|
|
|
LAN/WAN Components PCs are an integral part of the LAN, using an adaptor board, cabling, and software to access the data and devices on the network. PCs can also have dial-in access to a LAN via a modem and telephone line. The PC is the most vulnerable component of a LAN since a PC typically has weak security features, such as lack of memory protection. LAN cabling, using twisted-pair cable, thin coaxial cable, standard coaxial cable, or optical fiber provides the physical connections. Of these, fiber optics provides the most security, as well as the highest capacity. Cabling is susceptible to tapping to gain unauthorized access to data, but this is considered unlikely due to the high cost of such action. A new alternative to cabling is a wireless LAN, which uses infrared light waves or various radio frequencies (RF) for transmission. Wireless LANs, like cellular telephones, are vulnerable to unauthorized interception. Servers are dedicated computers that provide various support and resources to client workstations, including file storage, applications, data bases, and security services. In small peer-to-peer LANs, the server can function as one of the client PCs. In addition, minicomputers and mainframes can function in a true server mode. This shared processing feature is not to be confused with PCs that serve as dumb terminals to access minis and mainframes. Controlling physical access to the server is a basic LAN security issue. A network operating system is installed on a LAN server to coordinate the activities of providing services to the computers and other devices attached to the network. Unlike a single-user operating system, which performs the basic tasks required to keep one computer running, a network operating system must acknowledge and respond to requests from many workstations, managing such details as network access and communications, resource allocation and sharing, data protection, and error control. The network operating system provides crucial security features for a LAN, and is discussed more fully in a separate section below. Input/output devices (e.g., printers, scanners, faxes, etc.) are shared resources available to LAN users and are susceptible to security problems, such as sensitive output left unattended on a remote printer. A backbone LAN interconnects the small LAN work groups. This can be accomplished through the use of copper or fiber-optic cabling for the backbone circuits. Fiber optics provides a high degree of security because light signals are difficult to tap or otherwise intercept. Internetworking devices include repeaters, bridges, routers, and gateways. These are communications devices for LANs/WANs that provide the connections, control, and management for efficient and reliable Internetwork access. These devices can also have built-in security control features for controlling access. Dial-In Access A PC dial-in connection can be made directly to a LAN server. This connection can occur when a server has been fitted with a dial-in port capability. The remote PC requires communications software, a modem, a telephone line, and the LAN dial-in number to complete the connection. This access procedure invokes the LAN access control measures such as log-on/password requirements. LANs usually have specific controls for remote dial-in procedures. The remote unit used to dial-in may be any computer, including a laptop PC. A PC can remotely control a second PC via modems and commercially purchased software products such as PC Anywhere and Carbon Copy. When this second PC is cabled to a LAN, a remote connection can be made from the first PC through the second PC into the LAN. The result is access to the LAN within the limits of the user’s access controls. One example of this remote control access is when an individual uses a home computer to dial in to their office PC and remotely control the office PC to access the LAN. The office PC is left running to facilitate this connection. It should be noted that the LAN may not have the capability to detect that a remote-control session is taking place. Dial-in capabilities dramatically increase the risk of unauthorized access to the system, thereby requiring strong password protection and other safeguards, such as call-back devices, which are discussed later. Topology The topology of a network is the way in which the PCs on the network are physically interconnected. Network devices can be connected in specific patterns such as a bus, ring, or star or some combination of these. The name of the topology describes its physical layout. PCs on a bus network send data to a head-end retransmitter that rebroadcasts the data back to the PCs. In a ring network, messages circulate the loop, passing from PC to PC in bucket-brigade fashion. An example is IBM’s Token-Ring network, which uses a special data packet called a “token.” Only one token exists on the network at any one time, and the station owning the token is granted the right to communicate with other stations on the network. A predefined token-holding time keeps one user from monopolizing the token indefinitely. When the token owner’s work is completed or the token-holding time has run out, the token is passed to the next user on the ring. In a star configuration, PCs communicate through a central hub device. Regarded as the first form of local area networking, the star network requires each node to have a direct line to the central or shared hub resource. LAN topology has security implications. For example, in sending a data from one user to another, the star topology sends it directly through the hub to the receiver. In the ring and bus topologies, the message is routed past other users. As a result, sensitive data messages can be intercepted by these other uses in these types of topologies.
|