locate and research the companies and products research the companies and products they are interested in.they are interested in.

• Everything is on-line, job ads, alarm Everything is on-line, job ads, alarm distributors, even BBB records you can distributors, even BBB records you can use to research other companies before use to research other companies before you do business with them.you do business with them.

Will I make millions from it ?Will I make millions from it ?

• Putting your company on the internet Putting your company on the internet isn’t a guarantee of success, but it is isn’t a guarantee of success, but it is one more tool you and your customers one more tool you and your customers can use to mutual benefit.can use to mutual benefit.

• It’s for you to use as a business It’s for you to use as a business resource, not just for sales.resource, not just for sales.• Program updates from SIMS, anti-virus Program updates from SIMS, anti-virus

vendors and operating system vendors.vendors and operating system vendors.

It’s too difficult to use/setup !It’s too difficult to use/setup !

• Most ISP’s offer DSL service that Most ISP’s offer DSL service that includes basic firewall protection in the includes basic firewall protection in the router.router.• KISS – Keep It Simple to start and as your KISS – Keep It Simple to start and as your

company relies on it more, go to the next company relies on it more, go to the next level.level.

• Use outsourcing for email, your web site Use outsourcing for email, your web site and so forth until you have the technical and so forth until you have the technical talent in your company to bring it in-house.talent in your company to bring it in-house.

What type of connection ?What type of connection ?

• Non-dedicated connection (dial-up).Non-dedicated connection (dial-up).• Good for just checking email and surfing the web Good for just checking email and surfing the web

by your employees.by your employees.• Digital Subscriber Line (DSL)Digital Subscriber Line (DSL)

• Always on connectivity using standard telephone Always on connectivity using standard telephone wiring.wiring.

• Faster than dial-up, but not a dedicated circuit and Faster than dial-up, but not a dedicated circuit and doesn’t have same service level agreements doesn’t have same service level agreements typically. Can host a web/email server with typically. Can host a web/email server with DSL circuits from most ISP’s. DSL circuits from most ISP’s.

What type of connection ?What type of connection ?

• Digital Subscriber Line (DSL continued)….Digital Subscriber Line (DSL continued)….• Asynchronous DSL (ADSL) has a different speed Asynchronous DSL (ADSL) has a different speed

in one direction (typically faster download) than in one direction (typically faster download) than upload speed. Good for surfing the web but not upload speed. Good for surfing the web but not for hosting servers.for hosting servers.

• Synchronous DSL (SDSL) has the same speed Synchronous DSL (SDSL) has the same speed downloading as it does for uploading. Can be downloading as it does for uploading. Can be used to host servers in your office if ISP allows it.used to host servers in your office if ISP allows it.

What type of connection ?What type of connection ?

• Dedicated Circuits (T1, T3, etc).Dedicated Circuits (T1, T3, etc).• Use a dedicated circuit qualified for data only, Use a dedicated circuit qualified for data only,

usually is much “cleaner” than typical voice lines. usually is much “cleaner” than typical voice lines. Circuit is tagged as a data circuit in phone drop Circuit is tagged as a data circuit in phone drop boxes and switching centers.boxes and switching centers.

• Most have service level agreements certifying the Most have service level agreements certifying the number of dropped packets, error rate and so forth number of dropped packets, error rate and so forth which are acceptable, unlike DSL circuits which which are acceptable, unlike DSL circuits which are only required to meet voice-grade spec’s.are only required to meet voice-grade spec’s.

How does it connect ?How does it connect ?

• Most ISP’s offer plans which for a monthly fee Most ISP’s offer plans which for a monthly fee will include a router. In my opinion it’s best to will include a router. In my opinion it’s best to lease the router from them until you learn lease the router from them until you learn more about what you are doing and are more about what you are doing and are comfortable configuring the router yourself.comfortable configuring the router yourself.• Leasing the router avoids any finger pointing if you Leasing the router avoids any finger pointing if you

have problems getting circuit operational since have problems getting circuit operational since they supplied it.they supplied it.

• Leasing the router doesn’t lock you into buying a Leasing the router doesn’t lock you into buying a router until you are sure the circuit will meet your router until you are sure the circuit will meet your needs for the long term.needs for the long term.

But HOW does it connect ?But HOW does it connect ?

• Most routers have a standard Ethernet Most routers have a standard Ethernet connection just like workstations.connection just like workstations.• Plug it in to your network hub/switch.Plug it in to your network hub/switch.

• Make sure your router has firewall/filtering built Make sure your router has firewall/filtering built into it or you possibly expose your network.into it or you possibly expose your network.

• Purchase a firewall and place it between Purchase a firewall and place it between the internet router and your network.the internet router and your network.

What is the best circuit ?What is the best circuit ?

• The “best” is in the eye of the beholder. The “best” is in the eye of the beholder. If you just need to surf the web and If you just need to surf the web and check email, a dialup connection might check email, a dialup connection might be the best solution. If you want to do be the best solution. If you want to do constant updates to your web site, do constant updates to your web site, do video streaming, receive alarm video streaming, receive alarm messages over the net, etc…. Then a messages over the net, etc…. Then a dedicated connection is needed.dedicated connection is needed.

What does SIMS use ?What does SIMS use ?

• SIMS currently uses a flexible T1 from SIMS currently uses a flexible T1 from UUNet. We pay for a 768kb connection but UUNet. We pay for a 768kb connection but can actually use the full 1.5mb range of the can actually use the full 1.5mb range of the T1 for short “bursts” where our traffic exceeds T1 for short “bursts” where our traffic exceeds our capacity.our capacity.

• We have a Cisco 1720 router which we We have a Cisco 1720 router which we purchased from UUNet.purchased from UUNet.

• Previously we had a 768k SDSL connection Previously we had a 768k SDSL connection but almost weekly had connectivity issues.but almost weekly had connectivity issues.

SIMS: How much data ?SIMS: How much data ?

• Although we pay for 768kb connection, Although we pay for 768kb connection, we seldom use that much capacity. we seldom use that much capacity. Even with our mail servers, web Even with our mail servers, web servers, name servers and our servers, name servers and our workstations, we normally use an workstations, we normally use an average of 400kb. About three times a average of 400kb. About three times a month we go beyond our 768 limit when month we go beyond our 768 limit when many customers are downloading many customers are downloading program updates at the same time.program updates at the same time.

SIMS: Security precautionsSIMS: Security precautions

• We use a firewall method called De-We use a firewall method called De-Marcation Zoning (DMZ) whereby the Marcation Zoning (DMZ) whereby the firewall has two “zones”. firewall has two “zones”. • The DMZ “zone” contains all servers that The DMZ “zone” contains all servers that

need to be accessed by the outside world.need to be accessed by the outside world.• The LAN “zone” connects to the in-house The LAN “zone” connects to the in-house

switch to provide outbound access for switch to provide outbound access for SIMS workstations.SIMS workstations.

SIMS: Security continued…SIMS: Security continued…

• DMZ pro’s and con’s……DMZ pro’s and con’s……• Requires “public” servers by physically Requires “public” servers by physically

isolated from internal servers, thus isolated from internal servers, thus requiring more computers, more cabling requiring more computers, more cabling and more advanced configuration.and more advanced configuration.

• Provides an extra level of protection as Provides an extra level of protection as even if public servers are compromised, even if public servers are compromised, the in-house network is not.the in-house network is not.

SIMS: How many servers ?SIMS: How many servers ?

• We have five servers dedicated to We have five servers dedicated to internet functions. internet functions. • Three of these servers share the load of Three of these servers share the load of

our web sites, email and name server our web sites, email and name server functions.functions.

• One server is dedicated to the demo One server is dedicated to the demo SIMSWeb site.SIMSWeb site.

• One server is dedicated to the Customer One server is dedicated to the Customer Access (BBS) portion of our web site.Access (BBS) portion of our web site.

SIMS: Monitoring / Alerting ?SIMS: Monitoring / Alerting ?

• Firewall instant messages my cell Firewall instant messages my cell phone to any known attacks. phone to any known attacks.

• Custom written filters watch for Custom written filters watch for suspicious traffic and notify if trigger suspicious traffic and notify if trigger levels are reached.levels are reached.

• All incoming and outgoing email is virus All incoming and outgoing email is virus scanned and scanned for other content scanned and scanned for other content not desired.not desired.

SIMS: Pre-Emptive Measures…SIMS: Pre-Emptive Measures…

• All traffic is logged and any traffic not deemed All traffic is logged and any traffic not deemed “normal” is emailed for review.“normal” is emailed for review.

• Several “Honeypot” services are run which Several “Honeypot” services are run which look like vulnerable systems (ftp servers with look like vulnerable systems (ftp servers with no passwords, etc). Any attacks on these are no passwords, etc). Any attacks on these are stealthily logged and the IP address is stealthily logged and the IP address is automatically blocked from accessing ALL automatically blocked from accessing ALL SIMS servers for two hours.SIMS servers for two hours.

SIMS: Paranoid or Cautious ?SIMS: Paranoid or Cautious ?

• Every week we receive between five and ten Every week we receive between five and ten “attacks” against our servers.“attacks” against our servers.• Most are scripts run from other violated servers on Most are scripts run from other violated servers on

the internet looking for new sites to attack.the internet looking for new sites to attack.• About once a year a full fledged attack against About once a year a full fledged attack against

multiple servers at SIMS occurs.multiple servers at SIMS occurs.• The SIMS network has never been compromised, The SIMS network has never been compromised,

at worst we shut down our Internet connection for at worst we shut down our Internet connection for a couple of hours to eliminate the targets of the a couple of hours to eliminate the targets of the attack. It’s not any fun to attack servers that aren’t attack. It’s not any fun to attack servers that aren’t on-line any longer.on-line any longer.

Why are sites attacked ?Why are sites attacked ?

• ““Script Kiddies” trying to prove their ability to Script Kiddies” trying to prove their ability to compromise systems to their friends. Targets compromise systems to their friends. Targets are chosen based on the publicity they would are chosen based on the publicity they would receive or because they know the target site.receive or because they know the target site.

• Retaliation for past “wrongs”. Current or ex-Retaliation for past “wrongs”. Current or ex-employees trying to get even or access employees trying to get even or access documents/files they feel entitled to.documents/files they feel entitled to.

• Directed Attacks against competitors or other Directed Attacks against competitors or other companies for the purpose of humiliating companies for the purpose of humiliating them or obtain trade secrets.them or obtain trade secrets.

How are sites attacked ?How are sites attacked ?

• Servers left unprotected. New security Servers left unprotected. New security vulnerabilities come out weekly, sometimes vulnerabilities come out weekly, sometimes daily for Windows. Make sure you apply daily for Windows. Make sure you apply patches before someone uses the “hole” patches before someone uses the “hole” against you.against you.

• Services you don’t know are running. When Services you don’t know are running. When installing software, many programs open installing software, many programs open back-doors that can be exploited by others back-doors that can be exploited by others that know where they are.that know where they are.

How are sites attacked ?How are sites attacked ?

• Trojan Horse programs. Sent either by email Trojan Horse programs. Sent either by email or downloaded by a user unsuspectingly by or downloaded by a user unsuspectingly by advertising the program as something it’s not. advertising the program as something it’s not. Once the Trojan Horse program is executed, Once the Trojan Horse program is executed, it can open back-doors and even send a it can open back-doors and even send a message to it’s creator to let them know there message to it’s creator to let them know there is a new system ready to be attacked by is a new system ready to be attacked by them. Trojan Horse programs can even send them. Trojan Horse programs can even send copies of passwords stored on your system.copies of passwords stored on your system.

Safe Surfing……Safe Surfing……

• Teach your employees not to download Teach your employees not to download things to their work computers. Go to things to their work computers. Go to the point of creating a company policy the point of creating a company policy that forbids installation of unauthorized that forbids installation of unauthorized programs. Programs advertised as programs. Programs advertised as screen savers are the #1 way that screen savers are the #1 way that Trojan Horse programs get their victim Trojan Horse programs get their victim to load them.to load them.

Information Leaks……Information Leaks……

• NEVER throw away documents with NEVER throw away documents with passwords or other information about passwords or other information about your network without shredding them your network without shredding them first. “Dumpster Diving” is the most first. “Dumpster Diving” is the most common way that hackers gather common way that hackers gather information during a directed attack.information during a directed attack.

Personal Information Leaks……Personal Information Leaks……

• Even though people know better, they Even though people know better, they use their families names, birthdays or use their families names, birthdays or pet information as passwords.pet information as passwords.

• Callers pretending to be “old friends” will Callers pretending to be “old friends” will call office saying “I’m an old college call office saying “I’m an old college buddy, what’s Joe’s wife’s name buddy, what’s Joe’s wife’s name again ? When is his birthday ? I want again ? When is his birthday ? I want to surprise him, don’t tell him I called.”to surprise him, don’t tell him I called.”

Equipment Type Leaks……Equipment Type Leaks……

• Callers will state they are XYZ ISP and Callers will state they are XYZ ISP and they are sure they can beat the price they are sure they can beat the price you are paying now. “Who is your you are paying now. “Who is your ISP ? What type of router do you ISP ? What type of router do you have ? Who handles your firewall ?” All have ? Who handles your firewall ?” All this is information they can use to this is information they can use to determine more information than you determine more information than you want hackers to know about you.want hackers to know about you.

So WHY connect again ?So WHY connect again ?

• Used intelligently, the Internet gives Used intelligently, the Internet gives your company great possibilities. You your company great possibilities. You don’t let your kids drive your car before don’t let your kids drive your car before they’ve learned how…. Don’t put your they’ve learned how…. Don’t put your company on the Internet until you know company on the Internet until you know how to safely . The old adage “It’s how to safely . The old adage “It’s better to be safe than sorry” holds true better to be safe than sorry” holds true even in this “connected” age. even in this “connected” age.

Top Ten Security PrecautionsTop Ten Security Precautions

10.10. Virus scanners on all workstations.Virus scanners on all workstations.11.11. Keep security patches current.Keep security patches current.12.12. Passwords on all computers.Passwords on all computers.13.13. Remote access software locked down Remote access software locked down

to specific machines that need access.to specific machines that need access.14.14. Pro-active monitoring of activity.Pro-active monitoring of activity.15.15. Kill un-needed programs/services.Kill un-needed programs/services.

Top Ten continued…..Top Ten continued…..

6.6. Know what is “normal” traffic.Know what is “normal” traffic.

7.7. Change passwords regularly and use Change passwords regularly and use passwords that use mix of letters, numbers passwords that use mix of letters, numbers and special characters.and special characters.

8.8. Shred all security related documents.Shred all security related documents.

9.9. Train employees about security.Train employees about security.

10.10. Create a security procedure/manual.Create a security procedure/manual.

Top Ten continued…..Top Ten continued…..

1.1. Trust that the rules of network security Trust that the rules of network security change daily, there is no such thing as a change daily, there is no such thing as a 100% secure network and never assume 100% secure network and never assume your network is secure because you haven’t your network is secure because you haven’t noticed anything missing yet. If humans noticed anything missing yet. If humans create the security, other humans can break create the security, other humans can break it. It’s just a matter of how much time they it. It’s just a matter of how much time they are willing to spend to get in.are willing to spend to get in.

Questions

?