This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The advantages of using computer networking facility within the Smith Solicitor office
They can use intranet facility for internal communication in the office
They can share resources like printer so that they can use two printers for the whole office.
Video Conference can be done which makes it easier for the employer to contact with the employee. And meetings can be done online.
File and data sharing can be done which helps them share data between the computers.
Folders can be password protected to limit access to unauthorized users.
A single internet connection in server computer allows the entire client computer to share internet.
The disadvantage of using computer networking facility within the Smith Solicitor office
Skilled IT administrator should be hired for maintenance.
Training should be given to the employer and employee to use the computer which in network.
Proper network security should be given to the server computer.
Network maintenance should be done time to time.
Network Installation charges would be expensive.
Networking Component like router, switch and cable would be expensive to buy.
Â All the computers in an office building might become completely useless if a single network component fails.Â
If a single computer is virus infected then the entire computer in network may soon get affected.
Evaluate the various costs, performance, security and utility values associated with the installation of your network design for Smith Solicitor. (P2)
The various cost, performance, security and utility values associated with the installation of the network design for Smith Solicitor
Brand Name: HP Pro Liant DL380 G7 Rack Server
The HP Pro Liant DL380 G7 Server continues to deliver on its heritage of engineering excellence with increased flexibility and performance, enterprise-class uptime and HP Insight Control manageability, 2 sockets IntelÂ® XeonÂ® performance, and 2U density for a variety of applications.
IntelÂ® XeonÂ® E5620 (4 core, 2.40 GHz, 12MB L3, 80W)
6GB PC3-10600R (DDR3-1333) Registered DIMMs
3 years warranty
HP Pro Liant DL380 G7
IntelÂ® XeonÂ® E5620 (4 core, 2.40 GHz, 12MB L3, 80W)
Rack-mountable - 2U
12 MB L3
IntelÂ® 5520 Chipset
(2) 1GbE NC382i Multifunction 2 Ports
6GB PC3-10600R (DDR3-1333) Registered DIMMs
(1) Smart Array P410i/256MB
*Windows server 2003 will be installed as an operating system in server computer as it is user friendly. It has different security features. (1)
HP Pavilion Elite HPE-490uk
Designed for computing tasks in equal good measure, the HPÂ Pavilion Elite HPE-490ukÂ desktop PC is powered by the potent quad-core IntelÂ® Coreâ„¢ i7-870 Processor.
IntelÂ® Coreâ„¢ i7-870 Processor
2.93 GHz (up to 3.6GHz with turbo Boost)
8 MB Smart Cache
8GB installed RAM
4 DIMM slots
maximum 16GB supported memory
1.5 TB SATA 3G Hard Disk Drive (5400 rpm)
10 x USB 2.0 ports
Memory Card Reader
15-in-1 memory card reader
Keyboard, mouse, power cord, documentation
Windows XP will be installed in this client computer as its user's friendly. It has got option like plug and play. It's got facilities likeÂ fast user switching which affects applications that access hardware or that can only tolerate one instance of their application running on a machine at any one time. We can also create multiple users and protect the users putting the password. Networking and communication features are also very good in windows xp. So Windows xp would be the most suitable and appropriate as a client computer. (2)
The Network Interface card (NIC)
The bridgeÂ Â
Wireless access points
The routerÂ Â
Cable (UTP cat 5)
The server computer and client computer are as required by The Smith Solicitor Office. It's very affordable and the components are very good. The total price of the entire computer would be about £16 thousand.
The security features of windows 2003 are as listed below
Authentication: Most basic level is requiring a user id and password to log on to some system.
Access control: Access control is used to secure resources such as files, folders, and printers.
Encryption: Confidential files can be encrypted using the Encrypting File System (EFS) for local files stored on NTFS volumes
Security policies: Security policies control a range of security settings.
The security features of windows XP are as listed below
Remote Assistance / Remote Desktop
Local Security Policy
Overall selected hardware component are suitable for the selected Operating system and the software and hardware are at affordable price.
Provide an overview of a network operating system (NOS) and illustrate how NOS works with in computer network. (P3)
Network Operating System (NOS) helps the server computer to control Client computer and distribute the function to the entire client computer. Therefore it helps to manage the computers which are connected in the network.
Features of Network Operating System
It has a function to allow multiple users to access shared resource at same time.
It provides file, print, web services, back-up services.
NOS distributes the function to all the computer in network
It helps to manage multiple user and support for logon and logoff, remote access; system management, administration tools
Client systems contain specialized software that allows them to request shared resources that are controlled by server systems responding to a client request.
NOS supports multiple user accounts at the same time and enables access to shared resources by multiple clients at same time.
It has security features like authentication, authorization, logon restrictions and access control
I suggest windows operating system for smith solicitor office because it is commonly used on computers and currently, the most widely used version of the Windows family isÂ WINDOWS XP for client computer and WINDOWS SERVER 2003Â for servers. It has features listed below
Windows provide frequently updated security features such as firewalls, pop-up blockers, antivirus and antispyware software and more. It has additional security and administrator tools for server.
These OS offer administration tools and security for computer networking.
Ease of Use
Windows OS are straightforward and user friendly.
These OS performs numerous functions, above average support is needed. Generally, Microsoft offers more support to its customer's onlineÂ and also self-guided support.
Design a LAN for a Smith Solicitor or assess an existing network (if any) for fitness of purpose. (P4) [Learner needs to design a LAN on the paper for their LAN selection.]
Identify the various parts (software and hardware) of a network system for Smith Solicitor and relates it to the 7- layered model. (P5)
The various parts of a network system for smith solicitor which is related with 7 layeres model are
Physical Layer:Â This layer explains the physical properties of the various communications media and coordinates the function required to transmit Example: It explains the size of Ethernet coaxial cable, layout of pins. The physical layer uses hubs and repeaters.
Data Link Layer: This layer explains the logical organization of data bits transmitted on a particular medium. Example: this layer gives addressing and checks summing of Ethernet packets.
Network Layer: This layer helps to describe the exchanges of packets between any two nodes in a network. Ex: It defines the addressing and routing structure of the Internet.
Transport Layer: In transport layer it describes the class, quality and type of the data delivered. This layer makes sure if and how retransmissions will be used to ensure data delivery.
Â Session Layer: Â In this layer the group of data sequences larger than the packets handled by lower layers. So it is handles synchronization process. Example: It shows the details of request and reply packets are paired in a remote procedure call.
Â Presentation Layer: This layer works to translate, encrypt and compress data. Ex: this layer describes how floating point numbers can be exchanged within hosts with different math formats
Application Layer: This layer gives services to the user by allowing the access to network resources Ex: this layer would implement file system operations
Differentiate between different kinds of network, network topologies and network operating systems. (P6) [Discuss different network topologies]
The different kinds of network are
AÂ local area network also knows as LANÂ is a kind of network where the networked computers are in short distance only. Example - a network within a building of school. LANs Usually owned, controlled, and managed by a single person or organization. They use Token ring or Ethernet technology
Metropolitan area network also known as MAN is a network spanning a physical area larger than a LAN but smaller than a WAN, such as a city. Example - it is commonly owned by a single body like as a government body or large company.
Wide area network also known as WAN is a geographically single collection of LANs. It generally covers wide area of computer networks. A router connects different LAN to WAN. For example- mostly WANs (like the Internet) aren't owned by any organization or group but it works under the joint or distributive ownership and management.
The different types of network topologies are:
Star topology and tree topology
All devices connect to a central device, called hub. All data transferred from one computer to another passes through hub Popular in LAN because it's inexpensive and easy to install. Whereas tree topology is the extended form of star topology which is used in large networks .This kind of network significally reduces the traffic on wires by sending packets only to the wires of the destination host
In this kind of topology cables are formed in closed ring or a loop form where the devices are arranged along the ring. Data communication is d one in this topology by device to device around entire ring in one direction only but if we use dual ring then communication can be done by both direction Mainly this topology is used in LAN network but it is also used in WAN network.
In this kind of topology all computer are connected to each other so that there's a fault tolerance in this kind of topology. It is expensive as well as difficult to create this type of topology. Here all the nodes are connected to each other and forms complete network. This kind of network topology is mostly use in financial sector.
3.1 Set up a software network environment, for some departments in a Smith Solicitor organization. (P7) [Configure Active directory]
To configure an active directory for smith solicitor organization following process in taken.
Click start and type dcpromo and enter. Then a dialogue box will appear. Then we need to press next. After that we will see a domain control type wizard where we need to select the domain controller for a new domain and select next option. Then we need to select the domain in new forest and press next as show in picture below.
After that on theÂ New Domain NameÂ page, in theÂ Full DNS name for new domainÂ box, we need to give some domain name .For example we can give domain name like SmithSolicitiorFirm.com. After that we need to give name for NetBIOS domain name and click next where we get to seelect the location where we would like to store and save the database and log files. On theÂ Shared System VolumeÂ page, accept the default in theÂ Folder locationÂ box, and then clickÂ next.
On theÂ DNS Registration DiagnosticsÂ page, clickÂ Install and configure the DNS server on this computer and set this computer to use this DNS server as its preferred DNS Server, and then clickÂ next as shown in the picture below.
On theÂ PermissionsÂ page, clickÂ Permissions compatible only with WindowsÂ 2000 or Windows ServerÂ 2003 operating systems, and then clickÂ next. After that on theÂ Directory Services Restore Mode Administrator PasswordÂ page, we need to enter a password in theÂ Restore Mode PasswordÂ box and again retype the password to confirm it in theÂ Confirm passwordÂ box, and then clickÂ next. Finally in last we just need to confirm that the given information are correct and click nextÂ and When prompted to restart the computer, clickÂ Restart now. This is the successful configuration of active directory for smith solicitor's server computer.
3.2 Install a piece of network software on to a server to be used by different selected users in a created group on Smith Solicitor Network.(P8) [configure print server]
We can configure a print server in smith solicitor network by the following process given below.
Installation process: Firstly connect the printer to the computer .Then the printer will be detected automatically. After that we need to install driver which we normally get with printer. Else we can do it manually by the following process as shown below.
Click on Start > Settings > Control Panel > Printer and Faxes. Then Click on the File Menu > Add printer > Next > Local Printer attached to this computer.Â After that it Checks automatically detect and Install My Plug and Play Printer. Then Click Next.
After that a wizard will automatically detect any attached printer and install the driver for it. If the system doesn't find the driver then it will be prompted to provide the drivers location.
After successfully installing the printer driver, it will show new printer name in the Printer and Faxes in the control panel.
Server Configurations: If the printer needs to be shared by a server computer, firstly we need to click the printer name>properties>sharing>share this printer. Then we need to provide name for the shared printer which will be used by client computer on the network. We can also set the colour management, priorities, printing preferences, font s in the properties tab of the printer.
Client Computer Configuration: To setup printer at the client computer we can just give the command
\\computername\printername (printer name is the shared name of the printer which we create while configuring server)
3.3 Illustrate how you configure user workstations on the network? (P9) [Steps of user configuration on Active directory]
To configure user workstation on the network firstly we need to have one active directory domain, where we need to create a user account in that domain to use as an administrator account. Then after adding the user to the exact security group we can use that account to add computer to domain. To configure user on active directory following process should be completed.
C:\Users\jaikishanshrestha\Desktop\Add new user in Exchange 2003.PNG
Firstly click start and then point the cursor towards administrator Tool. Then Click Active Directory Users and ComputersÂ to start the Active Directory Users and Computers console. After that we need to click the domain name that had been created, and then expand the contents. Where we need to right- click Users>New>User
Type the first name, last name, and user logon name of the new user, and then clickÂ Next. Where we get other wizard to type a password and confirm it by typing again and click the check box as required by user. Then click Next .After that just check the details and enter to Finish. Finally a new user will be created under the active directory.
In case of adding a computer to the domain, following the steps Log on to the computer that needs to be added to the domain. Then right click on MY Computer>Properties>Computer Name Tab>Click change. In the computer Name change dialogue box, click Domain under member of and type the domain name. After that click OK.When you are prompted, type the user name and password of the account that you previously created, and then clickÂ OK. Then a welcome message appears in a dialogue box where we need to click OK and restart.
4.1 Write a report on the rights and responsibilities of the network manager and the network user for Smith Solicitor (P10) [Discuss role of Network admin- user rights, sharing etc. and network user - password, maintain file etc.]
Network administrator need to setup and configure all the devices, hardware, software, connection between the computers. They should be able to add the user and delete the user as the requirement of the company or manage the password and access control as the requirement and ensure that there is a proper security in the network to protect it from hackers and viruses. They are deeply involved in making sure that the software are updated and applications, and monitoring the performance of the network, checking for security breaches, poor data management practices and more. So scheduled check up should be done. Administrator should be able to manage user account such as file access privileges and passwords. Administrator should also train user to utilize the network's resources and also train users to work under the server network environment.
Administrators keep records of all users' problems and errors as well as the steps taken to solve the problems. This information is used to help solve future problems. Administrators also control user access to the network. The administrator must also create a firewall-a set of security measures designed to make sure that no one can gain unauthorized access to the system. Administrator should use Active directory for centralized management and manage user environment. Admin should respond to the needs and question of clients concerning their access to resources and create backup in different ways to recover any lost data. They are responsible to manage, assign and maintain the list of network addresses.
4.2 Apply control mechanisms in a Smith Solicitor network for managing users. (P11) [Discuss group policy, user authentication, authorization etc.]
Control in a smith solicitor network for managing users can be done by using centralized management system in active directory. Active Directory enables the administrator to centrally manage resources and to easily find the information location. It also enables to group the users according to the users' limitation because user group policy helps to makes different policy for the user by the administrator. Active directory user authorization secures resources from the unauthorized user and unauthorized access.
Managing Authorization and Access Control
Published: November 03, 2005
The Microsoft Windows XP Professional operating system includes a number of features that you can use to protect selected files, applications, and other resources from unauthorized use. These features, which include access control lists, security groups, and Group Policy, along with the tools that allow you to configure and manage these features, provide a powerful yet flexible access control infrastructure for your local resources and network. Understanding what these features are, why they are necessary, and how they function will help you to manage rights and permissions on network and local resources more effectively.
In Windows XP Professional, any entity that can be authenticated. A user, group, computer, or service can be a security principal. Security principals have accounts. Local accounts are managed by the Local Security Accounts Manager (SAM) on the computer. If the account is in a Microsoft Windows 2000 or Windows Serverâ„¢ 2003 domain, it is managed by Active Directory. If the account is in a Microsoft Windows NT version 4.0 domain, it is managed by a SAM database on the primary domain controller.
A mechanism for propagating access control information down through a tree of objects. In Microsoft Windows NT, an object (such as a file) inherits access control information from its parent object (such as a folder) only when the object is first created. In Windows XP Professional, objects inherit access control information not only when they are created, but also when the parent object's access control list changes.
The only security principal who has an inherent right to allow or deny permission to access an object. An object's owner can give another security principal permission to take ownership. By default, the built-in Administrators group on a computer is assigned a user right that allows this group to take ownership of all objects on the computer.
Groups that can be used to organize users and domain objects, thus simplifying administration. Security groups allow you to assign the same security permissions to a large numbers of users, such as employees in a single department or in a single location, ensuring that security permissions are consistent across all members of a group.
A data structure containing the security information associated with a securable object. A security descriptor identifies an object's owner by SID. If permissions are configured for the object, its security descriptor contains a discretionary access control list (DACL) with SIDs for the users and groups that are allowed or denied access. If auditing is configured for the object, its security descriptor also contains a system access control list (SACL) that controls how the security subsystem audits attempts to access the object.
Access control list (ACL)
An ordered list of access control entries (ACEs) that define the permissions that apply to an object and its properties. Each ACE identifies a security principal and specifies a set of access rights allowed, denied, or audited for that security principal.
Security configuration settings that can be applied to individual computers. These settings can be configured locally on the computer by using the Local Security Policy administration tool, the Microsoft Management Console (MMC) Security Configuration and Analysis snap-in, or, if the computer is a member of an Active Directory domain, through the Security Settings extension to Group Policy.
Auditing of system events
You can use the auditing feature to detect attempts to circumvent protections on resources or to create an audit trail of administrative actions on the system. For example, you can audit failed attempts to open a file. You can also set security policy so that failed logon attempts are recorded in the security event log. If another administrator changes the auditing policy so that failed logon attempts are no longer audited, the log can record this event as well. In an Active Directory environment, you can use Group Policy to centrally control who is allowed to manage security logs on computers joined to a domain.
user or group is stored as part of an ACE in a DACL that is part of the object's security descriptor.
Rights and Permissions
Access control involves the configuration of rights and permissions, which apply to both the objects on the local computer or network and the potential users (including individuals, computers, and services) of those objects.
AÂ rightÂ is authorization to perform an operation. From an administrator's point of view, there are two types of rights: privileges and logon rights. In Windows XP Professional, only one user right is inherent-the right to allow or deny access to resources that you own. All other user rights must be granted, which means that they can also be withdrawn.
AÂ permissionÂ is authorization to perform an operation on a specific object, such as opening a file. Permissions are granted by owners. If you own an object, you can grant any user or security group permission to do whatever you are authorized to do with it.
When permission to perform an operation is not explicitly granted, it is implicitly denied. For example, if Alice allows the Marketing group, and only the Marketing group, permission to read her file, users who are not members of the Marketing group are implicitly denied access. The operating system will not allow users who are not members of the Marketing group to read the file.
Permissions can also be explicitly denied. For example, Alice might not want Bob to be able to read her file, even though he is a member of the Marketing group. She can exclude Bob by explicitly denying him permission to read the file. In fact, this is exactly how explicit denials are best used-to exclude a subset (such as Bob) from a larger group (such as Marketing) that has been given permission to do something.
Each permission that an object's owner grants to a particular user or group is stored as part of an ACE in a DACL that is part of the object's security descriptor.
Every application that a user starts runs in the security context of that user.
When a user logs on, an access token is created. The access token contains key security-related information, including the user's SID, the SIDs of the groups to which the user belongs, and other information about the user's security context. This access token is then attached to every process that the user runs during that logon session.
An application runs as a process with threads of execution. When an application performs an operation on a user's behalf, one of the threads performs the operation. For example, when Alice opens a Word document, Microsoft Word, and not Alice, actually opens the file. More precisely, one of the threads of execution performs the operation.
For a thread to gain access to an object such as a file, it must identify itself to the operating system's security subsystem. Threads and applications do not have a security identity, so they must borrow one from a security principal, such as Alice. When Alice starts an application, it runs as a process within her logon session. When one of the application's threads needs to open a file, the thread identifies itself as Alice's agent by presenting her access token. Alice is therefore ultimately responsible for anything that the thread does to the file or system on her behalf.
Before allowing the thread of execution to proceed, the operating system performs an access check to determine whether the security principal associated with the thread has the degree of access that the thread has requested. This access check involves the following steps:
The security subsystem checks the file object's DACL, looking for ACEs that apply to the user and group SIDs referenced in the thread's access token.
If a DACL does not exist, access is granted. Otherwise, the security subsystem steps through the DACL until it finds any ACEs that either allow or deny access to the user or one of the user's groups.
If a deny is found at the user or group level, the access is denied.
If the security subsystem comes to the end of the DACL and the thread's desired access is still not explicitly allowed or denied, the security subsystem denies access to the object. Therefore, if a DACL exists but is empty, access is by definition denied.
At the conclusion of this process, access is either allowed and the file is opened or access is denied, in which case the file remains closed and an "Access Denied" message is generated.
Creating and deleting user accounts and defining and using security groups are important security tasks. Defining the security restrictions or permissions that might apply to different groups of users and resources in your network will help to simplify the implementation and management of the permissions and restrictions in your organization. For example, you can create a Printer Operators group and give it precisely delineated administrative control over a finite group of printers.
For you to effectively manage security groups in your organization, you need to be familiar with the relationship between accounts, security groups, and built-in security principals. It is also important for you to become familiar with the techniques and tools available for managing group membership.
Built-in security principals apply to any account that is using the computer in a specified way. Built-in security principals allow you to configure security based on the manner in which a resource is being accessed
n increasing number of Windows XP Professional-based systems are connected directly to the Internet and participate in home or small business networks rather than in domains. To simplify the sharing and security model used in these nondomain environments, network logons performed against unjoined Windows XP Professional-based computers are automatically mapped to the Guest account by default. This simplifies the sharing of resources in home or small business networks by eliminating the need to synchronize user names and passwords across all computers in the network. Authenticating users logging on to the network as Guest can provide an additional measure of security for computers connected to the Internet by eliminating the ability to access the computer remotely by using administrative credentials.
Forcing network logons to authenticate as Guest does not affect the following:
In addition to console logons, this also includes remote access sessions using Terminal Services or Telnet, which are essentially "remote" occurrences of interactive logon sessions.
Computers that are joined to a domain.
This is not the default for Windows XP Professional-based computers that are joined to a domain because the domain provides single sign-on capabilities for all computers that are in the domain.
The authentication and access control settings of the computer that you are attempting to access govern outbound connections.
4.3 Discuss how you control printer queues and other forms of resource usage in the Smith Solicitor network. (P12)
Controlling in printer queues in smith solicitor can be done by changing the printer job setting by setting a priority and to notify the person when the print is done. As well as pause, cancel or resume can be done. To manage print queue firstly, we need to go to start>settings>printer and faxes. Then we need to click in the default printer or the printer which is active. Then it will show active print queue.image0091145355011750.jpg
This kind of structure or picture will be show after the process where document details of the Status of print job , owner, pages and the time they submitted the And the computer user who sent the printer request will be show under the box as shown in picture. Example In the above picture the person who sent the print request is the administrator. Then the status of the print is error and the name of the document is Test page. But deleting the print request can be done from the computer where the request was sent from. Then we simply need to select the print requests that need to be deleted and just press delete key from the key board.
Then the dialogue box as show in the picture at the right side will appear. We just need to confirm by pressing ok. Then the print queue file gets deleted.