Computer Network Security

Contributions to computer networks were made by the following:

CERN in Switzerland

The first computer network was created at CERN the European research center for particle physics. it is in Switzerland.

UCLA in 1969

The previous comment "the first computer network was created at CERN" is not correct. In 1989, CERN added the WWW as a new feature to the already-existing Internet. The Internet itself was created in 1969 at UCLA. There were previous experiments in wide-area networking, e.g., in 1965. For more info, see "history of the internet" on isoc.org.

DARPA

The computer networking revolution began in the early 1960s and has led us to today internet technology. The Internet was first invented by DARPA (Defense Advanced Research Projects Agency) for military purposes, and then expanded to the purpose of communication among scientists. In 1957, the launch of Sputnik had spurred the U.S to create a network for communications links between military and university computers that would not be disrupted by bombs or enemy spies. In order to solve the problem, in 1968 DARPA (Defense Advanced Research Projects Agency) made contracts with BBN (Bolt, Beranek and Newman) to create ARPANET (Advanced Research Projects Agency Network).

Sergei Lebedev in the Ukraine

The first computer network in Ukraine by Sergei Lebedev for the USSR antimissile system. The system was operational in 1960 far before the idea of ARPANET.

SAGE air defence computer network

A network of vacuum tube computers connected by leased telephone lines and the first MODEMs used by the US to protect against bomber attacks. The system was operational in 1958.

Type your answer here... Create new security parameters

Answer Explanation: Security templates do not provide new security functionality. Instead, they simplify administration by enabling centralized access and distribution for existing security features.

firewall functions by acting on traffic based on it's policy. A policy is comprised of a set of rules. A rule is an action taken on traffic that fit a certain criteria. A single rule is comprised of four basic elements:

• Source
• • This is where the IP traffic is coming from and is comprised of the following
  • Single IP address or multiple IP addresses
  • One or more networks in the form of a network ID and subnet mask
  • A combination of IP addresses and Network addresses
• Destination
• • This is where the IP traffic is going to and is comprised of the following
  • Single IP address or multiple IP addresses
  • One or more networks in the form of a network ID and subnet mask
  • A combination of IP addresses and Network addresses
• Service
• • This is the type of protocol that the traffic is using and is comprised of the following
  • One or more destination TCP ports
  • One or more destination UDP ports
  • A group or combination of destination TCP and UDP ports
  • Although source port can be limited to a certain range, it is generally left wide open. It is the destination port that is primarily specified.
• Action
• • The administrator chooses from the following options if all the above three criteria match
  • Reject the traffic
  • Drop the traffic
  • Permit the traffic
  • Encrypt the traffic on IPSEC VPN capable firewalls

A:

Internetworking (i.e., the interconnection of two or more individual networks) is a complex task.

The communication process is judging as successful if the transmitted message has been delivered at the authorized destination(s) in a reliable and secure fashion and the meaning understood by the destination matches the meaning intended by the source.

Before the communicating parties starting to communicate, they have to define the several communication functions required for successful communication (i.e., flow control, error detection and correction, congestion control, addressing, routing, message formatting, etc.), and establish rules, conventions, and agreements, that govern these functions. These rules or protocols have to be followed by the communicating entities in order to ensure the success of the communication process.

In network communications, there are three basic agents:

• Applications running at hosts that want to communicate.
• Hosts that want to communicate (sources and destinations).
• Subnetworks where these hosts belong.

So, to accomplish communication, we have to provide both physical connectivity between the hosts (this includes the definition of the cabling, the connectors, the physical topology, etc.), as well as logical connectivity (this includes software processes as the addressing and the routing).

In general, we want to accomplish:

1. Reliable communication between applications running at different hosts.
2. Best-effort delivery of messages between hosts locating at different networks.
3. Access of a host to a network.

As you can understand, some of the communication functions are used to accomplish task (1), some others are used to accomplish task (2), and some others are used to accomplish task (3). So, these functions are forming logical groupings called layers.

We can visualize these layers as a stack. Each layer communicates with the others via a well-defined interface. Each layer has well-defined communication functions, which are concerned with one of the above communication tasks (1, 2, or 3). These functions are governed by associated protocols (that is why this layered network architecture also called protocol stack). Each layer is concerned with its own task, and provides services to the upper layer in a transparent fashion. Each layer "trusts" the other layers and depends on them working properly in order to accomplish successful communication.

The International Standards Organization (ISO)established a seven-layer internetworking model called Open System Interconnection (OSI) to serve as a blueprint for internetworking. It is an open model, that is, a model which defines the layers, their functions, and the associated protocols, but not the actual way to accomplish these functions. That gives more flexibility to vendors to use the technological solution they believe that best fits to their needs.

OSI is a reference model (not used so much in practise, because is very abstract) that is used to:

• Simplify the networking concept, dividing a complex task to several simpler tasks.
• Allow the interconnection of equipment from different vendors.

The layers of the OSI model from top-to-bottom are:

• Application layer (layer 7): Requires network resources and provides services to the end user. Examples of protocols include HTTP, FTP, etc.
• Presentation layer (layer 6): Concerned with the syntax of the data. Encryption, coding, and formatting are the functions of this layer. Very theoretical layer. Example of protocols include JPEG, MPEG, etc.
• Session layer (layer 5): Concerned with the communication between different applications. In other words, establish and terminates sessions. Very theoretical layer. Example of protocol include Xwindow.
• Transport layer (layer 4): Concerned with reliable end-to-end transfer of messages. Two major protocols: TCP (reliable or connection-oriented) and UDP (unreliable or connectionless).
• Network layer (layer 3): Best-effort (unreliable) transport of messages between different networks. Other tasks include Quality of Service (QoS), etc. Example of protocols include IPv4, IPv6, IPX, ICMP, etc.
• Data Link layer (layer 2): Concerned with the accessing of the information onto the media (media-dependent layer) and the detection (not correction) of errors. Many technologies are associated with this layer (e.g., PPP, Ethernet, HDLC, etc.). Consists of two sublayers, Logical Link Control (LLC) sublayer - the upper sublayer -, used for framing and communication with the upper layers, and Medium Access Control (MAC) - the lower sublayer -, used for accessing the media.
• Physical layer (layer 1): Concerned with the electrical and mechanical characteristics of the media. Includes cables and connectors types, message formatting (i.e., voltage values, frequencies, bit patterns, data rates, etc.), and physical topology (the way the devices are physically connected).

From layer 7 to layer 4 we have end-to-end communication. Layers 2 and 1 concerned with host-to-network communication(i.e., network access). Layer 3 has a flavor of both.

Layers 7 to LLC sublayer are implemented in software. MAC sublayer and physical layer are implemented in hardware.

Repeaters and hubs (multi-port repeaters) operate on layer 1. Switches operates on layer 2. Routers operate on layer 3 (connect different networks).

At the communication process between two hosts, data are passing from all the layers of the protocol stack (from top to bottom). Each layer at the source device adds a header (data link also adds a trailer or tail) which contains control information in order to accomplish its functions. This process is called encapsulation.

This header with the data of the upper layer forms a Protocol Data Unit (PDU). The PDU of layers 7 to 5 is referred as data. Layer 4 PDU is referred as segment (when TCP is used) or datagram (when UDP is used). Layer 3 PDU is referred as packet. Layer 2 PDU is referred as frame. Layer 1 PDU is referred as bit stream.

At the destination, the information goes through the protocol stack from bottom to the top. Each layer staps-off the header and moves up the PDU. This is called decapsulation.

The "virtual" communication between the same layers at the source and the destination devices is called peer communication (and these layers are called peer layers).

You have to understand that a network model is a theoretical approach to the networking function that helps us to simplify and understand the overall process.

Kotsos

In Server 2003 domian security policy helps you to set Password Protection.. 1)Password length 2)Password Complexity 3)Password Age (min age & max age) In Server 2003 domian security policy helps you to set Password Protection.. 1)Password length 2)Password Complexity 3)Password Age (min age & max age)Default and Recommended Password Policy Settings

=============================================== Policy Default Recommended Comments

Enforce password history

24 passwords remembered

(No change) Prevents users from reusing passwords.

Maximum password age

42 days

(No change)

N/A

Minimum password age

1 day

(No change)

Prevents users from cycling through their password history to reuse passwords.

Minimum password length

7 characters

(No change)

Sets minimum password length.

Password must meet complexity requirements

Enabled

(No change)

For the definition of a complex password, see "Creating a Strong Administrator Password" in the Establishing Secure Domain Controller Build Practices section.

Store password using reversible encryption

Disabled

(No change)

N/A

Default and Recommended Account Lockout Policy Settings

====================================================== Policy Default Recommended Reason

Account lockout duration

Not defined

0 minutes

The value 0 means that after account lockout an Administrator is required to reenable the account before account lockout reset has expired.

Account lockout threshold

0 invalid logon attempts

20 invalid logon attempts

The value 0 means that failed password tries never cause account lockout. Because an account lockout duration of 0 minutes (administrator reset) is recommended, a small number for this setting can result in frequent administrator interventions.

Reset account lockout counter after

Not defined

30 minutes

This setting protects against a sustained dictionary attack by imposing a nontrivial delay after 20 unsuccessful attempts.

Default and Recommended Kerberos Policy Settings

================================================ Policy Default Recommended Comments

Enforce user logon restrictions

Enabled

(No change)

N/A

Maximum lifetime for service ticket

600 minutes

(No change)

N/A

Maximum lifetime for user ticket

10 hours

(No change)

N/A

Maximum lifetime for user ticket renewal

7 days

(No change)

N/A

Maximum tolerance for computer clock synchronization

5 minutes

(No change)

Maximum tolerance between the client's and server's clocks.

Note: If you want to more information so you can visit http://www.iyogibusiness.com/

Web-of-trust

Answer Explanation: The web-of-trust model is very simple, and is most often associated with Pretty Good Privacy (PGP). This model operates without a central authority. Individuals create and sign certificates for people who are known and trusted. The decision of whether to trust another individual is left with the user.