• -1.Wireless versus Wired networks
• -2.- How to Secure a Small Network
• -3.- Network Tools
• -4.- Sample of Wireless service policy in Libraries
• -5._Hubs Routers and Switches

1.- Wireless Versus Wired networks

Wether fished through walls or pulled through wire mold, network cable currently
offers the best performance, reliability and security. Yet, despite the dominance of
traditional cable-based networks, wireless networks are gaining popularity,
particularly in the health care, retail, manufacturing and warehousing arenas.
You've seen wireless networks in action. Recall, for example, the employee in your
local supermarket taking inventory with a small hand-held device. Wireless networks capitalize on the advantage of combining computer connectivity with user mobility.

In recent years, wireless products have become cheaper, faster and more
standardized. They eliminate the need for wiring by using radio waves to send and
receive data between computers. This technique is quite similar to the cordless
telephone in your home. Typically, cordless phones consist of two parts: a base unit connected via a wall jack to the local telephone company and a portable,
battery-powered receiver that is used to make and receive calls. Both of these units
use antennas to connect to each other by radio waves.

In the same way, there are two parts on a wireless network: an access point and a
client adapter. The access point functions like the base unit of a portable telephone
and connects the wireless network to the part of the network that must remain wired
(for connection between buildings, Internet access, etc ). From a fixed location, the
access point transmits and receives data from wireless users. To encompass a large
area, several access points are strategically located within the building to maximize
signal quality and coverage. The client adapter is a special card that fits into a
portable computer and is essentially a small radio transceiver.

In operation, these two devices work in concert. The client adapter locates the
nearest access point to establish a connection to the network. The access point,
in turn, connects the user to the entire wired and wireless portions of the network.
As the client moves, the client adapter chooses the best access point to maintain
the connection. All of this is accomplished seamlessly and, on a smaller scale, is
precisely the same process that enables you to maintain a connection on your cell
phone as you cruise down the interstate.

In contrast to conventional, cable-based networks, current wireless technology is considerably slower and presents a higher initial investment.The number and
placement of access points is critical and the effects of metal structures, dense
building materials or interferences caused by electric devices can impede the
radio waves that connect the network.

Wire-based networks remain the standard for cost and performance. In most
cases for school construction and renovation, wire will continue to dominate.
Nevertheless, in situations where student mobility is paramount or where
installation of cables is not feasible, wireless is now a realistic alternative.

http://www.wired.com

http://cisco.com

2.- How to secure a small network
 

Linking computers to create a network greatly expands their capacity and can
even save you money. Networking two or more computers allows you to:

• Share a single Internet connection
• Share a printer, scanner, and other hardware
• Share files, folders, programs and games.

To create a network you will need to use some network technologies that might
 require some expertise.  If your library has five or less computers, you can easily
do it yourself using Microsoft Windows protocols to network them together. If you
have more than five then I suggest to have a network specialist to do the work for
you.

The three most popular types of small networks are :

•  Ethernet: The current standard technology and the one used by most businesses; links computers via special cable and a device called a hub.
• HPNA (home phoneline network adapter): Links computers via existing household telephone wiring.
• Wireless: Links computers without wiring, by using radio signals.

The following table lists other properties, advantages and disadvantages of each network type:

To help determine which network technology best suits your needs answer these questions:

• How many computers do you have?
• Where are they located—are they in the same room or different rooms?
• Are any of your computers laptops?
• Do any of your computers have network adapters installed? If so, what are their types (Ethernet, HPNA, or wireless)?

Connect Components

When you’ve obtained everything you’ll need to build your network, arrange the parts in their proper locations. Next, if you are using Ethernet or HPNA components, link the computers by running cable between them (Ethernet) or connecting each computer to the telephone wiring via a phone jack (HPNA), or by simply installing the wireless network adapter.

If you decided to use Microsoft Windows XP or 2000 run a network setup wizard to configure your network;

The wizard guides you through the following steps:

• Configuring your network adapters.
• Configuring all of your computers to share one Internet connection.
• Naming each computer.
• Automatically sharing the Shared Files folder with the computers on the network.
• Automatically sharing printers that are connected to computers on the network.
• Installing a firewall.
• Installing network bridging components.
• Installing Internet Connection Sharing Discovery and Control components.

Microsoft has resources and guides in their site to help you set up your network.

Protect your Network

 
When you create a network connected to the Internet, you increase the vulnerability of your computers to unauthorized access, including viruses. To protect your network, you need to create a type of barrier called a firewall. Windows XP comes with a firewall that you create when setting up a small network.

How Does a Firewall Work?

Like an actual firewall built to prevent fire from spreading between adjoining buildings, computer firewalls prevent the spread of unauthorized communication between an individual computer or group of networked computers and the Internet. One of the most effective ways to protect a small network—and the least expensive—is to create a firewall on the Microsoft Internet Connection Sharing  (ICS)  host computer, and to make sure that, that computer is the only one on the network with a direct connection to the Internet.

Another way to protect a small network is to use a hardware device called a gateway, or router.

A gateway contains a firewall and replaces an ICS host computer as the central Internet connection. Because it contains no files, folders or other data, and cannot be used to manipulate computers to which it is linked, a  gateway offers a greater degree of protection than an ICS host computer. Should a hacker manage to bypass the firewall, the only access gained is to the device, which is in effect empty. A disadvantage of a  gateway is the extra cost it adds to putting together a network.

You can create a small network having neither an ICS host computer nor a residential gateway, but at a high cost to security—and convenience. With such a setup, Internet access can be obtained by linking each computer directly to the Internet service provider via the computer's own modem, or else all computers on the network can be linked to an Ethernet hub, which functions as a central Internet connection.

The protection of a network can include software and hardware. A dedicated hardware called router that includes a filtering program is called a firewall.

Two types of firewalls:

1-     Packets filtering Firewall

2-     Application-level gateway Firewall

Because of the complexity of  Firewalls we recommend that a person with network administration skills take charge of the day to day maintenance and operation of  your network. Some of this operations are

-         Maintain network user accounts

-         Update host access authorization

-         Respond to alarms

-         Review activity logs

-         Backing up servers and firewall

Each library should have some computer and network policy of  Who, how and when users can access your network.

________________________________________________________________________

3.- Attacks to Networks

 Intruders may target your network in the form of  sending a malicious program to disable your computers or access a server to take control of it and launch further attacks to other networks.  Libraries usually do not have important files and documents that a computer thief will be interested in stealing. In any case , each library should do a risk a assessment  and  indicate what will you be protecting.

Risks associated with Internet Services

-         Electronic mail  (SMTP)

-         World Wide Web (HTTP)

-         File transfer  (FTP)

-         Remote execution (Telnet)

-         Network Management Systems (SNMP)

Firewalls can not protect you against viruses and Trojan horse programs. It can't either prevent you from insider attacks.

Some questions to ask when considering a Firewall.

-         What type of assets do I have in my network?

-         How critical are these assets?

-         How attractive a target are my assets to an intruder?

-         What is the nature of my Internet connectivity?

-         Do my routers already have the required firewall capabilities?

-         What is my budget for security?

-         What security protections are already in place?

-         What is the level of staff expertise in my environment?

-         What type of services do my patrons and employees want?

There a lot of free software for windows platform to download in the Internet.

One simple firewall is ZONE ALARM. This will protect an individual desktop for unauthorized access

_________________________________________________________

4.- Public Library Wireless Access Policy

Library staff will provide general information on the settings necessary to access the Internet via these connections, but are not responsible for any changes users make to their computer settings and cannot guarantee that a user's hardware will work with the library's wireless connection.

If a user has problems accessing the Internet over these connections, staff cannot assist in making changes to the user's network settings or perform any troubleshooting on the user's own computer. Users should refer to their owners' manuals or other support services offered by their device manufacturer.

As with most public wireless "hot spots," the library's wireless connection is not secure. There can be non-trustworthy third parties between the user and anybody with whom the user communicates. Any information being sent or received could potentially be intercepted by another wireless user. Cautious and informed wireless users should not
transmit their credit card information, passwords and any other sensitive personal information while using any wireless "hot spot."

The library will not be responsible for any personal information (e.g. credit card) that is compromised, or for any damage caused to your hardware or software due to electric surges, security issues or consequences caused by viruses or hacking. All wireless access
users should have up-to-date virus protection on their personal laptop computers or wireless devices.

The library provides access only to Web-based email. For Microsoft Outlook or other email services, the user must connect with his or her own Internet provider.

Printers are not available via the wireless connection at this time. If users need to print, they should save their work to a portable storage device (e.g. floppy disk) or wait to print a document on a home printer. An alternative is to email files to themselves, then login to a wired library workstation and send documents to the public printer.

Use of these access points is governed by the Public Library Internet Use Policy. All users are expected to use the library's wireless access in a legal and responsible manner, consistent with the educational and informational purposes for which it is provided. Users should not violate federal, state or local laws, including the transmission or receiving of
child pornography or harmful material, fraud, or downloading copyrighted material.

Any restriction or monitoring of a minor's access to the library's wireless network is the sole responsibility of the parent or guardian.

GO BACK TO CONTENT

________________________________________________________________________

5.- Understanding Hubs Switches and Routers

Routers, Hubs, and Switches do pretty much the same thing at first look. Until you understand how they do it. To most people an automobile does pretty much the same thing as well. However how they do it is very different. I am sure most everyone can understand that. You wouldn't try to take a Volkswagon through the Rubicon (touted as one of the roughest 4X4 trails in the world), and you definitely wouldn't try to pick up your date for the Prom in a Military Humvee (well some one might). So the next question is "How are you going to do it?". To really make that decision you need to make a few decisions about your network. You will also need to understand a few things about protocols and the network traffic they create. Also some protocols are more reliable than others. All protocols are "NOT" created equally. They appear to do the same thing, but they do NOT!

With 2 computers, and only 1 protocol installed (say TCP/IP) there will be generally no traffic on your network. Hence no degradation or network chatter. On the other hand lets say you have 10 computers, multiple protocols (TCP/IP, NetBEUI, IPX, AppleTalk, etc...) there will be constant broadcasts and discoveries being made on your network. This makes for a very busy network, with lots of unusable bandwidth. You might also be concerned about security for some reason. Lets say you have children, and you don't want them to be able to access the internet, but you want to be able to get to that computer all the time without having to go into their room and unplug their computer. The only way that can be done is with a router, and putting you computer in 1 subnet and their computer in another. Configuring the router to not allow pass through for their subnet.

Hubs

A hub is probably one of the easiest pieces of network hardware to setup. Basically supply it with power and plug in your network cables. · A hub is a very inexpensive and cost effective method for connecting a few computers. Con's · When you use a hub in your network you lose some network bandwidth. In a way all ports are sharing the same wire. · If you use a broadcasting protocol you will have a lot of collisions on your network. · Each manufacturer has a different way of dealing with the power of the signal being sent through the wire. I have seen some manufacturers recommend cable lengths of no longer than 50m. Ethernet has the capability of 325m.

Switches

Now lets take a look at switches. A switch keeps what is referred to as a routing table. This allows the switch to keep track of who is attached to it. When a request comes in it takes a look at who it is for and sends it only to the computer that needs to see the packed. A switch contains a much faster routing capacity than a hub. It can handle many more requests than a hub at one time. You could probable safely double your computer count, and not see a negative impact on our network bandwidth. I have not done studies my self so I can not guarantee that. However I have witnessed a dramatic decrease in network collisions when I use a switch. A collision is when two computers try to send data at the same time. I.e. when computer a sends data to computer B, and computer C sends data to computer A. Both computers listen to the wire, don't see any traffic on the wire and send. You then get a collision. Because a hub sends all data on all wires you would see a collision with a hub. When TCP/IP receives a collision response it will resend the data at a random point. This means that all other network requests will be paused until TCP/IP receives a notification that the packet made to its destination OK. Both computers involved in the network collision will use what is known as a back-off algorithm. This way, hopefully they will not both try to resend at the same time. However with many computers, while your computer waits for the back-off algorithm it sends no traffic, other computers will start sending their data. If you were to have a large network 25 or so computers all on hubs, during high network traffic moments you would see a lot of collisions. Which gives the appearance of a slow network. Because TCP/IP will resend the packet over and over until it is successful. If you were using a switch you would not see a collision, because the switch would route computer A's request to Computer B. And Computer C's request would go directly to computer A. No cross in Ethernet traffic. This means an increase in network bandwidth for you.

Routers

A router on the other hand is not normally used between two computers in the same subnet. It can be used for this, but it is over kill. It would be like buying a Boeing 747 to go to the grocery store. Routers are generally purchased so that you can have many computers on some form of a Private IP network and connect them all to a Public IP network (the internet). The examples above showed you how to get packets between two computers on the same subnet. A router is how you get packets between two computers on two different subnets.

Unlike a hub and a switch, a router will also analyze the packet to see what type of a packet it is. This means that you can have SMTP/POP3 packets sent to a specific port. You can have HTTP packets sent to another port. You can have HTTP packets from a specific computer, or subnet, sent to another port. A router has the ability to filter packets, or read them and then decide what to do. This is called (by some) intelligent routing. On most routers there is a small operating system that runs, kind of like DOS if any you remember what that was. And with this OS you can configure the router and set up the rules and routing tables. Describing all of the functionality, and capabilities would be a 200+ page document in itself. But I hope I have given you a much better idea of the difference between the three devices.

Recap

When to use a Hub? When you have a small network, 2 - 8 computers. Recommended with only 1 protocol, i.e. TCP/IP. Where speed is not of prime importance, and all computers are on the same subnet. When to use a Switch? When you have a small to medium network, 5 - x computers. Recommended with only 1 protocol. Where speed is of importance, and all computers are on the same subnet. Where to use a Router? When you have any number of computers on different subnets. Or when you have many computers you would like to separate from the Public IP network. Using any number of protocols. And security is of potential importance.

GO BACK TO CONTENT