Excerpt: Networks are not built for the computers, or the hardware that runs the computers, or even the software on the computers themselves, networks are built for people. Networks help people connect with one another, to share and store information in many forms. As such, a key factor when building a network, is determining how many people will be using the network. The greater the amount of people in an organization, the larger the hardware/software requirements of the network will be.
Excerpt: The OSI, TCP/IP, and Internet standardization models are all different parts of the same beast. Each of the three works in conjunction with the other two and at the same time can work autonomously. They are the definitions and guideposts for manufacturers and network engineers to develop and maintain networking hardware and software.
Hybrid Architecture: Designing a Corporate Network
Problem: Design a wireless network for a campus spanning over a thousand square feet (over 350 square meters).
IPv6 and IPv4 Protocols and protocol suites are definitions for methods and rules which computers can use to communicate with one another (Ciccarelli, et al., 2008, P. 179). Without protocols, computers would be unable to understand the signals sent by other computers, or in the worst case scenario, could be damaged by the very voltages that those computers send. “Both IPv6 and IPv4 define network layer protocol i.e., how data is sent from one computer to another computer over packet-switched networks such as the Internet” (Das, IPv6 - The Next Generation Internet, 2008). The primary difference between the two protocols and the main factor for using IPv6 in the future is the dwindling supply of 32 bit addresses supplied by IPv4. IPv6 tackles this issue through the use of 128 bit addressing. “Therefore, it is now possible to support 2^128 unique IP addresses” (Das, IPSec & IPv6 - Securing the NextGen Internet, 2008). This is opposed to the IPv4 of 2^32 IP addresses.
However, since there are still enough IPv4 addresses to go around how IPv6 still wins out is in the fact it has IPSec to increase network security. “IPSec, is a framework of open standards (from IETF) that define policies for secure communication in a network” (Das, IPSec & IPv6 - Securing the NextGen Internet, 2008). That being said, the overhead cost of switching an entire network to IPv6 from IPv4 is prohibitive to most organizations. Therefore, a hybrid setup is probably the best option for the foreseeable future. Essentially, the organization would have its primary gateway to the internet setup using IPv6. All internal traffic would still be routed using IPv4. This would work as internally there is not likely to be more than 2^32 devices on the network (unless it is an enormously large organization). As such, IPv4 is not going to instantly dissappere with the advent of IPv6 functionality. Rather, it is more likely to slowly fade away over the next decade.
Security Trade-off Allowing anyone to remotely connect to your network is always going to incur some sort of trade-off between security and functionality. However, the role of the admin is to minimize the amount of threat such connections create. This is done through VPN tunnels, encrypted connections, and even one time passwords or two-factor authentication (TechTarget, 2004). VPNs, virtual private networks, provide an effective means of private communication over an unsecure medium (the internet) by creating a path or tunnel which the private data travels on and which the non-private data cannot see (Ciccarelli, et al., 2008, p. 17). However, hackers are able to access these tunnels by using man-in-the middle attacks. This is where they set a connection up between the remote computer and network where the private traffic must go through. The hacker then “sniffs,” or examines the packets being sent/received, thus bypassing the VPN tunnel (Doherty, Anderson, Maggiora, & Clement, 2008, pp. 162-163). Admins are able to overcome these attacks by encrypting the data being sent. This means that the connection between the remote computer and the network will be slower, but more secure. That being said, if the hacker in question has direct access to the remote computer, passwords and two-factor authentication is the only ways to effectively halt their intrusion. One time passwords are verification codes given once to access any secure program/network. After which the password cannot be used again, and a new one must be granted. Two-factor authentication is where a user has a physical device (card, token generator, or biometrics) which must be coupled with their password in order to gain access to a secure function. However, these security devices create further complications for the user, and may even frustrate them. Overall, the more the world pushes on a network, the more the network is forced to push back. The best a network admin can do is explain to users why they must do what they do, as people are more prone to listen if they understand the reasons behind the security measures, rather than a blunt “Because it’s policy.” After all, if it took a secret password, a special random number generator, and a key to get inside a house, people would try to find an easier way to get in, even if it was their own home.