1.0 DESCRIPTION OF UNIT:
The importance of networked solutions in the business world grows each year. The increasing sophisticated technologies and widening user base means a fundamental understanding of networks is essential for many. The aim of this unit is to provide a rigorous introduction to network.
This unit will clarify the issues associated with network use and how this has developed. It will identify the architectural concepts behind networking and help develop the preliminary skills necessary to install and manage networks.
1.1 OBJECTIVES:
On completion of this unit, you should be able to:
- Know about the evolution of Networks.
- Understand the Benefit of Networks.
- Understand the working of E-mail & WWW.
- Enumerate the various cost, performance, security and utility values associated with the installation of a network.
- Provide an overview of a network operating system and how it works.
1.2 BASIC NETWORK CONCEPTS
Networks are an interconnection of computers. These computers can be linked together using a wide variety of different cabling types, and for a wide variety of different purposes.
The basis reasons why computers are networked are
- Cost reduction by sharing hardware & software resources.
- High reliability by having multiple sources of supply.
- Cost reduction by downsizing to microcomputer based networks instead of using mainframes.
- Greater flexibility because of possibility to connect devices from various vendors.
- Increase productivity by making it easier to share data amongst users
Take for example a typical office scenario where a number of users in a small business require access to common information. As long as all user computers are connected via a network, they can share their files, exchange mail, schedule meetings, send faxes and print documents all from any point of the network.
It would not be necessary for users to transfer files via electronic mail or floppy disk, rather, each user could access all the information they require, thus leading to less wasted time and hence greater productivity.
Imagine the benefits of a user being able to directly fax the Word document they are working on, rather than print it out, then feed it into the fax machine, dial the number etc.
1.2.1
ADVANTAGES AND DISADVANTAGES OF COMPUTER NETWORKS:
Advantages:
Price/Performance Ratio
Reliability
Accessible Resources
Incremental Growth of Computing Power
Disadvantages
Disk space management
Resource management
Network Architecture management
1.3
CHARACTERISTICS OF DIFFERENT SYSTEMS:
1.3.1 Stand Alone System
Description: One
Computer
Advantage: Isolation
- Security is simple
Disadvantage:
Limited Resources; no communication
1.3.2 Network Systems
Description: Stand
alone computers plus communications
Advantage: Resource
sharing, message passing
Disadvantage:
Security risks; complexity in programs using remote resources
1.3.3 Distributed System
Description: Network
plus transparency
Advantage: Redundant
resources; adapt to system load; compensate for down systems
Disadvantage:
Additional overhead to keep replicated files consistent, to search for needed
resources, to protect against conflicts in access
1.4
EVOLUTION OF NETWORKS
Computer Networking has evolved under several different models to respond to different needs and according to the way they process data. These models are Centralized, Distributed, and Collaborative.
1.4.1 Centralized computing
In early computer systems around 1950’s,were large, difficult to manage and expensive. These central computers were called as mainframes and they were used to store, process and arrange data. Jobs were entered into the system by reading commands from card decks. The computer would execute one job at a time and generate a printout when the job was complete. Terminals, which enabled users to interact with the centralized computer, were a much later development.
In the computing environment of the mainframe world, all processing and data storage are centralized in the mainframe computer. Terminals are simple devices that display characters on screens and accept typed input. Networks developed when it became necessary for the mainframe computers to share information and services.
Advantages
of centralized computing
Ease of back up
Security.
Low cost.
Disadvantages
of centralized computing:
Slow network access.
Fewer options.
1.4.2 Distributed computing
As personal computers were introduced to organizations, a new model of distributed computing emerged. Instead of concentrating computing in a central device, PCs made it possible to give each worker an individual computer. Each PC can process and store data independently.
Under the distributed computing model, networking has evolved to enable the many distributed computers to exchange and share resources and services.
Advantages
of Distributed computing:
Quick access.
Multiple uses.
Disadvantages
of Distributed computing:
Virus susceptibility.
Backup difficulty.
File synchronization.
1.4.3 Collaborative computing
Also called Cooperative computing, collaborative computing enables computers in a distributed computing environment to share processing power in addition to data, resources and services. In collaborative computing environment, computers might “borrow” processing power by running programs on other computers on the network, or processes might be designed so they will run on two or more computers. Obviously, collaborative computing cannot take place without a network to enable the various computers to communicate.
Advantages
of Collaborative computing
Extremely fast.
Multiple uses.
Disadvantages
of Distributed computing
Susceptible to viruses.
Difficult to back up.
Difficult file synchronization.
1.5
NETWORK ARCHITECTURE
1.5.1 Client/server Architecture:
Client/Server architecture is one in which the client (personal computer or workstation) is the requesting machine and the server is the supplying machine, both of which are connected via a local area network (LAN) or wide area network (WAN). Since the early 1990s, client/server has been the buzzword for building applications on LANs in contrast to centralized minis and mainframes with dedicated terminals.
The client contains the user interface and may perform some or all of the application processing. Servers can be high-speed microcomputers, minicomputers or even mainframes. A database server maintains the databases and processes requests from the client to extract data from or update the database. An application server provides additional business processing for the clients.
The term client/server is sometimes used to contrast a peer-to-peer network, in which any client can also act as a server. In that case, client/server means nothing more than having a dedicated server.
However, client/server architecture means more than dedicated servers. Simply downloading files from or sharing programs and databases on a server is not true client/server either. True client/server implies that the application was originally designed to run on a network and that the network infrastructure provides the same quality of service as traditional mini and mainframe information systems.
The network operating system (NOS) together with the database management system (DBMS) and transaction monitor (TP monitor) are responsible for integrity and security.
NON-CLIENT/SERVER
In non-client/server architecture, the server is nothing more than a remote disk drive. The user's machine does all the processing. If many users routinely perform lengthy searches, this can bog down the network, because each client has to pass the entire database over the net. At 1,000 bytes per record, a 10,000 record database requires 10MB of data be transmitted.
TWO-TIER CLIENT/SERVER
Two-tier client/server is really the foundation of client/server. The database processing is done in the server. An SQL request is generated in the client and transmitted to the server. The DBMS searches locally and returns only matching records. If 50 records met the criteria, only 50K would be transmitted. This reduces traffic in the LAN.
THREE-TIER CLIENT/SERVER
Many applications lend themselves to centralized processing. If they contain proprietary algorithms, security is improved. Upgrading is also simpler. Sometimes, programs are just too demanding to be placed into every client PC. In three-tier client/server, application processing is performed in one or more servers.
1.5.2
Peer – to – Peer Architecture
A type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architectures, in which some computers are dedicated to serving the others. Peer-to-peer networks are generally simpler and less expensive, but they usually do not offer the same performance under heavy loads.
1.6
REVIEW OF REMOTE ACCESS:
The main goal of Networks is to make all programs, equipment, and data available to anyone on the network without regard to the physical location of the resource and the user. Users need to share resources other than files, as well, a common example being printers. Printers are utilized only a small percentage of the time; therefore, companies don’t want to invest in a printer for each computer. Networks can be used in this situation to allow all the users to have access to any of the available printers.
Network users are no longer limited to sharing information with their officemates. They can share information throughout the building, the city, the country, and the world. This is possible due to the wide variety of options for connecting networks. Some of these options include satellites, lasers, and telephone lines. This is most evident in the Internet. With the increased popularity of the Internet, users not only gather and share information with other users in their company but also with their clients throughout the world.
1.6.1 E-MAIL
In its simplest form, e-mail is an electronic message sent from one computer to another. You can send or receive personal and business-related messages with attachments, such as pictures or formatted documents. You can even send computer programs.
How
E-Mail Works
It can take days to send a letter across the country and weeks to go around the world. To save time and money, more and more people are using electronic mail. It's fast, easy and much cheaper than the post office.
Let's say you have a small business with sales reps working around the country. How do you keep in touch without running up a huge phone bill? Or what about keeping in touch with far-flung family members? E-mail is the way to go. It's no wonder e-mail has become the most popular service on the Internet.
Just as a letter makes stops at different postal stations along its way, e-mail passes from one computer, known as a mail server to another as it travels over the Internet. Once it arrives at the destination mail server, it is stored in an electronic mailbox until the recipient retrieves it. This whole process can take seconds, allowing you to quickly communicate with people around the world at any time of the day or night.
To receive e-mail, you must have an account on a mail server. This is similar to having an address where you receive letters. One advantage over regular mail is that you can retrieve your e-mail from a remote location. Once you contact your mail server, you can download your messages.
To send e-mail, you need a connection to the Internet and access to a mail server which can forward your mail. The standard protocol used for sending e-mail on the Internet is called SMTP, for Simple Mail Transfer Protocol. It works in conjunction with POP servers. POP stands for Post Office Protocol.
When you send an e-mail message, your computer sends it to an SMTP server. The server looks at the e-mail address (like the address on an envelope), then forwards it to the recipient's mail server. When the message is received at the destination mail server, it is stored until the addressee retrieves it. You can send e-mail to anyone who has an e-mail address, anywhere in the world. Remember, almost all Internet service providers (ISPs) and all major online services offer an e-mail address with every account.
Sending
An E-Mail Message
STEP
-1
Open your e-mail program and launch a new message window by clicking on the appropriate icon.
STEP-2
In the TO box, type in the name of the recipient. It should take this form: recipient@domain.com. Make sure you enter the address correctly or the message will return to you.
You can send a message to more than one person by entering multiple addresses. Just put a semi-colon (;) between each address.
Your return address is automatically sent to the recipient.
STEP-3
Type in the subject of the e-mail.
STEP-4
Write your message in the message window. You can also copy text from a word processing program and paste it into the window.
STEP-5
Click on the Send icon or select Send from the File menu.
Understanding
E-Mail Addresses
Internet e-mail addresses typically have two main parts:
professor@ignou.edu
First there is the user name (professor) which refers to the recipient's mailbox. Then there's an axon sign (@). Next comes the host name (ignou), also called the domain name. This refers to the mail server, the computer where the recipient has an electronic mailbox. It's usually the name of a company or organization. Finally, there's a dot (.) followed by three letters (com) that indicate the type of domain.
An address ending with .com typically means that the host is a business, commercial enterprise, or an online service like America Online. Most companies use this extension.
A host name ending with .edu usually means that the host is a university or educational facility. .org indicates the host is a non-commercial organization.
Other extensions you might encounter are .mil for military and .net for network. The latter tends to be reserved for organizations such as Internet service providers. By the way, there are plans to add seven additional top-level domains, such as .web and .nom, but when this will happen is anyone's guess.
For e-mail addresses outside of the United States, there is often a [DOT] followed by two letters representing the country. For instance, .ca indicates Canada, .de indicates Germany and .nz indicates New Zealand.
Difference
Between An E-Mail Address And The Address Of A Website.
1.6.2
INTRANET
Intranet is a network based on TCP/IP protocols (an internet) belonging to an organization, usually a corporation, accessible only by the organization's members, employees, or others with authorization. An intranet's Web sites look and act just like any other Web sites, but the firewall surrounding an intranet fends off unauthorized access.
Like the Internet itself, intranets are used to share information. Secure intranets are now the fastest-growing segment of the Internet because they are much less expensive to build and manage than private networks based on proprietary protocols.
ADVANTAGES
& DISADVANTAGES OF INTRANET
There
are lots of benefits, including:
Universal Communication - Any individual and/or department on the Intranet can interact with any other individual/department and beyond to partners and markets.
Performance - on inherently a high-bandwidth network, the ability to handle audio clips and visual images increases the level and effectiveness of communication
Reliability - Intranet technology is proven, high robust and reliable.
Cost - Compared with proprietary networking environments, Intranet technology costs are surprisingly low.
Standards - the adoption of standard protocols and API’ such as MIME, Windows Sockets, TCP/IP, FTP, and HTML deliver a fast-track series of tools which allows infrastructures to be build, restructured and enhanced to meet changing business needs as well as allowing standards-based intercommunication between external partners, agencies and potential customers.
Surely there are drawbacks?
Of course! Any approach to information systems has limitations.In the case of Intranets, the constraints include:
Performance limitations - some applications that have been well optimise for conventional and proprietary systems create a heavy system workload when migrating them to an Internet platform or merging them with Intranet presentation; this problem will reduce with enhanced Internet technologies and continuing improvements in hardware price-performance.
Presentational issues - some people whose experience is rooted in paper presentation want web pages (for example) to look like printed equivalents, and burden the systems and their users with unnecessary and sometimes tedious "graphics", which often get in the way of the information rather than making it more accessible and attractive. This is really a learning curve matter, at some stage the users' real needs tend to come to the fore.
The "me too" syndrome - the Internet world spawns innovations on a daily or even an hourly basis. Its very difficult when a novelty first appears to know whether its a genuine advance or a passing fad, but some systems people can't resist the urge to use the newest capabilities. There's also a tendency for suppliers to promote new application function that will only optimise with next generation technologies, and that can cripple the two, three or four year old systems that most people use at any particular time. These problems can be avoided by confident management that manages change in a progressive but deliberate way.
TECNOLOGY
COMPONENTS OF INTRANET
Main Technology Components of the Intranet are:
Communications Protocol - The ability to connect and communicate between networks and individual desktop devices
File Transfer - the ability to transfer files between point-to-point locations
Mail - The ability to provide direct point-to-point communications between individuals or groups
Web Browsing - The ability to provide access to information on a one to many basis, on demand.
Terminal Emulation - The ability to access existing infrastructure applications
User Interfaces - The ability to deliver the increasing technical complexity to the desktop in a transparent, seamless and intuitive manner.
During the evolution of the Internet, a series of applications have been created to meet the specific needs of each component area. Within each of these areas the survival of the fittest has brought several specific best-of-breed applications and standards. For example, the FTP protocol standard for file transfer, the Netscape technology for web browsing, the MIMI standard for transparent distribution of all file formats, and HTML syntax as the language of the Web.
1.6.3 INTERNET
Internet is a global network connecting millions computers. As of 1998, the Internet has more than 100 million users worldwide, and that number is growing rapidly. More than 100 countries are linked into exchanges of data, news and opinions.
Unlike online services, which are centrally controlled, the Internet is decentralized by design. Each Internet computer, called a host, is independent. Its operators can choose which Internet services to use and which local services to make available to the global Internet community. Remarkably, this anarchy by design works exceedingly well.
There are a variety of ways to access the Internet. Most online services, such as America Online, offer access to some Internet services. It is also possible to gain access through a commercial Internet Service Provider (ISP).
HISTORY
OF THE INTERNET
In the 1960s, researchers began experimenting with linking computers to each other and to people through telephone hook-ups, using funds from the U.S Defense Department's Advanced Research Projects Agency (ARPA).
ARPA wanted to see if computers in different locations could be linked using a new technology known as packet switching, which had the promise of letting several users share just one communications line. Previous computer networking efforts had required a line between each computer on the network, sort of like a train track on which only one train can travel at a time. The packet system allowed for creation of a data highway, in which large numbers of vehicles could essentially share the same lane. Each packet was given the computer equivalent of a map and a time stamp, so that it could be sent to the right destination, where it would then be reassembled into a message the computer or a human could use.
This system allowed computers to share data and the researchers to exchange electronic mail, or e-mail. In itself, e-mail was something of a revolution, offering the ability to send detailed letters at the speed of a phone call.
As this system, known as ARPANet, grew, some enterprising college students (and one in high school) developed a way to use it to conduct online conferences. These started as science-oriented discussions, but they soon branched out into virtually every other field, as people recognized the power of being able to "talk" to hundreds, or even thousands, of people around the country.
In the 1970s, ARPA helped support the development of rules, or protocols, for transferring data between different types of computer networks. These "internet" (from "internetworking") protocols made it possible to develop the worldwide Net we have today that links all sorts of computers across national boundaries. By the close of the 1970s, links developed between ARPANet and counterparts in other countries. The world was now tied together in a computer web.
By the close of the 1970s, links developed between ARPANet and counterparts in other countries. The world was now tied together in a computer web.
In the 1980s, this network of networks, which became known collectively as the Internet, expanded at a phenomenal rate. Hundreds, then thousands, of colleges, research companies and government agencies began to connect their computers to this worldwide Net. Some enterprising hobbyists and companies unwilling to pay the high costs of Internet access (or unable to meet stringent government regulations for access) learned how to link their own systems to the Internet, even if "only" for e-mail and conferences. Some of these systems began offering access to the public. Now anybody with a computer and modem -- and persistence -- could tap into the world.
In the 1990s, the Net grows at exponential rates. Some estimates are that the volume of messages transferred through the Net grows 20 percent a month. In response, government and other users have tried in recent years to expand the Net itself. Once, the main Net "backbone" in the U.S. moved data at 1.5 million bits per second. That proved too slow for the ever increasing amounts of data being sent over it, and in recent years the maximum speed was increased to 1.5 million and then 45 million bits per second. Even before the Net was able to reach that latter speed, however, Net experts were already figuring out ways to pump data at speeds of up to 2 billion bits per second -- fast enough to send the entire Encyclopedia Britannica across the country in just one or two seconds.
Another major change has been the development of commercial services that provide internetworking services at speeds comparable to those of the government system. In fact, by mid-1994, the U.S. government had removed itself from any day-to-day control over the workings of the Net, as regional and national providers continue to expand.
HOW
THE WEB WORKS
The Web physically consists of your personal computer, web browser software, a connection to an Internet service provider, computers called servers that host digital data and routers and switches to direct the flow of information.
The Web is known as a client-server system. Your computer is the client; the remote computer that stores electronic files is the server. Here's how it works:
Let's say you want to pay a visit to the the Louvre museum website. First you enter the address or URL of the website in your web browser (more about this in a while). Then your browser requests the web page from a web server located in Paris. The Louvre's server sends the data over the Internet to your computer. Your web browser interprets the data and displays it on your computer screen.
The Louvre's website also has links to the websites of other museums, such as the Vatican Museum. With a click of your mouse on a link, you can access the web server in Rome.
The glue that holds the Web together is called hypertext and hyperlinks. This feature allow electronic files on the Web to be linked so that you can easily jump between them. On the Web, you navigate through pages of information based on what interests you at that particular moment. This is commonly known as browsing or surfing the Net.
To access the Web you need software, such as Netscape Navigator or Microsoft Internet Explorer, known as web browsers. How does your web browser distinguish between web pages and other files on the Internet? Web pages are written in a computer language called HTML, which stands for Hypertext Markup Language.
CONNECTING
TO THE INTERNET
Choosing Your Connection
Before you start looking for an Internet service provider, you should have a good idea of the type of connection you will need. The connection you need depends on how you plan to use the Internet. Small LANs will focus on dial-up and ISDN connections. Large companies may have their own dedicated high-bandwidth connections, which are more complex than those discussed in this chapter.
Dialing in to the Internet
If your network is very small, you may be able to use a dial-up Internet connection with a modem. This connection is usually adequate to serve up to four or five people. Depending on whether you plan to use this connection twenty-four hours a day or only on demand, it may be a very inexpensive solution.
Most ISPs now provide unlimited dial-up accounts for less than $30 per month. These are not intended to be connected twenty-four hours per day, seven days per week. If you need to connect to the Internet only occasionally, this may work for you. You can configure to WinGate computer to dial up when a computer attempts to connect to the Internet, and then hang up after a set amount of idle time passes.
If you need higher speed than a modem can provide, you may need a dial-up ISDN account. Integrated Services Digital Network allows for high-speed connections over normal telephone lines. With an ISDN connection, you can connect to the Internet at 128 kbps. Unlike the current 56kbps modems, ISDN provides speeds of 128 kbps in both directions, not just when downloading to your LAN. Dial-up ISDN accounts are becoming more common for use with ISPs. Before, the only way you could connect to an ISP with ISDN was with an expensive dedicated connection. An ISDN connection can easily handle ten to twenty users.
Dedicating the Connection
If your Internet connection needs to be available any time, you need a dedicated connection. Dedicated connections are more expensive than dial-up connections. Dedicated connections can use either modems or ISDN, depending on what you need and want to spend.
The first step to adding an Internet connection to your LAN is to add the TCP/IP protocol to your workstations.
1.6.4
WEB BROWSERS
A web browser is the software program you use to access the World Wide Web, the graphical portion of the Internet. The first browser, called NCSA Mosaic, was developed at the National Center for Supercomputing Applications in the early '90s. The easy-to-use point-and-click interface helped popularize the Web, although few then could imagine the explosive growth that would soon occur.
Although many different browsers are available, Microsoft Internet Explorer and Netscape Navigator are the two most popular ones. Netscape and Microsoft have put so much money into their browsers that the competition can't keep up. The pitched battle between the two companies to dominate the market has lead to continual improvements to the software. Version 4.0 and later releases of either browser are excellent choices. (By the way, both are based on NCSA Mosaic.) You can download Explorer and Navigator for free from each company's website. If you have one browser already, you can test out the other. Also note that there are slight differences between the Windows and MacIntosh versions.
Browsers come loaded with all sorts of handy features. Fortunately, you can learn the basics in just a few minutes, then take the time to explore the advanced functions.
Both Explorer and Navigator have more similarities than differences, so we'll primarily cover those. For the most up-to-date information about the browsers, and a complete tutorial, check the online handbook under the Help menu or go to the websites of the respective software companies.
Browser Anatomy
When you first launch your web browser, usually by double-clicking on the icon on your desktop, a predefined web page, your home page, will appear. With Netscape Navigator for instance, you will be taken to Netscape's NetCenter.
THE
TOOLBAR
The row of buttons at the top of your web browser, known as the toolbar, helps you travel through the web of possibilities, even keeping track of where you've been. Since the toolbars for Navigator and Explorer differ slightly, we'll first describe what the buttons in common do:
The Back button returns you the previous page you've visited.
Use the Forward button to return to the page you just came from.
Home takes you to whichever home page you've chosen. (If you haven't selected one, it will return you to the default home page, usually the Microsoft or Netscape website.)
Reload or Refresh does just that, loads the web page again. Why would you want to do this? Sometimes all of the elements of a web page haven't loaded the first time, because the file transfer was interrupted. Also when you download a web page, the data is cached (pronounced cashed), meaning it is stored temporarily on your computer. The next time you want that page, instead of requesting the file from the web server, your web browser just accesses it from the cache. But if a web page is updated frequently, as may be the case with news, sports scores or financial data, you won't get the most current information. By reloading the page, this timely data is updated.
Print lets you make a hard copy of the current document loaded in your browser.
The Stop button stops the browser from loading the current page.
Search connects to pages on the Microsoft or Netscape websites that list a number of Internet directories and search tools.
Bookmarks or Favorites is where you can record the addresses of website you want to revisit. Once you add a URL to your list, you can return to that web page simply by clicking on the link in your list, instead of retyping the entire address.
The Location Bar
Just under the toolbar, you will see a box labeled "Location," "Go To," or "Address." This is where you type in the address of a website you want to visit. After you enter it, press the Return or Enter key to access the site.
By clicking the small triangle to the right of the Location box, you will get a drop down list of the most recent websites you have visited. To revisit a site, just click on the address.
The Menu Bar
Located along the top of the browser window, the menu bar offers a selection of things you can do with a web page, such as saving it to your hard drive or increasing the size of the text on a page. Many of the choices are the same as the buttons on the toolbar below, so don't try to learn everything now. Click once on a word to access the drop-down menu, then click on the appropriate selection you want to make.
The Access Indicator
Both Navigator and Explorer have a small picture in the upper right hand corner of the browser. When this image is animated, it means that your browser software, known as a client, is accessing data from a remote computer, called a server. The server can be located across town or on another continent. Your browser downloads these remote files to your computer, then displays them on your screen. The speed of this process depends a number of factors: your modem speed, your Internet service provider's modem speed, the size of the files you are downloading, how busy the server is and the traffic on the Internet.
The Status Bar
At the bottom of the web browser you'll find a window known as a status bar. You can watch the progress of web page transactions, such as the address of the site you are contacting, whether the host computer has been contacted and the size of the files to be downloaded.
The Scroll Bar
The vertical bar to the right of the browser lets you scroll a down and up a long web page. You can do this by placing your arrow cursor on the up or down arrows and holding down your left mouse key. You can also place the arrow on the slider control, hold down the left mouse key and drag the slider.
If a web page is too wide to fit your screen, a horizontal scroll bar will appear at the bottom on your browser window. This scroll bar works the same way.
SOME BROWSER TRICKS
As with most software, there is more than one way to accomplish a task. Here are a few other features to help you navigate:
As you hop from page to page and website to website, your browser remembers where you've been. With Navigator, select History from the drop-down list under the Communicator menu. With Internet Explorer, click the History button on the toolbar. There you'll find a history of all the web pages you have visited during a specified period of time. To revisit a page, just click on the address.
Another way move between pages with Navigator is by clicking the right mouse button. A pop-up menu will appear and you can choose to move forward or back.
Speed
Up Downloads
While text downloads quickly, images can really slow things down. There are two ways to speed things up.
Since text appears first, after it loads, click the STOP button. The images won't appear, but should you want to look at an image, use the right mouse button to click on the image icon, then select View Image. You can view websites in text-only mode by turning off the auto-loading of images function under the Options menu.
DOMAIN
A group of computers and devices on a network that are administered as a unit with common rules and procedures. Within the Internet, domains are defined by the IP address. All devices sharing a common part of the IP address are said to be in the same domain.
Domain
Name
A name that identifies one or more IP addresses. For example, the domain name microsoft.com represents about a doze IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL http://www.ignou.edu/index.html, the domain name is ignou.edu
Every domain name has a suffix that indicates which top-level (TLD) domain it belongs to. There are only a limited number of such domains. For example:
gov - Government agencies
edu - Educational institutions
org - Organizations (nonprofit)
mil - Military
com - commercial business
net - Network organizations
ca - Canada
th - Thailand
Due to a shortage of domain names at the top level, the Internet Ad Hoc Committee (IAHC) proposed six new top-level domains, which have been started since 1998:
store - merchants
web - parties emphasizing Web activities
arts - arts and cultural-oriented entities
rec - recreation/entertainment sources
info - information services
nom - individuals
Because the Internet is based on IP addresses, not domain names, every Web server requires a Domain Name System (DNS) server to translate domain names into IP addresses.
1.6.5
SEARCH ENGINES
A program that searches documents for specified keywords and returns a list of the documents where the keywords were found. Although search engine is really a general class of programs, the term is often used to specifically describe systems like Alta Vista and Excite that enable users to search for documents on the World Wide Web and USENET newsgroups.
Typically, a search engine works by sending out a spider to fetch as many documents as possible. Another program, called an indexer, then reads these documents and creates an index based on the words contained in each document. Each search engine uses a proprietary algorithm to create its indices such that, ideally, only meaningful results are returned for each query.
AltaVista creates complete indexes of every word on every web page or Usenet newsgroup it encounters, allowing you to make highly targeted searches. AltaVista searches by keywords, which it derives from the text of a web page. It indexes millions of web pages and articles from Usenet newsgroups. AltaVista updates its information constantly and each page returned from the search is given a date and time from AltaVista's most recent update.
Excite : An interesting feature of Excite is its "Confidence Rating," a percentage rating given to each of the results it returns; a higher percentage indicates a closer match to your original query. In addition, Excite gives you the option to view more documents similar to those described in that particular result. Finally, Excite is available in a number of languages.
HotBot performs fast and powerful keyword searches of websites and newsgroups. Search results are ranked according to a confidence rating. You can search for images, video and MP3 files and also search in nine different languages.
InfoSeek, part of the Go Network, searches by keywords, scanning the information in its database. With InfoSeek, you can search a variety of databases, including the Web and Usenet. InfoSeek gives a score to your search results and returns the "best" matches to your query.
Lycos is a web-indexing robot. That means Lycos software robots actually go out and travel the Internet every day looking for new Web, Gopher and FTP sites. Lycos searches by keywords, assigning a percentage rating for relevancy of each search return. An interesting feature of this search engine is the ability to locate pictures and sounds on the Web.
Yahoo!, the most popular hierarchical directories, is a good starting point. You can search by subject, or like the other search engines, you can specify a search term. Yahoo! works well if you're searching for general information on a subject, but because of the way information is indexed in Yahoo, you probably won't get great results if you're looking for something specific or very recent.
1.6.6
UNDERSTANDING THE WEB ADDRESS
URL is the abbreviation of Uniform Resource Locator, the global address of documents and other resources on the World Wide Web.
The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located.
For example, the two URLs below point to two different files at the domain ignou.edu. The first specifies an executable file that should be fetched using the FTP protocol; the second specifies a Web page that should be fetched using the HTTP protocol:
ftp://www. ignou.edu. /stuff.exe
http://www. ignou.edu. /index.html
1.6.7 DIFFERENCE BETWEEN THE INTERNET & INTRANET
So what is the difference between the Internet and Intranet? Mainly the location of the information and who has access to it.
Internet is public, global and wide open to anyone who has an Internet connection.
Intranets are restricted to people who are connected to the private company network. Other than that, they work essentially the same way.
1.7
TYPES OF COMPUTER NETWORKS:
1.7.1
LAN
LAN stands for Local Area Network. It is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a wide-area network (WAN).
Most LANs connect workstations and personal computers. Each node (individual computer ) in a LAN has its own CPU with which it executes programs, but it is also able to access data and devices anywhere on the LAN. This means that many users can share expensive devices, such as laser printers, as well as data. Users can also use the LAN to communicate with each other, by sending e-mail or engaging in chat sessions.
There are many different types of LANs Ethernets being the most common for PCs. Most Apple Macintosh networks are based on Apple's AppleTalk network system, which is built into Macintosh computers.
The following characteristics differentiate one LAN from another:
topology : The geometric arrangement of devices on the network. For example, devices can be arranged in a ring or in a straight line.
protocols : The rules and encoding specifications for sending data. The protocols also determine whether the network uses a peer-to-peer or client/server architecture.
media : Devices can be connected by twisted-pair wire, coaxial cables, or fiber optic cables. Some networks do without connecting media altogether, communicating instead via radio waves.
LANs are capable of transmitting data at very fast rates, much faster than data can be transmitted over a telephone line; but the distances are limited, and there is also a limit on the number of computers that can be attached to a single LAN.
The
typical characteristics of a LAN are:
· Small areas, usually in one office or building.
· High speed.
· Most inexpensive equipment.
· Low error rates.
1.7.2
MAN
MAN is the short form for Metropolitan Area Network, it is a data network designed for a town or city. In terms of geographic breadth, MANs are larger than local-area networks (LANs), but smaller than wide-area networks (WANs). MANs are usually characterized by very high-speed connections using fiber optical cable or other digital media.
- Larger area than a LAN - usually a large campus or organization spread over a city size area.
- Slower than a LAN but faster than a WAN.
- Expensive equipment.
- Moderate error rates.
1.7.3
WAN
WAN stands for Wide Area Network. It is a computer network that spans a relatively large geographical area is called a WAN. Typically, a WAN consists of two or more local-area networks (LANs). They can connect networks across cities, states, countries, or even the world.
Computers connected to a wide-area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet.
The
typical characteristics of a WAN are :
- Can be as large as worldwide.
- Usually much slower than LAN speed.
- Highest possible error rate compared to LAN & MAN.
- Expensive equipment.
1.8
NETWORK APPLICATION:
1.8.1 Sharing Resources
To share any resource on your computer, File and Printer Sharing must first be enabled. This is under Control Panel->Networks->File and Printer Sharing.
Once this is enabled, passwords may be assigned to each resource that is made available. Users cannot use that resource unless they know the password.
To share a resource such as a directory where sales reports are kept, start Windows Explorer and right mouse click the directory that is to be shared. In the diagram below, this has been done on the sub-directory temp on drive c:.
Clicking on the Sharing property brings up the following dialog box.
This allows the user to specify a password and name to the resource. In Windows format, the name of the resource is then known on the workgroup as
\\computername\resourcename
For instance, if the computer name was sue, and the resource was specified as temp, then the resource is known as
\\sue\temp
This is known as the Uniform Naming Convention [UNC] for the resource.
1.8.2 Accessing Resources
Accessing resources is done by selecting the resource and entering in the appropriate share password for that resource. Using Network Neighbourhood, a list of available computers which hold resources will appear as a list. Only those computers that have resources to share appear in the list.
In the following diagram, a number of computers are shown. Each of these computers has resources which can be accessed.
Double clicking on any computer will bring up a list of resources available on that computer. For instance, selecting the computer Ice reveals the following available resources [iceflow is a shared printer].
In summary, the features of Work-groups are
collection of computers organized for a specific purpose (suits the needs of the group)
is peer to peer
no centralized administration
each computer has its own accounts database and permission lists
share files, printers and applications
each computer identified by unique name (normally person using that computer)
1.9 COST / BENEFIT ANALYSIS OF NETWORK USE
Resource Sharing: The main goal is to make all programs, equipment, and data available to anyone on the network without regard to the physical location of the resource and the user. Users need to share resources other than files, as well, a common example being printers. Printers are utilized only a small percentage of the time; therefore, companies don’t want to invest in a printer for each computer. Networks can be used in this situation to allow all the users to have access to any of the available printers.
High Reliability: Goal of computer networks is to provide high reliability by having alternative sources of supply. For example, all files could be replicated on two or three machines, so if one of them is unavailable (due to hardware failure), the other copies could be used. In addition, the presence of multiple CPUs means that if one goes down, the others may be able to take over its work, although at reduced performance. For military, banking, air traffic control, nuclear reactor safety, and many other applications the ability to continue operating in the face of hardware problems is of utmost importance.
Saving
Money: Small computers have a much better price/performance ratio than
larger ones. Mainframes are roughly a factor of ten faster than personal computers
but they cost a thousand times more. This imbalance has caused many systems
designers to build systems consisting of personal computers, one per user,
with data kept on one or more shared file
server machines. In this model, the users are called clients, and the whole arrangement is called the client-server model.
Scalability: The ability to increase the system performance gradually as the workload grows just by adding more processors. With centralized mainframes, when a system is full, it must be replaced by a larger one, usually at great expense and even greater disruption to the users. With client-server model, new clients and new servers can be added as needed.
Communication medium: A computer network can provide a powerful communication medium among widely separated users. Using a computer network it is easy for two or more people who are working on the same project and who live far apart to write a report together. When one worker, makes a change to an on-line document, the others can see the change immediately, instead of waiting several days for a letter. Such a speedup makes cooperation among far-flung groups of people easy where it previously had been impossible.
1.10
HARDWARE REQIUIREMENTS OF NETWORKS
1.10.1
Network Interface Card
It is also known as Network adapter. It is a printed circuit board that plugs into both the clients (personal computers or workstations) and servers and controls the exchange of data between them. The network adapter provides services at the data link level of the network, which is also known as the access method (OSI layers 1 and 2).
The most common network adapters are Ethernet and Token Ring. Sometimes, the Ethernet adapter is built into the motherboard. LocalTalk, which provides the data link services of Apple's AppleTalk network, is built into all Macintoshes.
A transmission medium, such as twisted pair, coax or fiber optic, interconnects all the adapters in the network. A network adapter is also called a NIC, or network interface card.
1.10.2
Repeater
A communications device that amplifies or regenerates the data signal in order to extend the transmission distance. Available for both analog and digital signals, it is used extensively in long distance transmission. It is also used to tie two LANs of the same type together. Repeaters work at layer 1 of the OSI model. The term may also refer to a multiport repeater, which is a hub in a 10BaseT network.
1.10.3
Bridge
Bridge is a device that connects two LAN segments together, which may be of similar or dissimilar types, such as Ethernet and Token Ring. A bridge is inserted into a network to segment it and keep traffic contained within the segments to improve performance.
Bridges learn from experience and build and maintain address tables of the nodes on the network. By monitoring which station acknowledged receipt of the address, they learn which nodes belong to the segment.
Bridges work at the data link layer (OSI layer 2), whereas routers work at the network layer (layer 3). Bridges are protocol independent; routers are protocol dependent. Bridges are faster than routers because they do not have to read the protocol to glean routing information.
Bridges with more than two ports (multiport bridges) perform a switching function. Today's LAN switches are really multiport bridges that can switch at full wire speed.
transparent
bridge
A common type of network bridge, in which the host stations are unaware of their existence in the network. A transparent bridge learns which node is connected to which port through the experience of examining which node responds to each new station address that is transmitted. Ethernet uses this type of bridge, also called an adaptive bridge.
1.10.4 Hub
A central connecting device in a network that joins communications lines together in a star configuration. Passive hubs are just connecting units that add nothing to the data passing through them. Active hubs, also sometimes called multiport repeaters, regenerate the data bits in order to maintain a strong signal, and intelligent hubs provide added functionality.
Hubs are mandatory in 10BaseT twisted pair Ethernet as well as Token Ring networks. They are also used to replace the daisy chain cabling in 10Base5 and 10Base2 coaxial Ethernets in order to improve network management.
In Token Rings, the hub is called a MAU (Multi-station Access Unit). Multiple media hubs interconnect different types of Ethernets (twisted pair, coax and optical fiber) and can bridge between Ethernet, Token Ring, FDDI and ATM topologies. Switching hubs provide Ethernet and ATM switching.
Hubs have become very intelligent, modular and customizable, allowing for the insertion of bridging, routing and switching modules all within the same unit. A hub can even host a CPU board and network operating system, turning the hub into a file server or some type of network control processor that performs LAN emulation or other complex function as networks grow.
1.10.5 Router
Router is a device that forwards data packets from one local area network (LAN) or wide area network (WAN) to another. Based on routing tables and routing protocols, routers read the network address in each transmitted frame and make a decision on how to send it based on the most expedient route (traffic load, line costs, speed, bad lines, etc.). Routers work at layer 3 in the protocol stack, whereas bridges and switches work at the layer
2.
Routers are used to segment LANs in order to balance traffic within workgroups and to filter traffic for security purposes and policy management. Routers are also used at the edge of the network to connect remote offices. Multiprotocol routers support several protocols such as IP, IPX, AppleTalk and DECnet.
Routers can only route a message that is transmitted by a routable protocol such as IP or IPX. Messages in non-routable protocols, such as NetBIOS and LAT, cannot be routed, but they can be transferred from LAN to LAN via a bridge. Because routers have to inspect the network address in the protocol, they do more processing and add more overhead than a bridge or switch, which both work at the data link (MAC) layer.
Most routers are specialized computers that are optimized for communications; however, router functions can also be implemented by adding routing software to a file server. NetWare, for example, includes routing software. The NetWare operating system can route from one subnetwork to another if each one is connected to its own network adapter (NIC) in the server.
Routers serve as an internet backbone, interconnecting all networks in the enterprise. This architecture strings several routers together via a high-speed LAN topology such as Fast Ethernet or Gigabit Ethernet. Routers are also the backbone of the Internet, which spans the planet.
Another approach within an enterprise is the collapsed backbone, which uses a single router with a high-speed backplane to connect the subnets, making network management simpler and improving performance.
In older Novell terminology, a router is a network-layer bridge. Routers also used to be called gateways.
1.10.6 Gateway
(1) Gateway is a computer that performs protocol conversion between different types of networks or applications. For example, a gateway can convert a TCP/IP packet to a NetWare IPX packet and vice versa, or from AppleTalk to DECnet, from SNA to AppleTalk and so on.
Gateways function at layer 4 and above in the OSI model. They perform complete conversions from one protocol to another rather than simply support one protocol from within another, such as IP tunneling. Sometimes routers can implement gateway functions.
An electronic mail, or messaging, gateway converts messages between two different messaging protocols.
(2) Gateway is a computer that acts as a go-between two or more networks that use the same protocols. In this case, the gateway functions as an entry/exit point to the network. Transport protocol conversion may not be required, but some form of processing is typically performed.
1.10.7
Modem
MODEM is an acronym for modulator-demodulator. A modem is a device that enables a computer to transmit data over telephone lines. Computer information is stored digitally, whereas information transmitted over telephone lines is transmitted in the form of analog waves. A modem converts between these two forms.
Fortunately, there is one standard interface for connecting external modems to computers called RS-232. Consequently, any external modem can be attached to any computer that has an RS-232 port, which almost all personal computers have. There are also modems that come as an expansion board that you can insert into a vacant expansion slot. These are sometimes called onboard or internal modems.
While the modem interfaces are standardized, a number of different protocols for formatting data to be transmitted over telephone lines exist. Some, like CCITT V.34, are official standards, while others have been developed by private companies. Most modems have built-in support for the more common protocols -- at slow data transmission speeds at least, most modems can communicate with each other. At high transmission speeds, however, the protocols are less standardized.
Aside from the transmission protocols that they support, the following characteristics distinguish one modem from another:
bps : How fast the modem can transmit and receive data. At slow rates, modems are measured in terms of baud rates. The slowest rate is 300 baud (about 25 cps). At higher speeds, modems are measured in terms of bits per second (bps). The fastest modems run at 57,600 bps, although they can achieve even higher data transfer rates by compressing the data. Obviously, the faster the transmission rate, the faster you can send and receive data. Note, however, that you cannot receive data any faster than it is being sent. If, for example, the device sending data to your computer is sending it at 2,400 bps, you must receive it at 2,400 bps. It does not always pay, therefore, to have a very fast modem. In addition, some telephone lines are unable to transmit data reliably at very high rates.
voice/data: Many modems support a switch to change between voice and data modes. In data mode, the modem acts like a regular modem. In voice mode, the modem acts like a regular telephone. Modems that support a voice/data switch have a built-in loudspeaker and microphone for voice communication.
auto-answer : An auto-answer modem enables your computer to receive calls in your absence. This is only necessary if you are offering some type of computer service that people can call in to use.
data compression : Some modems perform data compression, which enables them to send data at faster rates. However, the modem at the receiving end must be able to decompress the data using the same compression technique.
flash memory : Some modems come with flash memory rather than conventional ROM, which means that the communications protocols can be easily updated if necessary.
Fax capability: Most modern modems are fax modems, which means that they can send and receive faxes.
1.10.8
Firewall
Firewall is a method for keeping a network secure. It can be implemented in a single router that filters out unwanted packets, or it may use a combination of technologies in routers and hosts. Firewalls are widely used to give users access to the Internet in a secure fashion as well as to separate a company's public Web server from its internal network. They are also used to keep internal network segments secure. For example, a research or accounting subnet might be vulnerable to snooping from within.
Following are the types of techniques used individually or in combination to provide firewall protection.
Packet Filter
Blocks traffic based on IP address and/or port numbers. Also known as a "screening router."
Proxy Server
Serves as a relay between two networks, breaking the connection between the two. Also typically caches Web pages (see proxy server).
Network Address Translation (NAT)
Hides the IP addresses of client stations in an internal network by presenting one IP address to the outside world. Performs the translation back and forth.
Stateful Inspection
Tracks the transaction in order to verify that the destination of an inbound packet matches the source of a previous outbound request. Generally can examine multiple layers of the protocol stack, including the data, if required, so blocking can be made at any layer or depth.
1.10.9
Switch
(1) In networks, Switch is a device that filters and forwards packets between LAN segments. Switches operate at the data link layer (layer 2) of the OSI Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs.
(2)The other defination of switch is : A small lever or button. The switches on the back of printers and on expansion boards are called DIP switches. A switch that has just two positions is called a toggle switch.
1.11
NETWORKING SOFTWARE
Networking support is typically provided by two software components:
High-Level Networking Software.
Network Driver Software.
High-Level
Networking Software:
High-Level Networking Software provides end-user-oriented functions that are associated with the Application layer through the Network layer of the OSI model. This is the software that the end user perceives. Some types of high-level networking software subsystems, especially in the personal computer environment, are called network operating systems.
Network
Driver Software:
Network Driver Software provides an interface between the high-level networking software and the particular network interface card (NIC) that is being used for physical LAN communication. Like the NIC itself, the driver software is generally transparent to the end user.
1.11.1
COMMONLY USED HIGH LEVEL NETWORKING SOFTWARE SYSTEMS
PPP
Short for Point-to-Point Protocol, a method of connecting a computer to the Internet. PPP is more stable than the older SLIP protocol and provides error checking features. It is a data link protocol that provides dial-up access over serial lines. It can run on any full-duplex link from POTS to ISDN to high-speed lines (T1, T3, etc.). Developed by the Internet Engineering Task Force in 1991, it has become popular for Internet access as well as a method for carrying higher level protocols.
Over ISDN, PPP uses one 64 Kbps B channel for transmission. The Multilink PPP protocol (MP, MPPP or MLPPP) bridges two or more B channels for higher-speed operation. For example, using ISDN's Basic Rate service (BRI), you can obtain 128 Kbps with Multilink PPP.
PPP encapsulates protocols in specialized Network Control Protocol packets; for example, IPCP (IP over PPP) and IPXCP (IPX over PPP). It can be used to replace a network adapter driver, allowing remote users to log on to the network as if they were inhouse. PPP can hang up and redial on a low-quality call.
PPP also provides password protection using the Password Authentication Protocol (PAP) and the more rigorous Challenge Handshake Authentication Protocol (CHAP).
SLIP
(Serial Line IP) A data link protocol for dial-up access to TCP/IP networks. It is commonly used to gain access to the Internet as well as to provide dial-up access between two LANs. SLIP transmits IP packets over any serial link (dial up or private lines)
FTP
(File Transfer Protocol) A protocol used to transfer files over a TCP/IP network (Internet,
UNIX, etc.). It includes functions to log onto the network, list directories and copy files. It can also convert between the ASCII and EBCDIC character codes. FTP operations can be performed by typing commands at a command prompt or via an FTP utility running under a graphical interface such as Windows. FTP transfers can also be initiated from within a Web browser by entering the URL preceded with ftp://.
Unlike e-mail programs in which graphics and program files have to be "attached," FTP is designed to handle binary files directly and does not add the overhead of encoding and decoding the data.
TELNET
A terminal emulation protocol commonly used on the Internet and TCP/IP-based networks. It allows a user at a terminal or computer to log onto a remote device and run a program. Telnet was originally developed for ARPAnet and is an inherent part of the TCP/IP communications protocol.
Although most computers on the Internet require users to have an established account and password, there are many that allow public access to certain programs, typically, search utilities, such as Archie or WAIS.
SMTP
(Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet. It is a TCP/IP protocol that defines the message format and the message transfer agent (MTA), which stores and forwards the mail. SMTP was originally designed for only ASCII text, but MIME and other encoding methods enable program and multimedia files to be attached to e-mail messages.
SMTP servers route SMTP messages throughout the Internet to a mail server, such as POP3 or IMAP4, which provides a message store for incoming mail.
SNMP
(Simple Network Management Protocol) A widely-used network monitoring and control protocol. Data is passed from SNMP agents, which are hardware and/or software processes reporting activity in each network device (hub, router, bridge, etc.) to the workstation console used to oversee the network. The agents return information contained in a MIB (Management Information Base), which is a data structure that defines what is obtainable from the device and what can be controlled (turned off, on, etc.). Originating in the UNIX community, SNMP has become widely used on all major platforms.
UDP
(User Datagram Protocol) A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required. For example, UDP is used for realtime audio and video traffic where lost packets are simply ignored, because there is no time to retransmit. If UDP is used and a reliable delivery is required, packet sequence checking and error notification must be written into the applications.
TCP/IP
Abbreviation for Transmission Control Protocol/Internet Protocol, the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.
TCP provides transport functions, which ensures that the total amount of bytes sent is received correctly at the other end. UDP is an alternate transport that does not guarantee delivery. It is widely used for realtime voice and video transmissions where erroneous packets are not retransmitted.
IP provides the routing mechanism. TCP/IP is a routable protocol, which means that all messages contain not only the address of the destination station, but the address of a destination network. This allows TCP/IP messages to be sent to multiple networks within an organization or around the world, hence its use in the worldwide Internet (see Internet address). Every client and server in a TCP/IP network requires an IP address, which is either permanently assigned or dynamically assigned at startup.
1.12
NETWORK OPERATING SYSTEM
Network Operating System is also called a NOS. It is an operating system which includes software to communicate with other computers via a network and manages network resources.
It manages multiple requests (inputs) concurrently and provides the security necessary in a multiuser environment. It may be a completely self-contained operating system, such as NetWare, UNIX and Windows NT, or it may require an existing operating system in order to function (LAN Server requires OS/2; LANtastic requires DOS, etc.).
One piece of the network operating system resides in each client machine and another resides in each server. It allows the remote drives on the server to be accessed as if they were local drives on the client machine. It allows the server to handle requests from the client to share files and applications as well as network devices such as printers, faxes and modems.
In a peer-to-peer network, the network operating system allows each station to be both client and server. In a non-peer-to-peer network, dedicated servers are used, and files on a client machine cannot be retrieved by other users.
In networks of PCs, NetWare is the most widely used network operating system. Windows NT, Windows for Workgroups, Windows 95/98, VINES, LAN Server, LAN Manager and LANtastic are also examples.
UNIX, combined with TCP/IP and NFS, VMS combined with DECnet, the Mac OS combined with AppleTalk, and SNA, combined with VTAM and NCP, also provide network operating system services.
Along with file and print services, a network operating system may also include directory services and a messaging system as well as network management and multiprotocol routing capabilities.
1.12.1 EXAMPLES OF OPERATING SYSTEMS:
NetWare
A family of network operating systems from Novell that support DOS, Windows, OS/2 and Macintosh clients. UNIX client support is available from third parties. NetWare is the largest installed base of LAN operating systems.
Except for Personal NetWare and NetWare ELS, which were earlier peer-to-peer versions, NetWare is a stand-alone operating system that runs in the server. Until NetWare 5, which natively supports TCP/IP and Java, NetWare has always been a proprietary system. NetWare's native communications protocols are IPX, SPX and NCP. Its hard disks are formatted with the NetWare format, and although DOS and Windows applications reside in the server, they cannot be run in the server. All programs that run on a NetWare server are typically written in C and must be compiled using Novell libraries into executable files known as NetWare Loadable Modules (NLMs).
Introduced in late 1998, the latest version is NetWare 5. Fully TCP/IP and Java based, Novell added significant enhancements to its flagship product, including a kernel that natively supports symmetric multiprocessing (SMP).
Introduced in 1993, NetWare 4 was the first NetWare version to use the much-acclaimed Novell Directory Services (NDS), which provides directory services for a global enterprise.
Introduced in 1989 as NetWare 386 and then again in 1992 as NetWare 3.11, it was the first 32-bit version of NetWare, which has a limit of 250 concurrent users. Still being sold, it uses the Novell bindery which provides directory services for a single server unlike the global NDS directory. NetWare 2.x (originally Advanced NetWare 286 in 1985) ran in a 286 and supported up to 100 concurrent users. See IPX, SPX, NCP and MHS.
UNIX
Pronounced yoo-niks, it is a multiuser, multitasking operating system that is widely used as the master control program in workstations and especially servers. Myriads of commercial applications run on UNIX servers, and most Web sites run under UNIX. There are many versions of UNIX, and, except for the PC world, where Windows dominates, almost every hardware vendor offers it either as its primary or secondary operating system. Sun has been singularly instrumental in commercializing UNIX with its Solaris OS (formerly SunOS). HP, SCO, IBM and Digital have also been major UNIX vendors and promoters.
UNIX is written in C. Both UNIX and C were developed by AT&T and freely distributed to government and academic institutions, causing it to be ported to a wider variety of machine families than any other operating system. As a result, UNIX became synonymous with "open systems."
UNIX is made up of the kernel, file system and shell (command line interface). The major shells are the Bourne shell (original), C shell and Korn shell. The UNIX vocabulary is exhaustive with more than 600 commands that manipulate data and text in every way conceivable. Many commands are cryptic (see below), but just as Windows hid the DOS prompt, the Motif GUI presents a friendlier image to UNIX users.
Command UNIX DOS
List directory ls dir
Copy a file cp copy
Delete a file rm del
Rename a file mv rename
Display contents cat type
Print a file lpr print
Check disk space df chkdsk
Change directory cd cd
The
History of UNIX:
UNIX was developed in 1969 by Ken Thompson at AT&T, who scaled down the sophisticated MULTICS operating system for the PDP-7. The named was coined for a single-user version (UNo) of "multIX." More work was done by Dennis Ritchie, and, by 1974, UNIX had matured into an efficient operating system primarily on PDP machines. UNIX became very popular in scientific and academic environments.
Considerable enhancements were made to UNIX at the University of California at Berkeley, and versions of UNIX with the Berkeley extensions became widely used. By the late 1970s, commercial versions of UNIX, such as IS/1 and XENIX, became available.
In the early 1980s, AT&T began to consolidate the many UNIX versions into standards which evolved into System III and eventually System V. Before Divestiture (1984), AT&T licensed UNIX to universities and other organizations, but was prohibited from outright marketing of the product. After divestiture, it began to market UNIX aggressively.
Advantages
of UNIX
Even with its many versions, UNIX is widely used in mission critical applications for client/server and transaction processing systems. UNIX components are of world class standards. The TCP/IP transport protocol and SMTP e-mail protocol are de facto standards on the Internet. NFS allows files to be accessible across the network, NIS provides a "Yellow Pages" directory, Kerberos provides network security, and X Window lets users run applications on remote servers and view the results on their machines.
Windows
NT
(Windows New Technology) An advanced 32-bit operating system from Microsoft for Intel x86 and Alpha CPUs. Support for the PowerPC and MIPS platforms was dropped. Introduced in 1993, NT does not use DOS, it is a self-contained operating system that runs 16-bit and 32-bit Windows applications as well as DOS applications.
There
are actually two versions of Windows NT: Windows NT Server, designed to act
as a server in networks, and Windows NT Workstation for stand-alone or client
workstations.
Features include peer-to-peer networking, preemptive multitasking, multithreading, multiprocessing, fault tolerance and support for the Unicode character set. NT provides extensive security features and continually tests the validity of application requests even after the application has been opened.
Windows NT supports 2GB of virtual memory for applications and 2GB for its own use. Windows NT and Windows NT Workstation are the first and second releases of the client version. Windows NT Advanced Server (NTAS) and Windows NT Server (NTS) are first and second releases of the server version, which supports symmetric multiprocessing (SMP) and provides transaction processing for hundreds of online users. NT includes a dual boot feature.
NT Server is being widely implemented. NT's SMP capability takes advantage of Pentium Pro and Pentium II systems that contain two, four and more CPUs. As these multiprocessor systems become mainstream, NT competes squarely against RISC-based multiprocessor servers running UNIX. NT Workstation is also gaining market share in high-end desktop systems.
The last version of Windows NT with the Program Manager interface was Version 3.51. Introduced in the summer of 1996, Windows NT 4.0 contains the Windows 95 user interface. There are differences in some of the dialog boxes as NT contains features not available in Windows 95, and vice versa. NT 4.0 also includes Microsoft's DCOM interface that allows applications to be distributed across the network. NT 4.0 does not support Plug and Play, as does Windows 95.
NT Server 4.0 comes with Microsoft's Internet Information Server (IIS), which provides Web server capability.
NT Version 5.0, which was renamed Windows 2000, is expected in 1999. It adds Plug and Play support, Direct3D support, Active Directory, Zero Administration for Windows (ZAW) and other enhancements.
Version Date/Intro
3.1 July 1993
3.5 Sept 1994
3.51 Aug 1995
4.0 Aug 1996
2000 1999
1.12.2 FACILITIES OF A NETWORK OPERATING SYSTEM
A network operating system (NOS) causes a collection of independent computers to act as one system. A network operating system is analogous to a desktop operating system like DOS or OS/2, except it operates over more than one computer. Like DOS, a network operating system works behind the scenes to provide services for users and application programs. But instead of controlling the pieces of a single computer, a network operating system controls the operation of the network system, including who uses it, when they can use it, what they have access to, and which network resources are available.
At a basic level, the NOS allows LAN users to share files and peripherals such as disks and printers. Most NOSs do much more. They provide data integrity and security by keeping people out of certain resources and files. They have administrative tools to add, change, and remove users, computers, and peripherals from the network. They have troubleshooting tools to tell LAN managers what is happening on the network. They have internetworking support to tie multiple networks together.
Redirection
At the heart of the NOS is redirection. Redirection is taking something headed in one direction and making it go in a different direction. With redirection, an operating program does not know or care where its output is going.
You are probably familiar with DOS redirection. For example, the DOS command DIR > FILENAME will redirect a directory listing to a file instead of to the screen. The “>” tells DOS to give the results of the command to the entity on the right.
Network operating systems depend heavily on redirection, only in this case data is being redirected from one computer to another over the network cable, not over the PC’s bus to local files or printers. Nevertheless, the operation is similar. If you type “COPY C: FILEA F:”, FILEA will be copied from your local drive C: to the network drive F:. The NOS makes it appear to the COPY command that drive F: is local, when it really resides on another computer that is attached to the same network. The COPY command doesn’t know or care that drive F: is across the network. It sends the file to DOS and the NOS reroutes the file across the LAN to drive F:.
Redirection can be done with printers and other peripherals. Thus, LPT1: or COM1: can be a network printer instead of a local printer and the NOS redirects file to these devices. With a NOS, users don’t need to know about redirection; they just type the drive designator or print from their word processors as always.
Server
Software
The computer with drive F: must expect data, if the output from the user’s PC can be redirected successfully. To do this, it must make its drive available to network users. This is part of the NOS’s function at the server.
A NOS is made of a redirector and a server. Not all machines need to run the server software, because not all computers need to share their resources. But all LAN workstations must run redirector software because every client has to be able to put data onto the network.
With some NOSs, the computer running the server software cannot be used as a workstation. This is called a dedicated server. Novell’s NetWare uses this kind of setup almost exclusively (although the low-end NetWare Lite can use nondedicated servers). With some other NOSs, all workstations on the network can also be servers. This a nondedicated server setup. This approach is used by Sitka and Artisoft, among others.
The two server approaches have advantages and disadvantages. Nondedicated servers allow for more flexibility, since users can make resources available on their computers as necessary. However, a nondedicated server approach requires that the users are willing to take some administrative responsibility for their computers and it necessitates that they be somewhat LAN-literate. Backing up the shared data, setting up security, and setting up access rights become more complicated and often become the responsibility of the user, not the administrator. Another drawback is that non-dedicated servers often suffer some performance degradation when being used simultaneously as a workstation and as a server.
Dedicated servers have the opposite advantages and disadvantages. They are easier to administer since all data is in one place. They are faster because they don’t have a local user to serve. On the other hand, it is harder to make resources available on an ad hoc basis, since setting up a server is more difficult and time-consuming. If a dedicated server fails, all users are forced to stop working because all resources are centralized. Your choice of dedicated or non-dedicated operation will depend on the work your network is doing.
File
Service
A file server’s primary task is to make files available to users, although it also makes other resources available, including printers and plotters. File service allows users to share the files on a server. The server PC can make its whole disk, certain directories, or certain files available. The file server’s hard disk becomes an extension of each user’s PC.
The NOS can let the LAN administrator determine which users are allowed to use which files, for example, keeping the mail clerk out of the payroll file. Suppose a user wants to use a file residing on the file server’s hard disk. Drive F: is set to correspond with the file server’s hard disk. The actual process of setting up virtual drives has several names, including mapping, mounting, and publishing.
Now, suppose a user wants to run WordPerfect. At the F: prompt, the user types “WP” to load WordPerfect. WordPerfect is loaded from the server over the network, and into the user’s PC’s memory. Meanwhile, other people can use WordPerfect from the file server (assuming there is a license for multiple users). WordPerfect makes sure no other user can get the document file being used by “locking” the file. With many applications, file locking allows other users to read the document but not edit it.
File service is an extension of the local PC. Applications work just as they would on a local PC. Some programs, however, have been designed to take advantage of the network, rather than just run on one. For example, some databases allow two users to edit the same table but not the same record and each user can see the other’s changes.
The NOS provides much more than just file service; it provides security, administration, printer sharing, backup, and fault tolerance.
Server
Operation
The server software makes a single-user computer into a multiuser machine. Instead of just one user, a server has many users. But we must qualify what we mean by “many users.” A NOS allows many users to share the server’s peripherals, printers, disks, and plotters, but it does not allow multiple users to share its processor. For now let’s see how the file server allows users to share its peripherals.
In many cases, the file server is running the PC’s native operating system (such as DOS or the Macintosh OS) as well as the NOS. When users’ requests come in, the NOS receives and interprets them, then hands them to the operating system for execution. So if a request comes in to open a file, DOS opens the file and gives it to the NOS, which gives it to the user. If many users make requests at the same time, the NOS queues them and hands them to DOS one at a time.
High-performance NOSs, including Novell NetWare, Banyan VINES, and Microsoft LAN Manager, do not run DOS in the file server. DOS is replaced with a multitasking operating system, thereby gaining a performance advantage; however, they lose some compatibility and require dedicated file servers. In NetWare’s case, it is a proprietary OS. VINES runs Unix; LAN Manager currently runs OS/2 but eventually will use Windows NT.
The
OS/2 NOS
File service is a tremendous improvement over single-user operation, it pales in significance to the enhancements that come with the new NOSs based on multitasking operating systems such as IBM/Microsoft OS/2.
The biggest advantage of a multitasking operating system is a server can offer a task. That is, the server can offer its processor to other users while it is serving requests for files and printers. A fast server can be used to do onerous chores like program compiling, calculations, and database sorting. It also means new types of programs can take advantage of the server processor.
Instead of just getting files from the server, the server can run programs that work with the programs users are running. The best example is a database server. A database server does things like sorting, searching, and indexing so
the user’s program and PC don’t have to. This cuts down on network traffic
since fewer items are travelling between the user and server. It also improves
security, since all data is stored centrally.
1.13
NETWORK SECURITY
Security refers to techniques for ensuring that data stored in a computer cannot be read or compromised. Most security measures involve data encryption and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. A password is a secret word or phrase that gives a user access to a particular program or system.
However, systems programmers, or other technically competent individuals, will ultimately have access to these codes.
Passwords can be checked by the operating system to prevent users from logging onto the system in the first place, or they can be checked in software, such as DBMSs, where each user can be assigned an individual view (subschema) of the database. Any application program running in the computer can also be designed to check for passwords.
Data transmitted over communications networks can be secured by encryption to prevent eavesdropping.
Although precautions can be taken to detect an unauthorized user, it is extremely difficult to determine if a valid user is performing unauthorized tasks. Effective security measures are a balance of technology and personnel management.
1.13.1 TYPES OF NETWORK SECURITY:
There are two types of security available for use on the Network. The type of security you use depends largely on the type of network and the operating system. Workgroups
Depend on Share-level security while domains employ User-level security.
Share-level
security
Share-level security involves assigning a password to resources shared on the network. All a user needs to access the resource is the password. The same resource can be shared with different permissions and different passwords. The level of access to the resource depends on which password one uses to access it. This allows the resource to be shared as read-only, and the password for this share is given to the users who need to view the resource. The resource could be then shared as full access. The users that use the password assigned to the full access could delete, change, and read the data. This allows the data to be shared with different levels of access for a variety of users on the network. This method of security can be difficult to maintain. Users may have to remember several passwords in order to access all the resources needed to perform their jobs. You will need to tell everyone the new password should the resource password be changed. Users who should not have access to a resource may learn the password. Once this occurs the password must be changed, and all users must learn the new password.
user-level
security
Most networks share data with user-level security. User-level security requires the proper user name and password to access a resource. When resources are shared, permission is granted to certain users or group of users. Only those user accounts can access the resource. User-level security not only provides higher level security, it also allows a wide variety of permissions. A Windows 95 computer using share-level security has only two options: read and full control. User-level security provides read, write, add, change, delete and so on. The added security and flexibility makes User-level security the preferred method for networks over about ten computers.
1.13.2
DIFFERENCE BETWEEN THE TWO LEVELS OF SECURITY
In Share-level security access control to a file, printer or other network resource based on knowing the password of that resource. Share-level security provides less protection than user-level security, which identifies each person in the organization.
In User-level security access control to a file, printer or other network resource based on username. It provides greater protection than share-level security, because users are identified individually or within a group. User-level permissions are stored in a central server and managed by the network administrator.
1.13.3
PURPOSE OF SECURITY
To Prevent unauthorized individuals form examining sensitive information.
To Prevent unauthorized individuals form modifying important information.
To Prevent malicious individuals form disrupting the normal operation of a system.
1.13.4
OUTLINE OF THE PROCESS OF SECURING THE NETWORK
If you have a network, whether it is a small home office network or a 5000 node LAN/WAN, securing it should be a top priority to you. From the smallest to the largest network you should take steps to make sure that it is secure from attack or theft. How you protect the integrity of your network information can be handled aggressively or casually depending upon what you have and how much you need to protect. If you want to do a good job then there are specific steps that you should take and in a specific order. Bear in mind that not all steps are necessary for all network situations. Like any major project that you wish to undertake, you should start with a plan, and a good plan starts with an outline. Below is a sample outline of the process of securing your network.
Risk Assessment
Vulnerability
Security Policy
Each of these main topics can be broken down even further depending upon your needs and the size of your organization, but each one must be addressed in some form or fashion.
Risk assessment
Risk assessment is the process of finding out what data you have and how important is it to you. In addition to the importance of the data is the amount of damage you will incur if it is lost or compromised. Let us say that you are a wholesaler and you sell a product or products to distributors. Your price lists and discount rates are proprietary information and if your competitors were to gain access to this information, the results would be devastating and you could lose business because of it. In another situation let us say you have an online storefront and you sell products on the Web. If your site were compromised and brought down, you would lose business because you were inaccessible to the public. In both situations a lack of security would put you at high risk. On the other end of the spectrum if your network was an informational database of public or non proprietary information and your network were compromised then the worst case is that some people might be inconvenienced until you were able to get things back in order again. One more thing to consider is the legal aspects of the data that you have. If your data is lost or accessed by unauthorized individuals, what is your legal exposure. Could you be sued? Could you expose others to risks? These are all factors that you must consider when you are securing your network.
Another part of risk assessment deals with who within your organization will have access to the network. In most businesses or organizations there is a hierarchy of employees, staff, management and officers. Some can be trusted fully to access all or some of the network and others do not have the trust level to have any access to the network. You must decide who has access and how much access they may have. At this level of risk assessment, in a high risk situation, it may be necessary to have your human resources department along with department heads or supervisors involved in the discussion. With HR and the you can review resumes and references to help you decide on trust levels within each department or group. With the supervisors and department heads you can get more information on who needs access to what and how much.
Risk assessment also means hardware and software analysis. Will you need a high end server solution that provides for data parity, redundant power supplies, fail over protection, high end firewalls, high end routers, and back up batteries and generators or will a low to medium end server solution suffice? Why spend $100,000 or more on your hardware when $10,000 or less will do. If you stand to lose a lot if your hardware fails then by all means you need to spend a lot to make sure that it doesn't fail. If you loss will be minimal, then spend less on your hardware. Similarly you need to consider how bullet proof your software has to be.
This is the first step in securing your network. Decide what your risk level is and how much exposure you can stand. Once that is done it is now time for you to find out where your network is vulnerable.
Vulnerability
There are dozens and dozens of ways your network can be compromised, and the first step in finding them is by taking a look around.
Looking around is literally the first step in assessing your vulnerability. Take a walk around where all of your network clients are. Do it during business hours and also during off hours. One of the things that you will be looking for is the status of the client workstations. Are the workstations left logged on even when there is no one present? A vacant cubicle with a logged on computer is a potential security risk. With a computer left like that, anyone who can get to that computer has instant access to the network .
If your clients and servers are in a secure area, that is an area that is locked and has restricted access, are all of the doors locked like they should be or are they propped open. If the area is sensitive enough to be secured with locks, then it is sensitive enough for you to be sure that none of the doors are left propped open or unlocked even for a few minutes. You should also make sure that your servers are in a locked and secure area. If someone can gain physical access to the servers, the servers can be compromised. All someone would need to do is to get a copy of the SAM file on an NT server. All of the passwords on that file can be cracked at the hackers leisure once he has that file in hand. The same is true of Unix or Linux servers. Physical access to a Unix or Linux server can mean instant compromise.
While you are looking around, check the yellow stickies that are stuck to monitors and whiteboards in workers cubicles. Chances are you will find several user names and passwords stuck around in obvious places. While you are looking around check under keyboards and desktops. That is another favorite place for people to stick their passwords.
Company’s wide access to the Internet is a big vulnerability. If you do have Internet access, then you must have some kind of protection from outsiders getting in and that means firewalls. You can be secure on the Internet, but you have to decide how much Internet access you will allow and how much you need to have. While looking and observing, look to see if any desktop or laptop computers have modems connected to them. If someone is using a modem to connect to the Internet while also connected to the company network, then you have a huge security hole. Even if you have the biggest and the best firewall, proxy, IP filter or whatever, you might as well not have anything if people are bypassing them by using a modem to connect to their personal AOL accounts. When a computer is connected to the Internet by a modem, you have lost all control of your security.
Passwords are an open door to your network. Make sure you have a good password policy in place and enforce it.
Valuable company data demands that when you hire people that have access to that data, that you do a good reference check, drug screen, and a background check. Most network intrusions are from the inside, not the outside. Hackers and crackers make the news because it is sensational and makes a good story. The truth of the matter is that hackers make up just a small portion of the network compromises that are recorded annually. Check out the people you hire, and you will minimize the risk of security breaches from within.
In some cases you can do the vulnerability assessment yourself, but in other cases you may have to hire a professional consultant to do the job for you. In either case, vulnerability assessment is an important part of securing your network and it's data.
Security
Policy
Security policy is a written document that outlines the rules by which all users of the network must abide by. These rules can encompass many different aspects of network use and misuse. How in depth your security policy should be depends upon the size and scope of your network as well as the findings of your network risk assessment.
Your security policy should address certain issues, some of which are:
Acceptable use
Acceptable use for the most part defines what the users are allowed to do and what they can't do. Issues such as personal email on the company system, the addition of personal software or unauthorized software purchased by the end user, the use of ftp (file transfer protocol) or the downloading of any files on the Internet, unauthorized changes to the hardware configuration, surfing the Web during company time, and making changes to the users computer setup without authorization are some of the items that should be addressed.
Access
Access to some or all parts of the network is one of the most important issues. The people in the Art department have no need to have access to files that are for the Human Resources department, and Human Resources does not need to see what is in the accounting department. Each of these groups needs to be set up separately and each should have their own permissions and restrictions. In some cases one group may have access rights to another group's files. Human Resources, in some cases may need to have access to medical records and vice versa. In such cases the permissions can be set up accordingly but should be clearly defined in your security policy statement.
User privacy
User privacy must be clearly spelled out. If you plan to monitor the users activities through the use of electronic monitoring tools such as keystroke loggers, URL logging or the monitoring of email activity, the user, in most cases, has a right to know. This is certainly one area where you should consult legal counsel before implementing any kind of monitoring activity and making it part of your security policy.
Passwords
Passwords should be at least six characters long and contain a mix of letters, numbers and special characters such as #&* or !, should not be the name of a pet, family member, street name or nickname, and by no means should passwords be stuck to the monitor or any where in the cubicle on little yellow sticky notes.
Enforcement
If a user violates policy, what actions do you take? Of course if a user deliberately accesses an area through malicious means, that he or she has no rights to, such as Personnel or Finance then the punishment or action should be far greater than if someone installs a personal screen saver. The punishment or action taken should fit the incident, and this should be defined in your policy statement.
Purchasing
Purchasing of IT hardware and software should always be done through the advice of the security administrator. As an example, if a modem is purchased and installed on a computer that is behind the firewall, then that computer is wide open to attack from the outside. That modem is outside of the firewall and leaves a big security hole in your network.
Support and maintenance
Support and maintenance ensures that your network infrastructure is always running properly. A well maintained infrastructure is more secure than one that is not well maintained. Who supports the network and the end users and how it is done is an important part of the network security policy.
These are just a few of the issues that should be addressed in any network security policy. Of course you may have to add or delete issue points as they apply to your particular situation.
One thing that you should always keep in mind is that your policy should always remain flexible. You should always plan for the future and the changes that the future can bring. If your policy is too ridged it can hinder the growth of your organization and prevent the implementation of new technology or ideas that may actually be beneficial to your company or organization.
1.14.5 DEFAULT SECURITY POLICIES
Default security policies should enable corporatewide control over security, yet be easily adjusted. With default policies, security administrators do not have to define access policies for most users and hosts on an individual basis, but rather only by exception. This greatly simplifies the process of designing, implementing, and verifying security policies. The business reality is that while most users and hosts can fall under the same default policy, there need to be exceptions for certain classes of users or certain mission-critical machines such as file servers and database servers. User-group and host-group policies should be available to take precedence over the default policy. The following is an example of a default security policy:
Passwords - User passwords should be governed by a set of default password rules. These rules can include extensive password-syntax checks, password-exception checks, or governed by system-generated passwords that are random and not repeatable.
System Level - Initially, users always are allowed access to the system. Auto-screenlock and auto-logout protection should be provided for idle workstations. Invalid access attempts should be limited to a prescribed number.
Network Level - Initially, users should be allowed access to all network services from all machines. This can be modified to allow access (by default) only from internal corporate networks.
File and Directory Level - Users should be allowed access by default to files and directories owned only by themselves. There is no access granted to startup files (such as .login and .cshrc) and shared resources.
New - Any new files or directories added to the system are protected by default. There is no need to explicitly protect them. Note: Systems with superuser access cannot provide this level of default protection because any newly created file, program, or directory is subject to superuser attack and must be explicitly protected.
Owned By An Individual User - Users are allowed access to system resources owned only by themselves, including directories, files, scripts, and programs under their home directory.
Shared Resources - Users should be denied access to shared resources by default. Certain resources, such as the spool directories for mail, can be configured as an additional shared resource by default, or these resources can be explicitly shared using User Group policies.
Administrative Privileges - End users should be, by default, not granted administrative privileges. Administrative privileges are explicitly granted through an Administrative Privilege Delegation tool.