New Page 1

Hot and Cold Sites

Hot Site – The primary operation site; this is where the network actually exists, on a daily basis.

Cold Site – A backup location, with redundant equipment and resources, which can become hot should the primary site become unavailable (as in a disaster).

Benefits
- Allows work to continue, even in a disaster, thus still striving for that 99.999% uptime goal.
- Provides a development site, available for testing, or for some shared critical resources.
Disadvantages
- It’s expensive.
- Cold sites typically are designed only for temporary work.

Planning for Redundancy

When setting up your network with an eye towards redundancy, there are many key areas to consider, whether everyday components, spare parts on hand, or fault-tolerant technology:

Hard drives
Power supplies
Cooling fans
NICs
Multiple processors
UPSs
Backup generators
Cluster servers

3.7 Given a remote connectivity scenario (e.g., IP, IPX, dial-up, PPPoE, authentication, physical connectivity etc), configure the connection.

This objective looks very much like the one you'll encounter later in 4.3, but the key here may be in the examples. Here, you are troubleshooting remote connectivity problems a remote user is encountering, but WAN protocols are specified. You'll still need to determine the symptoms and how many users or portions of your wider network are affected. You still should check for physical connection issues, and what in the environment has changed since connections were possible before (assuming they were possible). However, in this objective, network configuration settings on the remote station will be somewhat more important; bear in mind when which protocols are appropriate and the various authentication issues that can arise.

3.8 Identify the purpose, benefits, and characteristics of using a firewall.

As we discussed in Objective 2.10, a firewall marks the difference between a public and private network. Realizing that your network is actually part of the larger Internet, anything behind the firewall (namely, your network) is a private network. Anything in front of it is a public network. Just as a structural firewall protects anything behind it from any fire that might start in front of it, a network firewall keeps intruders (hackers, clumsy surfers, corporate spies, etc) that might approach from in front of it from getting to the network behind it.

A firewall is usually hardware, software, or a combination of the two that marks the boundary between your “private” network and the part of the Internet—which may even include part of your overall network—that remains “public.”

How Intruders Get In

Logging on – Using stolen network login/password credentials.
Backdoors – A logically hidden access to a program, computer, or network, written directly into the code.
SMTP session hijacking – The same way e-mail is accessed over the Internet. This is where spam can come from.
Spam - Electronic junk mail.
Denial of service – This is what happens when a server responds to far too many requests for access only to discover it can’t find the server that sent the requests. Hackers can inundate a server with these unanswerable session requests, which will cause the server’s performance to slow to a crawl. Eventually the server will crash.
Redirect bombs – One way to set up a denial of service attack. Hackers can use ICMP to redirect the path that packets take by designating a different router.
E-mail bombs – This is when the email service receives the same e-mail hundreds or thousands of times, until the e-mail server is overwhelmed.
Macros - A script used by hackers that can destroy data or crash a computer.
Viruses - A small application that can make copies of itself, and even “morph” or change its own code, and then spread to other computers.
Source routing - This is one example of how hackers take something that normally is a good thing and twist it. Usually, a packet will travel along the Internet along a route determined by routers and gateways it encounters along the way. The source provided to the packet can be arbitrarily changed so that the routers can always choose the best route to the packet’s destination. It’s here that savvy hackers can take advantage of this good technology and turn it bad by changing the source information to make it appear it came from a trusted source.

Firewalls cannot protect against all forms of intrusion. For instance, a firewall will allow anyone with a correct login and password access to the network. Obviously, the firewall has no way of knowing if the user to whom that login and password have been assigned is actually the user logging in at any given time. Also, while some firewalls offer virus protection, it is a far better practice to install anti-virus software on each computer and then keep the anti-viral signatures up to date. And spam is going to happen so long as you accept e-mail.

A firewall can minimize those threats against which it is able to protect the network. How effective a firewall will be will depend on how it is configured.

The highest level of security would be to block everything, which obviously defeats the purpose of having a network, not to mention a firewall, in the first place. The second level is to start with the first level and limit access from there.