1 Unit 07 - Computer NetworksOCR Cambridge TEC - Level 3 Certificate/Diploma IT

2 Scenario LO1 LO2 LO3 LO4 Scenario Cube Systems have been approached to present skills required to ensure a network security solution within a primary school. The unit explores the knowledge and understanding of the functions of hardware and software components, the purpose, connections and connection devices and why network security is important. Networks are used not only in large organisations but in small businesses and homes. Learners will understand the types of network and the principles across LAN and WANs. They will understand the options for wired and wireless networks and the and appreciate the benefits and risks to businesses of a network. You will investigate and find the answers to during this assignment. The tasks that you complete will involve you using ICT to present your findings within a selection of business reports. The learning outcomes of the unit are for you to: Know types of network systems and protocols Understand the key components used in networking Know the services provided by network systems Be able to make networked systems secure Cube Systems have been employed to explain a network solution to the management team at a primary school in the local area with a view to setting up, installing and protecting their network and information stored. The working network needs to: Connect up to 200 computers, printers and shared resources in different computer suites a central network pool for information the capability of adding their media suite of Apples to this network on a restricted access basis. Long-term  a working intranet accessible off site where network drive files can be accessed Currently they have two sites (upper and lower) that are not connected physically. 100 workstations in the student areas across both sites 50 base unit computers in the administration and staffing areas 25 laptops in separate laptop cabinets 25 Apple G4’s in the media suites 20 shared printers across the two buildings  10 of which are accessible to students with network capabilities AND 1 networkable colour printer in their library in the upper primary site

3 Unit 07 - Computer NetworksComputer Network Systems LO1 - Know types of network systems and protocols

4 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Assessment Scenario Cube Systems have been employed to explain a network solution to the management team at a primary school in the local area with a view to setting up, installing and protecting their network and information stored. The working network needs to: Connect up to 200 computers, printers and shared resources in different computer suites a central network pool for information the capability of adding their media suite of Apples to this network on a restricted access basis. Long-term  a working intranet accessible off site where network drive files can be accessed Currently they have two sites (upper and lower) that are not connected physically. 100 workstations in the student areas across both sites 50 base unit computers in the administration and staffing areas 25 laptops in separate laptop cabinets 25 Apple G4’s in the media suites 20 shared printers across the two buildings  10 of which are accessible to students with network capabilities AND 1 networkable colour printer in their library in the upper primary site In this section of the unit, you will research: Different network systems and protocols Network protocols and standards - research the different network systems and protocols

5 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Assessment Criteria The suggested scenario is that learners have been employed to explain a possible network solution to a business client (primary school) P1 - Describe the types of networks available and how they relate to particular network standards and protocols M1 - Compare the benefits and disadvantages of peer-to-peer network and client/server networks P1 - The learner will need to describe the different types of networks and how the protocols and standards relate to the network. This could be evidenced as a report and diagrams to explain networks and standards may assist with the evidencing. For assessment criterion M1 The learners will need to look compare and contrast the different network standards and protocols and for a range of different standards including wireless. This may be presented as an expansion of the work produced for P1

6 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Areas to Cover Focusing on the use computer networks within a school environment, you need to provide evidence for the following 9 tasks within this case study: Types of Network WAN Information Transfers Network Topologies Network Access Methods Network Access Models Client Server Network Network Layer Protocols Network Connections Application Layer Protocols

7 Assessment Tasks Assessment Outcome - P1Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Assessment Tasks Assessment Outcome - P1 Task 1 (P1.1) - Describe the 3 different types of networks Task 3 (P1.2) - Describe with examples WAN information transfer technologies Task 4 (P1.3) - Describe how the 5 different network topologies work and how they transfer information Task 6 (P1.4) - Describe how the 2 different network access methods work and how they transfer information Task 8 (P1.5) - Describe how the 2 different network access methods work and how they transfer information (HARDWARE) Task 10 (P1.6) - Describe what a Client Server network is and the technical hardware necessary to provide internal and external access Task 12 (P1.7) - Describe the technologies behind the Network Layer Protocols Task 13 (1.8) - Describe what the following network connections are - Bluetooth, Wi-Fi and 3G/4G Task 14 (P1.9) - Describe what the functions are for the following application layers - DNS, DHCP, HTTP, FTP and SMTP

8 Assessment Tasks Assessment Outcome - M1Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Assessment Tasks Assessment Outcome - M1 Task 2 (M1.1) - Suggest and justify a network system type and workstation purchase that will suit the needs of your client and describe the benefits and drawbacks of this network Task 5 (M1.2) - Suggest and justify a network topology for your client and describe the benefits and drawbacks of this topology Task 7 (M1.3) - Suggest and justify the benefits and drawbacks of the internal network access methods for the client and users Task 9 (M1.4) - Suggest and justify the benefits and drawbacks of the external network access methods for the client and users Task 11 (M1.5) - Suggest and justify the benefits and drawbacks of operating a Client Server network for the client and users

9 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 1 - Types of Network There are three main types of networks that companies use: Local Area Network (LAN) Wide Area Network (WAN)  Internet, technologies (frame relay, MPLS, ATM) Personal Area Network (PAN) Each of these Network systems has their own uses within a business environment and each have their own merits for the client/user. The choice of these is dependent on the size of the company, the need for security, the physical layout and proposed intent of use. Even after years of network developments, the need for these layouts and protocols have not changed. Task 1 (P1.1) - Describe the 3 different types of networks Describe how information is transferred around the system in terms of information flow For your client, they will need to connect all the machines in both buildings with a secure network layout with a system that links and shares files. They will need to share resources across these systems but have different levels of use for teachers, students, etc... Task 2 (M1.1) - Suggest and justify a network system type and workstation purchase that will suit the needs of your client and describe the benefits and drawbacks of this network

10 1 - Types of Network (LAN)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 1 - Types of Network (LAN) Networked computers linked by cables. DISTRIBUTED SYSTEMS Networks were developed allowing standalone computers to communicate with each other through cabling. LANs allow local network access allow global network access (such as to the Internet) by linking back to a network server. Processing is carried out both centrally on a ‘server’ and on the computers. These computers can either be base Units(machines with storage) or workstations (thin client). Different types of cabling allows communication between computers e.g. Star, linear, ring.

11 1 - Types of Network (LAN)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 1 - Types of Network (LAN) A Local Area Network (LAN) is a network that is confined to a relatively small area. It is generally limited to a geographic area such as a writing lab, school, or building. Rarely are LAN computers more than a mile apart. In a typical LAN configuration, one computer is designated as the file server. It stores all of the software that controls the network, as well as the software that can be shared by the computers attached to the network. Computers connected to the file server are called workstations. The workstations can be less powerful than the file server, and they may have additional software on their hard drives. On many LANs, cables are used to connect the network interface cards in each computer; other LANs may be wireless. All non wireless devices are connected along the cabling and information flows along that line through direct or an indirect path if the path is blocked or busy like water would flow through inter-connected pipes. Directing this traffic are hubs, routers and servers.

12 1 - Types of Network (WAN)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 1 - Types of Network (WAN)

13 1 - Types of Network (WAN)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 1 - Types of Network (WAN) Wide Area Networks (WANs) connect larger geographic areas, such as Florida, the United States, or the world. Dedicated transoceanic cabling or satellite uplinks may be used to connect this type of network. Using a WAN, schools in Florida can communicate with places like Tokyo in a matter of minutes, without paying enormous phone bills. These are usually dedicated or protected lines that separate the system from the Internet lines. A WAN is complicated. It uses multiplexers to connect local and metropolitan networks to global communications networks like the Internet. To users, however, a WAN will not appear to be much different than a LAN except for geographical location and speed of use.

14 1 - Types of Network (PAN)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 1 - Types of Network (PAN) Each device attempts to join the wireless PAN by requesting a time slot from the controller. The controller authenticates the devices and assigns time slots for each device to transmit data. The data may be sent to the entire wireless PAN using the wireless PAN destination address, or it may be directed to a particular device.

15 1 - Types of Network (PAN)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 1 - Types of Network (PAN) PAN Network - is a computer network organized around an individual person. Personal area networks typically involve a mobile computer, a cell phone and/or a handheld computing device such as a PDA. You can use these networks to transfer files including and calendar appointments, digital photos and music. Personal area networks can be constructed with cables or wirelessly. USB and FireWire technologies often link together a wired PAN while wireless PANs typically use Bluetooth or sometimes infrared connections. Bluetooth PANs are also called piconets. Personal area networks generally cover a range of less than 10 meters (about 30 feet) Unlike with wireless LANs, only devices within this limited area typically participate in the network, and no online connection with external devices is defined. One device is selected to assume the role of the controller during wireless PAN initialization, and this controller device mediates communication within the WPAN. The controller broadcasts a beacon that lets all devices synchronize with each other and allocates time slots for the devices.

16 2 - WAN Information TransfersScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 2 - WAN Information Transfers Transferring information within a WAN network is done through systems of small bytes send in sequence so the computer receiving the information can understand and have time to decipher the information as it is being sent. This is called Packet Switching. WAN particularly deals with these packets in a number of ways depending on how the network manager has constructed the network layers and protocols. One system is necessary, everything else will evolve around that packet switching method when that decision is made. Task 3 (P1.2) - Describe with examples WAN information transfer technologies X.25 and Frame Relay MPLS ATM

17 2 - WAN Information TransfersScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 2 - WAN Information Transfers X.25 is an analog, packet-switched technology designed for long-distance data transmission and standardized by the ITU. The original standard for X.25 specified a maximum of 64-Kbps throughput, but by 1992 the standard was updated to include maximum throughput of Mbps. It was originally developed as a more reliable alternative to the voice telephone system for connecting mainframe computers and remote terminals. Later it was adopted as a method of connecting clients and servers over WANs. Frame relay is an updated, a digital version of X.25 that also relies on packet switching. ITU and ANSI standardised frame relay in Frame relay protocols operate at the Data Link layer of the OSI model and can support multiple different Network and Transport layer protocols. The name is derived from the fact that data is separated into frames rather than packets, which are then relayed from one node to another without any verification or processing.

18 2 - WAN Information TransfersScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 2 - WAN Information Transfers MPLS is a type of switching, MPLS (multiprotocol label switching), was introduced by the IETF in As its name implies, MPLS enables multiple types of layer 3 protocols to travel over any one of several connection-oriented layer 2 protocols. IP addressing is the most commonly used layer 3 protocol, and so MPLS most often supports IP. MPLS can operate over Ethernet frames, but is more often used with other layer 2 protocols, like those designed for WANs. In fact, one of its benefits is the ability to use packet- switched technologies over traditionally circuit switched networks. MPLS can also create end-to-end paths that act like circuit-switched connections. ATM - (Asynchronous Transfer Mode) functions in the Data Link layer. Its ITU standard prescribes both network access and signal multiplexing techniques. Asynchronous refers to a communications method in which nodes do not have to conform to any predetermined schemes that specify the timing of data transmissions. In ATM communications, a node can transmit at any instant, and the destination node must accept the transmission as it comes. To ensure that the receiving node knows when it has received a complete frame, ATM provide start and stop bits for each character transmitted. When the receiving node recognizes a start bit, it begins to accept a new character. When it receives the stop bit for that character, it ceases to look for the end of that character’s transmission. ATM data transmission, therefore, occurs in random stops and starts.

19 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 3 - Network Topologies A topology is the shape or configuration of the network i.e. the way nodes are connected. The different types of topology depends on the geographic, physical and capable layouts of the space it is installed and each has their own benefits. Topologies are considered logical or physical topologies e.g. star, bus, ring, mesh, tree. Task 4 (P1.3) - Describe how the 5 different network topologies work and how they transfer information Task 5 (M1.2) - Suggest and justify a network topology for your client and describe the benefits and drawbacks of this topology Star Bus Mesh Tree Ring

20 3 - Network Topologies (STAR)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 3 - Network Topologies (STAR) A star topology is a network set out in the shape of a star, branching from one central fibre to the others. A star topology is designed with each node (file server, workstations, and peripherals) connected directly to a central network hub, switch, or concentrator Data on a star network passes through the hub, switch, or concentrator before continuing to its destination. The hub, switch, or concentrator manages and controls all functions of the network. It also acts as a repeater for the data flow. This configuration is common with twisted pair cable / however, it can also be used with coaxial cable or fiber optic cable. Advantages of a Star Topology Easy to install and wire. No disruptions to the network when connecting or removing devices. Easy to detect faults and to remove parts. Disadvantages of a Star Topology Requires more cable length than a linear topology. If the hub, switch, or concentrator fails, nodes attached are disabled. More expensive than linear bus topologies because of the cost of the hubs, etc...

21 3 - Network Topologies (BUS)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 3 - Network Topologies (BUS) A linear bus topology consists of a main run of cable with a terminator at each end. All nodes (file server, workstations, and peripherals) are connected to cable. Using T junctions, more machines and peripherals can be added to the main line of cable. Information is sent down the cable to the router if the cable is long, or the server is the system is short where the information is dealt with. This relies heavily on the speed and function of the main trunk line. Similar to a real bus, information can step off along the line when it reaches its destination or can continue to the server (main depot) where it then gets sent back down the line to its destination like a print job coming out of a printer. Advantages of a Linear Bus Topology Easy to connect a computer or peripheral to a linear bus. Requires less cable length than a star topology. Disadvantages of a Linear Bus Topology Entire network shuts down if there is a break in cable. Terminators are required at both ends of the backbone cable. Difficult to identify the problem if the entire network shuts down. Not meant to be used as a stand-alone solution in a large building.

22 3 - Network Topologies (MESH)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 3 - Network Topologies (MESH) Mesh Network is a network where all the nodes are connected to each other and is a complete network. In a Mesh Network every node is connected to other nodes on the network through hops  single or multiple hops While the data is travelling on the Mesh Network it is automatically configured to reach the destination by taking the shortest route which means the least number of hops. Data travels by hopping from one node to another and then reaches the destination node in a Mesh Topology Network  There are so many possible combinations of routes and hops a data transfer can take that it will reach the destination one way or the other. Advantages of a Mesh Topology If one cable breaks, the network can use an alternative route to deliver its packets. Has lesser chances of a network breakdown. Disadvantages of a Mesh Topology Mesh networks are not very practical in a LAN setting. For example, to network eight computers in a mesh topology, each computer would have to have seven network interface cards, and 28 cables would be required to connect each computer to the seven other computers in the network. Obviously, this scheme isn’t very scalable.

23 3 - Network Topologies (TREE)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 3 - Network Topologies (TREE) A tree topology combines characteristics of linear bus and star topologies. It consists of groups of star-configured workstations connected to a linear bus backbone cable. Tree topologies allow for the expansion of an existing network, and enable companies to configure a network to meet their needs. Tree networks are usually made out of necessity, more machines in one room, printers in another etc… and a combination of different technologies usually exist until something better comes along. Advantages of a Tree Topology Point-to-point wiring for individual segments. Supported by several hardware and software companies. Disadvantages of a Tree Topology Overall length of each segment is limited by the type of cabling used. If the backbone line breaks, the entire segment goes down. More difficult to configure and wire than other topologies.

24 3 - Network Topologies (RING)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 3 - Network Topologies (RING) A Ring Topology network is a localised network joined by a central line that forms a loop. Information can find its way around the loop in either direction as long as there is an unbroken line. Computers can be joined to the loop through T junctions of drop cables as can additional devices. This makes everything localised and is usually formed on a single room or bank of computers. The smaller the ring, the quicker information can pass to the relevant point. This also allows computers to act as individual servers like an server or print server. Advantages of a Ring Network Information can flow both ways around the ring in order to reach its goal. One of the easier networks to set up and easy to add additional devices to. System is localised so there is less cabling. Disadvantages of a Ring Network Loop needs to be completed or terminated at one end. A break in the cable brings the whole thing down. File server needs to be localised or the ring joined to the trunk line.

25 4 - Network Access MethodsScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment A protocol is a set of rules that enables effective communications to occur. We encounter protocols every day. In computer terms network access and protocols work along the same line. Task 6 (P1.4) - Describe how the 2 different network access methods work and how they transfer information Task 7 (M1.3) - Suggest and justify the benefits and drawbacks of the internal network access methods for the client and users CSMA Token Passing For example, when you pay for groceries with a check, the clerk first tells you how much the groceries cost. You then write a check, providing information such as the date, the name of the grocery store, the amount written with numerals and spelled out, and your signature, and you give the check to the clerk. The clerk accepts the check and asks to see your driver’s license. You show the clerk your driver’s license, and the clerk looks at it, looks at you, looks at your driver’s license again, writes the driver’s license number on the check, asks whether you’ve gained some weight since the picture was taken, and then accepts the check. Here’s another example of an everyday protocol: making a phone call. You probably take most of the details of the phone calling protocol for granted, but it’s pretty complicated if you think about it: When you pick up a phone, you have to listen for a dial tone before dialling the number. If you don’t hear a dial tone, you know that either (1) someone else in your family When you hear the dial tone, you initiate the call by dialling the number of the party you want to reach. If the person you want to call is in the same area code as you, most of the time you simply dial that person’s seven digit phone number. If the person is in a different area code, you dial a one, the five- digit dialling code, and the person’s six-digit phone number. If you hear a series of long ringing tones, you wait until the other person answers the phone. If the phone rings a certain number of times with no answer, you hang up and try again later. If you hear a voice say, “Hello,” you can begin a conversation with the other party. If the person on the other end of the phone has never heard of you, you say, “Sorry, wrong number,” hang up, and try again. If you hear a voice that rambles on about how they’re not home but they want to return your call, you wait for a beep and leave a message. Etc. Etc.

26 4 - Network Access Methods (CSMA)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 4 - Network Access Methods (CSMA) The OSI model breaks the various aspects of a computer network into seven distinct layers. These layers are kind of like the layers of an onion: Each successive layer envelops the layer beneath it, hiding its details from the levels above. The OSI model is also like an onion in that if you start to peel it apart to have a look inside, you’re bound to shed a few tears. The OSI model is not a networking standard in the same sense that Ethernet and Token Ring are networking standards. Rather, the OSI model is a framework into which the various networking standards can fit. The OSI model specifies what aspects of a network’s operation can be addressed by various network standards. So, in a sense, the OSI model is sort of a standard of standards. The first three layers are sometimes called the lower layers  They deal with the mechanics of how information is sent from one computer to another over a network. Layers 4 through 7 are sometimes called the upper layers  They deal with how applications relate to the network through application interfaces.

27 4 - Network Access Methods (CSMA  the 7 Layers)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 4 - Network Access Methods (CSMA  the 7 Layers) The bottom layer of the OSI model is the Physical layer and addresses the physical characteristics of the network, such as the types of cables used to connect devices, the types of connectors used, how long the cables can be, etc. For example, the Ethernet standard for 10BaseT cable specifies the electrical characteristics of the twisted-pair cables, the size and shape of the connectors, the maximum length of the cables, and so on. The star, bus, ring, and mesh network topologies in Task P1.1 apply to the Physical layer. The Data Link layer is the lowest layer at which meaning is assigned to the bits that are transmitted over the network. Data link protocols address things such as the size of each packet of data to be sent, a means of addressing each packet so that it’s delivered to the intended recipient, and a way to ensure that two or more nodes don’t try to transmit data on the network at the same time. The Data Link layer also provides basic error detection and correction. The Network layer handles the task of routing network messages from one computer to another. The two most popular layer 3 protocols are IP (which is usually paired with TCP) and IPX (normally paired with SPX for use with Novell and Windows networks). The Transport layer is the layer where you’ll find two of the most well-known networking protocols: TCP (normally paired with IP) and SPX (normally paired with IPX). As its name implies, the Transport layer is concerned with the transportation of information from one computer to another. The main purpose of the Transport layer is to ensure that packets are transported reliably without errors. The Transport layer does this task by establishing connections between devices, acknowledging the receipt of packets, and resending packets that are not received or are corrupted when they arrive.

28 4 - Network Access Methods (CSMA  the 7 Layers)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 4 - Network Access Methods (CSMA  the 7 Layers) The Session layer establishes conversations known as sessions between networked devices. Each of these transmissions is handled by the Transport layer protocol. The session itself is managed by the Session layer protocol. A single session can include many exchanges of data between the two computers involved in the session. After a session between two computers has been established, it is maintained until the computers agree to terminate the session. The Presentation layer is responsible for how data is represented to applications. Most computers including Windows, UNIX, and Macintosh computers use the American Standard Code for Information Interchange (ASCII) to represent data. However, some computers (such as IBM mainframes) use a different code, which is not compatible with each other. To exchange information between a mainframe computer and a Windows computer, the Presentation layer must convert the data from ASCII to the other language and vice versa. The Presentation layer can also apply compression techniques so that fewer bytes of data are required to represent the information when it’s sent over the network. At the other end of the transmission, the Presentation layer then uncompressed this data. The Application layer, deals with the techniques that application programs use to communicate with the network. Application programs such as Microsoft Office aren’t a part of the Application layer. Rather, the Application layer represents the programming interfaces that application programs such as Microsoft Office or Adobe products use to request network services. Some of the better-known Application layer protocols are DNS (Domain Name System) for resolving Internet domain names. FTP (File Transfer Protocol) for file transfers. SMTP (Simple Mail Transfer Protocol) for etc.

29 4 - Network Access Methods (Token Passing)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 4 - Network Access Methods (Token Passing) In CSMA/CD and CSMA/CA the chances of collisions are there. As the number of hosts in the network increases, the chances of collisions also will become more. In token passing, when a host want to transmit data, it should hold the token, which is an empty packet. The token is circling the network in a very high speed. If any workstation wants to send data, it should wait for the token. When the token has reached the workstation, the workstation can take the token from the network, fill it with data, mark the token as being used and place the token back to the network. This benefits a network because it means information is shared and queued, when one machine is ready and ahs been waiting it will get the basket and pass on the information in a first come, first serve basis. This can be seen like a printer waiting t print you network job when others are ahead of you. Your network takes the next token and when it is your turn it then gets its place in the queue while you get on with the other jobs that need doing.

30 5 - Network Access ModelsScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 5 - Network Access Models This is referring to the hardware necessary to provide external access. Task 8 (P1.5) - Describe how the 2 different network access methods work and how they transfer information (HARDWARE) Task 9 (M1.4) - Suggest and justify the benefits and drawbacks of the external network access methods for the client and users TCP/IP Peer-to-Peer

31 5 - Network Access Models (TCP/IP)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 5 - Network Access Models (TCP/IP) The TCP/IP family uses four layers while ISO OSI uses seven layers as shown in the figure above. The TCP/IP and ISO OSI systems differ from each other significantly, although they are very similar on the network and transport layers. Except for some exceptions like SLIP or PPP, the TCP/IP family does not deal with the link and physical layers. Therefore, even on the Internet, we use the link and physical protocols of the ISO OSI model. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP.

32 5 - Network Access Models (TCP/IP)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 5 - Network Access Models (TCP/IP) TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently, they'll be reassembled at the destination. TCP/IP uses the client/server model of communication in which a user (a client) requests a service (such as sending a Web page) from another user (a server) in the network. TCP/IP communication is primarily point-to-point, meaning each communication is from one point (or host computer) in the network to another point or host computer. TCP/IP and the higher-level applications that use it are collectively said to be "stateless" because each client request is considered a new request unrelated to any previous one

33 5 - Network Access Models (Peer-to-Peer)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 5 - Network Access Models (Peer-to-Peer) A workgroup or peer-to-peer network is one in which all computers on the network can pool their resources together. Each individual computer usually retains its control over files, folders, and applications; however, every computer on the network can use another’s printer, scanner, CD drive, and so on. Workgroup networks contain a small number of computers. Workgroups can be made up of 2, 5, or even 10 computers. It is important to note that the more computers in the workgroup, the slower the network may run. A workgroup network is easy to maintain and set up. It’s also cost effective, especially for home network use. A wide range of cabling and networking solutions are available for your home network. Some solutions provide fast and powerful networking; others offer slower connections yet reliable service. You might want to use a workgroup network in your small business. It can be efficient if you keep the network small—ten or fewer computers. In an office situation, people will access the computers and the network more than in a home situation; therefore, network traffic is likely to be higher than in the home as well. Consider building a workgroup network with an eye toward upgrading to a client/server network in the near future, especially if you’ll be adding more computers to the network.

34 5 - Network Access Models (Peer-to-Peer)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 5 - Network Access Models (Peer-to-Peer) Benefits of peer-to-peer networks Drawbacks of peer-to-peer networks It is easier to set up and use than a network with a dedicated server. Peer-to-peer networks rely on the limited network server features that are built into Windows, such as share files and devices. Network Wizard can configure a basic network automatically. They can be less expensive than server-based networks. Peer-to-peer networks don’t require a dedicated server, as any computer can function as both a network server and a user’s workstation. Peer-to-peer networks are easier to set up and use, which means that you can spend less time figuring out how to make the network work and keep it working. The operating system itself, either NetWare and Windows Server can cost as much as £160 per user. And the total cost increases as your network grows, although the cost per user drops. Because peer-to-peer networks are Windows-based, they’re subject to the inherent limitations of Windows. Windows is designed primarily to be an operating system for a single-user, desktop computer rather than function as part of a network, so Windows can’t manage a file or printer server as efficiently as a real network operating system. If you don’t set up a dedicated network server, someone may have to live with the inconvenience of sharing his or her computer with the network.. The cost difference between peer-to-peer networks and NetWare or Windows Server is less significant in larger networks (say, ten or more clients). Peer-to-peer networks don’t work well when your network starts to grow. Peer-to-peer servers just don’t have the security or performance features required for a growing network.

35 6 - Client Server NetworkScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 6 - Client Server Network Server computers are the lifeblood of any network. Servers provide the shared resources that network users crave, such as file storage, databases, , Web services, and so on. Choosing the equipment you use for your network’s servers is one of the key decisions you’ll make when you set up a network. In this section, I describe some of the various ways you can equip your network’s servers. In some networks, a server computer is a server computer and nothing else. This server computer is dedicated solely to the task of providing shared resources, such as hard drives and printers, to be accessed by the network client computers. Such a server is referred to as a dedicated server because it can perform no other task besides network services. A network that relies on dedicated servers is sometimes called a client/server network. Dedicated servers can have more than one function but as networks expand servers tend to have a single use, file server, Intranet, Mail server, Http server, admin server, student server, backup server etc. Task 10 (P1.6) - Describe what a Client Server network is and the technical hardware necessary to provide internal and external access Task 11 (M1.5) - Suggest and justify the benefits and drawbacks of operating a Client Server network for the client and users

36 6 - Client Server NetworkScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 6 - Client Server Network Benefits Drawbacks Scalability: Scalability refers to the ability to increase the size and capacity of the server computer without unreasonable hassle. Reliability: The old adage “you get what you pay for” applies especially well to server computers. Availability: This concept of availability is closely related to reliability. Service and support: Service and support are factors often overlooked when picking computers. System security Sharing resources Backup procedures Expensive Benefits Scalability: Scalability refers to the ability to increase the size and capacity of the server computer without unreasonable hassle. It is a major mistake to purchase a server computer that just meets your current needs because, you can rest assured, your needs will double within a year. If at all possible, equip your servers with far more disk space, RAM, and processor power than you currently need. Reliability: The old adage “you get what you pay for” applies especially well to server computers. Why spend $3,000 on a server computer when you can buy one with similar specifications at a discount electronics store for $1,000? One reason is reliability. When a client computer fails, only the person who uses that computer is affected. When a server fails, however, everyone on the network is affected. The less expensive computer is probably made of inferior components that are more likely to fail. Availability: This concept of availability is closely related to reliability. When a server computer fails, how long does it take to correct the problem and get the server up and running again? Server computers are designed so that their components can be easily diagnosed and replaced, thus minimizing the downtime that results when a component fails. In some servers, components are hot swappable, which means that certain components can be replaced without shutting down the server. Some servers are designed to be fault-tolerant so that they can continue to operate even if a major component fails. Service and support: Service and support are factors often overlooked when picking computers. If a component in a server computer fails, do you have someone on site qualified to repair the broken computer? If not, you should get an on-site maintenance contract for the computer. Don’t settle for a maintenance contract that requires you to take the computer in to a repair shop or, worse, mail it to a repair facility. You can’t afford to be without your server that long. Drawbacks A large disadvantage to being a member of a network is system security. You don’t want a child to accidentally delete or modify data in an accounting file, for example. When you’re sharing your equipment (such as a printer or Zip drive) over a network, you take the chance that the equipment won’t be readily available when you need it. Say a student just sent a 24-page color document to a networked inkjet printer. You’ll have to wait your turn to print, and that could take awhile, depending on the network setup, printer speed, and so on. Additionally, sharing files and applications can cause problems if two people want to use a file at the same time. Some applications are built for more than one user to use program files at the same time; others are not. Security of your files can be a slight problem on a workgroup network. You do, however, have the option of not sharing all your files and folders. You can choose only those folders to which you want to grant access and share them. Security issues are more serious in a business environment than in your home network. Sensitive files and data (salaries, for example) must be private from the general population. Another disadvantage is backing up the computer. With workgroup networking, each computer user is responsible for his or her own backups. Perhaps not every user will need a backup of the data on his or her computer; however, each user should understand the importance of backups and understand how. And expense, a network server can cost several hundred, additional hard drives, backup software and hardware and a lot of extra cabling all cost.

37 7 - Network Layer ProtocolsScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 7 - Network Layer Protocols Several LAN systems have been created independently from each other. Ethernet II is still used. Some years ago, the Institute of Electrical and Electronics Engineers (IEEE) came up with a project. The aim of this project was to unify existing initiatives and work out standards for particular LAN types (e.g. Ethernet, Arcnet, Token Ring, etc). These standards described the Media Access Control (MAC) layer for each type. The IEEE standard was created for Ethernet, IEEE for Token Bus, IEEE for Token Ring, and so on. Task 12 (P1.7) - Describe the technologies behind the Network Layer Protocols Discuss the advantages and disadvantages of each Protocol within a school environment TCP/IP Appletalk UDP FDDI 802 Standards

38 7 - Network Layer ProtocolsScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 7 - Network Layer Protocols Transmission Control Protocol (TCP): Provides reliable connection oriented transmission between two hosts. TCP establishes a session between hosts, and then ensures delivery of packets between the hosts. Internet Protocol (IP): A routable protocol that uses IP addresses to deliver packets to network devices. IP is an intentionally unreliable protocol, so it doesn’t guarantee delivery of information. It works on the Network layer of the TCP and communicates with these devices to provide a function, printing, internet access, file access, communication. It does not operate applications but initiates communication. AppleTalk - Apple computers have their own suite of network protocols known as AppleTalk because of the language barrier between operating systems and hardware differences. The AppleTalk suite includes a Physical and Data Link layer protocol called LocalTalk, but can also work with standard lower level protocols, including Ethernet and Token Ring.

39 7 - Network Layer ProtocolsScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 7 - Network Layer Protocols The User Datagram Protocol (UDP) is a connectionless transport layer that is used when the overhead of a connection is not required. After UDP has placed a packet on the network (via the IP protocol), it forgets about it. UDP doesn’t guarantee that the packet actually arrives at its destination. Most applications that use UDP simply wait for any replies expected as a result of packets sent via UDP. If a reply doesn’t arrive within a certain period of time, the application either sends the packet again or gives up. The best-known application layer protocol that uses UDP is DNS (Domain Name System). When an application needs to access a domain name such as DNS sends a UDP packet to a DNS server to look up the domain. When the server finds the domain, it returns the domain’s IP address as another UDP packet. FDDI - Fibre Distributed Data Interface, a 100Mbps network standard used with fibre-optic backbone. When FDDI is used, FDDI/Ethernet bridges connect Ethernet segments to the backbone. Fibre optic cabling and fibre optic data management is expensive but it manages large networks and traffic at a far faster speed. The FDDI cards manage the information transfer rate along those lines, sending on further information when the router or server receives the first sections.

40 7 - Network Layer ProtocolsScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 7 - Network Layer Protocols A joint standard, IEEE 802.2, was created for the Logical Link Control (LLC) layer of all systems. In other words, the LAN link layer has been divided into two sub-layers. The bottom MAC layer - partially overlapping the physical layer - deals with access to the communication medium The top LLC layer enables you to initiate, administer, and terminate logical connections between individual LAN stations.

41 7 - Network Layer ProtocolsScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 7 - Network Layer Protocols 802.3 or Ethernet - Ethernet has been around in various forms since the early 1970s. The current incarnation of Ethernet is defined by the IEEE standard known as Ethernet operate at different speeds and use different types of media. However, all the versions are compatible with each other, so you can mix and match them on the same network by using devices such as bridges, hubs, and switches to link network segments. This is pretty much the standard used in computers, speeds vary but the technology stays the same. This is the network card that pushes the technology behind Token Rings. The card addressing manages the tokens by sending the information around the network looking for the outlet of the information and gathering in the tokens sent out by users. When it receives the token and deals with it, the information is changed on the users machine to indicate that the token has been received and dealt with. The card then discards additional requests from the network to process the information again unless the user requests that the information is different or has changed.

42 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 8 - Network Connections There are several different forms of connections over networks, such as: Task 13 (P1.8) - Describe what the following network connections are - Bluetooth, Wi-Fi and 3G/4G Outline the factors affecting range and speed of wireless connections within a school environment Bluetooth Wi-Fi 3G and 4G

43 8 - Network Connections (Bluetooth)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 8 - Network Connections (Bluetooth) Bluetooth is the name of a short-range wireless network technology that’s designed to let devices connect to each other without need for cables or a Wi-Fi network access point. The two main uses for Bluetooth are to connect peripheral devices such as keyboards or mice to a computer and to connect hand-held devices such as phones and PDAs to computers. Is only able to connect to one device at a time Bluetooth is slow - about 721Kbps, way slower than Wi-Fi networks. Bluetooth isn’t designed to transport large amounts of data, such as huge video files. For that, you should use Wi-Fi.

44 8 - Network Connections (Wi-Fi)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 8 - Network Connections (Wi-Fi) The common name for wireless networking using the protocols. With wireless networking, you don’t need cables to connect your computers. Instead, wireless networks use radio waves to send and receive network signals. As a result, a computer can connect to a wireless network at any location in your home or office. Wireless networks are especially useful for notebook computers. After all, the main benefit of a notebook computer is that you can carry it around with you wherever you go. Wireless network often referred to as a WLAN, for wireless local area network. A wireless network has a name, known as a SSID. SSID stands for service set identifier . Each of the computers that belong to a single wireless network must have the same SSID. Wireless networks can transmit over any of several channels. In order for computers to talk to each other, they must be configured to transmit on the same channel. The simplest type of wireless network consists of two or more computers with wireless network adapters. This type of network is called an ad-hoc mode network. A more complex type of network is an infrastructure mode network. All this really means is that a group of wireless computers can be connected not only to each other, but also to an existing cabled network via a device called a wireless access point, or WAP.

45 8 - Network Connections (3G/4G)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 8 - Network Connections (3G/4G) 3G and 4G - Based on the ITU standards, the 3G and 4G network is the current generations of mobile networking and telecommunications. It features a wider range of services and advances network capacity over the previous 2G network. The 3G network also increases the rate of information transfer known as spectral efficiency. A 3G network provides for download speeds of 14.4 megabits per second and upload speeds of 5.8 megabits per second. The minimum speed for a stationary user is 2 megabits per second. A user in a moving vehicle can expect 348 kilobits per second. This scheme is known as a layered system. Each transmission features three layers of information. The top layer is general service The middle layer is a control data transmission The bottom layer is the basic connectivity information There is a distinct difference from Wi-Fi, or IEEE technology, and this network. Wi-Fi is basically a short range network that offers high- bandwidth designed for data transfer. 3G networks are geared towards cellular telephone technology and Internet access.

46 9 - Application Layer ProtocolsScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Application Layer Protocols There are several different forms of application layers within a network protocol, such as: Task 14 (P1.9) - Describe what the functions are for the following application layers - DNS, DHCP, HTTP, FTP and SMTP Outline the practical applications used within a school environment DNS DHCP HTTP FTP SMTP

47 9 - Application Layer Protocols (DNS)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Application Layer Protocols (DNS) To provide a unique DNS name for every host computer on the Internet DNS uses a time-tested technique: divide and conquer DNS uses a hierarchical naming system that’s similar to the way folders are organized hierarchically on a computer Instead of folders, however, DNS organizes its names into domains. Each domain includes all the names that appear directly beneath it in the DNS hierarchy. For example, on the right shows a small portion of the DNS domain tree. At the very top of the tree is the root domain, which is the anchor point for all domains. Directly beneath the root domain are four top-level domains, named edu, com, org, and gov. A DNS server is a computer that runs DNS server software, helps to maintain the DNS database, and responds to DNS name resolution requests from other computers. The two most popular are Bind and the Windows DNS service - Bind runs on UNIX-based computers (including Linux computers), while Windows DNS runs on Windows. The key to understanding how DNS servers work is to realize that the DNS database - that is a list of all the domains, sub-domains, and host mappings. No single DNS server contains the entire DNS database. Instead, authority over different parts of the database is delegated to different servers throughout the Internet.

48 9 - Application Layer Protocols (DHCP)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Application Layer Protocols (DHCP) Every host on a TCP/IP network must have a unique IP address. Each host must be properly configured so that it knows its IP address. When a new host comes online, it must be assigned an IP address that is within the correct range of addresses for the subnet and is not already in use. Although you can manually assign IP addresses to each computer on your network, that task quickly becomes overwhelming if the network has more than a few computers. That’s where DHCP, the Dynamic Host Configuration Protocol, comes into play. DHCP automatically configures the IP address for every host on a network, thus assuring that each host has a valid, unique IP address. DHCP even automatically reconfigures IP addresses as hosts come and go. The DHCP can save a network administrator many hours of tedious configuration work. Although the primary job of DHCP is to dole out IP addresses and subnet masks, DHCP actually provides more configuration information than just the IP address to its clients. The additional configuration information is referred to as DHCP options. The following is a list of some common DHCP options that can be configured by the server: The router address, also known as the Default Gateway address The expiration time for the configuration information Domain name DNS server address WINS server address

49 9 - Application Layer Protocols (HTTP)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Application Layer Protocols (HTTP) The Hypertext Transfer Protocol serves for information searching on the Internet (or intranet). A client-server relationship is the basic architecture of communication in HTTP protocol. If a direct TCP connection between a client and a server is established, the user types the Uniform Resource Identifier (URI) : The client first takes the server name from the URI and with the help of DNS, translates it into the IP address (1 and 2). Then the client establishes a TCP connection with the obtained IP address of the server. The browser inputs the HTTP request into the newly created channel (3), and the server responses with an HTTP response (4) within the same TCP connection. Then, the browser displays the response to the user. It is important that the browser displays the web pages to the user. Every web page usually consists of many objects and every object must be downloaded by a separate HTTP request from the web server. Only the basic text of the web page is downloaded by the first request; the basic text usually contains many references for objects necessary for properly displaying the web page. Thus, in the next step, separate TCP connections with the web server are established simultaneously to download each individual object. This process creates transmission peaks in the transmission channel. A user usually sets the browser (client) so that the responses (web pages) will be displayed to the user and stored in a cache to reduce the response time and network bandwidth consumption on future equivalent requests. When repeating the request, the information can be displayed to the user from the local cache. As usual, caching has problems with fresh information. Various strategies are used to overcome the problem of when to display cached information and when the client should transfer information from the server . It is possible for a client to ask a server by HTTP: "Have you changed the web page?" Only if the reply is "Yes" will the page be transferred from the server. Some responses of the server can be marked not to be stored into the cache. The client must contact the target server even if it has a cached copy of the data being requested. This is called a HTTP server.

50 9 - Application Layer Protocols (FTP)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Application Layer Protocols (FTP) File Transfer Protocol (FTP) is an application protocol suitable for file transfers in a computer network based on TCP/IP. FTP is used for file transfers in computer networks using TCP/IP protocol - a user interface that is represented either by the command line of the FTP program, a GUI FTP utility, or an Internet browser. For Windows, an FTP server is integrated to a Microsoft’s Web server - Internet Information Services (IIS) to manage its features. On UNIX and Linux systems, an FTP isn’t usually integrated with a Web server. Instead, the FTP server is installed as a separate program When you run an FTP server, you expose a portion of your file system to the outside world. As a result, you need to be careful about how you set up your FTP server so that you don’t accidentally allow hackers access to the heart of the file server. When you set up an FTP site, Internet Information Services creates an empty home directory for the site. Then it’s up to you to add to this directory whatever files you want to make available on the site.

51 9 - Application Layer Protocols (SMTP)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Application Layer Protocols (SMTP) One of several key protocols that are used to provide services. The SMTP design is based on the following model of communication: As the result of a user mail request, the sender-SMTP establishes a two-way transmission channel to a receiver-SMTP The receiver-SMTP could be the ultimate destination or an intermediate. SMTP commands are generated by the sender-SMTP and sent to the receiver-SMTP. SMTP replies are sent from the receiver-SMTP to the sender-SMTP in response to the commands. Once the transmission channel is established, the SMTP-sender sends a MAIL command indicating the sender of the mail. If the SMTP-receiver can accept mail it responds with an OK reply. The SMTP-sender then sends a RCPT command identifying a recipient of the mail. If the SMTP-receiver can accept mail for that recipient it responds with an OK reply; if not, it responds with a reply rejecting that recipient (but not the whole mail transaction). The SMTP-sender and SMTP-receiver may negotiate several recipients. When the recipients have been negotiated the SMTP-sender sends the mail data, terminating with a special sequence. If the SMTP-receiver successfully processes the mail data it responds with an OK reply. The dialog is purposely lock-step, one-at-a-time.

52 Unit 07 - Computer NetworksLO2 - Understand the key components used in networking

53 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Assessment Scenario Cube Systems have been employed to explain a network solution to the management team at a primary school in the local area with a view to setting up, installing and protecting their network and information stored. The working network needs to: Connect up to 200 computers, printers and shared resources in different computer suites a central network pool for information the capability of adding their media suite of Apples to this network on a restricted access basis. Long-term  a working intranet accessible off site where network drive files can be accessed Currently they have two sites (upper and lower) that are not connected physically. 100 workstations in the student areas across both sites 50 base unit computers in the administration and staffing areas 25 laptops in separate laptop cabinets 25 Apple G4’s in the media suites 20 shared printers across the two buildings  10 of which are accessible to students with network capabilities AND 1 networkable colour printer in their library in the upper primary site In this section of the unit, you will research: Explain why the different networking components and practice are required Network protocols and standards - research the different network systems and protocols that are appropriate to the clients needs

54 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Assessment Criteria The suggested scenario is that learners have been employed to explain a possible network solution to a business client (primary school) P2 - Describe why different network standards and protocols are necessary M1 - Compare the benefits and disadvantages of peer-to-peer network and client/server networks P2 - This could be incorporated into P1, where the learner describers why different network standards and protocols are necessary. This could be presented as a report. For assessment criterion M1 The learners will need to look compare and contrast the different network standards and protocols and for a range of different standards including wireless. This may be presented as an expansion of the work produced for P2.

55 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Areas to Cover Focusing on the use computer networks within a school environment, you need to provide evidence for the following 9 tasks within this case study: Key Components (Workstations) Key Components (Servers) Key Components (Hardware) Interconnection Devices Line Connections Connections and Cabling Network Layer Protocols Network Connections Network Protection

56 Assessment Tasks Assessment Outcome - P2 Assessment Outcome - M1Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Assessment Tasks Assessment Outcome - P2 Task 1 (P2.1) - Describe the practicalities of Base and Thin client workstations. Task 3 (P2.2) - Describe the functions and uses of the different servers Task 6 (P2.3) - Describe the purposes, features and functions of a NIC, Router, Switch and Wireless Access Point Task 8 (P2.4) - Describe what a Leased and Dedicated Line connection is Task 10 (P2.5) - Describe the different kinds of Connections and Cabling within a Networking Environment Task 14 (P2.6) - Describe the different forms of Software used for a Network Operating System Task 16 (P2.7) - Describe the importance of the different forms of protections used within a Networking Environment Assessment Outcome - M1 Task 2 (M1.6) - Suggest and justify a network setup for your client and focus on the benefits and drawbacks Task 4 (M1.7) - Suggest and justify the network setup of server(s) for your client and focus on the benefits and drawbacks

57 Assessment Tasks Assessment Outcome - M1Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Assessment Tasks Assessment Outcome - M1 Task 5 (M1.8) - Suggest and justify the network setup of hardware component(s) for your client and focus on the benefits and drawbacks Task 7 (M1.9) - Suggest and justify the network setup of interconnection device(s) for your client and focus on the benefits and drawbacks Task 9 (M1.10) - Suggest and justify the type of line connection for your client and focus on the benefits and drawbacks Task 11 (M1.11) - Suggest and justify the type(s) of Connections and Cabling methods your client would require within their network setup and focus on the benefits and drawbacks Task 12 (M1.12) - Suggest and justify the type of Network Operating System (Microsoft Server versus Novell Netware) your client would require within their network setup and focus on the benefits and drawbacks Task 13 (M1.13) - Suggest and justify the alternative Commercial Systems your client would require within their network setup and focus on the benefits and drawbacks Task 15 (M1.14) - Suggest and justify the type(s) of Software your client would require within their network setup and focus on the benefits and drawbacks Task 17 (M1.15) - Suggest and justify the type(s) of protection measures your client would require within their network setup and focus on the benefits and drawbacks

58 1 - Key Components (Workstations)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 1 - Key Components (Workstations) Client computers: The computers that end users use to access the resources of the network. Client computers are typically located on users’ desks. They usually run a desktop version of Windows such as Windows XP Professional, along with software applications such as Microsoft Office. Client computers are sometimes referred to as workstations and come in two forms: Base Workstation - A full sized computer with monitor, keyboard and mouse, hard drive to store the operating system and certain programs like Microsoft Office. They will have their own start up (boot) sequence, operating system and can be used on or off the network. They usually have a Network card to connect to the system but run programs manually to ease the burden on the network. They gain internet access through the servers and print either connected or through the Print Server. The benefit of these is that they can be independent of the network. Thin Client - Workstation that are similar to Base Units but they do not have a hard drives or operating systems. They tend to boot directly off the network through the network card and rely wholly on the network. The benefit of these is that they are all the same, they require little setting up and cannot have software installed. They usually come with no drives except USB as all software is run from the network. Task 1 (P2.1) - Describe the practicalities of Base and Thin client workstations. Outline the benefits and drawbacks of the different forms of networked workstations Task 2 (M1.6) - Suggest and justify a network setup for your client and focus on the benefits and drawbacks

59 2 - Key Components (Servers)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 2 - Key Components (Servers) Servers provide the shared resources that network users crave, such as file storage, databases, , Web services, and so on. Task 3 (P2.2) - Describe the functions and uses of the different servers Task 4 (M1.7) - Suggest and justify the network setup of server(s) for your client and focus on the benefits and drawbacks Print Server Mail Server File Server Proxy Server Web Server

60 2 - Key Components (Servers)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 2 - Key Components (Servers) Print Servers - Sharing printers is one of the main reasons that many small networks exist. Although it isn’t necessary, a server computer can be dedicated for use as a print server, whose sole purpose is to collect information being sent to a shared printer by client computers and print it in an orderly fashion. A single computer may double as both a file server and a print server, but performance is better if you use separate print and file server computers. Mail Servers - A mail server is a server that handles the network’s needs. It is configured with server software, such as Microsoft Exchange Server. Exchange Server is designed to work with Microsoft Outlook, the client software that comes with Microsoft Office. Most mail servers actually do much more than just send and receive electronic mail. For example, here are some of the features that Exchange Server offers beyond simple Collaboration features that simplify the management of collaborative projects. Audio and video conferencing. Chat rooms and instant messaging (IM) services. Microsoft Exchange Forms Designer, which lets you develop customized forms for applications, such as vacation requests or purchase orders.

61 2 - Key Components (Servers)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 2 - Key Components (Servers) File Servers - File servers provide centralized disk storage that can be conveniently shared by client computers on the network. The most common task of a file server is to store shared files and programs. For example, the members of a small workgroup can use disk space on a file server to store their Microsoft Office documents. File servers must ensure that two users don’t try to update the same file at the same time. The file servers do this by locking a file while a user updates the file so that other users can’t access the file until the first user finishes. Web Servers - A Web server is a server computer that runs software that enables the computer to host an Internet or Intranet Web site. The two most popular Web server programs are Microsoft’s IIS (Internet Information Services) and Apache, an open-source Web server managed by the Apache Software Foundation. Proxy Server - Simply a proxy server is a server that sits between a client computer and a real server. The proxy server intercepts packets that are intended for the real server and processes them. The proxy server can examine the packet and decide to pass it on to the real server, or it can reject the packet. Or the proxy server may be able to respond to the packet itself, without involving the real server at all.

62 3 - Key Components (Hardware)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 3 - Key Components (Hardware) Server computers are the lifeblood of any network. Choosing the equipment you use for your network’s servers is one of the key decisions any company with a network make when you set up a network. The hardware components that comprise a typical server computer are similar to the components used in less expensive client computers. However, server computers are usually built from higher grade components than client computers for the reasons given in the preceding section. Task 5 (M1.8) - Suggest and justify the network setup of hardware component(s) for your client and focus on the benefits and drawbacks Network Connection Motherboard Hard Drives Memory Processor Power Supply

63 3 - Key Components (Hardware)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 3 - Key Components (Hardware) Network Connection - The network connection is one of the most important parts of any server. Many servers have network adapters built into the motherboard. If your server isn’t equipped as such, you’ll need to add a separate network adapter card.. Motherboard - The motherboard is the computer’s main electronic circuit board to which all the other components of your computer are connected. More than any other component, the motherboard is the computer. All other components attach to the motherboard. CPU), supporting circuitry called the chipset, memory, expansion slots, a standard IDE hard drive controller, and I/O ports for devices such as keyboards, mice, and printers. Some motherboards also include additional built-in features such as a graphic adapter, SCSI disk controller, or a network interface. Hard Drives - Most desktop computers use inexpensive hard drives called IDE drives (sometimes also called ATA). These drives are adequate for individual users, but because performance is more important for servers, another type of drive known as SCSI is usually used instead. For the best performance, use the SCSI drives along with a high performance SCSI controller card.

64 3 - Key Components (Hardware)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 3 - Key Components (Hardware) Memory - Never scrimp on memory. People rarely complain about servers having too much memory. Many different types of memory are available, so you have to pick the right type of memory to match the memory supported by your motherboard. The total memory capacity of the server depends on the motherboard. Most new servers can support at least 12GB of memory, and some can handle up to 32GB. Processor - The processor, or CPU, is the brain of the computer. Although the processor isn’t the only component that affects overall system performance, it is the one that most people think of first when deciding what type of server to purchase. Intel has four processor models, Two of them — the Pentium 4 and Celeron — should be used only for desktop or notebook computers. Server computers should have an Itanium 2 or a Xeon processor, or a comparable processor from one of Intel’s competitors, such as AMD. Power Supply - Because a server usually has more devices than a typical desktop computer, it requires a larger power supply (300 watts is typical). The more devices that it manages the greater the power supply required. But more importantly a backup power supply (UPS) is necessary, when the server powers off  MORE THE BETTER

65 4 - Interconnection DevicesScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 4 - Interconnection Devices Every computer on a network requires a hardware device to allow them connect between the server and client, such as: Task 6 (P2.3) - Describe the purposes, features and functions of a NIC, Router, Switch and Wireless Access Point Task 7 (M1.9) - Suggest and justify the network setup of interconnection device(s) for your client and focus on the benefits and drawbacks Network Interface Cards - NIC Router Switch Wireless Access Point - WAP

66 4 - Interconnection Devices (Network Interface Cards - NIC)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 4 - Interconnection Devices (Network Interface Cards - NIC) Every computer on a network, both clients and servers, requires a network interface card (or NIC) in order to access the network. A NIC is usually a separate adapter card that slides into one of the server’s motherboard expansion slots. However, most newer computers have the NIC built into the motherboard, so a separate card isn’t needed. For client computers, you can usually get away with using the inexpensive built-in NIC because client computers are used only to connect one user to the network. However, the NIC in a server computer connects many network users to the server. The network interface cards that you use must have a connector that matches the type of cable that you use. If you plan on wiring your network with thinnet cable, make sure that the network cards have a BNC connector. For twisted pair wiring, make sure that the cards have an RJ-45 connector. A NIC is a Physical layer and Data Link layer device. Because a NIC establishes a network node, it must have a physical network address, also known as a MAC address. The MAC address is burned into the NIC at the factory, so you can’t change it. Every NIC ever manufactured has a unique MAC address.

67 4 - Interconnection Devices (Router)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 4 - Interconnection Devices (Router) A router is like a bridge, but with a key difference. Bridges are Data Link layer devices, that can’t peek into the message itself to see what type of information is being sent. In contrast, a router is a Network layer device, so it can work with the network packets at a higher level. In particular, a router can examine the IP address of the packets that pass through it. And because IP addresses have both a network and a host address, a router can determine what network a message is coming from and going to. Bridges cannot. Unlike a bridge, a router is itself a node on the network, with its own MAC and IP addresses. This means that messages can be directed to a router, which can then examine the contents of the message to determine how it should handle the message. You can configure a network with several routers that can work cooperatively together. For example, some routers are able to monitor the network to determine the most efficient path for sending a message to its ultimate destination. If a part of the network is extremely busy, a router can automatically route messages along a less-busy route. Routers aren’t cheap but they’re worth it.

68 4 - Interconnection Devices (Switch)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 4 - Interconnection Devices (Switch) A switch is simply a more sophisticated type of hub because you must run a cable from each computer to the hub or switch, find a central location for the hub or switch to which you can easily route the cables. You can connect hubs or switches to one another, this is called daisy-chaining. When you daisy-chain hubs or switches, you connect a cable to a standard port on one of the hubs or switches and the daisy-chain port on the other hub or switch  no more than 3 hubs or switches together You can also get stackable hubs or switches that have high-speed direct connections that enable two or more hubs or switches to be counted as a single hub or switch. Expensive ones have network-management features that support something called SNMP. These hubs are called managed hubs, which allows you to monitor and control various aspects of the switch’s operation from a remote computer. The switch can alert you when something goes wrong with the network, and it can keep performance statistics so that you can determine which parts of the network are heavily used and which are not.

69 4 - Interconnection Devices (Wireless Access Point - WAP)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 4 - Interconnection Devices (Wireless Access Point - WAP) Unlike cabled networks, wireless networks don’t need a hub or switch. If all you want to do is network a group of wireless computers, you just purchase a wireless adapter for each computer, put them all within 300 feet of each other, and instant network. But what if you already have an existing cabled network? For example, suppose that you work at an office with 15 computers all cabled up nicely, and you just want to add a couple of wireless notebook computers to the network. Acts as a central connection point for all your computers that have wireless network adapters. In effect, the WAP performs essentially the same function as a hub or switch performs for a wired network. The WAP links your wireless network to your existing wired network so that your wired computer and your wireless computers can communicate. Wireless access points are sometimes just called access points, or APs. An access point is a box that has an antenna (or often a pair of antennae) and an RJ-45 Ethernet port. You just plug the access point into a network cable and then plug the other end of the cable into a hub or switch, and your wireless network should be able to connect to your cabled network.

70 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 5 - Line Connections Refers to phone, ISDN, xDSL, frame relay, etc…, that are rented for exclusive 24/7 use, because these lines guarantee bandwidth (high-speed) for network traffic. Leased line - Connect 2 locations for private voice and/or data telecommunication service, a reserved circuit between two points. Leased lines can span short or long distances. They maintain a single open circuit at all times, as opposed to traditional telephone services that reuse the same lines for many different conversations through a process called "switching." T1 lines are common and offer the same data rate as symmetric DSL (1.544Mbps) - Individuals can theoretically also rent these lines, but their high cost (often more than £700 per month) deters most is a special high-speed, or hard-wired Fractional T1 lines, starting at 128 Kbps, reduce this cost somewhat and can be found in some Universities and Hotels. Dedicated line - A dedicated line connection is permanent. Any of these connections is always active, always ready. Task 8 (P2.4) - Describe what a Leased and Dedicated Line connection is Task 9 (M1.10) - Suggest and justify the type of line connection for your client and focus on the benefits and drawbacks

71 6 - Connections and CablingScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 6 - Connections and Cabling Construct an Ethernet network by using two different types of cables: coaxial cable, which resembles a TV cable twisted-pair cable, which looks like phone cable (Twisted-pair cable is sometimes called UTP, or 10BaseT cable) Task 10 (P2.5) - Describe the different kinds of Connections and Cabling within a Networking Environment Task 11 (M1.11) - Suggest and justify the type(s) of Connections and Cabling methods your client would require within their network setup and focus on the benefits and drawbacks Coaxial Category 5e and 6 Fibre Optic BNC Connector Twisted Pair STP UPT RJ45 Connector Wireless Mobile Technology

72 6 - Connections and CablingScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 6 - Connections and Cabling Coaxial Cable - This type of cable was once popular for Ethernet networks, sometimes called a thinnet or BNC cable because of the type of connectors used on each end of the cable. Thinnet cable operates only at 10Mbps and is rarely used for new networks. However, you’ll find plenty of existing thinnet networks still being used. You may encounter other types of cable in an existing network: thick yellow cable that used to be the only type of cable used for Ethernet, fibre-optic cables that span long distances at high speeds, or thick twisted-pair bundles that carry multiple sets of twisted-pair cable between wiring closets in a large building. Category 5 (Cat5) - Category 5 or Cat 5 is a standard measure for cabling, Cat1 for Voice to Cat6 for 1000Mbps. Cat5 is the standard 100MBps cabling required for modern networking. If you’re installing cable for a Fast Ethernet system, you should be extra careful to follow the rules of Category-5 cabling. That means, among other things, making sure that you use Category-5 components throughout. The cable and all the connectors must be up to Category-5 specs. When you attach the connectors, don’t untwist more than 1⁄2 inch of cable. And don’t try to stretch the cable runs beyond the 100-meter maximum.

73 6 - Connections and CablingScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 6 - Connections and Cabling Fibre Optic - called 10BaseFX, because fibre-optic cable is expensive and tricky to install, it isn’t used much for individual computers in a network. However, it’s commonly used as a network backbone - to connect individual workgroup hubs to routers and servers. Fibre-optic networks also require NICs. Fibre-optic NICs are still too expensive for desktop use in most networks. Instead, they’re used for high-speed backbones. If a server connects to a high-speed fibre backbone, it will need a fibre-optic NIC that matches the fibre-optic cable being used. BNC Connectors - You attach thinnet to the network interface card by using a goofy twist on connector called a BNC connector. With coaxial cables, you connect your computers point-to-point in a bus topology. At each computer, a T connector is used to connect two cables to the network interface card. A special plug called a terminator is required at each end of a series of thinnet cables - it prevents data from hitting a dead end and returns the data back down the line. The cables strung end-to-end from one terminator to the other are collectively called a segment. The maximum length of a thinnet segment is about 200 meters (actually, 185 meters). You can connect as many as 30 computers on one segment. To span a distance greater than 185 metres or to connect more than 30 computers, you must use two or more segments with a device called a repeater to connect each segment.

74 6 - Connections and CablingScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 6 - Connections and Cabling Twisted-Pair Cable - The most popular type of cable today is twisted-pair cable, or UTP (Unshielded Twisted Pair). UTP (Unshielded Twisted Pairs) - UTP cableWith a little care, UTP can withstand the amount of electrical interference found in a normal office environment. is even cheaper than thin coaxial cable, and best of all, many modern buildings are already wired with twisted-pair cable because this type of wiring is often used with modern phone systems. It’s easier to install, lighter, more reliable, and offers more flexibility in how networks are designed. 10BaseT networks use a star topology with hubs at the centre of each star. Although the maximum length of 10BaseT cable is only 100 meters, hubs can be chained together to extend networks well beyond the 100-meter limit. 10BaseT cable has four pairs of wires that are twisted together throughout the entire span of cable. However, 10BaseT uses only two of these wire pairs, so you have spares. STP (Shielded Twisted Pair) - In environments that have a lot of electrical interference, such as factories, you may want to use shielded twisted-pair cable, also known as STP. Most STP cable is shielded by a layer of Aluminium foil or more expensive braided copper shielding for even more protection. STP can be as much as 3 times more expensive than a regular UTP

75 6 - Connections and CablingScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 6 - Connections and Cabling RJ45 Connectors - UTP cable connectors look like modular phone connectors but are a bit larger. UTP connectors are officially called RJ-45 connectors. Like thinnet cable, UTP cable is also sold in prefabricated lengths. However, RJ-45 connectors are much easier to attach to bulk UTP cable than BNC cables are to attach to bulk coaxial cable. They simply plug into the network card like a telephone plugs into the wall. The maximum allowable cable length between the hub and the computer is 100 metres (about 328 feet) All computers now come with an RJ45 connector socket because this is becoming the standard method of base unit connectivity.

76 6 - Connections and CablingScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 6 - Connections and Cabling Wireless Mobile Technology - A wireless network is a network that uses radio signals rather than direct cable connections to exchange information. A computer with a wireless network connection is like a mobile phone. Just as you don’t have to be connected to a phone line to use a mobile phone, you don’t have to be connected to a network cable to use a wireless networked computer. A wireless network is often referred to as a WLAN, for wireless local area network. The term Wi-Fi is often used to describe wireless networks, although it technically refers to just one form of wireless networks: the b standard. A wireless network has a name, known as a SSID. SSID stands for service set identifier. Each of the computers that belong to a single wireless network must have the same SSID. Wireless networks can transmit over any of several channels. In order for computers to talk to each other, they must be configured to transmit on the same channel. The simplest type of wireless network consists of two or more computers with wireless network adapters. This type of network is called an ad-hoc mode network. A more complex type of network is an infrastructure mode network. All this really means is that a group of wireless computers can be connected not only to each other, but also to an existing cabled network via a device called a wireless access point, or WAP (Hotspot).

77 7 - Software (Network Operating Systems)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 7 - Software (Network Operating Systems) All network operating systems, from the simplest to the most complex, must provide certain core functions, such as the ability to connect to other computers on the network, share files and other resources, provide for security, etc. Operating systems do not come cheap and can be unreliable for numerous reasons, incompatibility being the main one. Other considerations need to be taken including price, types of machines, ease of use, familiarity and function. For this your client needs to know what operating systems are out there and the relative benefits of these on the network. Task 12 (M1.12) - Suggest and justify the type of Network Operating System (Microsoft Server versus Novell Netware) your client would require within their network setup and focus on the benefits and drawbacks Task 13 (M1.13) - Suggest and justify the alternative Commercial Systems your client would require within their network setup and focus on the benefits and drawbacks Windows NT Server Novell NetWare Commercial Systems  Mac OSX Linux

78 7 - Software (Network Operating Systems)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 7 - Software (Network Operating Systems) At the end of the day both these systems come with suites of applications for managing networks, assigning rights, setting directories, partitioning hard drives, creating network letters, and managing printing and systems. Windows NT Server was the last in a long series of Windows servers dubbed NT, which stood for New Technology. The “new technology” that got everyone so excited about Windows NT in the first place was 32-bit processing, a huge step up from the 16-bit Probably the most important feature of Windows NT is its directory model, which is based on the concept of domains. A domain is a group of computers that are managed by a single directory database. To access shared resources within a domain, you must have a valid user account within the domain and be granted rights to access the resources. The domain system uses 15-character NetBIOS names to access individual computers within a domain and to name the domain itself. Novell NetWare is one of the most popular network operating systems, especially for large networks. NetWare has an excellent reputation for reliability. It has Built-in open-source components such as the Apache Web server, the MySql database manager, and Tomcat and PHP for dynamic Web Applications and aligns itself with Unix and Linux in terms of compatibility and file associations.

79 7 - Software (Network Operating Systems)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 7 - Software (Network Operating Systems) Mac OSX - For Macintosh networks, Apple offers a special network server operating system known as Mac OS/X Server. Mac OS/X Server has all the features you’d expect in a server operating system: file and printer sharing, Internet features, , and so on. This would require setting up a Mac System within the building and sticking to this as the ,main focus. It is possible to set up a small MAC OS/X network to run alongside the PC based network using a Bridge, this could then control the Mac computers within a sealed network space. Connection to the Microsoft or Novell side can then take place allowing MAC machines to operate as stand alone and linked to the system.

80 7 - Software (Network Operating Systems)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 7 - Software (Network Operating Systems) Linux - Linux is a free operating system that is based on UNIX, a powerful network operating system often used on large networks. Linux was started by Linus Torvalds. He enlisted help from hundreds of programmers throughout the world, who volunteered their time and efforts via the Internet. Today, Linux is a full-featured version of UNIX; its users consider it to be as good or better than Windows. In fact, almost as many people now use Linux as use Macintosh computers. Linux offers the same networking benefits of UNIX and can be an excellent choice as a server operating system. There are different types, all free, and all with their relative merits: Fedora is one of the popular Linux distributions. At one time, Fedora was an inexpensive distribution offered by Red Hat. Mandriva Linux is another popular Linux distribution, one that is often recommended as the easiest for first-time Linux users to install. SuSE is a popular Linux distribution that comes on six CD-ROMs and includes more than 1,500 Linux application programs and utilities, including everything you need to set up a network, Web, , or electronic commerce server. You can find more information at

81 8 - Software for Network Operating SystemScenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 8 - Software for Network Operating System Cards and cabling are all very well but operating systems need to be able to communicate through these by using translation and communication software called the Network operating System (NOS). Task 14 (P2.6) - Describe the different forms of Software used for a Network Operating System Task 15 (M1.14) - Suggest and justify the type(s) of Software your client would require within their network setup and focus on the benefits and drawbacks File Sharing Security Directory Network Support

82 8 - Software for Network Operating System (File Sharing)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 8 - Software for Network Operating System (File Sharing) One of the most important functions of a network operating system is its ability to share resources with other network users. The most common resource that’s shared is the server’s file system. A network server must be able to share some or all of its disk space with other users so that those users can treat the server’s disk space as an extension of their own computer’s disk space. The NOS (Network Operating System) allows the system administrator to determine which portions of the server’s file system to share. Although an entire hard drive can be shared, it is not commonly done. Instead, individual directories or folders are shared. The administrator can control which users are allowed to access each shared folder. Because file sharing is the reason many network servers exist, network operating systems have more sophisticated disk management features than are found in desktop operating systems. For example, most network operating systems have the ability to manage two or more hard drives as if they were a single drive. In addition, most can create mirrors, which automatically keeps a backup copy of a drive on a second drive.

83 8 - Software for Network Operating System (Security)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 8 - Software for Network Operating System (Security) All network operating systems must provide some measure of security to protect the network from unauthorized access. Hacking seems to be the national pastime these days. With most computer networks connected to the Internet, anyone anywhere in the world can and probably will try to break into your network. The most basic type of security is handled through user accounts, which grant individual users the right to access the network resources and govern what resources the user can access. User accounts are secured by passwords; therefore, good password policy is a cornerstone of any security system. Most network operating systems let you establish password policies, such Microsoft’s Server Operating Systems as requiring that passwords have a minimum length and include a mix of letters and numerals. In addition, passwords can be set to expire after a certain number of days, so users can be forced to frequently change their passwords. Most network operating systems also provide for data encryption, which scrambles data before it is sent over the network or saved on disk with digital certificates, which are used to ensure that users are who they say they are and that the files are what they claim to be.

84 8 - Software for Network Operating System (Directory)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 8 - Software for Network Operating System (Directory) Directories are essential ways of storing information. Network directories provide information about the resources that are available on the network, such as users, computers, printers, shared folders, and files. Directories are an essential part of any network operating system. A server would have one directory database for user logins, another for file sharing, and yet another for addresses. Each directory had its own tools for adding, updating, and deleting directory entries. Modern network operating systems provide global directory services that combine the directory information for an entire network and for all applications so that it can be treated as a single integrated database. These directory services are based on an ISO standard called X.500. In an X.500 directory, information is organized hierarchically. For example, a multinational company can divide its user directory into one or more countries, each country can have one or more regions, and, in turn, each region can have one or more departments.

85 8 - Software for Network Operating System (Network Support)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 8 - Software for Network Operating System (Network Support) A network operating system must support a wide variety of networking protocols in order to meet the needs of its users. That’s because a large network typically consists of a mixture of various versions of Windows, as well as Macintosh and possibly Linux computers. As a result, the server may need to simultaneously support TCP/IP, NetBIOS, and AppleTalk protocols. Many servers have more than one network interface card installed. In that case, the NOS must be able to support multiple network connections. Ideally, the NOS should have the ability to balance the network load among its network interfaces. In addition, in the event that one of the connections fails, the NOS should be able to seamlessly switch to another connection. Finally, most network operating systems include a built-in ability to function as a router that connects two networks. The NOS router functions should also include firewall features in order to keep unauthorized packets from entering the local network.

86 Auditing and Monitoring9 - Network Protection Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment Every organisation should assess the security measures applied to their network to minimise impact to business in terms of operations and storage of information Task 16 (P2.7) - Describe the importance of the different forms of protections used within a Networking Environment Task 17 (M1.15) - Suggest and justify the type(s) of protection measures your client would require within their network setup and focus on the benefits and drawbacks Auditing and Monitoring User Protocols Virus Checker Firewalls

87 9 - Network Protection (Audits and Monitoring)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Network Protection (Audits and Monitoring) Every organisation should assess its security risks by conducting a security audit, which is a thorough examination of each aspect of the network to determine how it might be compromised. Security audits should be performed at least annually and preferably quarterly. They should also be performed after making any significant changes to the network. For each threat listed in the following sections, your security audit should rate the severity of its potential effects, as well as its likelihood. A threat’s consequences may be severe, potentially resulting in a network outage or the dispersal of top-secret information, or it may be mild, potentially resulting in a lack of access for one user or the dispersal of a relatively insignificant piece of corporate data. The more devastating a threat’s effects and the more likely it is to happen, the more rigorously your security measures should address it.

88 9 - Network Protection (User Protocols)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Network Protection (User Protocols) By some estimates, human errors, ignorance, and omissions cause more than half of all security breaches sustained by networks. One of the most common methods by which an intruder gains access to a network is to simply ask a user for his password. For example, the intruder might pose as a technical support analyst who needs to know the password to troubleshoot a problem. This strategy is commonly called social engineering because it involves manipulating social relationships to gain access. A related practice is phishing, in which a person attempts to glean access or authentication information by posing as someone who needs that information. For example, a hacker might send an asking you to submit your user ID and password to a Web site whose link is provided in the message, claiming that it’s necessary to verify your account with a particular online retailer.

89 9 - Network Protection (User Protocols)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Network Protection (User Protocols) Following are some additional risks associated with people: Intruders or attackers using social engineering or snooping to obtain user passwords Administrator incorrectly creating or configuring user IDs, groups, and their associated rights on a file server, resulting in file and logon access vulnerabilities Administrator overlooking security flaws in topology or hardware configuration Administrator overlooking security flaws in the operating system or application configuration Administrator neglecting to remove access and file rights for employees who have left business Lack of proper documentation and communication of security policies, leading to deliberate or inadvertent misuse of files or network access Dishonest or disgruntled employees abusing their file and access rights Unused computer/terminal being left connected to network, thereby providing entry for a intruder Users or administrators choosing easy-to-guess passwords Authorized staff leaving computer room doors open/unlocked, allowing unauthorized access Staff discarding disks or backup tapes in public waste containers Users writing their passwords on paper, then placing the paper in an easily accessible place (for example, taping it to their monitor or keyboard)

90 9 - Network Protection (Virus Checker)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Network Protection (Virus Checker) Every computer user is susceptible to attacks by computer viruses, and using a network increases your vulnerability because it exposes all network users to the risk of being infected by a virus that lands on any one network user’s computer. Viruses don’t just spontaneously appear out of nowhere, they are computer programs that are created by malicious programmers. The best way to protect your network from virus infection is to use an antivirus program. These programs have a catalogue of several thousand known viruses that they can detect and remove. In addition, they can spot the types of changes that viruses typically make to your computer’s files, thus decreasing the likelihood that some previously unknown virus will go undetected. You can install the antivirus software on each network user’s computer - this would be the most effective BUT you would have to count on all users keeping their antivirus software up to date. An unlikely proposition, so: Managed antivirus services place antivirus client software on each client computer in your network, then the antivirus server automatically updates on a regular basis Server-based antivirus software protects your network servers from viruses - e.g.  you can install antivirus software on your mail server to scan all incoming mail for viruses and remove them before your network users ever see them. Some firewall appliances include antivirus enforcement checks that don’t allow your users to access the Internet unless their antivirus software is up to date. This type of firewall provides the best antivirus protection available.

91 9 - Network Protection (Firewall)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 9 Assessment 9 - Network Protection (Firewall) A security-conscious router sits between the Internet and your network with a single-minded task: preventing them from getting to us. The firewall acts as a security guard between the Internet and your LAN All network traffic into and out of the LAN must pass through the firewall, which prevents unauthorized access to the network. Some type of firewall is a must-have if your network has a connection to the Internet, whether that connection is broadband (cable modem or DSL), T1, or some other high- speed connection. Without it, sooner or later a hacker will discover your unprotected network and tell his friends about it. Within a few hours your network will be toast. You can set up a firewall using two basic ways: The easiest way is to purchase a firewall appliance, which is basically a self-contained router with built-in firewall features (include a Web-based interface that enables you to connect to the firewall from any computer on your network using a browser. You can then customize the firewall settings to suit your needs. Alternatively, you can set up a server computer to function as a firewall computer. The server can run just about any network operating system, but most dedicated firewall systems run Linux. Whether you use a firewall appliance or a firewall computer, the firewall must be located between your network and the Internet. Here, one end of the firewall is connected to a network hub, which is, in turn, connected to the other computers on the network. The other end of the firewall is connected to the Internet. As a result, all traffic from the LAN to the Internet and vice versa must travel through the firewall.

92 Unit 07 - Computer NetworksLO3 - Know the services provided by network systems

93 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Scenario Cube Systems have been employed to explain a network solution to the management team at a primary school in the local area with a view to setting up, installing and protecting their network and information stored. The working network needs to: Connect up to 200 computers, printers and shared resources in different computer suites a central network pool for information the capability of adding their media suite of Apples to this network on a restricted access basis. Long-term  a working intranet accessible off site where network drive files can be accessed Currently they have two sites (upper and lower) that are not connected physically. 100 workstations in the student areas across both sites 50 base unit computers in the administration and staffing areas 25 laptops in separate laptop cabinets 25 Apple G4’s in the media suites 20 shared printers across the two buildings  10 of which are accessible to students with network capabilities AND 1 networkable colour printer in their library in the upper primary site In this section of the unit, you will deal with the services provided by a network that allows your clients internal and external facilities not available on stand alone machines. in terms of functionality, use and practical need

94 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Criteria The suggested scenario is that learners have been employed to explain a possible network solution to a business client (primary school) P3 - Explain the key components required for client workstations to connect to a network and access network resources P4 - Explain the function of interconnection devices P5 - Describe typical services provided by networks M2 - Compare the different options for the key components for an identified user’s needs M3 - Describe where different network services would be used D1 - Develop proposals for networked solutions to meet an identified user’s need P3 the learners will need to explain the key components that are needed for a connection to a networking system. P4 learners will need to explain the functions of interconnection devices used within the network. Learner’s evidence for P3 and P4 could be information leaflets, reports or a presentation. M2 Here the learners will need to be given a specific scenario which gives them the opportunity to use appropriate components. This may already have been used for the identified network in P3 and P4. They must show they have compared different options of components against identified needs. The evidence could be presented as a report, leaflet, or presentation which may include detailed diagrams. D1 the learner will need to develop a number of proposals resulting in one preferred option. They must detail the reasons why the chosen designed network from M2 meets the users need either as a separate report or an extension to M2. P5 This could be presented as presentation or report. The learner needs to describe typical services provided by networks as identified in learning outcome 3. For merit criterion M3 the learner will need to describe in detail where the different network services would be used within a proposed or identified network explaining their reasons. They will need to look at the directory, telecommunication, file and application services as detailed in the teaching content for learning outcome 3. This could be presented as a presentation, report or similar.

95 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Areas to Cover Focusing on the use computer networks within a school environment, you need to produce a presentation, which will evidence for the following 8 tasks within this case study: Directory Services Communication Services File Services - File Sharing Application Services Shared Resources Mobile Services Network Policies Network Solution

96 Assessment Tasks Assessment Outcome - P3 Assessment Outcome - P4Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Tasks Assessment Outcome - P3 Task 13 (P3) - Explain the needs for sharing resources within a network environment to ensure consistent functionality Assessment Outcome - P4 Task 15 (P4.1) - Explain the needs for mobile services within a network environment to ensure consistent functionality Task 17 (P4.2) - Explain the benefits of setting up these policies for using the network with appropriate access rights

97 Assessment Tasks Assessment Outcome - P5 Assessment Outcome - M2Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Tasks Assessment Outcome - P5 Task 1 (P5.1) - Describe the facility and importance of directory Services within a network environment Task 4 (P5.2) - Describe the facility and importance of communication services within a network environment Task 7 (P5.3) - Describe the facility and importance of file sharing within a network environment Task 10 (P5.4) - Describe the facility and importance of the application services offered within a network environment to ensure consistent functionality. Assessment Outcome - M2 Task 14 (M2.1) - Suggest and justify the network setup of sharing resources for your client and focus on the benefits and drawbacks for Security, Data Protection and filtered Student Use. Task 16 (M2.2) - Suggest and justify the network setup of mobile services for your client and focus on the benefits and drawbacks Task 18 (M2.3) - Suggest and justify the network setup of different security (Access/Authentication) between Students and Staff

98 Assessment Tasks Assessment Outcome - M3Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Tasks Assessment Outcome - M3 Task 2 (M3.1) - Suggest and justify the network setup of directory services for your client and focus on the benefits and drawbacks for Security, Data Protection and Ease of Student Use. Task 5 (M3.2) - Suggest and justify the network setup of communication services for your client and focus on the benefits and drawbacks for Security, Data Protection and filtered Student Use. Task 8 (M3.3) - Suggest and justify the network setup of file sharing for your client and focus on the benefits and drawbacks for Security, Data Protection and filtered Student Use. Task 11 (M3.4) - Suggest and justify the network setup of application services for your client and focus on the benefits and drawbacks for Security, Data Protection and filtered Student Use.

99 Assessment Tasks Assessment Outcome - D1Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Tasks Assessment Outcome - D1 Task 3 (D1.1) - Evaluate the needs/use of directory services for your client’s network Task 6 (D1.2) - Evaluate the needs/use/security of the communication services for your client’s network Task 9 (D1.3) - Evaluate the needs/use/security of the file sharing for your client’s network Task 12 (D1.4) - Evaluate the needs/use/security of the application services for your client’s network Task 19 (D1.5) - Design a detailed network solution to meet the needs of the client

100 Authentication ManagementScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 1 - Directory Services User accounts are the backbone of network security administration. Through the use of user accounts, you can determine who can access your network, as well as what network resources each user can and cannot access. You can restrict access to the network to just specific computers or to certain hours of the day. Task 1 (P5.1) - Describe the facility and importance of directory services within a network environment. Task 2 (M3.1) - Suggest and justify the network setup of directory services for your client and focus on the benefits and drawbacks for Security, Data Protection and Ease of Student Use. Task 3 (D1.1) - Evaluate the needs/use of the directory services for your client’s network Account Management Authentication Management Active Directory DNS

101 1 - Directory Services (Account Management)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 1 - Directory Services (Account Management) Every user who accesses a network must have a user account  allow the network administrator to determine who can access the network and what network resources they may access. In addition, the user account can be customised to provide features for users, such as a personalized Start menu or a display of recently used documents. Every account is associated with a username (sometimes called a user ID), which the user must enter when logging in to the network and has other information associated with it, such as: The user’s password: a password policy where it monitors the regular attempts to change password, how complicated the password must be, etc… The user’s contact information: personal details, such as: full name, phone number, address, home address, and other related information Account restrictions: restrictions that allow the user to log on only during certain periods  restrict working hours and restrict user to access only certain workstations/computers Account status: temporarily disable a user account so that the user can’t log on Home directory: specifies a shared network folder where the user can store documents External Access: authorize user to access the network remotely (Intranet access) Group memberships: grant user certain rights based on groups to which they belong to

102 1 - Directory Services (Authentication Management)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 1 - Directory Services (Authentication Management) Control what a user can do on a network-wide basis based on permissions Enable the user to fine-tune your network security by controlling access to specific network resources, such as files or printers, for individual users or groups. For example, you can set up permissions to allow users into the accounting department to access files in the server’s Accounts directory. Permissions can also enable some users to read certain files but not modify or delete them. Each network operating system manages permissions in a different way. Whatever the details, the effect is that you can give permission to each user to access certain files, folders, or drives in certain ways. Any permissions that you specify for a folder apply automatically to any of that folder’s subfolders, unless you explicitly specify a different set of permissions for the subfolder. In Novell’s NetWare, file system rights are referred to as trustee rights. NetWare has eight different trustee rights. For every file or directory on a server, you can assign any combination of these eight right to any individual user or group

103 1 - Directory Services (Active Directory)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 1 - Directory Services (Active Directory) Active Directory solves many of the inherent limitations of the Operating Systems domains by creating a distributed directory database that keeps track of every conceivable type of network objects It is essentially a database management system, which uses a hierarchical model (groups items in a tree-like structure) Objects - The basic unit of data  store information about many different kinds of objects. The objects you work with most are users, groups, computers, and printers. Objects have descriptive characteristics called properties or attributes. You can call up the properties of an object by double-clicking the object in the management console. Domains - Basic unit for grouping related objects in Active Directory  typically, domains correspond to departments in a company. a company with separate Accounting, Manufacturing, and Sales departments might have domains named (you guessed it) Accounting, Manufacturing, and Sales. correspond to geographical locations, such as a company with offices in Corby, Kettering, and Oakley might have domains named Cor, Ket, and Oak

104 1 - Directory Services (DNS)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 1 - Directory Services (DNS) Stands for Domain Name System, the TCP/IP facility that lets you use names rather than numbers to refer to host computers. Without DNS: you’d buy books from instead of from you’d sell your used furniture at instead of on you’d search the Web at instead of at More importantly internally you would access Mac Address 323j234j23jhfdj44 rather than ITSuite_01. Understanding how DNS works internally and how to set up a DNS server is crucial to setting up and administering a TCP/IP network. Internally the DNS addressing assigns TCP/IP addresses to workstations automatically. DNS addresses are used mainly by corporations and large TCP/IP networks to configure their clients, although they are also used by some Internet service providers. When a client accesses a TCP/IP network, the DNS server assigns the client an IP address, a subnet mask, and a gateway, if needed. The DNS server has a range of possible IP addresses from which to choose. Each time the client logs off of the network, the IP address goes back into a pool and might be assigned to another client logging on to the network. Basically when a user logs in, everything they do is registered (web addresses accessed, s sent, programs run, everything but a key log of their activity)

105 2 - Communication ServicesScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 2 - Communication Services Communications within the network system is a fundamental backbone to one of the services that it offers its users, such as: Task 4 (P5.2) - Describe the facility and importance of communication services within a network environment. Task 5 (M3.2) - Suggest and justify the network setup of communication services for your client and focus on the benefits and drawbacks for Security, Data Protection and filtered Student Use. Task 6 (D1.2) - Evaluate the needs/use/security of the communication services for your client’s network IRC Discussion Boards Remote Access - Mobile Remote Desktop Social Networking File Transfer

106 2 - Communication Services (eMail)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 2 - Communication Services ( ) is a great way to give your employees the means to collaborate and share information with co-workers, vendors, manufacturers, customers, and students. A mail server is a server that handles the network’s needs, configured with an server software, such as Microsoft Exchange A Server Exchange Server is designed to work with Microsoft Outlook, the client software that comes with Microsoft Office. Most mail servers actually do much more than just send and receive mail, it handles the client (software) processing/managing large volumes of s daily, such as: Rerouting s to correct clients (users) Spam and virus filter through the s Block DOS attacks Filter for swearwords Flag up erroneous or dangerous s Process attachments, groups, reminders, and account information. Manage the folder limits.

107 2 - Communication Services (IRC)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 2 - Communication Services (IRC) IRC (Internet Relay Chat) is a popular method used on the Internet and in private networks to chat between computers and sometimes share applications. an open protocol that uses TCP access an IRC server can connect to other IRC servers to expand the IRC network. Users access IRC networks by connecting a client to a server. There are many client implementations such as mIRC or XChat and server implementations. Most IRC servers do not require users to register an account but a user will have to set a nickname before being connected. the standard structure of a network of IRC servers is a tree. Messages are routed along only necessary branches of the tree but network state is sent to every server. This architecture has a number of problems. A misbehaving user can cause major damage to the network and whether intentional or a accident, requires a lot of network traffic. Adding a server to a large network means a large background bandwidth load on the network and a large memory load on the server. Once established however, each message to multiple recipients is delivered by multicast which means each message travels a network link exactly once. This is a strength in comparison to non-multicasting protocols such as Simple Mail Transfer Protocol (SMTP).

108 2 - Communication Services (Discussion Boards)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 2 - Communication Services (Discussion Boards) A discussion board is a tool which allows groups to communicate online. It is quite similar to , but is separate from your account and is accessed, stored and organised centrally. All the group can read all the messages. You can read old messages or post new messages at any time. A discussion board is made up of ‘forums’ - folders containing messages on a particular subject, ‘threads’ - each thread is a series of messages about the same topic, and ‘messages’ - each message is an individual contribution to a conversation (like a single e- mail). Students can discuss topics or issues Students can follow a train of thought Users can negotiate and share ideas. Discussions can be monitored and filtered by a forum host.

109 2 - Communication Services (Remote Access  Mobiles)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 2 - Communication Services (Remote Access  Mobiles) Remote access e.g. via mobiles is becoming a more popular method of gaining access to features on the network on the move. Many major mobiles have access that allows the business world to access information and documents any time of the day as long as they are within a hotspot range. All it requires is permission from the Network Manager, an IP or WPA key, an SSID number or a restricted internet access account. There are benefits: Instant access to s Wi-Fi access Ability to open and read attached documents With more advanced phones, ability to adapt and edit documents GPS tracking Users with multiple accounts can also redirect these s to their phones to allow access to more confidential information, adding the ability to Skype, and have Intranet access means more availability and work presence. But there are downsides too.

110 2 - Communication Services (Remote Desktop)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 2 - Communication Services (Remote Desktop) One of the most useful tools available to system administrators is a program called Remote Desktop Connection, or RDC for short. RDC lets you connect to a server computer from your own computer and use it as if you were actually sitting at the server. In short, RDC lets you administer your server computers externally. All that is necessary is the software that comes with Windows and some configuration, and possibly a remote machine dedicated to external access. This will allow your clients to: Access their work files from home Access network drives and files Directly transfer files from home to active folders Allow the running of applications remotely including software on the remote machine. Allow remote monitoring of the network by the network manager. Allow multiple users to access this.

111 2 - Communication Services (Social Networking)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 2 - Communication Services (Social Networking) Social networking is becoming more and more popular for business purposes as well as personal purposes. With advances in social networking sites, people can access files, information, images and contacts. To set up a social network site within a business, all it requires is a section of a server dedicated to the operating needs, a set of restrictive accounts set up for the users that will allocate file space for them as well as a GUI (Front Screen), and a set of tools that will allow the user to customise their space and save this customisation to their account name. Software such as Noodle, Elgg, Mahara and AROUNDMe. Benefits include: Restricting down client use of other sites Accessible storage of information and contacts File storage with ftp Access from home - remote access and storage Monitored by company for etiquette

112 2 - Communication Services (File Transfer)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 2 - Communication Services (File Transfer) File transferring is the ability within Server and Client Operating Systems to set user rights onto a file by assigning the file to a group. A group account is an account that doesn’t represent an individual user. Instead, it represents a group of users who use the network in a similar way. Instead of granting access rights to each of these users individually, you can grant the rights to the group and then assign individual users to the group. When you assign a user to a group, that user inherits the rights specified for the group. For example, suppose that you create a group named “Accounting” for the accounting staff and then allow members of the Accounting group access to the network’s accounting files and applications. Then, instead of granting each accounting user access to those files and applications, you simply make each accounting user a member of the Accounting group. the user inherits the rights of each group you can grant or revoke specific rights to individual users to override the group settings. For example, you may grant a few extra permissions for the manager of the accounting department. you may also impose a few extra restrictions on certain users

113 3 - File Services - File SharingScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 3 - File Services - File Sharing One of the most important functions of a network operating system is its ability to share resources with other network users. The most common resource that’s shared is the server’s file system. Because file sharing is the reason many network servers exist, network operating systems have more sophisticated disk management features than are found in desktop operating systems (manage two or more hard drives). Other benefits include: The ability to share files or work on the same file by multiple people The ability to set rights to files Remote access to files through RDC Restricted times on files for exams Undelete options on files and programs Group allocation of a file Task 7 (P5.3) - Describe the facility and importance of file sharing within a network environment. Task 8 (M3.3) - Suggest and justify the network setup of file sharing for your client and focus on the benefits and drawbacks for Security, Data Protection and filtered Student Use. Task 9 (D1.3) - Evaluate the needs/use/security of the file sharing for your client’s network

114 4 - Application ServicesScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 4 - Application Services Another important functions of a network operating system is the applications that it supports and offers network users. The most common application resource is the: Task 10 (P5.4) - Describe the facility and importance of the application services offered within a network environment to ensure consistent functionality. Task 11 (M3.4) - Suggest and justify the network setup of application services for your client and focus on the benefits and drawbacks for Security, Data Protection and filtered Student Use. Task 12 (D1.4) - Evaluate the needs/use/security of the application services for your client’s network Databases Web Proxy

115 4 - Application Services (Database)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 4 - Application Services (Database) A database server is a server computer that runs database software, such as Microsoft’s SQL Server Database servers are usually used along with customized business applications, such as accounting or marketing systems. Everything piece of stored information on the network is stored in some kind of database. For instance a domain is a method of placing user accounts and various network resources under the control of a single directory database. All the information about a member of staff is stored on a database (age, name, address, qualifications, wages), this is linked to the Active directory database (groups, rights, files and folders, permission) and this is linked to Workgroups (students they teach, subjects they deliver, Intranet rights) and this is linked to the reports database (Reviews, reports, Assessments). Linking all these is the key to a good working network. From the moment we log in to the moment we log off, we would expect this database structure to be intact, easily accessible and available at all times. Programs like Microsoft Server, MySql, and Active directories help us to achieve that task. Protecting that structure is also important, under the Data protection Act that information must be kept safe, under the Child Protection Act that information needs to be restricted, under good working practices that information needs to be backed up regularly on and off site which means backup servers, tape drives, UPS and management systems.

116 4 - Application Services (Web)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 4 - Application Services (Web) When a user running a Web browser requests a page, the browser uses HTTP to send a request via TCP to the Web server. When the Web server receives the request, it uses HTTP to send the requested Web page back to the browser, again via TCP. A Web server is a server computer that runs software that enables the computer to host an Internet Web site. The two most popular Web server programs are Microsoft’s IIS (Internet Information Services) and Apache. The job of this web server is to: Monitor incoming traffic Filter sites Send and receive search requests and display results Allocate the search result to the appropriate computer Allocate rights to searches for restricted users The job of a good server is to learn from the results, allowing the network manager to adapt the content addresses and filter these blocks appropriately such as tunnels, pipes, proxy bypasses, etc.. With the internet changing all the time, this is an ongoing routine, helped by the use of network logs.

117 4 - Application Services (Proxy)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 4 - Application Services (Proxy) A proxy server (or Application Gateway) is a server that sits between a client computer and a real server. The proxy server intercepts packets that are intended for the real server and processes them. The proxy server can examine the packet and decide to pass it on to the real server, or it can reject the packet. Or the proxy server may be able to respond to the packet itself, without involving the real server at all. Application gateways are aware of the details of how various types of TCP/IP servers handle sequences of TCP/IP packets, so they can make more intelligent decisions about whether an incoming packet is legitimate or is part of an attack. As a result, application gateways are more secure than simple packet-filtering firewalls, which can deal with only one packet at a time. A good proxy server will: Learn from attacks and add them to a barred list Download updates from an online security system like Janet Filter the network as an added level of protection. Act as a barrier, together with the firewall and SSL against DOS attacks.

118 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 5 - Shared Resources The users of the network can connect and access various different resources, which needs to be managed through a server. Task 13 (P3) - Explain the needs for sharing resources within a network environment to ensure consistent functionality Task 14 (M2.1) - Suggest and justify the network setup of sharing resources for your client and focus on the benefits and drawbacks for Security, Data Protection and filtered Student Use. Devices Storage Space

119 5 - Shared Resources (Devices)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 5 - Shared Resources (Devices) Although you can share a printer or scanner on a network by attaching the device to a server computer, many printers have network interfaces built in. This lets you connect the printer directly to the network. Then network users can connect to the printer and use it without going through a server. Even if you connect a printer directly to the network, it’s still a good idea to have the printer managed by a server computer running a network operating system such as Windows Server The benefits include: Print Servers hold jobs until the printer is ready even when turned off Network printers can be shared by everyone They can be restricted to a group or just a room Installing drivers can be done from the network Pcount can allocate funds and restrict users who have printed too much Replacing the printer is as simple as replacing one installation and changing the DNS queue. Using network programs the printer can be monitored.

120 5 - Shared Resources (Storage Space)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 5 - Shared Resources (Storage Space) Many network servers exist solely for the purpose of making disk space available to network users. As networks grow to support more users, and users require more disk space, network administrators are constantly finding ways to add more storage to their networks. One way to do that is to add additional file servers. However, a simpler and less expensive way is to use network attached storage, also known as NAS. A NAS device is a self-contained file server that’s preconfigured and ready to run. All you have to do to set it up is take it out of the box, plug it in, and turn it on. NAS devices are easy to set up and configure, easy to maintain, and less expensive than traditional file servers. The benefits include: Upgradeable Can have backup drives Can use shared allocation and rights to files Users can have their own space which can increase or decrease Admin and Student drives can be separate for security reasons Drive letters can be allocated for easier use.

121 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 6 - Mobile Services Places where wireless Internet access is available to the public are called hot spots. Some organizations, such as BT Wi-Fi, have established a network of hot spots across the nation. Through the availability of Wi-Fi, it has provided user the following facilities: Task 15 (P4.1) - Explain the needs for mobile services within a network environment to ensure consistent functionality Task 16 (M2.2) - Suggest and justify the network setup of mobile services for your client and focus on the benefits and drawbacks Mobile Working VoIP

122 6 - Mobile Services (Mobile Working)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 6 - Mobile Services (Mobile Working) There are many issues involved from Security to Access Rights, Capability to Compatibility when it comes to working through the network with Mobile Access. Security: To make IP addressing transparent for mobile users—A person visiting your office, for example, could attach to your network and receive an IP address without having to change the laptop’s configuration. Transferring - Phones have the ability to upload either remotely or directly, direct access will involve Bluetooth, USB or Wi-Fi access, all of which needs configuring. Remotely this will require authentication which again can be an issue with storage, theft, times out access etc. Connectivity - Signals break up, it is that simple, and transferring information usually require a constant stream of packets or rick losing packets. For some files one fraction of a second of loss can damage a file. In mobile wireless, the receiver can be located anywhere within the transmitter’s range. This allows the receiver to roam from one place to another while continuing to pick up its signal. Re-association - Connecting to a different access point requires validation, as when a mobile user moves out of one access point’s range and into the range of another. It might also happen if the initial access point is experiencing a high rate of errors.

123 6 - Mobile Services (VoIP)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 6 - Mobile Services (VoIP) VoIP, (Voice Over IP (Internet Protocol) works much the same as a regular telephone. However, instead of connecting to the public telephone network, your phones connect directly to the Internet. The main benefit is reduced cost, especially if you make a lot of long distance phone calls. When you use a normal phone to make a long distance call, your voice is transmitted (usually in digital form) over a network called the Public Switched Telephone Network, or PSTN. Along the way, you’re charged by-the-minute fees by your long distance service provider. When you use VoIP, your voice is still converted into digital form. However, instead of being sent over private networks owned by telephone companies, it is sent over the Internet. Because the Internet uses IP protocol, the digital data representing your voice is converted into packets that can be sent reliably over IP. Hence the name, Voice Over IP or VoIP. The benefits to a business of VoIP include: Free calls to other VoIP connections Ability to send files on more secure systems Running through a network would allows users to VoIP internally An “Always On Connection” indicates locality using an IP address Reduces the need for and mobiles

124 Logging onto the systemScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Network Policies There are two kinds of authentication that goes on when a user switches on a machine, User and Hardware. User Authentication - This happens every time a user tries to access something, which requires user rights to the network through a stored database of names and passwords, it then kicks in a series of commands linked to the machine called a script that gives the user rights to areas on the network from that machine. Hardware Authentication - This happens when a user tries to add something to the network, such as a scanner, printer, software, etc... There are two levels of Hardware rights, User and Administrator (there can be multiple administrators and each can have a different level of access) Task 17 (P4.2) - Explain the benefits of setting up these policies for using the network with appropriate access rights Task 18 (M2.3) - Suggest and justify the network setup of different security (Access/Authentication) between Students and Staff Logging onto the system Printing Internet Group Access Directory Access Read & Write Access etc…

125 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 8 - Network Solution Task 19 (D1.5) - Design a detailed network solution to meet the needs of the client Justify the design and choice of components used

126 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 8 - Network Solution You have been asked to design the possible layout solution for the school network based on the number of machines and the physical layout of the school. Currently they have no network solution in place that links everything together. They are on a budget and can expand later on but ideally the School wants to have all machines connected to the network, wireless connectivity for the laptops, the Apples connected on a limited basis and everyone needs restricted access to the Colour Printer. You need to have on your finished version the following: Wireless Points in Non-Computer Based Classrooms Wireless Access in the Huts Thin Client in the Central Lower School area Restricted Access in the Media Suite Topologies suitable for the IT suites. Network room considerations in terms of hardware necessary Geographical barriers need to be considered (Doors) This can be presented in a PowerPoint for the consideration of the management team

127 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 8 - Network Solution For budgeting purposes the school management wants you to justify this solution for pricing purposes. For each classroom provided with networking, justify your solution for the following: Network Topology Network installed protocols Server hardware Choice of Computer System (Thin Client and Base) Geographic Location of Cabling Choice of Operating system Cabling Type

128 Unit 07 - Computer NetworksLO4 - Be able to make networked systems secure

129 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Scenario Cube Systems have been employed to explain a network solution to the management team at a primary school in the local area with a view to setting up, installing and protecting their network and information stored. The working network needs to: Connect up to 200 computers, printers and shared resources in different computer suites a central network pool for information the capability of adding their media suite of Apples to this network on a restricted access basis. Long-term  a working intranet accessible off site where network drive files can be accessed Currently they have two sites (upper and lower) that are not connected physically. 100 workstations in the student areas across both sites 50 base unit computers in the administration and staffing areas 25 laptops in separate laptop cabinets 25 Apple G4’s in the media suites 20 shared printers across the two buildings  10 of which are accessible to students with network capabilities AND 1 networkable colour printer in their library in the upper primary site In this section of the unit, you will deal with the security aspects implemented within a network that allows your clients access internally and externally

130 Assessment Scenario Business Risks - Loss of ServiceCriteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Scenario Business Risks - Loss of Service Before computers were networked, when a machine went down, that was one computer. It took time to repair it but business went on. With networks, the same happens but the user can move and business goes on. But when a network goes down through physical or software reasons, this can bring every machine down. “Network down time” can seriously impact on companies. For a school down time can mean some classes may be cancelled or find an alternative method, but for companies like Amazon, Play, E-bay etc…, this can have a serious financial impact on the company. North American business lost £21billion in down time last year In Sainsbury’s ISP down time cost the company £1m in online transactions.

131 Assessment Scenario Business Risks - Loss of ServiceCriteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Scenario Business Risks - Loss of Service Business confidence is one of the more integral parts of modern business and the loss of information, security breaches, down time, theft or hacking can have a serious impact on the confidence of customers. The more down time a company has, the less confidence customers have. Down time can cause a delay in the delivery of goods which is vital for Play so they might go to Amazon instead. Tesco’s internet down time can force customers to shop at Sainsbury’s online, and once a customer moves, supermarkets do all they can to grab that loyalty. Stolen credit card details from companies can be hugely expensive in terms of business confidence, just the idea that they security on the network was weak can cause suppliers to hold back, customers to shop elsewhere and the management to investigate.

132 Assessment Scenario Business Risks - Increased CostsCriteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Scenario Business Risks - Increased Costs Network downtime, added security measures, and loss of confidence inevitably leads to the increased cost of goods in order to pay for the damage. Companies need to continuously pay for network upgrades to maintain what they have, need to learn from mistakes and attacks and take stronger preventative measures. When someone is burgled, house insurance goes up, they install a burglar alarm, it is the nature of theft. The Business World is the same.

133 Assessment Scenario Business Risks – ConfidentialityCriteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Scenario Business Risks – Confidentiality In addition to the loss of business and increased product costs, the loss of confidentiality can have an adverse impact on the performance of a business. Loss of customer details is not just bad for business but warrants an investigation by the Trading Standards Authority (TSA). Filing to protect information adequately is a breach of the Data Protection Act (DPA). Companies have to take all possible reasonable steps to protect customer information and any theft from customers from the theft of this information comes under the liability of the Company. There are different levels of confidentiality that need to be taken into consideration, theft of credit card details is not as problematic as theft of Hospital records for instance, medical and personal information can lead to a heavier fine and perhaps prosecution from the TSA, and companies who have been successfully prosecution by the TSA tend to lose even more confidence from their customers and trading partners.

134 Assessment Scenario Business Risks - System IntegrityCriteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Scenario Business Risks - System Integrity One of the stipulations of the DA is that information should not be altered without the express permission of the person. The nature of hacking allows outside users to access this information for social or commercial gain, allowing them to alter the information, adapt it, steal it or delete it. Once hacked, once a virus gets through, once information has been stolen, this leaves the system vulnerable to further attacks. Back door keys, Trojans, false users and accounts, program installation, sleepers, these all allow further attacks. Word gets out in the hacker community and others try, this is called “vulnerability exploitation”. The integrity of a system is like an ego, once broken and it becomes vulnerable. Managers see this as a network problem and blame the network manager causing conflict. The cost of the breach is weighed up against the cost of repair. Worse case scenario is that the breach is done by a malicious hacker intent on damaging the network, deleting files, folders, server information, the OS, the protected files etc. This is called a “Fire Sale”. The loss of confidence from suppliers and others see this as a serious business weakness and can kill a company.

135 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Criteria The suggested scenario is that learners have been employed to explain a possible network solution to a business client (primary school) P6 - Make a networked system secure D2 - Evaluate the procedures organisations should take to secure their networks P6; The learner should be observed implementing security procedures, they should document these procedures and a witness statements and visual evidence such as photographs or video should support this. The learner will benefit from setting up the system to provide the practical evidence. D2 the learners will need to look in detail at a range of procedures that organisations could take to secure their networks. They should evaluate these procedures across a range of criteria including usefulness, ease of use, ease of setting up, costs and presented in a clear and understandable format. This could be in the form of a report. Organisations have always depended on information to ensure success. Over the years, organisations have changed their information systems from dealing purely with data processing to strategic and decision support. Managers need information to plan successfully in the short, medium and long term. It is also recognised nowadays that information is required at all levels in an organisation and that information itself can have many sources all of which are prone to hacking, theft and deletion, internally and externally. The importance of valid information in gaining competitive advantage needs to be stressed, just as protecting that information is vital to a business success. Learners will gain an understanding of the ways in which data can be processed and the applications that support organisations. They will also be asked to evaluate the capacity of an information system to satisfy the needs of the user.

136 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Areas to Cover Focusing on the use computer networks within a school environment, you need to produce a report and witness statement, which will evidence for the following 8 tasks within this case study: Security (Passwords) Security (Permissions and Lists) Security (Backup and Restoring) Security (Encryption) Security (Biometrics) Security (Physical) Security Issues Security Risk Levels

137 Assessment Tasks Assessment Outcome - P6Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Tasks Assessment Outcome - P6 Task 1 (P6.1) - Evidence the setup of applying a password to your account on the network Task 3 (P6.2) - Evidence the setup of applying access rights to a file / folder / program / account Task 5 (P6.3) - Evidence the setup of a backup to network files Task 7 (P6.4) - Evidence the setup of a encrypting a network file

138 Assessment Tasks Assessment Outcome - D1Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment Assessment Tasks Assessment Outcome - D1 Task 2 (D2.1) - Using the headings below, state why Passwords are essential to a school network systems with examples of the potential risks for strong and weak passwords Task 4 (D2.2) - State why access rights are essential to a school network system with examples of the potential risks Task 6 (D2.3) - State why backups and restoring are essential to a school network system with examples of the potential risks Task 8 (D2.4) - State why encryption are essential to a school network system with examples of the potential risks Task 9 (D2.5) - State why biometric security are potentially essential to a school network system with examples of the potential risks Task 10 (D2.6) - State why physical security are potentially essential to a school network system with examples of the potential risks Task 11 (D2.7) – State what are the effects of these security issues and how they can be avoided within a school network system Task 12 (D2.8) – Evaluate the different types of potential risks that exist for a school network system and the level of risk they pose.

139 1 - Security (Passwords)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 1 - Security (Passwords) The most common method of protecting information on a network is the use of passwords on everything aspect of the system (logging in, access rights, systems, VLE, Intranet, drives, etc…)  Your network password(s) helps minimise unauthorised access : Don’t use obvious passwords, such as your last name or anything personal Store your password in your head - not on paper Most network operating systems enable you to set an expiration time for passwords to change password freqnuently  expire after 30 days and therefore the user must change it You can also configure user accounts so that when they change passwords, they can’t specify a password that they’ve used recently You can also configure security policies so that passwords must include a mixture of uppercase letters, lowercase letters, numerals, and special symbols. Thus, passwords like DIMWIT or DUFUS are out. Passwords like or duF39&US are in. Task 1 (P6.1) - Evidence the setup of applying a password to your network account Task 2 (D2.1) - State why passwords are essential to a school network system with examples of the potential risks for strong and weak passwords Loss of Service Loss of Business Increased Costs Confidentiality System Integrity

140 2 - Security (Permissions and Lists)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 2 - Security (Permissions and Lists) Authorisation Permissions - User rights control what a user can do on a network-wide basis Permissions enable you to fine-tune your network security by controlling access to specific network resources, such as files/devices for individual users or groups. Setting permission rights will restrict non-essential staff from looking at or using data Access Control Lists - Access control rights limit the user from damaging, modifying or accessing a file beyond their access levels. It restricts the file rights to whatever the network manager sets and can be done in whole groups like Students or a Class like Languages. Setting these rights protects files. Task 3 (P6.2) - Evidence the setup of applying access rights to a file / folder / program / account Task 4 (D2.2) - State why access rights are essential to a school network system with examples of the potential risks Loss of Service Loss of Business Increased Costs Confidentiality System Integrity

141 3 - Security (Backup and Restoring)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 3 - Security (Backup and Restoring) Having data backed up is the cornerstone of any disaster recovery plan. Without backups, a simple hard drive failure can set your company back days or even weeks. In fact, without backups, your company’s very existence is in jeopardy. For schools this is a legality and three backups are necessary, nightly, weekly and off site copy. The main goal of backups is simple: Keep a spare copy of your network’s critical data so that, no matter what happens, you never lose more than one day’s work. The easiest way to do this is to make a copy of your files every day. If that’s not possible, techniques are available to ensure that every file on the network has a backup copy that’s no more than one day old. The goal of disaster planning is to make sure that your company can resume operations shortly after a disaster occurs, such as a fire, earthquake, or any other imaginable calamity. The most common media for making backup copies is a tape  up to 80GB of data All versions of Windows come with a built-in backup program. Task 5 (P6.3) - Evidence the setup of a backup to network files Task 6 (D2.3) - State why backups and restoring are essential to a school network system with examples of the potential risks Loss of Service Loss of Business Increased Costs Confidentiality System Integrity

142 3 - Security (Backup and Restoring)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 3 - Security (Backup and Restoring) Normal backups - also called a full backup (most basic type of backup), where all files in the backup selection are backed up — regardless of whether the archive bit has been set. As each file is backed up, its archive bit is reset, so backups that select files based on the archive bit setting won’t back up the files. Copy backups - similar to a normal backup, except that the archive bit is not reset as each file is copied. As a result, backups don’t disrupt the cycle of other backups Daily backups - backs up just those files that have been changed the same day that the backup is performed. A daily backup examines the modification date for each file to determine whether a file should be backed up. Daily backups don’t reset the archive bit. Incremental backups - backs up only those files that you’ve modified since the last time you did a backup  a lot faster than full backups because your network users probably modify only a small portion of the files on the server in any given day. Differential backups - A differential backup is similar to an incremental backup, except that it doesn’t reset the archive bit as files are backed up. As a result, each differential backup represents the difference between the last normal backup and the current state of the hard drive. To do a full restore from a differential backup, you first restore the last normal backup, and then you restore the most recent differential backup.

143 4 - Security (Encryption)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 4 - Security (Encryption) Encryption refers to the process of translating plain text information into a secret code so that unauthorized users can’t read the data. Encryption isn’t new. Secret agents have long used codebooks to encode messages, and breaking the code has always been one of the top priorities of counter-intelligence. Windows Server have a feature called Encrypted File System, or EFS for short, that lets you save data on disk in an encrypted form. This prevents others from reading your data even if they manage to get their hands on your files. Encryption is especially useful in environments where the server can’t be physically secured. If a thief can steal the server computer (or just its hard drive), he or she may be able to crack through the Windows security features and gain access to the data on the hard drive by using low-level disk diagnostic tools. If the files are stored in encrypted form, however, the thief’s efforts will be wasted because the files will be unreadable. Task 7 (P6.4) - Evidence the setup of a encrypting a network file Task 8 (D2.4) - State why encryption are essential to a school network system with examples of the potential risks Loss of Service Loss of Business Increased Costs Confidentiality System Integrity

144 4 - Security (Encryption)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 4 - Security (Encryption) The most basic type of data encryption, called synchronous data encryption, which uses numeric keys that are used to apply complex mathematical operations to the source data in order to translate the data into encrypted form. These operations are reversible, so if you know the key, you can reverse the process and decrypt the data. The message is incomprehensible, unless you know the key, then it is easy. The actual keys and algorithms used for cryptography are much more complicated. Keys are typically binary numbers of 40 or 128 bits, and the actual calculations used to render the data in encrypted form are complicated. Other Methods include: transposition - characters switched around Substitution - characters replaced by other characters Cryptography serves 3 purposes: Helps to identify authentic users Prevents alteration of the message Prevents unauthorised users from reading the message Encryption Keys Sent with, sent after, kept on network of user and client.

145 5 - Security (Biometrics)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 5 - Security (Biometrics) Biometric identification systems can be grouped based on the main physical characteristic that lends itself to biometric identification: Fingerprint Identification Hand Geometry Palm Vein Authentication Retina Scan Iris Scan Face Recognition Signature Voice Analysis Task 9 (D2.5) - State why biometric security are potentially essential to a school network system with examples of the potential risks Loss of Service Loss of Business Increased Costs Confidentiality System Integrity

146 5 - Security (Biometrics)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 5 - Security (Biometrics) Fingerprint identification - Fingerprint ridges are like a picture on the surface of a balloon. As the person ages, the fingers get do get larger. However, the relationship between the ridges stays the same, just like the picture on a balloon is still recognizable as the balloon is inflated. Hand geometry - Hand geometry is the measurement and comparison of the different physical characteristics of the hand. Although hand geometry does not have the same degree of permanence or individuality as some other characteristics, it is still a popular means of biometric authentication. Palm Vein Authentication - This system uses an infrared beam to penetrate the users hand as it is waved over the system; the veins within the palm of the user are returned as black lines. This has a high level of authentication accuracy due to the complexity of vein patterns of the palm. Because the palm vein patterns are internal to the body, this would be a difficult system to counterfeit. Retina scan - A retina scan provides an analysis of the capillary blood vessels located in the back of the eye; the pattern remains the same throughout life. A scan uses a low- intensity light to take an image of the pattern formed by the blood vessels. Iris scan - An iris scan provides an analysis of the rings, furrows and freckles in the coloured ring that surrounds the pupil of the eye. More than 200 points are used for comparison.

147 5 - Security (Biometrics)Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 5 - Security (Biometrics) Face recognition - Facial characteristics (the size and shape of facial characteristics, and their relationship to each other). Typically, this method uses relative distances between common landmarks on the face to generate a unique "faceprint." Signature - Although the way you sign your name does change over time, and can be consciously changed to some extent, it provides a basic means of identification. Voice analysis - The analysis of the pitch, tone, cadence and frequency of a person's voice.

148 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 6 - Security (Physical) The most secure method of prevention against theft are physical measures that are taken, seen and unseen. Under the DPA, all possible measures within reason must be taken to secure confidential information. These can include: CCTV - Internally and externally, it is common to have these on buildings but companies also have them in the network room, the corridors, reception and wherever there is money stored. Some have motion sensors so they record as soon as there is movement. Locks - Standard locks on doors are usual, in most buildings staff rooms have locks. Network rooms particularly have locks, all entrances and exits. But network server cupboards and racks have locks, laptop cabinets, filing cabinets and keys allocated only to those who have rights. These locks can be keys or numbered. Key cards - These are more secure as they record access and log times. They are more difficult to fake and can be cancelled electronically is lost or stolen unlike keys. Task 10 (D2.6) - State why physical security are potentially essential to a school network system with examples of the potential risks Loss of Service Loss of Business Increased Costs Confidentiality System Integrity

149 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues This is applies to Viruses, Adware, malware, spyware and many others, that can all cause big problems for computer users. Task 11 (D2.7) – State what are the effects of these security issues and how they can be avoided within a school network system You need to explain what these are, how they can affect computers and how they can be combated. Definitions of each Methods of avoiding Give examples

150 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Adware Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. These can slow down the computer and cause problems with other software packages and should be avoided. Usually the internet browser is set up so that it asked the user if they want to run a piece of software. If you are at all unsure of the nature of this software do not allow it to run. Some types of adware are also spyware and can be classified as privacy-invasive software.

151 7 - Security Issues MalwareScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Malware Malware is software specifically designed to infiltrate or damage a computer system without the owner's consent. The term is an amalgamation of the words malicious and software. The expression is a general term used by computer professionals to mean differing forms of hostile, intrusive, or annoying software or program code.  Many computer users are still unfamiliar with the term, and most never use it. Instead, "computer virus" is incorrectly used. Even the media sometimes use computer virus to describe all kinds of malware, though not all malware are viruses.

152 7 - Security Issues MalwareScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Malware Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware can include computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, and other malicious and unwanted software. Malware should not be confused with defective software, which is software that has a legitimate purpose but contains harmful bugs.  There is a variety of malware software available on the market that should be kept up to date. If a computer user is unaware of the sender of a particular file or experiences anything out of the ordinary then it is a good idea to contact an IT professional such as a technician. Reporting problems will lead to better awareness and possibly reduce the damage that is caused by this destructive software.  Remember: Keep spyware, adware and malware detection programs up to date. If unsure in any way of how a program is responding tell someone about it.

153 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Spyware Spyware is computer software that is installed secretively on personal computers that either intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

154 7 - Security Issues SpywareScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Spyware The term spyware suggests software that secretly monitors the user's behavior; the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. Spyware can also change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software. In response to this industry has created several anti-spyware software packages. Running anti-spyware software has become a widely recognized element of computer security best practices for Microsoft Windows desktop computers.

155 7 - Security Issues VirusesScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Viruses A computer virus is a computer program that replicates itself and infects a computer without permission or knowledge of the user. The original virus may modify itself as it replicates. The virus can only spread when its host is taken to the uninfected computer – for instance being send over a network or internet, carrying it via a removable medium such as a USB drive, CD or floppy disk. Viruses can also spread to other computers by infecting files on a network files system. Viruses can sometimes be confused with computer worms and Trojan horses which could give similar symptoms but are quite different. Worms – can spread itself to other computers without needing to be transferred as part of a host. Trojans – is a file that appears harmless. All three can cause harm to a computer system. This is call the payload and can be as simple as a silly message or as serious as the complete destruction and corruption of all files contained within a certain area.

156 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Because most computers are connected to the internet and local area networks this facilitates the spread of malicious code, add to this the network services such as the world wide web, , instant messaging and file sharing this only perpetuates the spread of these files. Some malware is programmed to damage the computer by damaging programs, deleting files or formatting the hard disk drive. Some of these programs are not designed to damage but simply replicate themselves and present text, video or audio messages – however these can still create problems by taking up memory and using other resources possibly leading to system crashes.

157 7 - Security Issues Virus ProtectionScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Virus Protection Anti-virus software can be install which can detect and eliminate KNOWN viruses after the computer downloads or runs the executable. These generally work in two ways – the program looks for a virus signature, a kind of way the virus works and looks like within the computers memory and files. These are compared to a database of known virus signatures. However this is only as good as the database used. The second method is using a technique that looks at how viruses commonly behave and tries to detect these. This is useful for viruses that do not yet have a signature known to the virus protection software.

158 7 - Security Issues Minimising the damageScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Minimising the damage Keeping regular backups of data and the operating system on different media which are kept unconnected to the system – most of the time, miminse the changes of the virus infecting these backups. These should be kept to read only status – using a DVD or CDROM would allow this. Keeping up to date virus protection software is also another good ware of minimising the risk of infection. Employees are usually asked not to bring external data or programs on an internal system due to the risk of viruses and malicious software. If this needs to be done, generally it is taken to the IT technicians for them to check the data for any problems. This has a two fold benefit, it reduces the risk of infection within the organisation and also notifies the employee if there is a problem which allows them to check their home computer. The golden rule is if in doubt check.

159 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 7 - Security Issues Anti-Virus The best way to protect your network from virus infection is to use an antivirus program. These programs have a catalogue of several thousand known viruses that they can detect and remove. In addition, they can spot the types of changes that viruses typically make to your computer’s files, thus decreasing the likelihood that some previously unknown virus will go undetected. It would be nice if Windows came with built-in antivirus software, but alas, it does not. So you have to purchase a program on your own. The two best known antivirus programs for Windows are Norton AntiVirus and McAfee’s VirusScan. The people who make antivirus programs have their fingers on the pulse of the virus world and frequently release updates to their software to combat the latest viruses. Because virus writers are constantly developing new viruses, your antivirus software is next to worthless unless you keep it up to date by downloading the latest updates (Dat files). The following are several approaches to deploying antivirus protection on your network:

160 Environmental Disaster Disruption of ServicesScenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 8 - Security Risk Levels The impact of each type of disaster varies from business to business. What may be a disaster for one business may only be a mere inconvenience for another. For example, a law firm may tolerate a disruption in telephone service for a day or two. Loss of communication via phone would be a major inconvenience, but not a disaster. To a telemarketing firm, however, a day or two with the phones down is a more severe problem because the company’s revenue depends on the phones. One of the first steps in developing a business continuity plan is assessing the risk of the various types of disasters that may affect your organisation. To assess risk, you weigh the likelihood of a disaster happening with the severity of the impact that the disaster would have. Analysing these risks is called Risk Assessment and the higher the risk, the greater the need to take adequate precautions. Task 12 (D2.8) – Evaluate the different types of potential risks that exist for a school network system and the level of risk they pose. Environmental Disaster Deliberate Disasters Disruption of Services Equipment Failure Other Disasters

161 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 8 - Security Risk Levels Environmental disasters are what most people think of first when they think of disaster recovery. Fires can be caused by unsafe conditions, by carelessness, such as electrical wiring that isn’t up to code, by natural causes, such as lightning strikes, or by arson. Earthquakes can cause not only structural damage to your building, but they can also disrupt the delivery of key services and utilities, such as water and power to your company Weather disasters can cause major disruption to your business. Moderate weather may close transportation systems so that your employees can’t get to work. Severe weather may damage your building or interrupt delivery of services, such as electricity and water. Flooding can wreak havoc with electrical equipment, such as computers. If floodwaters get into your computer room, chances are good that the computer equipment will be totally destroyed. Note that flooding can be caused not only by bad weather, but also by burst pipes or malfunctioning sprinklers. Lightning storms can cause electrical damage to your computer and other electronic equipment if lightning strikes your building or causes surges in the local power supply.

162 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 8 - Security Risk Levels Deliberate disasters are the result of deliberate actions by others. For example: Vandalism or arson may damage or destroy your facilities or your computer systems. The vandalism or arson may be targeted at you specifically by a disgruntled employee or customer, or it may be random. Theft is always a possibility. You may come to work someday to find that your servers or other computer equipment have been stolen. Don’t neglect the possibility of sabotage. A disgruntled employee who gets a hold of an administrator’s account and password can do all sorts of nasty things. Disruption of Services Electrical power is crucial for computers and other types of equipment. Electrical outages are not uncommon, but fortunately, the technology to deal with them is readily available. UPS (uninterruptible power supply) equipment is reliable and inexpensive. Communication connections can be disrupted by many causes. An interruption in the water supply may not shut down your computers, but it can disrupt your business by forcing you to close your facility until the water supply is re-established.

163 Scenario Criteria Tasks 1 2 3 4 5 6 7 8 Assessment 8 - Security Risk Levels Equipment failure - Modern companies depend on many different types of equipment for their daily operations. The failure of any of these key systems can disrupt business until the systems are repaired: Computer equipment failure can obviously affect business operations. Air-conditioning systems are crucial to regulate temperatures, especially in computer rooms. Computer equipment can be damaged if the temperature climbs too high. Elevators, automatic doors, and other equipment may be necessary to the business. Other disasters - You should assess many other potential disasters. Here are just a few: Labour disputes., Loss of key staff due to resignation, injury, sickness, or death. Workplace violence. Public health issues, such as epidemics, mould infestations, and so on. Loss of a key supplier. Nearby disaster, such as a fire or police action across the street that results in your business being temporarily blocked off.