Free Essay

Network

In: Computers and Technology

Submitted By sunilkhan
Words 1540
Pages 7
CS 487

Firewalls and Network Defense

slide 1

Firewalls
 Idea: separate local network from the Internet
Trusted hosts and networks Firewall

Intranet DMZ

Router Demilitarized Zone: publicly accessible servers and networks

slide 2

Castle and Moat Analogy
 More like the moat around a castle than a firewall
• Restricts access from the outside • Restricts outbound connections, too (!!)
– Important: filter out undesirable activity from internal hosts!

slide 3

Conceptually..
• System to enhance of protection a local system or network of systems from networkbased security threats • All this while affording access to the outside world via WAN`s or the Internet • Deployed because of assumptions about different networks

slide 4

Operationally...
• A policy that dictates what traffic to allow, what to block, why this is done, and what to do if things break • Log connections and refused attempts • Periodic Auditing necessary for any successful deployment

slide 5

Firewall Locations in the Network
 Between internal LAN and external network  At the gateways of sensitive subnetworks within the organizational LAN
• Payroll’s network must be protected separately within the corporate network

 On end-user machines
• “Personal firewall” • Microsoft’s Internet Connection Firewall (ICF) comes standard with Windows XP slide 6

Firewall Types
 Packet- or session-filtering router (filter)  Proxy gateway
• All incoming traffic is directed to firewall, all outgoing traffic appears to come from firewall • Application-level: separate proxy for each application
– Different proxies for SMTP (email), HTTP, FTP, etc. – Filtering rules are application-specific

• Circuit-level: application-independent, “transparent”
– Only generic IP traffic filtering (example: SOCKS)

 Personal firewall with application-specific rules
• E.g., no outbound telnet connections from email client slide 7

Firewall Types: Illustration

slide 8

Packet Filtering
 For each packet, firewall decides whether to allow it to proceed
• Decision must be made on per-packet basis
– Stateless; cannot examine packet’s context (TCP connection details – state of the connection.)

 To decide, use information available in the packet
• • • • IP source and destination addresses, ports Protocol identifier (TCP, UDP, ICMP, etc.) TCP flags (SYN, ACK, RST, PSH, FIN) ICMP message type slide 9

 Filtering rules are based on pattern-matching

Packet Filtering Examples

slide 10

Example: FTP
FTP server
20 Data 21 Command

(borrowed from Wenke Lee)
FTP client

 Client opens command channel to server; tells server second port number  Server acknowledges  Server opens data channel to client’s second port  Client acknowledges

Connection from a random port on an external host

5150

5151



151” PORT 5

"

"

"
“OK” DATA C HAN NEL

K TCP AC

"

slide 11

FTP Packet Filter
The following filtering rules allow a user to FTP from any IP address to the FTP server at 172.168.10.12 access-list 100 permit tcp any gt 1023 host 172.168.10.12 eq 21 access-list 100 permit tcp any gt 1023 host 172.168.10.12 eq 20 ! Allows packets from any client to the FTP control and data ports access-list 101 permit tcp host 172.168.10.12 eq 21 any gt 1023 access-list 101 permit tcp host 172.168.10.12 eq 20 any gt 1023 ! Allows the FTP server to send packets back to any IP address with TCP ports > 1023 interface Ethernet 0 access-list 100 in ! Apply the first rule to inbound traffic access-list 101 out ! Apply the second rule to outbound traffic ! Anything not explicitly permitted by the access list is denied!

slide 12

Weaknesses of Packet Filters
 Do not prevent application-specific attacks
• For example, if there is a buffer overflow in URL decoding routine, firewall will not block an attack string

 No user authentication mechanisms
• … except (spoofable) address-based authentication • Firewalls don’t have any upper-level functionality

 Vulnerable to TCP/IP attacks such as spoofing
• Solution: list of addresses for each interface (packets with internal addresses shouldn’t come from outside)

 Security breaches due to misconfiguration slide 13

Stateless Filtering Is Not Enough
 In TCP connections, ports with numbers less than 1024 are permanently assigned to servers
• 20,21 for FTP, 23 for telnet, 25 for SMTP, 80 for HTTP…

 Clients use ports numbered from 1024 to 16383
• They must be available for clients to receive responses

 What should a firewall do if it sees, say, an incoming request to some client’s port 5612?
• It must allow it: this could be a server’s response in a previously established connection… • …OR it could be malicious traffic • Can’t tell without keeping state for each connection slide 14

Example: Variable Port Use

Inbound SMTP

Outbound SMTP

slide 15

Session Filtering
 Decision is still made separately for each packet, but in the context of a connection
• If new connection, then check against security policy • If existing connection, then look it up in the table and update the table, if necessary
– Only allow incoming traffic to a high-numbered port if there is an established connection to that port

 Hard to filter stateless protocols (UDP) and ICMP  Typical filter: deny everything that’s not allowed
• Must be careful filtering out service traffic such as ICMP slide 16

Example: Connection State Table

slide 17

Application-Level Gateway

 Splices and relays two application-specific connections
• Example: Web browser proxy • Daemon spawns proxy process when communication is detected • Big processing overhead, but can log and audit all activity

 Can support high-level user-to-gateway authentication
• Log into the proxy server with your name and password

 Simpler filtering rules than for arbitrary TCP/IP traffic  Each application requires implementing its own proxy slide 18

Circuit-Level Gateway

 Splices two TCP connections, relays TCP segments  Less control over data than application-level gateway
• Does not examine the contents of TCP segment

 Client’s TCP stack must be aware of the gateway  Often used when internal users are trusted
• Application-level proxy on inbound connections, circuit-level proxy on outbound connections (lower overhead) slide 19

Comparison
Performance Modify client application Defends against fragm. attacks

 Packet filter  Session filter  Circuit-level gateway  Application-level gateway

Best

No No Yes

No Maybe Yes Yes

Worst

Yes

slide 20

Bastion Host
 Bastion host is a hardened system implementing application-level gateway behind packet filter
• All non-essential services are turned off • Application-specific proxies for supported services
– Each proxy supports only a subset of application’s commands, is logged and audited, disk access restricted, runs as a nonprivileged user in a separate directory (independent of others)

• Support for user authentication

 All traffic flows through bastion host
• Packet router allows external packets to enter only if their destination is bastion host, and internal packets to leave only if their origin is bastion host

slide 21

Single-Homed Bastion Host

If packet filter is compromised, traffic can flow to interrnal network

slide 22

Dual-Homed Bastion Host

No physical connection between internal and external networks

slide 23

General Problems with Firewalls
 Interfere with networked applications  Don’t solve the real problems
• Buggy software (think buffer overflow exploits) • Bad protocol design

 Generally don’t prevent denial of service  Don’t prevent insider attacks  Increasing complexity and potential for misconfiguration

slide 24

Protecting Addresses and Routes
 Hide IP addresses of hosts on internal network
• Only services that are intended to be accessed from outside need to reveal their IP addresses • Keep other addresses secret to make spoofing harder

 Use NAT (network address translation) to map addresses in packet headers to internal addresses

slide 25

Reading Assignment
 “Firewall Gateways” (chapter 3 of “Firewalls and Internet Security” by Cheswick and Bellovin)
• Linked from the course website

slide 26

Fragmentation
 process of breaking down an IP datagram into smaller packets to be transmitted over different types of network media  reassembling them at the other end  is necessary in order for traffic, which is being sent across different types of network media to reach successfully  reason for this is that different types of network media and protocols have different rules involving the maximum size allowed for datagrams (MTU) slide 27

Fragmentation rules
 Rules for packet to be successfully reassembled at the destination each fragment  Must share a common fragment identification number (fragment Id.)  Each fragment must say what its place or offset is in the original unfragmented packet.  Each fragment must tell the length of the data carried in the fragment.  Finally the fragment must know whether more fragments follow this one. slide 28

Abnormal Fragmentation

For example, ACK bit is set in both fragments, but when reassembled, SYN bit is set (can stage SYN flooding through firewall)

slide 29

Fragmentation Attack
Telnet Server

(borrowed from Wenke Lee)

Telnet Client

, Send 2 fragments with the ACK bit set; fragment offsets are chosen so that the full datagram re-assembled by server forms a packet with the SYN bit set (the fragment offset of the second packet overlaps into the space of the first packet)  All following packets will have the ACK bit set

Allow only if ACK bit set
23 1234

(with FRAG1 (wit FRAG2
SYN packet (no ACK)

ACK)

" "

h ACK)



ACK

slide 30

More Fragmentation Attacks
 Split ICMP message into two fragments, the assembled message is too large
• Buffer overflow, OS crash

 Fragment a URL or FTP “put” command
• Firewall needs to understand application-specific commands to catch this

 chargen attacks
• “Character generation” debugging tool: connect to a certain port and receive a stream of data • If attacker fools it into connecting to itself, CPU locks slide 31…...

Similar Documents

Free Essay

Network

...7장 Network 모형 서울대학교 경영대학 안상형 교수 1 Network: 가지로 연결된 마디의 집합체 (1) 마디(node, vertex): •원(circle)으로 표시 (2) 가지(arc, edge): •연결되는 마디로 표시 서울대학교 경영대학 안상형 교수 2 Network: 가지로 연결된 마디의 집합체 (1) 마디(node, vertex): •원(circle)으로 표시 (2) 가지(arc, edge): •연결되는 마디로 표시 서울대학교 경영대학 안상형 교수 3 5 2 1 3 4 가지 (1,3) 서울대학교 경영대학 안상형 교수 마디 4 4 네트워크 5 2 1 3 5 2 4 3 6 7 4 1 서울대학교 경영대학 안상형 교수 5 Network의 예 • 물류시스템 • 통신네트워크 • 송유관시스템 • 교통망 • 생산조립라인시스템 서울대학교 경영대학 안상형 교수 6 마디: • 유 · 무형의 재화 및 서비스의 흐름이 시작/중계/종료 되는 점  시작되는 점:  원천마디(source node)  중계되는 점  중계마디(intermediate node)  종료되는 점 종료마디(sink node) 서울대학교 경영대학 안상형 교수 7 가지: 유 · 무형의 재화 서비스 흐름의 통로 (1) 방향성의 유무 (a) 방향이 없음(bi-directed arc) (무 방향/양 방향) (i,j) = (j,i) (b) 방향이 있음(directed arc) (i,j)  (j,i) 서울대학교 경영대학 안상형 교수 8 가지: 유 · 무형의 재화 서비스 흐름의 통로 (2) 가지 사용의 비용(cost): cij 가지의 길이(거리), 시간, 비용 등 (3) 가지의 용량 : aij 한번에 흐를 수 있는 용량 서울대학교 경영대학 안상형 교수 9 Bi-directed network (무방향/양방향 네트워크) 2 1 3 4 6 7 5 Directed network (유방향 네트워크) 2 1 3 4 6 7 5 서울대학교 경영대학 안상형 교수 11 bi-directed arc를 directed arc로 변환 i j bi-directed i j directed 서울대학교 경영대학 안상형 교수 12 1) bi-directed graph (1) 경로(path)  마디와 가지의 유한 순서  P = {s1,e1,s2,e2,s3…,sn-1,en-1,sn}  홀수 요소는 distinct 마디,  짝수 요소는 distinct 가지 여기서 ei = (si,sj) 서울대학교 경영대학 안상형 교수 13 (계속) 경로(path) 마디를 제외하고 가지만으로도 표시  P = {1, (1,3), 3, (3,6), 6, (6,7), 7}  P = {e1, e2, …, en-1,en} 앞 가지의 꼬리가 뒷......

Words: 658 - Pages: 3

Free Essay

Network

...13 Agent-Oriented Novel Quantum Key Distribution Protocol for the Security in Wireless Network Xu Huang, Shirantha Wijesekera and Dharmendra Sharma University of Canberra Australia 1. Introduction Wireless security is becoming increasingly important as wireless applications and systems are widely adopted. Numerous organizations have already installed or are busy in installing “wireless local area networks” (WLANs). These networks, based on the IEEE 802.11 standard, are very easy to deploy and inexpensive. Wi-Fi allows LANs to be deployed without cabling for client devices, typically reducing the costs of network deployment and expansion. As of 2007 wireless network adapters are built into most modern laptops. The price of chipsets for Wi-Fi continues to drop, making it an economical networking option included in ever more devices. Wi-Fi has become widespread in corporate infrastructures, which also helps with the deployment of RFID technology that can piggyback on Wi-Fi. WiFi is a global set of standards, unlike mobile telephones, any standard Wi-Fi device will work anywhere in the world. Other important trends in wireless adoptions are including the introduction of wireless email with devices such as the Blackberry and The Palm VII, rampant digital cell phone use, including the use of short message service (SMWS), and the advent of Bluetooth devices. But the risks associated with the adoption of wireless networking are only now coming to light. A number of impressive......

Words: 6431 - Pages: 26

Premium Essay

Network

...Assignment 2: Network Topology Design You are the network manager of a company that has grown from 10 employees to 100 employees in 12 months. Year 2 projected growth is estimated to be 100 additional employees located at a remote location. The aggressive growth has brought about some unique challenges and opportunities. The company has one remote warehouse and no off-site disaster recovery services or servers. The network design remains a non-redundant, flat topology. Your assignment must consider the three-layer hierarchical model. You are free to make supported assumptions of the applications and services that this organization uses. Write a one (1) page paper in which you: 1. Depict a network topology graphical model of the initial environment of 10 employees using Visio or its open source alternative software. Note: The graphically depicted solution is not included in the required page length. 2. Depict a network topology graphical model of the current 100 employees using Visio or its open source alternative software. Note: The graphically depicted solution is not included in the required page length. 3. Depict a network topology graphical model for future growth to 200 employees using Visio or its open source alternative software. Note: The graphically depicted solution is not included in the required page length. 4. Create a two-paragraph executive summary. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times......

Words: 378 - Pages: 2

Premium Essay

Network

...and Domain Consolidation 13 System Administration 15 Operating Systems 17 Email System 19 Maintenance 21 Network Security 23 Summary 25 References 26 Technology Analysis and Assessment Plan Listed below is a simple diagram of the hardware layout in Acme Gym Inc., a small local fitness company that serves the community from a single location. Following the diagram is a detailed description of the current technology available on-site and an assessment of its weaknesses. There are currently four workstation computers located across several office locations. All four workstations currently contain essentially the same hardware and software consisting of: * Microsoft Windows XP operating system * 2 GHz CPU * 2 GB RAM * 120 GB Hard drive * DVD burner drive * Built-in USB and Ethernet ports The server on-site is currently running Microsoft Windows Server 2000 operating system. It contains the following hardware: * 2 each removable 250 GB hard drives in a RAID configuration (one drive used as a ghost drive, to ensure data integrity) * 2 GHz CPU * 2 GB RAM * DVD burner drive * Built-in USB and Ethernet ports The server currently maintains all customer related databases and also serves as domain (www.acmegym.com) and email host for the company. A standalone printer is the only peripheral currently connected to the network via the six-port switch and is available to all workstations. All workstations have a single Ethernet......

Words: 5202 - Pages: 21

Premium Essay

Networks

...Networks are hardware, software, and media that can be used to connect computers together allowing them to communicate, exchange information and share resources. Networks allow multiple users to access shared data and programs. There are five kinds of networks; LAN, WAN, CAN, MAN, and HAN. The two main types of networks are LAN and WAN. LAN stands for local area network, and WAN stands for wide area network. According to our text “A local area network (LAN) is a data communication system consisting of several devices such as computers and printers.” (The McGraw−Hill Companies, 2006). These devices are physically connected to one another by cables, wireless media, or infrared links. Any network within a building or several that are next to each other is a LAN. A WAN, also known as a wide area network is made up of two or more LAN’s geographically connected. An example of a WAN is when a company or business located in one place has its main offices in one place and other smaller parts of the company in other places all data is shared within the network. There are also three types of hybrid networks, CAN’s, MAN’s, and HAN’s. A CAN or campus area network is like a LAN but on a bigger scale and more diversified, allowing different campus offices and organizations to be linked. For example, at a college the registrar’s office is connected to the bursar’s office. MAN’s which are metropolitan area networks are a large type of network that connects many corporate LANs together.......

Words: 370 - Pages: 2

Premium Essay

Networks

...TYPES OF COMPUTER NETWORKS Maninder Kaur professormaninder@gmail.com What is Network? • A network consists of two or more computers that are linked in order to share resources (such as printers and CDs), exchange files, or allow electronic communications. • The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams. Different Types of Networks • Depending upon the geographical area covered by a network, it is classified as: – Local Area Network (LAN) – Metropolitan Area Network (MAN) – Wide Area Network (WAN) – Personal Area Network (PAN) Local Area Network (LAN) • A LAN is a network that is used for communicating among computer devices, usually within an office building or home. • LAN’s enable the sharing of resources such as files or hardware devices that may be needed by multiple users • • Is limited in size, typically spanning a few hundred meters, and no more than a mile • Is fast, with speeds from 10 Mbps to 10 Gbps • Requires little wiring, typically a single cable connecting to each device • Has lower cost compared to MAN’s or WAN’s Local Area Network (LAN) • LAN’s can be either wired or wireless. Twisted pair, coax or fibre optic cable can be used in wired LAN’s. • Every LAN uses a protocol – a set of rules that governs how packets are configured and transmitted. • Nodes in a LAN are linked together with a certain topology. These topologies include: – Bus – Ring –......

Words: 611 - Pages: 3

Premium Essay

Network

... fwuashie@ug.edu.gh Nationality  : GhanaianDate of Birth: 22nd June, 1981 | | ------------------------------------------------- Profile I am industrious, goal-oriented, focused and ambitious person with Computer Hardware & Networking, and Microsoft Certified System Engineering background. I have a dedicated insight into the needs and views of others, and the ability to identify issues or crisis areas and form inventive information technology solutions. My areas of strength include; Networking and System Administration/Security Objectives I aspire to become a Network Systems Security Analyst and Database Administrator and to work in a demanding, competitive, fulfilling and an exciting environment to bring out the best in me. ------------------------------------------------- Education And Professional Qualification Certification Status | Credential | Certification / Version | | Date Achieved | | Ubiquiti airMAX & Unifi Wi-Fi Training | airMAX Certified & Unifi Wi-Fi | | April 12, 2013 | | Modules: * Understanding Wireless Communication * Active Server Pages * Link Planning and ManagementMicrosoft Certified Technology Specialist | Administrator. * Ubiquiti Protocols and Technologies * Hands-on UniFi Campus WIFI Course * RF......

Words: 774 - Pages: 4

Free Essay

Network

...Network Attached Device Network-attached storage (NAS) is a dedicated hard disk storage device that is set up with its own network address and provides file-based data storage services to other devices on the network. It is attached to a local area network and assigned an IP address, allowing both application programming and files to be served faster because they are not competing for processor resources. NAS devices are usually configured with a web browser and do not have a keyboard or display. Consists of hard disk storage, including multi-disk RAID systems and can usually handle a number of network protocols, including Microsoft's Internetwork Packet Exchange and NetBEUI, Novell's Netware Internetwork Packet Exchange, and Sun Microsystems' Network File System. (Rouse, 2013) NAS devices speed is typically one gigabit Ethernet connection but this can be changed to multiple gigabit, 10 gigabit, fiber optic by adding a pci-e network card(s). Older parts can be used which may be limited to 10/100 megabit. If you need an exact answer for speed, simply look at the wiki on gigabit. The capacity range varies, people have built 40 TB (terabyte) machines and other just have 2TB. With port replication and add on hard drive controller cards there is hardly a limit on size. A board with 6 SATA ports can be replicated (1 to 5 port) allowing for 30 drives to be attached, if 3TB drives were used in raid 50 that would be 72TB of storage. As far as fault tolerance, raid 50...

Words: 703 - Pages: 3

Free Essay

Networks

...Case: You are appointed as a technical expert to implement a network system for a small size maritime supplyrepresentative company with four users. The company provides supply services to Maritime shipping companies through a worldwide network of suppliers. Its owner is a maritime business expert who doesnot know much about the use of computer systems to support her business. Therefore, she has decidedto employ you as a consultant on a short term basis to set-up appropriate systems in a network. She hasheard about various technologies and the efficiency achieved by computer systems and would welcomeadvice on the acquisition of hardware, software and network items to augment her existing systems inorder to meet the company’s growing needs. The company has a budget of £100,000 for this project. The company currently consists of the following departments (all located in the same open space office): The sales Manager who is responsible for dealing with Maritime companies. She is assisted by asales assistant, equipped with a laptop but with no ability to access the web. This department iscurrently the only one with a connection to the Internet and with access to the company’s commonemail.  The General Manager who is responsible for the general operation of the company. She tradeswith suppliers all over the world in order to ensure the best prices of goods for the company’sMaritime shipping clients. For client communication, she uses plain telephone services and a faxmachine....

Words: 545 - Pages: 3

Premium Essay

Network+

...headquarters. Until now, its networks have relied entirely on wired connections. The company’s CIO (chief information officer) decided long ago that he would wait until wireless technology “settled down” before investing in it. 1. What can you tell him about the wireless standards that might convince him that now is the time to adopt wireless technology? Ans: Since 1997 after IEEE released its first wireless network standard, wireless network has evolved into several distinct standards. Most attracting thing about Wireless connection is the absence of wire. Addition to that, the newer technology of wireless network can provide maximum downlink throughput to120 Mbps and maximum uplink throughput to 60 Mbps (WiMax 2). This technology is being considered to be an alternative to DSL and T-carrier services for homes and businesses. It achieves much faster throughput than T-carriers at a lower cost for end users. This type of technology can transmit and receive signals up to 50 km, or approximately 30 miles, when antennas are fixed or up to 15 km, or approximately 10 miles, when they are mobile with QoS (quality of service) provisions. 2. Also, what can you tell him to convince him that wireless networking could improve the company’s productivity? Ans: Wireless networks are a powerful tool for boosting productivity and encouraging information sharing. With untethered access to documents, emails, applications and other network resources, employees......

Words: 747 - Pages: 3

Free Essay

Network

...keying        Indicating when a message starts and stops        Error control        802.11g 2. (TCO B)With contention: (Points: 5)        computers wait until the circuit is free before they send data        the server or front end processor works consecutively through a list of clients to determine who should have access to the media        the front end processor must wait for a response from the polled client or terminal        one computer starts the poll and passes it to the next computer on the multipoint circuit        there is never a chance for "collision," or two computers trying to send data at the same time 3. (TCO B)Errors on a network can occur: (Points: 5)        only on dial-up type of circuits        because of noise on the line        only on poorly maintained networks        only due to Gaussian noise        only due to lightning strikes 4. (TCO B)__________can obliterate a group of bits, causing a burst error. (Points: 5)        Crosstalk        Attenuation        Impulse noise        Intermodulation noise        Jitter 5. (TCO B)If a signal with a frequency of 500 MHz combines with a another signal of 1500 MHz and they form a new signal of 2000 MHz; this is an example of: (Points: 5)        intermodulation noise        attenuation        echo        jitter        harmonic distortion 6. (TCO B)_____________ is an effective way to prevent attenuation. (Points: 5)        Shielding wires       ...

Words: 442 - Pages: 2

Premium Essay

Network

...Network Design Following the acquisition of new premises comprising a two-story office in Adeplhi, Maryland this provides UMUC with the ability to revise and improve their network topology accordingly and ensure that not only is connectivity provided in a consistent fashion but also to provide the required security for information accordingly. One of the fundamental requirements is to ensure that data is segregated in terms of staff and students so this will require the creation of dedicated subnets accordingly to follow through and implement the solution, while there is also a requirement to provide wireless connectivity for students in the lobby area. Given that there is a specific opportunity to develop a comprehensive infrastructure it is important that the fundamental basis in terms of cabling is of a sufficiently high quality to support current and future operational requirements. Due to the size of the building there would be limitations if using Cat 5 based Ethernet cables for example and so therefore there should be a requirement to utilize Cat 6 based Ethernet as this will support a maximum cable length in excess of 300 ft without there being any connectivity or performance issues (Mitchell, 2014). Each of the two floors will have a designated server room that is designed to provide a central point of connectivity for all locations on that floor, and each of the rooms on the first and second floor will require a certain number of data ports based on their expected......

Words: 1451 - Pages: 6

Free Essay

Network

...Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.[citation needed] NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. A basic form of NAC is the 802.1X standard. Network Access Control aims to do exactly what the name implies—control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. When a computer connects to a computer network, it is not permitted to access anything unless it complies with a business defined policy; including anti-virus protection level, system update level and configuration. While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues. Once the policy is met, the computer is able to access network resources and the Internet, within the policies defined within the NAC system. NAC is mainly used for endpoint health checks, but......

Words: 294 - Pages: 2

Premium Essay

Network

...2.1.1 Network History The history of computer networking is complex. It has involved many people from all over the world over the past 35 years. Presented here is a simplified view of how the Internet evolved. The processes of invention and commercialization are far more complicated, but it is helpful to look at the fundamental development. In the 1940s computers were large electromechanical devices that were prone to failure. In 1947 the invention of a semiconductor transistor opened up many possibilities for making smaller, more reliable computers. In the 1950s mainframe computers, which were run by punched card programs, began to be used by large institutions. In the late 1950s the integrated circuit that combined several, then many, and now millions, of transistors on one small piece of semiconductor was invented. Through the 1960s mainframes with terminals were commonplace, and integrated circuits were widely used. In the late 1960s and 1970s, smaller computers, called minicomputers came into existence. However, these minicomputers were still very large by modern standards. In 1977 the Apple Computer Company introduced the microcomputer, also known as the personal computer. In 1981 IBM introduced its first personal computer. The user-friendly Mac, the open-architecture IBM PC, and the further micro-miniaturization of integrated circuits led to widespread use of personal computers in homes and businesses. In the mid-1980s users with stand-alone......

Words: 2656 - Pages: 11

Premium Essay

Network

... Networks, Telecommunications, and Wireless Computing | | | Telecommunication systems enable the transmission of data over public or private networks. A network is a communications, data exchange, and resource-sharing system created by linking two or more computers and establishing standards, or protocols, so that they can work together. Telecommunication systems and networks are traditionally complicated and historically ineffi cient. However, businesses can benefi t from today’s modern network infrastructures that provide reliable global reach to employees and customers. Businesses around the world are moving to network infrastructure solutions that allow greater choice in how they go to market—solutions with global reach. These alternatives include wireless, voice-over internet protocol (VoIP), and radio-frequency identification (RFID). | | | | | Knowledge Areas | Business Dilemma | | | Business Dilemma Personal sensing devices are becoming more commonplace in everyday life. Unfortunately, radio transmissions from these devices can create unexpected privacy concerns if not carefully designed. We demonstrate these issues with a widely-available commercial product, the Nike+iPod Sport Kit, which contains a sensor that users put in one of their shoes and a receiver that users attach to their iPod Nanos. Students and researchers from the University of Washington found out that the transmitter in a sneaker can be read up to 60 feet away. Through the use of......

Words: 2881 - Pages: 12