Progress over Perfection

Troubleshooting of Network

This blog explains the basics of network troubleshooting and teaches strategies for how to isolate, identify, prioritize, and resolve problems.

Troubleshooting

Troubleshooting: Process of solving the problems.

Network Troubleshooting: Network troubleshooting is a processes used to identify, planning and resolve problems within a computer network. Network troubleshooting is primarily done by network engineers or administrators to repair or optimize a network. Network troubleshooting can be a manual or automated task. When using automated tools, network management can be done using network diagnostic software.

Some of the tasks that network troubleshooter does are –

  • Finding and resolving problems and establishing network connection of a devices
  • Configuring a router, switch or any other network device
  • Installing cables or Wi-Fi devices
  • Updating firmware devices on router and switch
  • Removing viruses
  • Adding, configuring and reinstalling a network printer

Troubleshooting Approaches:

following are the troubleshooting approaches –

1. Structured Approach

Having a structured approach to troubleshooting increases your chances of resolving problems in a timely manner. It first define the problem then start gathering information.  You then analyze data gathered and eliminate variables.  From there you propose a hypothesis then test the hypothesis.  It is an iterative process until you ultimately determine a solution.  Documenting findings along the way is key to having a successful resolution.

2. Unstructured approach

In general, an unstructured approach to troubleshooting decreases the chances of resolving problems in a timely manner.  In this approach we start trying things without gathering all the data necessary to really determine the problem.  You might get lucky, but in general a Structured approach to troubleshooting is preferred over an Unstructured approach.

3. Top-down troubleshooting Approach:

One drawback to this method is that you must have access to application layer software to initiate the troubleshooting process

4. Bottom-up troubleshooting Approach:

The main benefit of this method is that the initial troubleshooting takes place in areas you control. Access to application software is not required until the late stages of troubleshooting and possibly not at all. The main disadvantage of this method is that in large networks it is very time-consuming gathering and analyzing data.

Troubleshooting Process: 

The process of troubleshooting a computer network problem is divided into 5 stages –

1. Defining the Problem:

An accurate description of the problem allows the troubleshooter to more readily start gathering information for analysis.

2. Isolating the Cause of the problem (Gather Information):

Information gathering involves scanning the network and looking for an obvious cause of the problem. For example, from which network devices, clients, or servers do you want to gather information? Which tools do you plan on using to gather that information?  Once enough information is gathered, it is time to start analyzing the data.

3. Planning the Repair (Analyze data):

It is similar to detective work.  You need to analyze the facts to come up with a hypothesis of what is going on.

4. Confirming the Results:

Once the information is gathered and analyzed you can start drawing conclusions, eliminate possible causes, start testing potential solutions  and propose hypothesis. Once a hypothesis is formulated as a cause of the problem, the next step is to come up with a potential solution and test that potential solution. The problem is solved only after you have confirmed your hypothesis by testing your potential solution and the symptoms of the problem have disappeared. No repair is complete without confirmation that the job has been successfully concluded.

5. Documenting the Outcome: ensure that any trouble that has been resolved is fully documented. Documenting the troubleshooting process is one way to build, retain, and share experience.

2. Segmenting the Problem

Divide the network problems in different segments (parts) so that the diagnosis become easier. If the initial review of network statistics and symptoms does not expose an obvious problem, dividing the network into smaller parts to isolate the cause.

The first question to ask is whether the problem stems from the hardware, or the software. If the problem appears to be hardware-based, start by looking at only one segment of the network, and most specifically looking at only one type of hardware. Check the hardware and network components including –

  • NIC
  • Cabling and connectors.
  • Clients/workstations.
  • Connectivity components such as repeaters, bridges, switches, routers, brouters, and gateways.
  • Switch and Hubs
  • Servers

Network protocols require special attention because they are designed to bypass network problems and attempt to overcome network faults. Most protocols use what’s known as “retry logic,” in which the software attempts an automatic recovery from a problem. This becomes noticeable through slow network performance as the network makes new and repeated attempts to perform correctly. Failing hardware devices, such as hard drives and controllers, will use retry logic by repeatedly interrupting the CPU for more processing time to complete their task.

When you are assessing hardware performance problems, use the information obtained from the hardware baselines to compare against the current symptoms and performance.

3. Isolating the Problem

If your search for simple solutions to a network problem or failure doesn’t produce an answer, the next step is to identify the physical location where the problem is occurring. If you don’t already have a network diagram in your files, consider drawing one now.

Most problems offer some kind of hint about their location: If just one computer’s connection to the network has failed, but all the others work properly, the problem is probably in that computer or its network link. But if nobody on the network can connect to any other computer or to the Internet, the problem is probably in a server, router, or other central device. Start searching for the source of a problem in the most logical device.

If you have a hardware problem, it’s often effective to isolate the problem by replacing individual components and cables one at a time until the problem goes away. If the problem disappears when you install a replacement, that’s a good indication that the original part was the source of the problem. If the replacement is a relatively expensive item like a router or a printer, you might want to send it back to the manufacturer for replacement or repair, especially if it’s under warranty. But if you replace a cheap part like a cable or a network interface card, it’s often easier to just throw it away and buy a new one.

Similar techniques can work with software. If a computer connection fails, try shutting down each program running on that computer, one at a time, and then try to reestablish the connection. If you recently installed a new program, driver, or update, try uninstalling the new software and test the connection again. If the connection works, the conflict is between the new software and your network connection or device driver. In Windows, try restarting the computer in Safe Mode and re-establishing the connection; if it works in Safe Mode, you know that the Windows operating system is not the source of the problem.

4. Setting Priorities

A fundamental element in network problem solving is setting priorities. Everyone wants his or her computer fixed first, so setting priorities is not an easy job. While the simplest approach is to prioritize on a “first come, first served” basis, this does not always work, as some failures are more critical to resolve than others. Therefore, the initial step is to assess the problem’s impact on the ability to maintain operations. For example, a monitor that is gradually getting fuzzy over several days would have a lower priority to address than the inability to access the payroll file server prior to a check run.

Troubleshooting Tools

Troubleshooting network problems is often accomplished with the help of hardware and software. To troubleshoot effectively, you need to know how these tools can be used to solve network problems.

Hardware Tools

Hardware tools were very expensive and difficult devices to use. But they are now less expensive and easier to operate. They are helpful to identify performance trends and problems.

Some processes within hardware troubleshooting include:

  • Removing, repairing and replacing faulty RAM, hard disk or video/graphic card.
  • Cleaning dusts from RAM and Video carts slot/ports and from cooling fan.
  • Tightening cable and jumpers on motherboard and/or components.
  • Software related hardware problems such as device driver update or installation.

Some of the hardware diagnostic tools that are helpful to isolate defective hardware components are –

Digital Voltmeter

The digital voltmeter (volt-ohm meter) is the primary all-purpose electronic measuring tool. It is considered standard equipment for any computer or electronic technician and can reveal far more than just the amount of voltage passing through resistance. Voltmeters can determine :

  • sort circuit ( if path is clear i.e. no breaks then it makes sound)
  • Resistance
  • voltage
  • current

One of the network administrator’s most important functions is to confirm source voltage for the network equipment. Most electronic equipment operates on 120 volts AC. But not all outlets will meet these requirements. In older installations, especially in large industrial areas, the system load can drop voltages to as low as 102 volts. Operating for long periods at low voltages can cause electronic equipment problems. Low voltages often cause intermittent faults. At the other end, voltage that is too high can cause immediate damage to the equipment. In new construction, it is possible for circuits to be wired incorrectly and actually put out 220 volts AC.

With any new location or new construction, it is important to check the outlet voltages before connecting any electronic equipment in order to verify that they are within an acceptable range.

Time-Domain Reflectometers (TDRs)

Time-domain reflectometers (TDRs), as shown in below figure, send sonar-like (sound) pulses along cables to locate breaks, shorts, or imperfections. Network performance suffers when the cable is not intact. If the TDR locates a problem, the problem is analyzed and the results are displayed. A TDR can locate a break within a few feet of the actual separation in the cable. Used heavily during the installation of a new network, TDRs are also invaluable in troubleshooting and maintaining existing networks.

Using a TDR requires special training, and not every maintenance department will have this equipment. However, administrators need to know the capabilities of TDRs in case the network is experiencing media failure and it is necessary to locate a break.

Advanced Cable Testers

Advanced cable testers work beyond the physical layer of the OSI reference model in the data-link layer, network layer, and even the transport layer. They can also display information about the condition of the physical cable.

Oscilloscopes

Oscilloscopes are electronic instruments that measure the amount of signal voltage per unit of time and display the result on a monitor. When used with TDRs, an oscilloscope can display:

  • Sharp bends or crimps in the cable.
  • Opens (breaks in the cable).
  • Attenuation (loss of signal power).

Other Hardware Tools

Several other versatile hardware tools can serve as useful aids to network troubleshooting.

Crossover Cables

Sometimes, when you try to troubleshoot a computer, that is not connected to Hub or  Switch. Then, you cannot use the diagnostic equipment’s like a signal analyser directly using a straight cable. You need a crossover cable to connect directly.

Two devices in the same category use a crossover cable

Any time that we are connecting a device from one category to a device in the other category, we use a standard straight through cable

first category is hubs and switches.

second category include everything else as – routers (except ESW ports), print servers, PCs, access-points, servers, and any other Ethernet connected device.

For each of the connections, what is the appropriate cable type?

Hub<—>Router (answer: straight through–hub in category 1, router in category 2)

Hub<—>Hub (answer: crossover–both devices in category 1)

PC<—>Print Server (answer: crossover–both devices in category 2)

PC<—>Router (answer: crossover–both devices in category 2)

Switch<—>Hub (answer: crossover–both devices in category 1)

Switch<—>Switch (answer: crossover–both devices in category 1)

Crossover cables are used to connect two computers directly with a single patch cable. Because the send and receive wires are reversed on one end, the send wire from one computer is connected to the receive port on the other computer. Crossover cables are useful in troubleshooting network connection problems. Two computers can be directly connected, bypassing the network and test the communication capabilities of one computer, rather than the whole network.

The crossover cable is typically used to connect two hubs or switches. It can also be used to test communications between two workstations directly, bypassing the hub. The cable is used only in Ethernet UTP installations.

The standard Ethernet UTP crossover cable used in both situations has it’s transmit and receive wire pairs crossed so that the transmit set on one side is connected to the receive set on the other. In the following figure four of the wires are crossed pin 2 & 3 connect to pin 4 & 6 and pin 4 & 6 connect to pin 2 & 3.

Hardware Loop-back

A hardware loopback device is a serial port connector that enables you to test the communication capabilities of a computer’s serial port without having to connect to another computer or peripheral device. Instead, using the loopback, data is transmitted to a line, then returned as received data. If the transmitted data does not return, the hardware loopback detects a hardware malfunction.

A hardware loopback is a special connector for the Ethernet 10Base-T NICs. It is used by the NIC’s software diagnostics to test transmission and reception capabilities.

Tone Generator and Tone Locator

A tone generator is a small electronic device that issues a alternating or continuous signal on a wire pair

A tone locator is a device that emits a tone to detect the correct cable at the other end.

It can be used to trace twisted-pair wiring, single conductors, and coaxial cables, among others. This pair of equipment is sometimes referred to as “fox and hound.”

The combination of tone generator and tone locator is used in telephone systems to locate cables. The tone generator is a small electronic device that sends an electrical signal down one set of UTP wires. The tone locator is another device that is designed to emit a tone when it detects the signal in a particular set of wires. When a cable is needed to be traced, hook the generator to the copper ends of the wire pair to be found. Then move the locator over multiple sets of cables until a tone is heard.

Software Tools

Software tools are needed to monitor trends and identify network performance problems. This section describes some of the more useful of these tools.

The software troubleshooting tools are:

  • Protocol Analyzers
  • Performance-monitoring tools

Protocol analyzers

Protocol analyzers, also called “network analyzers,” perform real-time network traffic analysis using packet capture, decoding, and transmission data. Network administrators who work with large networks rely heavily on the protocol analyzer. These are the tools used most often to monitor network interactivity.

Protocol analyzer examine packets from protocols that operate at the lower four layers of the OSI model and can display any errors they detect.

Protocol analyzers look inside the packet to identify a problem. They can also generate statistics based on network traffic to help create a picture of the network, including the:

  • Cabling
  • Software
  • File servers.
  • Network interface cards.
  • Worktation

Protocol analyzers have built-in time domain reflectometer.

The protocol analyzer can detect following networking problems :

  • Faulty network components.
  • Configuration or connection errors.
  • LAN bottlenecks.
  • Traffic fluctuations.
  • Protocol problems.
  • Applications that might conflict.
  • Unusual server traffic.

Protocol analyzers can also identify a wide range of network behaviour. They can:

  • Identify the most active computers.
  • Identify computers that are sending error-filled packets. If one computer’s heavy traffic is slowing down the network, the computer should be moved to another network segment. If a computer is generating bad packets, it should be removed and repaired.
  • View and filter certain types of packets. This is helpful for routing traffic. Protocol analyzers can determine what type of traffic is passing across a given network segment.
  • Track network performance to identify trends. Recognizing trends can help an administrator better plan and configure the network.
  • Check components, connections, and cabling by generating test packets and tracking the results.
  • Identify problem conditions by setting parameters to generate alerts.

Microsoft Network Monitor and Wireshark

Microsoft Network Monitor and Wireshark are free protocol analyzers that capture and display data as it moves through your network. In other words, they grab each block of data (a frame) as it passes in or out of your computer, and they display the contents of the frame along with detailed information about the form and structure of each frame. These two programs capture the same data stream, but they handle and display it differently. The programs are available at no cost, so you might want to install both of them.

Figure: Microsoft Network Monitor displays detailed information about network data.

Figure: Wireshark uses contrasting colors to show different kinds of data frames.

Most of this data display looks like hexadecimal gibberish, but it contains the actual text of messages, conversations, and other transactions, along with all the commands and status messages that move through the network. Most of the time, you can allow your computer and the network plumbing to handle the data in background. But when something goes wrong, the data captured by a protocol analyzer can help you identify what’s causing the problem.

For example, if the amount of incoming or outgoing traffic moving through your network increases, the network may be sending or receiving many requests every second. This could be a hacker’s denial of service attack, or a computer that has innocently latched itself into an endless program loop. Either way, you will want to identify the source and take action to make it stop.

Network General Sniffer

A network sniffer monitors data flowing over computer network links in real time. Sniffer, which is part of a family of analyzers can decode and interpret frames from 14 protocols including AppleTalk, Windows NT, NetWare, SNA, TCP/IP, VINES, and X.25. Sniffer measures network traffic in kilobytes per second, frames per second, or as a percentage of available bandwidth. It will gather LAN traffic statistics, detect faults such as beaconing, and present this information in a profile of the LAN. Sniffer can also identify bottlenecks by capturing frames between computers and displaying the results.

Network Sniffer Tools

Many different sniffer software applications have been developed over the years. Well-known sniffers tools include

  • WireShark
  • tcpdump (a command-line tool for Linux and other Unix-based operating systems)
  • GlassWire
  • CloudShark
  • Microsoft Message Analyzer (for Windows)

Novell’s LAN analyzer

The LAN analyzer software performs much the same function as Sniffer but is available only on a NetWare LAN.

Performance-monitoring tools

After a network has been installed and is operational, the administrator needs to make sure it performs effectively. To do this, the administrator will need to manage and keep track of every aspect of the network’s performance.

Many network operating systems include tools for monitoring network performance and can display statistics such as the number of packets sent and received, server processor utilization, the amount of data going in and out of the server and etc.

  • Network monitors are software tools that track all or a selected part of network traffic. They examine data packets and gather information about packet types, errors, and packet traffic to and from each computer.

Network monitors are very useful for establishing part of the network baseline. After the baseline has been established, you will be able to troubleshoot traffic problems and monitor network usage to determine when it is time to upgrade. As an example, let’s assume that after installing a new network, you determine that network traffic is utilized at 40 percent of its intended capacity. When you check traffic, one year later, you notice that it is now being utilized at 80 percent capacity. If you had been monitoring it all along, you would have been able to predict the rate of increased traffic and predict when to upgrade before failure occurs.

Performance Monitors

Most current network operating systems include a monitoring utility that will help a network administrator keep track of a network’s server performance. These monitors can view operations in both real time and recorded time for:

  • Hard disks.
  • Network utilisation.
  • The network as a whole.

These monitors can:

  • Record the performance data.
  • Send an alert to the network manager.
  • Start another program that can adjust the system back into acceptable ranges.

Some servers include network monitoring software. Windows NT Server, for example, includes a diagnostic tool called Network Monitor, shown in figure. This tool gives the administrator the ability to capture and analyze network data streams to and from the server. This data is used to troubleshoot potential network problems.

The packets of data in the data stream consist of the following information:

  • The source address of the computer that sent the message.
  • The destination address of the computer that received the frame.
  • Headers from each protocol used to send the frame.
  • The data or a portion of the information being sent.

Figure: Windows NT Network Monitor

Internal Security

Security is one of the most important aspects of any Windows server environment.

Planning for Network Security

In a networking environment there must be assurance that sensitive data will remain private. Not only is it important to secure sensitive information, it is equally important to protect network operations from deliberate or unintentional damage.

Maintaining network security requires a balance between facilitating easy access to data by authorized users and restricting access to data by unauthorized users. It’s the job of the network administrator to create this balance.

Even in networks that handle sensitive and valuable business data, security is sometimes an afterthought. Four major threats to the security of data on a network are:

  • Unauthorized access.
  • Electronic tampering.
  • Theft.
  • Intentional or unintentional damage.

Despite the seriousness of these threats, data security is not always implemented or supported properly. The administrator’s task is to ensure that the network remains reliable and secure, free from those threats.

Security policy settings should be used as part of your overall security implementation to help secure domain controllers, servers, client computers, and other resources in your organization.

Security settings policies are rules that you can configure on a computer, or multiple computers, for the purpose of protecting resources on a computer or network. The Security Settings extension of the Local Group Policy Editor snap-in (Gpedit.msc) allows you to define security configurations as part of a Group Policy Object (GPO). The GPOs are linked to Active Directory containers such as sites, domains, and organizational units, and they enable administrators to manage security settings for multiple computers from any computer joined to the domain.

Security settings can control:

  • User authentication to a network or computer.
  • The resources that users are permitted to access.
  • Whether to record a user’s or group’s actions in the Event log.
  • Membership in a group.

Many technologies, features, and configuration options can be used to enhance the security of computers and networks. Windows Server 2012 R2 and Windows Server 2012 support and enhance critical security needs, including:

  • Authentication and identity.
  • Authorization and isolation.
  • Data protection.
  • Secure networking.

The following resources highlight key technologies and features that can be used as building blocks to address these needs (some may be standalone solutions, and others are version interdependent).

 Technology or feature Authentication and identity Authorization and isolation Data protection Secure networking
Access Control Overview X X X X
Active Directory Certificate Services X X X X
Active Directory Domain Services X X X X
Active Directory Rights Management Services X X X
Remote Access (DirectAccess, Routing, and VPN) X X X
File and Storage Services X X X
Group Policy X X X X
Network Policy and Access Services X X
Security Auditing X X X X
Web Server (IIS) X X X
Windows Authentication and Logon X X

Account Security

User account security requires following factors to be considered:

  • Changes to user account and resource permissions.
  • Failed attempts by users to log on.
  • Failed attempts to access resources.
  • Changes to system files.

Managing the user accounts on the server:

  • Add a user account
  • Remove a user account
  • View user accounts
  • Activate or Deactivate a user account

Add a user account

When you add a user account, the assigned user can log on to the network, and you can give the user permission to access network resources such as shared folders etc… Windows Server includes the Add a User Account Wizard that helps you:

  • Create user account with name and password.
  • Grant privileges to user.
  • Permit to access shared resources.
  • Assign user to groups.

To add a user account

  1. Open the Windows Server Dashboard.
  2. On the navigation bar, click Users.
  3. In the Users Tasks pane, click Add a user account. The Add a User Account Wizard appears.
  4. Follow the instructions to complete the wizard.

Remove a user account

When you choose to remove a user account from the server, a wizard deletes the selected account. Because of this, you can no longer use the account to log on to the network or to access any of the network resources.

To remove a user account

  1. Open the Windows Server Dashboard.
  2. On the navigation bar, click Users.
  3. In the list of user accounts, select the user account that you want to remove.
  4. In the <User Account> Tasks pane, click Remove the user account. The Delete a User Account Wizard appears.
  5. On the Do you want to keep the files? page of the wizard, you can choose to delete the user’s files. To keep the user’s files, leave the check box empty. After making your selection, click Next.
  6. Click Delete account.

View user accounts

The Users section of the Windows Server Dashboard displays a list of network user accounts. The list also provides additional information about each account.

To view a list of user accounts

  1. Open the Windows Server Dashboard.
  2. On the main navigation bar, click Users.
  3. The Dashboard displays a current list of user accounts.

To view or change properties for a user account

  1. In the list of user accounts, select the account for which you want to view or change properties.
  2. In the <User Account> Tasks pane, click View the account properties. The Properties page for the user account appears.
  3. Click a tab to display the properties for that account feature.
  4. To save any changes that you make to the user account properties, click Apply.

Activate or deactivate a user account

When you activate a user account, the assigned user can log on to the network and access network resources to which the account has permission, such as shared folders and the Remote Web Access site.

To activate a user account

  1. Open the Windows Server Dashboard.
  2. On the navigation bar, click Users.
  3. In the list view, select the user account that you want to activate.
  4. In the <User Account> Tasks pane, click Activate the user account.
  5. In the confirmation window, click Yes to confirm your action.

Deactivate a user account

When you deactivate a user account, account access to the server is temporarily suspended. If the user account has a Microsoft online account assigned, the online account is also deactivated.

To deactivate a user account

  1. Open the Windows Server Essentials Dashboard.
  2. On the navigation bar, click Users.
  3. In the list view, select the user account that you want to deactivate.
  4. In the <User Account> Tasks pane, click Deactivate the user account.
  5. In the confirmation window, click Yes to confirm your action.

Summary of User account tasks in the Dashboard

Task name Description
View the account properties Enables you to view and change the properties of the selected user account, and to specify folder access permissions for the account.
Deactivate the user account A user account that is deactivated cannot log on to the network or access network resources such as shared folders or printers.
Activate the user account A user account that is activated can log on to the network and can access network resources as defined by the account permissions.
Remove the user account Enables you to remove the selected user account.
Change the user account password Enables you to reset the network password for the selected user account.
Add a user account Starts the Add a User Account Wizard, which enables you to create a single new user account that has either standard user access or administrator access.
Assign a Microsoft online account Adds a Microsoft online account to the local network user account that is selected.

This task is displayed when your server is integrated with Microsoft online services, such as Office 365.

Add Microsoft online accounts Adds Microsoft online accounts and associates them to local network user accounts.

This task is displayed when your server is integrated with Microsoft online services, such as Office 365.

Set the password policy Enables you to change the values of the password polices for your network.

 

File and Directory permissions

You can use Windows Server Dashboard to manage user access to the shared folders on the server:

Level of access to shared folders

In network you can choose which types of access the users will have to shared files and folders.

You have three access settings available for the shared folders on the server:

  • Read/Write.  Choose this setting if you want to allow the user account permission to create, change, and delete any files in the shared folder.
  • Read only.  Choose this setting if you want to allow the user account permission to only read the files in the shared folder. User accounts with read-only access cannot create, change, or delete any files in the shared folder.
  • No access.  Choose this setting if you do not want the user account to access any files in the shared folder.

To give a user account permission to access a shared folder

  1. Open the Windows Server Dashboard.
  2. On the navigation bar, click Storage, and then click the Server Folders tab.
  3. In the list of folders, select the Users folder.
  4. In the Users Tasks pane, click Open the folder. Windows Explorer opens and displays the contents of the Users folder.
  5. Right-click the folder for the user account that you want to share, and then click Properties.
  6. In <User Account> Properties, click the Sharing tab, and then click Share.
  7. In the File Sharing window, type or select the user account name with whom you want to share the folder, and then click Add.
  8. Choose the Permission Level that you want the user account to have, and then click Share.

Practices and user education

We should always learn and be aware towards security in Computers, Mobile Devices and Public networks. Following are some of the best factors to determine and practice to implement security:

Level of Security

The extent and level of the network security system required depends on the type of environment in which the network is running. A network that stores data for a major bank, for example, requires more extensive security than a LAN that links the computers in a small community volunteer organization.
Setting Policies

Making a network secure requires establishing a set of rules, regulations, and policies so that nothing is left to chance. The first step toward ensuring data security is to implement policies that set the tone and help to guide the administrator and users through changes, both expected and unplanned, in their network’s development.

Prevention

The best way to design data security policies is to take a proactive, preventive approach. When unauthorized access is prevented, the data remains secure. A prevention-based system requires that the administrator understand the tools and methods available with which to keep data safe.

Authentication

To access a network, a user must enter a valid user name and password. Because passwords are linked to user accounts, a password authentication system is the first line of defense against unauthorized users.

It is important not to let overreliance on this authentication process fool you into a false sense of security. For example, in a peer-to-peer network, almost anyone can log on with a unique name and password. This alone can provide a user with complete access to the network, so that anything that is shared becomes available to that user. Authentication works only in a server-based network in which the user name and password must be authenticated from the security database.
Training

Unintentional errors can lead to security failures. A well-trained network user is less likely than an inexperienced novice to accidentally cause an error and ruin a resource by permanently corrupting or deleting data. Following figure illustrates such a problem.

Figure: Training helps reduce costly user errors

The administrator should ensure that everyone who uses the network is familiar with its operating and security procedures. To accomplish this, the administrator can develop a short, clear guide to what users need to know, and require that new users attend appropriate training classes.
Securing Equipment

The first step in keeping data safe is to provide for the physical security of the network hardware. The extent of security required depends on:

  • The size of the company.
  • The sensitivity of the data.
  • The available resources.

In a peer-to-peer network, there is sometimes no organized hardware-security policy, and users are responsible for the security of their own computers and data. In a server-based network, security is the responsibility of the network administrator.

Securing the Servers

In a larger, centralized system, in which much individual user and organization data is sensitive, it is important to secure the servers from accidental or deliberate tampering.

It is not uncommon for some individuals to want to demonstrate their technical abilities when the servers have problems. They may or may not know what they are doing. It is best to prevent these people from “fixing” the server. The simplest solution is to lock the servers in a dedicated computer room with limited access; depending on the size of the company, this might not be workable. Locking the servers in an office or even a large storage closet is often practicable and goes some way toward securing the servers.

Securing the Cables

Copper media, such as coaxial cable, much like a radio emits electronic signals that mimic the information it carries. Information carried in these signals can be monitored with electronic listening equipment. Copper cable can also be tapped into so that information can be stolen directly from the original cable.

Cable runs that handle sensitive data should be accessible only to authorized people. Proper planning can make cable runs inaccessible to unauthorized people. For example, cable can be run inside the building structure, through ceilings, walls, and floors.
Security Models

After implementing security for the network’s physical components, the administrator needs to ensure that the network resources will be safe from both unauthorized access and accidental or deliberate damage. Policies for assigning permissions and rights to network resources are at the heart of securing the network.

Two security models have evolved for keeping data and hardware resources safe:

  • Password-protected shares
  • Access permissions

These models are also called “share-level security” (for password-protected shares) and “user-level security” (for access permissions).

Password-Protected Shares

Implementing password-protected shares requires assigning a password to each shared resource. Access to the shared resource is granted when a user enters the correct password.

In many systems, resources can be shared with different types of permissions.

  • Read Only: If a share is set up as Read Only, users who know the password have Read access to the files in that directory. They can view the documents, copy them to their machines, and print them, but they cannot change the original documents.
  • Full with Full access: users who know the password have complete access to the files in that directory. In other words, they can view, modify, add, and delete the shared directory’s files.
  • Depends On Password: Depends On Password involves setting up a share that uses two levels of passwords: Read access and Full access. Users who know the Read access password have Read access, and users who know the Full access password have Full access.

The password-protected share system is a simple security method that allows anyone who knows the password to obtain access to that particular resource.

Access Permissions

Access-permission security involves assigning certain rights on a user-by-user basis. A user types a password when logging on to the network. The server validates this user name and password combination and uses it to grant or deny access to shared resources by checking access to the resource against a user- access database on the server.

Access-permission security provides a higher level of control over access rights. It is much easier for one person to give another person a printer password, as in share-level security. It is less likely for that person to give away a personal password.

Because user-level security is more extensive and can determine various levels of security, it is usually the preferred model in larger organizations.

Resource Security

After the user has been authenticated and allowed on the network, the security system gives the user access to the appropriate resources.

Users have passwords, but resources have permissions. In a sense, a security fence guards each resource. The fence has several gates through which users can pass to access the resource. Certain gates allow users to do more to the resource than other gates. Certain gates, in other words, allow the user more privileges with the resource.

The administrator determines which users should be allowed through which gates. One gate grants the user full access to or full control of a resource. Another gate grants the user read-only access.

As shown in following figure, each shared resource or file is stored with a list of users or groups and their associated permissions (gates).

Figure: Permissions control the type of access to a resource

Educating user about security

User education is one of the hardest security layers for administrators to implement.

Even with the best firewalls, antivirus products and other security hardware and software in place, no network or computer is 100% secure. Sadly, the weakest link in the security chain for corporate networks is often the users themselves. Ensuring that users have a basic understanding of information security and a little common sense can yield much higher dividends than the latest whiz-bang application.

Below are the top 10 tips administrators should share with users to help make the whole network more secure.

Strong passwords: Users hear it constantly, but many still aren’t listening.

    • Passwords should contain a mix of uppercase and lowercase letters as well as numbers or special symbols (like % or $).
    • Passwords should never be something simple like the name of your son or your birth date.

Avoid phishing scams:

    • No reputable company or tech support department will ask you to provide your username, password, social security number or other sensitive information in an e-mail. Also, never click on Web links within unsolicited e-mail.

Protect your workspace: At any given moment, your desk may have memos or documents that contain sensitive or confidential information or you might have classified information displayed on your computer monitor.

    • Be aware of who is nearby, and secure information assets by locking your PC before you leave your desk.

It’s probably a hoax: Any e-mail message from a friend or family member claiming to be urgent news that you should distribute around the world is almost definitely a hoax. To verify, you can check the information on a site like www.snopes.com. However, even if it is legitimate, you should not use corporate resources to forward spam messages on to your friends and family.

    • Don’t use corporate resources to forward spam.

Don’t open attachments:

    • Unless you are 100% sure of whom the e-mail came from and what the attachment contains, do not open or execute an e-mail file attachment.

Keep your virus detection device turned on: Antivirus scanning is only effective if it is turned on.

    • Do not disable or deactivate your antivirus scanning engine.

Do not install unapproved software: Even if software is free, it is not always free for use on corporate machines. Downloading software from the Internet is a primary source of viruses, spyware and Trojans, and even legitimate software may not be compatible with other software on your computer and could cause conflicts.

    • Don’t install unapproved software.

Beware of instant messaging: Instant messaging can be a great communication tool, but it can also be a way to transfer viruses and other malware or initiate phishing attacks. Use instant messaging responsibly.

    • Do not click on links sent from unknown instant messaging users.

When in doubt, call for support: It is better to contact the pros to check it out than to be the root cause of a virus infection that takes down the corporate network.

    • If you are suspicious of something or something just seems weird, contact tech support.

 

Leave a Reply

Your email address will not be published. Required fields are marked *


CAPTCHA Image
Reload Image

Subscribe

April 2017
M T W T F S S
« Mar    
 12
3456789
10111213141516
17181920212223
24252627282930