What is Computer Networking?

Computer networking is the practice of interfacing two or more computer peripherals to share data. Computer networks are built with a combination of hardware & software.

Computer Network Classification and Area Networks

Computer networks can be classified in many different types. An approach defines the type of network according to the geographic area it covers. Local area networks (LAN), for example, generally cover a single home, school or small office building, while wide area networks (WAN) reach cities, states or even the entire world. Internet is the public WAN in the world.

Network Design

Computer networks also differ in their design approach. The two basic forms of network design are called client-server and point-to-point. Client-server networks have centralized server computers that store email, web pages, files and applications that are accessed by client computers and other client devices. In a point-to-point network, on the contrary, all devices tend to support the same functions. Client-server networks are common in business and point-to-point networks are common in homes.

A network topology defines the design or structure of the network from the point of view of the data flow. In bus networks, for example, all computers share and communicate through a common conduit, while in a star network, data flows through a centralized device. Common types of network topologies include bus, star, ring, & mesh.

Network Protocols

The communication languages used by computer peripherals are called network protocols. Another way to classify computer networks is to use all the protocols they support. Networks usually implement multiple protocols and each network supports specific applications. Popular protocols include TCP / IP, which is commonly found on the Internet and home networks.

Computer Network Hardware and Software

Special purpose communication devices, including network routers, access points, and network cables, physically bond a network. Network operating systems and other software applications generate network traffic and allow users to do useful things.

Home Computer Networking

While other types of networks are built and maintained by engineers, home networks belong to owners who often have little or no technical knowledge. Various manufacturers produce broadband router hardware designed to simplify the home network configuration. A home router allows devices in different rooms to efficiently share a broadband Internet connection, helps family members share files & printers on the network, and improves overall network security.

The capacity of home networks has increased with each generation of new technology. Years ago, people usually set up a home network to connect a few computers, share documents, and perhaps a printer. It is now common for households to network game consoles, digital video recorders and smartphones to stream video and audio. Home automation systems have also been around for many years, but their popularity has increased recently with the practical systems that control lighting, digital thermostats and appliances.

Business Computer Networks

Small and home office environments (SOHO) use technology similar to home networks. Organizations often have additional communications, data storage, and security requirements that require network expansion in different ways, especially as businesses grow.

While a home network generally functions as a LAN, a business network tends to contain multiple LANs. Companies with buildings in multiple locations use wide area networks to connect these branches. Although it is also available and used by some homes, voice over IP communication, network storage and backup technologies are prevalent in companies. Larger companies also maintain internal websites, called intranets, to help with employee business communication.

Networking and the Internet

The popularity of computer networks increased dramatically with the creation of the World Wide Web (WWW) in the 1990s. Public websites, peer-to-peer (P2P) file sharing systems, and many other services run on Internet servers around the world. world.

Wired vs Wireless Computer Networking

Many of the same protocols, such as TCP / IP, work on wired and wireless networks. Ethernet cable networks have predominated in businesses, schools and homes for several decades. Wi-Fi has emerged as the preferred option for building new computer networks, in part to support smartphones and other wireless devices that triggered the emergence of mobile networks.

This article was originally published on ------- Read More

How to Design a Secure Network Architecture

How to Design a Secure Network Architecture

For sophisticated security, there are some standard design principles that must be followed. Here are some of these principles:

Weak link security: On all systems there are some weak links that are not paid much attention to. Let's take an example: Consider the online site of a banking company. Some of the portal pages provide the most commonly used and rudimentary services (eg account transfer, account summary, etc.), but there are some pages (e.g. the policies / regulations page) that are rarely visited, if at all. Even though the latter may seem unimportant to the network architect and the user, it can still be a potential source of attack if a hacker finds a route through the page to another page of significantly greater importance. Developers often ignore these "weak links" because they do not see them as carrying important information that may interest the hacker, but these weak links have long been hackers' primary targets, so they need to be protected.

Fail-safe implementation: Any system can fail in times of chaos and failure is virtually inevitable. What a network architect needs to ensure is that the network / system does not fail to open. Therefore, proper fail-safe implementation is substantially important. John Viega says in his book, Building Secure Software, “Any sufficiently complex system will have failure modes. Failure is inevitable and must be planned. What is preventable are fault-related safety issues. The problem is that when many systems fail, they exhibit unsafe behavior. "

The Least Privilege Model: The Least Privilege Model dictates that whenever you need to grant someone permission and / or access to perform some actions on your resources, you must grant them as few privileges as possible.

Use cutting-edge cryptographic models and techniques: Encryption and other cryptographic techniques have become absolutely necessary for modern networks and systems. A network engineer should always use standard encryption techniques and also ensure periodic updates of all distributed keys and certificates.

Run vulnerability tests: No network is as secure as it seems. Be sure to run as many vulnerability tests as possible on your network before you make it active, as you can. The smaller the number of vulnerabilities, the greater your chances of developing a secure network architecture.

The OSI Model and the CISSP

The open system interconnection (OSI) model provides a framework for protocol implementation in the following seven layers:

(Note: The OSI model is not tangible and is just a concept through which we can understand how network communications occur)

Physical layer: This is the layer in which the bit stream / radio signal / electric pulse is transmitted.

Data link layer: In the data link layer, packets are encoded and decoded into bits.

Network layer: All switching and routing logic is implemented at the network layer.

Transport Layer: End-to-end flow control and information data integrity occur at the transport layer.

Session Layer: All session management tasks (establishment, maintenance, and termination, etc.) occur here.

Presentation Layer: This layer converts data from network format to application format (and vice versa) for presentation and transport purposes.

Application tier: All end-user (and application) processes occur at the application tier of the network.

The TCP/IP Model and the CISSP

Similar to the OSI model, the TCP / IP model is another framework through which we can explain (and build) our network protocols. It has the following four layers:

Network access layer: This is the first layer in the four layer model. All details of how data will be sent over the physical network are set here. The most commonly used protocols at the network access layer are FDDI, Ethernet, Token Ring, Frame Relay, X.25, etc.

Internet layer: The responsibility of the Internet layer is to group data into datagrams (data packets) that will be carried by the network access layer. These datagrams contain the source and destination addresses (can be IP addresses or logical recipients) that are used to forward the datagrams between multiple hosts as well as legacy networks. The most commonly used protocols in this layer are: Internet Protocol (IP), Reverse Address Resolution Protocol (RARP), Address Resolution Protocol (ARP), Internet Group Management Protocol (IGMP), and ICMP (Internet Protocol). Control Message Message).

Transport Layer: Like the OSI model transport layer, the TCP / IP model transport layer ensures data flow control and data integrity. The most famous protocols used at the transport layer are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Application tier: The application tier is responsible for converting data received from the transport layer into a format presentable to the end user. Some of the protocols worth mentioning at this level are: Telnet, SSH, Domain Name System (DNS), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Network Management Protocol (SNMP) , Dynamic Host Configuration Protocol (DHCP), X Windows, Remote Desktop Protocol (RDP), Simple Mail Transfer Protocol (SMTP), and so on.

Some implications

While multi-tier architectures allow protocol stacks to be deployed through different combinations of protocols, network devices, and programming interfaces, flexibility comes with a performance shift. Transitions between layers can lead to increased time costs and programming efforts. Data storage and transfer abstractions used at all layers also require data transformation at all layers. All of these can lead to huge performance disadvantages, as seen by [Crowcroft et al. 1992] [Clark 1982]. The DNP3 protocol also shares the same performance / efficiency disadvantages.

UNDERSTANDING IP NETWORKING

To communicate on an IP network, every device must have three different information; that is, the subnet mask, broadcast address, and IP address. All of these addresses are usually written as octets (for example, 198.41.11.151, 255.255.255.0, and 198.41.11.255).

All IP addresses are made up of two parts; one is the network part, which lets routers know which device group a packet should ideally visit, and the other is the host part, which allows routers to know the specific device to which the packet needs to be sent.

When managing IP addresses, a network architect can assign a distinct identity to each specific device. IP address classes can be viewed as:

Class	Network Portion	Hosts Allowed
A	From 1.0 to 127.0	Approx. 16 million
B	From 128.0 to 191.255	65,536
C	From 192.0 to 223.255.255	255

The Standard IP Subnet

Classes:

Classes	Subnet Mask
A	255.0.0.0
B	255.255.0.0
C	255.255.255.0

Some Examples of Broadcast Addresses are:

Class	Network	Subnet Mask	Broadcast
A	45.0.0.0	255.0.0.0	45.255.255.255
B	128.138.0.0	255.255.0.0	128.138.255.255
C	198.41.9.0	255.255.255.0	198.41.9.255
A*	45.21.16.0	255.255.252.0	42.21.19.255
C*	198.41.9.64	255.255.255.224	198.41.9.95

Software Defined Networking and CISSP

Software Defined Networking (SDN) is an emerging technology focused on replacing the physical network infrastructure with a software-controlled network design. It's dynamic, cost effective and adaptable, meaning it meets the high bandwidth needs of modern applications with peace of mind.

The SDN architecture is responsible for separating network control and routing functions, allowing the architect to manually program network control and abstract the underlying infrastructure for network services and applications. Following are some of the features of an SDN architecture:

Agility: The ability to bypass routing control allows administrators to dynamically adjust network-wide traffic and meet changing needs.

Central Management: SDN controllers are responsible for maintaining a global view of the entire network. This is apparent to policy engines and applications as a concrete logical option.

The ability to be programmatically configured: Probably the best part of an SDN infrastructure is that it can be programmed. It allows network managers to add configurations at will. This enables better management, security and optimization of network resources via automated SDN code, which programmers of course have the luxury of writing for themselves.

Directly programmable: All network control can be programmed directly because, as already mentioned, it is kept segregated from routing functions.

Vendor Neutrality: If you deploy an infrastructure using open standards, SDN allows you to simplify network design and eventual operation. This is because instructions are not blocked by the vendor but are obtained from SDN controllers.

COVERAGED PROTOCOLS

The converged protocol model promotes the transport and transmission of various types of data / traffic (such as voice, data, video, images, etc.) in a single converged network.

ETHERNET FIBER CHANNEL (FCoE):

FCoE, or Fiber Channel over Ethernet, is a sophisticated storage protocol that allows Fiber Channel communications to be performed directly over Ethernet. All Fiber Channel traffic can be moved through the Ethernet infrastructure already in place. More information about the protocol can be found here.

MULTI-PROTOCOL LABEL SWITCH (MPLS):

MPLS is a technique by which the performance of telecommunications networks can be enhanced using sophisticated data transport techniques. It directs data from one node to the next, depending on short-path labels rather than heavy network addresses. This avoids tedious routing table lookups. Labels can identify the virtual link (path) between distant nodes instead of endpoints.

Voice over IP (VOIP):

As the name implies, Voice over Internet Protocol (VOIP) is a technology that allows you to make voice calls using an Internet connection (instead of a telephone line). Some VoIP services may allow you to call only people who use the same service, but others allow you to call anyone who can be reached by a telephone number (including long distance calls and international numbers). VoIP works by encapsulating audio in data packets through a codec, transmitting them over an IP network, and decapsing them back to audio at the receiver end. Endpoints on a VoIP network include softphone applications (running on computers), WebRTC-enabled browsers, mobile devices, and VoIP phones.

FINAL WORD:

The security and integrity of communications on a network can only be ensured if standard network design principles are remembered by the engineer during the configuration of the network infrastructure.

This article was originally published on ------- Read More

What Does A Security Engineer Do?

          

         

A security engineer creates and updates IT security solutions for an organization. At this mid-level position, you will develop the security of your company's systems and projects, as well as potential technical issues. Security engineers identify IT threats and software vulnerabilities, create and test robust security systems (such as firewalls), and act as a "security officer" for policies and procedures.

It is a job that often requires in-depth knowledge of technical skills (for example, secure network architectures, secure coding practices, protocols, etc.) and a good amount of previous work experience. As always, the scope of a safety engineer's responsibilities depends on the size and complexity of the organization.

Security Engineer Job Responsibilities

Every day you may be challenged to:

• Create new ways to solve existing production safety problems
• Configure and install firewalls and intrusion detection systems
• Conduct vulnerability testing, risk analysis, and security assessments.
• Develop automation scripts to manage and track incidents
• Investigate intrusion incidents, conduct forensic investigations, and prepare incident responses
• Collaborate with colleagues in authentication, authorization and encryption solutions.
• Evaluate new technologies and processes that enhance security features.
• Test security solutions using standard analysis criteria
• Provide technical reports and official documents on test results
• Respond to information security issues at all stages of a project's life cycle
• Oversee changes in software, hardware, facilities, telecommunications, and user needs
• Define, implement and maintain corporate security policies.
• Review and advice on new program security and compliance technologies
• Recommend changes in legal, technical, and regulatory areas that affect IT security

          In a large company, you will usually report to Security Manager.

Security Engineer Career Path

Once you have made a name as a security engineer, you may be interested in positions with more administrative supervision and professional flexibility:

• Security architect
• Security manager
• Security consultant

From there, it could make its way to a C-suite position such as:

• Security director
• CISO

Security Engineer Vs Security Analyst

To put it in terms of Sesame Street, security engineers like to fix the systems and security analysts try to break them. Analysts are more concerned with the search for risks and weaknesses (pen testing, auditing, etc.); Engineers are more determined to build robust security solutions (firewalls, IDS, etc.).

That said, we have seen many crosses in job descriptions. "Security Analyst / Engineer" posts are quite common.

Similar job

The term "safety engineer" has some immediate brothers in the labor market:

• Network Security Engineer
• Information Assurance Engineer
• Information Security Engineer
• Information Systems Security Engineer

This article was originally published on ------- Read more