Maintenance of computer network and health check-Tips
Have for many companies and organizations, computer networks becomes an integral aspect of daily operations. Keep the network always available and requires a proactive monitoring and maintenance. The following tips and suggestions may contribute to a reliable network-based computer services and accessibility.
The heart of computer networks than is the server. It is here that corporate data and other mission-critical applications andServices of habitual residence. A good server should contain reliable quality components and redundant components to ensure maximum up-time A. Install always shows the latest critical updates and recommended if you use a Microsoft Windows-based operating system on your server. Ensure that the security groups and password when politics, running the Microsoft Active Directory Users and Computers. Check, check the event logs on the server regularly. Make sure you have antivirus installed applications, and untilfar.
Implement a regular on-site and off-site data backup of critical servers. Secure on-site backup media such as tapes or removable hard disks in a safe or fireproof cabinet. Network devices that are manageable, they should have ensured their configuration to a file periodically, especially before and after each change. All aspects of the network would also serve as part of your backup strategy and disaster recovery documented.
Servers and network components as criticalSwitches, routers and firewalls, everything must be connected to a UPS or UPS for short. Thus, these devices can be supplied with power with grace, in the event of unexpected power interruption. Consider desktop connected to a UPS, and reduce the risk of end-users avoid data loss.
Life Cycle of a Converged Network – during Operations and Network Optimization
Course of network
If you plan to use an MSP for ongoing operations or that are properly trained IT staff to have them in-house control, contempt for the management tools you can evaporate your ROI through network outages and costly practices troubleshooting. Software patches and updates can cause havoc in a supplier of production environment, and should always be tested first on an isolated segment with all-inclusive analysisSoftware for their impact on the network.
Most companies rely on their IP-PBX provider of management software, and, after one or two years are in use have greatly missed. Today, IPT vendors and developers can see the need for a management application, which looks at the entire network, including traffic patterns of data and applications, real-leader.
Analysis software packages are market quickly by these well-known Industry leaders such as Alcatel-Lucent and manufacturer-independent software developers. SyncVoice Communications offers VXTracker a unified management solution for network communications infrastructure.
Converged solutions for the analysis of network available, you should be considered in the planning stage and once decided, much of the experimentation, the implementation will be used, and the ongoing operation and optimization phases. Characteristics such as capacity planning,> Evaluation and network simulation, design and configuration are critical in the pre-implementation stage of your analysis software should be hardware agnostic and compatible with a variety of PBX using precise patterns of vocal activity, both before and after distribution.
Monitoring of ongoing operations, as real data QOS, missed calls and packet loss, functions of policy management and problem resolution obtained by analysis of the causes should be included inThe application, and the ability to interpret data in a series of reports.
IP address, should also be a consideration, as now, who have converged for each device – a portable computer, an IP phone, including hand-held mobile devices that are connected to a competing network in your address space. IPAM tools are also available from several vendors to optimize and simplify administration.
E 'liability for the current financial year to ensurethat the parameters were established at the design stage have been met and that the SLA agreed, whether at home or with a carrier are met. With the right Analytics solution can quickly determine both, and have not been observed in the case of ALS, but can also find out who is responsible.
Network Optimization
The same software that is used for the current year, could be decisive for the optimization phase of life IPTCycle. During the operation and optimization, the last two, they will also be done at the same time, and probably the best should be like two different professions.
IPT converged network is a dynamic company with moves, adds and changes (MAC), changing levels of performance in an organization growing. A large part of the reason for convergence is future-proof network, extends the lifespan of expensive upgrades every few years to avoid.
While muchday management is done in real time on the production of network optimization could and should be verified before the test lab. The goal of optimization is to promote the network to define new standards and improve the existing SLAs with specific objectives in mind.
With VoIP, the look and voice of the triple play IP telephony, IPT and therefore can be thought of only as an aspect of the broader field of unified communications. As companies seek toconvergence of all communications, both real and not in real time to an IP infrastructure, new applications are developed and deployed. Unified communications a variety of applications, from an audio or video, blogging, mobility, wireless ceiling VoIP, distance learning, instant messaging, wikis, applications, desktop collaboration, and presence, to name a few.
Each of these applications requires its bandwidth and class of service. And 'free for the mission of the optimizerand prepare the network for these services potentially hazardous in accordance with the allocation of resources and the necessary updates. With the right tools, planning and testing, and strict observance of the life cycle of IPT, convergence is a future proof network infrastructure to provide a wide range of business applications for the next few years.
Detection Network Sniffer
Image : http://www.flickr.com
Overview
A packet sniffer is a program or device that listens to network traffic and collects the data packets. Sometimes the question will be tapping into your network administrator for useful purposes (such as intrusion detection, performance analysis, etc.). On the other side, intruders may install malicious packet sniffer to retrieve the names of plain-text and password from the local network, or other important informationtransferred to the network.) vulnerable protocol (with plaintext passwords, Telnet, POP3 and IMAP, FTP, SMTP and NNTP auth. sniffer job because Ethernet was developed to be used. Most of the transmission networks use technology – the message a computer can read from another computer on the network. In practice, computer ignore the messages, except those that were sent directly to them) (or broadcast to all hosts on the network. However, it can be computerplaced in promiscuous mode, and made for messaging, even if it is not intended to take them – how a sniffer.
It is assumed that the computers are connected to a switch safely from a cold – but it is not true. Computers are connected to switches vulnerable to sniffers, how they connected to a hub.
How does a sniffer
A computer is connected to a LAN with 2 addresses – one is the MAC address uniquely identifies each node of aNetwork and is stored on the network adapter. The MAC address is determined by the Ethernet protocol used in the construction of frames to transmit data. The other is the IP address that is used by applications. Data Link Layer (layer 2 of the OSI model) uses an Ethernet header with the MAC address of the destination machine. The network layer (Layer 3 of the OSI model) is required is responsible for the allocation of IP network addresses to the MAC address, such as the Data LinkProtocol. Layer-3 attempts to find the MAC address of the destination machine in a table called the ARP cache. If no MAC entry for the IP address is found, the Address Resolution Protocol broadcasts a request packet (ARP request) for all machines on the network. The machine with the IP address of a response to the originating machine with its MAC address. The MAC address is added to the source machines ARP cache. The MAC address is then used by the computer in his homeCommunication with the target computer.
There are two basic types of Ethernet environments – are jointly switched on. In a shared Ethernet, all hosts connected to the same bus and compete for bandwidth. In such an environment packets destined for one machine are received by all other machines. All computers on the shared Ethernet frame to compare the destination MAC address for your account. If the two do not match, the frame is stilldiscarded. A machine running a sniffer breaks this rule and accepts all frames. Such a machine is said to have been put into promiscuous mode and listen effectively, all traffic on the network. Sniffing in a shared Ethernet environment is passive, and thus difficult to detect.
In an environment that is home to move to be connected to a switch instead of a hub. The switch keeps a table the length of each computer 's MAC address and maintain the physicalSwitch port to which the MAC address is connected. The switch is an intelligent device that transmits only the packets to the destination computer. As a result, do not collect the procedure for creating a machine in promiscuous mode, the work packages. However, this does not mean that switched networks are secure and not intercepted.
Even if a switch is more secure than a hub, you can use the following methods to intercept a pass:
· Spoofing ARP – The ARP isis stateless, you can send an ARP reply, even if no one was asked to send that reply will be accepted. For example, ARP spoofing is a technique of the network gateway. ARP caches of hosts targeted now have an incorrect entry for the gateway and be poisoned. Determined from this point on, all traffic will pass through the gateway machine sniffer. Another trick that can be used, is a poison a hosts ARP cache by using the GatewayMAC address FF: FF: FF: FF: FF: FF (also known as the broadcast MAC).
Flooding · MAC – Switches maintain a translation table, the MAC addresses of physical ports on the switch. This enables them to intelligently route packets from one host to another. The switch has a limited amount of memory for this job. MAC flooding makes use of this restriction to bombard the switch with fake MAC addresses until the switch can not keep up. The switch then enters into what is known as "failopen Mode ', then that begins as a hub to transmit packets of all computers on the network. Once this happens, it can be easily carried sniffing.
Recognition on the network sniffer
A sniffer is usually passive – which collects only the data – and it is particularly difficult to discover, when it is in a shared Ethernet. However, it is easy for a sniffer to see if it is installed on a switched network. After installation on aDo not create> a sniffer machine, a small amount of traffic – which allows detection using the following types of techniques:
· Ping-method – a ping request with the IP address of the machine suspected but not its MAC address sent. Ideally, nobody should this package as any Ethernet adapter, you can refuse because it corresponds to its MAC address. But the suspicion that the machine is running a sniffer, which will answer because it accepts all packets.
· ARPMethod – The method is based on the fact that all machines ARP cache (eg Mac) address. Here you send an ARP broadcast, so that the machine only in promiscuous mode, ARP cache our address. Subsequently, we will send a broadcast ping packet with our IP, but a different MAC address. Only a machine that has our correct MAC address from ARP cold frame, will be able to respond to our request to broadcast ping.
· On Local Host – if a machine has been compromised, a hacker can turn leftSniffer running. There are tools that can be executed, the report card if the local computer network has been stopped on the promiscuous mode.
Method · latency – based on the assumption most of the sniffer is not some kind of analysis-based, where the load on the computer. Therefore, it will take more time to respond to a ping packet. This difference in response time can be used as an indicator of whether a machine used in promiscuous mode or not.
· ARPPreventing Watch – a hacker from spoofing ARP of the door, there are utilities that are used to monitor the machine's ARP cache to determine if there is an overlap of machinery.
How to protect against sniffing
The best way to protect a network against sniffing is to use encryption. Although this does not prevent the sniffer is active, ensure that data is collected by detector dogs, un-interpretable. Even on a switched network, the possibilitiesARP spoofing is used for sniffing. The machine that the attacker ARP spoofing probably the default gateway. To avoid this, it is proposed that the MAC address of the gateway will be permanently recorded on each host ARP cache.
Other suggestions include:
· Use ssh instead of telnet.
· Use HTTPS instead of HTTP (if the page supports it).
• If concerned about privacy, e-mail, try a service like Hushmail(www.hushmail.com), which uses SSL to ensure that we read the data in motion. Also able to read Pretty Good Privacy (www.gnupg.org) for encrypting and signing e-mail to others may be used.
· Use a sniffer detector. For example, the software package PromiScan is regarded as the standard tool for the detection of nodes and is sniffing at the SANS (SysAdmin, Audit, Network, Security recommended) Institute. This is a software package for remote monitoringComputers in local area networks, network interfaces to find, in a promiscuous mode.
