Advantages And Disadvantages Using Computer Networking Facility Computer Science Essay

The advantages of using computer networking facility within the Smith Solicitor office

They can use intranet facility for internal communication in the office

They can share resources like printer so that they can use two printers for the whole office.

Video Conference can be done which makes it easier for the employer to contact with the employee. And meetings can be done online.

File and data sharing can be done which helps them share data between the computers.

Folders can be password protected to limit access to unauthorized users.

A single internet connection in server computer allows the entire client computer to share internet.

The disadvantage of using computer networking facility within the Smith Solicitor office

Skilled IT administrator should be hired for maintenance.

Training should be given to the employer and employee to use the computer which in network.

Proper network security should be given to the server computer.

Network maintenance should be done time to time.

Network Installation charges would be expensive.

Networking Component like router, switch and cable would be expensive to buy.

 All the computers in an office building might become completely useless if a single network component fails. 

If a single computer is virus infected then the entire computer in network may soon get affected.

Evaluate the various costs, performance, security and utility values associated with the installation of your network design for Smith Solicitor. (P2)

The various cost, performance, security and utility values associated with the installation of the network design for Smith Solicitor

Server Computer

Brand Name: HP Pro Liant DL380 G7 Rack Server

The HP Pro Liant DL380 G7 Server continues to deliver on its heritage of engineering excellence with increased flexibility and performance, enterprise-class uptime and HP Insight Control manageability, 2 sockets Intel® Xeon® performance, and 2U density for a variety of applications.

Features

Intel® Xeon® E5620 (4 core, 2.40 GHz, 12MB L3, 80W)

6GB PC3-10600R (DDR3-1333) Registered DIMMs

Rack-mountable

3 years warranty

Specifications

Product Description

HP Pro Liant DL380 G7

Processor

Intel® Xeon® E5620 (4 core, 2.40 GHz, 12MB L3, 80W)

Form Factor

Rack-mountable – 2U

Cache Memory

12 MB L3

Chipset

Intel® 5520 Chipset

Hard Drive

None

Networking

(2) 1GbE NC382i Multifunction 2 Ports

RAM

6GB PC3-10600R (DDR3-1333) Registered DIMMs

Storage Controller

(1) Smart Array P410i/256MB

Graphics Controller

ATI ES1000

Monitor

HP

*Windows server 2003 will be installed as an operating system in server computer as it is user friendly. It has different security features. (1)

Client Computer

HP Pavilion Elite HPE-490uk

Designed for computing tasks in equal good measure, the HP Pavilion Elite HPE-490uk desktop PC is powered by the potent quad-core Intel® Coreâ„¢ i7-870 Processor.

General Information

Processor

Intel® Coreâ„¢ i7-870 Processor

2.93 GHz (up to 3.6GHz with turbo Boost)

8 MB Smart Cache

RAM

8GB installed RAM

4 DIMM slots

maximum 16GB supported memory

Hard Drive

1.5 TB SATA 3G Hard Disk Drive (5400 rpm)

USB

10 x USB 2.0 ports

Memory Card Reader

15-in-1 memory card reader

Accessories Included

Keyboard, mouse, power cord, documentation

Windows XP will be installed in this client computer as its user’s friendly. It has got option like plug and play. It’s got facilities like fast user switching which affects applications that access hardware or that can only tolerate one instance of their application running on a machine at any one time. We can also create multiple users and protect the users putting the password. Networking and communication features are also very good in windows xp. So Windows xp would be the most suitable and appropriate as a client computer. (2)

Connectivity Device

The Network Interface card (NIC)

The hub

The switch

The bridge  

Transceivers

Wireless access points

The router  

The gateway

Cable (UTP cat 5)

RJ45

Cost:

The server computer and client computer are as required by The Smith Solicitor Office. It’s very affordable and the components are very good. The total price of the entire computer would be about £16 thousand.

Security:

The security features of windows 2003 are as listed below

Authentication: Most basic level is requiring a user id and password to log on to some system.

Access control: Access control is used to secure resources such as files, folders, and printers.

Encryption: Confidential files can be encrypted using the Encrypting File System (EFS) for local files stored on NTFS volumes

Security policies: Security policies control a range of security settings.

The security features of windows XP are as listed below

Firewall:

Automatic updates:

Remote Assistance / Remote Desktop

Local Security Policy

Justification:

Overall selected hardware component are suitable for the selected Operating system and the software and hardware are at affordable price.

Provide an overview of a network operating system (NOS) and illustrate how NOS works with in computer network. (P3)

Network Operating System (NOS) helps the server computer to control Client computer and distribute the function to the entire client computer. Therefore it helps to manage the computers which are connected in the network.

Features of Network Operating System

It has a function to allow multiple users to access shared resource at same time.

It provides file, print, web services, back-up services.

NOS distributes the function to all the computer in network

It helps to manage multiple user and support for logon and logoff, remote access; system management, administration tools

Client systems contain specialized software that allows them to request shared resources that are controlled by server systems responding to a client request.

NOS supports multiple user accounts at the same time and enables access to shared resources by multiple clients at same time.

It has security features like authentication, authorization, logon restrictions and access control

I suggest windows operating system for smith solicitor office because it is commonly used on computers and currently, the most widely used version of the Windows family is WINDOWS XP for client computer and WINDOWS SERVER 2003 for servers. It has features listed below

Security

Windows provide frequently updated security features such as firewalls, pop-up blockers, antivirus and antispyware software and more. It has additional security and administrator tools for server.

Networking

These OS offer administration tools and security for computer networking.

Ease of Use

Windows OS are straightforward and user friendly.

Technical Help/Support

These OS performs numerous functions, above average support is needed. Generally, Microsoft offers more support to its customer’s online and also self-guided support.

Design a LAN for a Smith Solicitor or assess an existing network (if any) for fitness of purpose. (P4) [Learner needs to design a LAN on the paper for their LAN selection.]

last.jpg

Identify the various parts (software and hardware) of a network system for Smith Solicitor and relates it to the 7- layered model. (P5)

The various parts of a network system for smith solicitor which is related with 7 layeres model are

Physical Layer: This layer explains the physical properties of the various communications media and coordinates the function required to transmit Example: It explains the size of Ethernet coaxial cable, layout of pins. The physical layer uses hubs and repeaters.

Data Link Layer: This layer explains the logical organization of data bits transmitted on a particular medium. Example: this layer gives addressing and checks summing of Ethernet packets.

Network Layer: This layer helps to describe the exchanges of packets between any two nodes in a network. Ex: It defines the addressing and routing structure of the Internet.

Transport Layer: In transport layer it describes the class, quality and type of the data delivered. This layer makes sure if and how retransmissions will be used to ensure data delivery.

 Session Layer:  In this layer the group of data sequences larger than the packets handled by lower layers. So it is handles synchronization process. Example: It shows the details of request and reply packets are paired in a remote procedure call.

 Presentation Layer: This layer works to translate, encrypt and compress data. Ex: this layer describes how floating point numbers can be exchanged within hosts with different math formats

Application Layer: This layer gives services to the user by allowing the access to network resources Ex: this layer would implement file system operations

Differentiate between different kinds of network, network topologies and network operating systems. (P6) [Discuss different network topologies]

The different kinds of network are

A local area network also knows as LAN is a kind of network where the networked computers are in short distance only. Example – a network within a building of school. LANs Usually owned, controlled, and managed by a single person or organization. They use Token ring or Ethernet technology

Metropolitan area network also known as MAN is a network spanning a physical area larger than a LAN but smaller than a WAN, such as a city. Example – it is commonly owned by a single body like as a government body or large company.

Wide area network also known as WAN is a geographically single collection of LANs. It generally covers wide area of computer networks. A router connects different LAN to WAN. For example- mostly WANs (like the Internet) aren’t owned by any organization or group but it works under the joint or distributive ownership and management.

The different types of network topologies are:

Star topology and tree topology

All devices connect to a central device, called hub. All data transferred from one computer to another passes through hub Popular in LAN because it’s inexpensive and easy to install. Whereas tree topology is the extended form of star topology which is used in large networks .This kind of network significally reduces the traffic on wires by sending packets only to the wires of the destination host

Ring topology

In this kind of topology cables are formed in closed ring or a loop form where the devices are arranged along the ring. Data communication is d one in this topology by device to device around entire ring in one direction only but if we use dual ring then communication can be done by both direction Mainly this topology is used in LAN network but it is also used in WAN network.

Mesh topology

In this kind of topology all computer are connected to each other so that there’s a fault tolerance in this kind of topology. It is expensive as well as difficult to create this type of topology. Here all the nodes are connected to each other and forms complete network. This kind of network topology is mostly use in financial sector.

3.1 Set up a software network environment, for some departments in a Smith Solicitor organization. (P7) [Configure Active directory]

To configure an active directory for smith solicitor organization following process in taken.

Click start and type dcpromo and enter. Then a dialogue box will appear. Then we need to press next. After that we will see a domain control type wizard where we need to select the domain controller for a new domain and select next option. Then we need to select the domain in new forest and press next as show in picture below.

4.png

After that on the New Domain Name page, in the Full DNS name for new domain box, we need to give some domain name .For example we can give domain name like SmithSolicitiorFirm.com. After that we need to give name for NetBIOS domain name and click next where we get to seelect the location where we would like to store and save the database and log files. On the Shared System Volume page, accept the default in the Folder location box, and then click next.

On the DNS Registration Diagnostics page, click Install and configure the DNS server on this computer and set this computer to use this DNS server as its preferred DNS Server, and then click next as shown in the picture below.

C:UsersjaikishanshresthaDesktop9.png

On the Permissions page, click Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems, and then click next. After that on the Directory Services Restore Mode Administrator Password page, we need to enter a password in the Restore Mode Password box and again retype the password to confirm it in the Confirm password box, and then click next. Finally in last we just need to confirm that the given information are correct and click next and When prompted to restart the computer, click Restart now. This is the successful configuration of active directory for smith solicitor’s server computer.

3.2 Install a piece of network software on to a server to be used by different selected users in a created group on Smith Solicitor Network.(P8) [configure print server]

We can configure a print server in smith solicitor network by the following process given below.

Installation process: Firstly connect the printer to the computer .Then the printer will be detected automatically. After that we need to install driver which we normally get with printer. Else we can do it manually by the following process as shown below.

Click on Start > Settings > Control Panel > Printer and Faxes. Then Click on the File Menu > Add printer > Next > Local Printer attached to this computer. After that it Checks automatically detect and Install My Plug and Play Printer. Then Click Next.

After that a wizard will automatically detect any attached printer and install the driver for it. If the system doesn’t find the driver then it will be prompted to provide the drivers location.

After successfully installing the printer driver, it will show new printer name in the Printer and Faxes in the control panel.

Server Configurations: If the printer needs to be shared by a server computer, firstly we need to click the printer name>properties>sharing>share this printer. Then we need to provide name for the shared printer which will be used by client computer on the network. We can also set the colour management, priorities, printing preferences, font s in the properties tab of the printer.

Client Computer Configuration: To setup printer at the client computer we can just give the command

computernameprintername (printer name is the shared name of the printer which we create while configuring server)

3.3 Illustrate how you configure user workstations on the network? (P9) [Steps of user configuration on Active directory]

To configure user workstation on the network firstly we need to have one active directory domain, where we need to create a user account in that domain to use as an administrator account. Then after adding the user to the exact security group we can use that account to add computer to domain. To configure user on active directory following process should be completed.

C:UsersjaikishanshresthaDesktopAdd new user in Exchange 2003.PNG

Firstly click start and then point the cursor towards administrator Tool. Then Click Active Directory Users and Computers to start the Active Directory Users and Computers console. After that we need to click the domain name that had been created, and then expand the contents. Where we need to right- click Users>New>User

Type the first name, last name, and user logon name of the new user, and then click Next. Where we get other wizard to type a password and confirm it by typing again and click the check box as required by user. Then click Next .After that just check the details and enter to Finish. Finally a new user will be created under the active directory.

In case of adding a computer to the domain, following the steps Log on to the computer that needs to be added to the domain. Then right click on MY Computer>Properties>Computer Name Tab>Click change. In the computer Name change dialogue box, click Domain under member of and type the domain name. After that click OK.When you are prompted, type the user name and password of the account that you previously created, and then click OK. Then a welcome message appears in a dialogue box where we need to click OK and restart.

4.1 Write a report on the rights and responsibilities of the network manager and the network user for Smith Solicitor (P10) [Discuss role of Network admin- user rights, sharing etc. and network user – password, maintain file etc.]

Network administrator need to setup and configure all the devices, hardware, software, connection between the computers. They should be able to add the user and delete the user as the requirement of the company or manage the password and access control as the requirement and ensure that there is a proper security in the network to protect it from hackers and viruses. They are deeply involved in making sure that the software are updated and applications, and monitoring the performance of the network, checking for security breaches, poor data management practices and more. So scheduled check up should be done. Administrator should be able to manage user account such as file access privileges and passwords. Administrator should also train user to utilize the network’s resources and also train users to work under the server network environment.

Administrators keep records of all users’ problems and errors as well as the steps taken to solve the problems. This information is used to help solve future problems. Administrators also control user access to the network. The administrator must also create a firewall-a set of security measures designed to make sure that no one can gain unauthorized access to the system. Administrator should use Active directory for centralized management and manage user environment. Admin should respond to the needs and question of clients concerning their access to resources and create backup in different ways to recover any lost data. They are responsible to manage, assign and maintain the list of network addresses.

4.2 Apply control mechanisms in a Smith Solicitor network for managing users. (P11) [Discuss group policy, user authentication, authorization etc.]

Control in a smith solicitor network for managing users can be done by using centralized management system in active directory. Active Directory enables the administrator to centrally manage resources and to easily find the information location. It also enables to group the users according to the users’ limitation because user group policy helps to makes different policy for the user by the administrator. Active directory user authorization secures resources from the unauthorized user and unauthorized access.

Managing Authorization and Access Control

Published: November 03, 2005

The Microsoft Windows XP Professional operating system includes a number of features that you can use to protect selected files, applications, and other resources from unauthorized use. These features, which include access control lists, security groups, and Group Policy, along with the tools that allow you to configure and manage these features, provide a powerful yet flexible access control infrastructure for your local resources and network. Understanding what these features are, why they are necessary, and how they function will help you to manage rights and permissions on network and local resources more effectively.

Security principal

In Windows XP Professional, any entity that can be authenticated. A user, group, computer, or service can be a security principal. Security principals have accounts. Local accounts are managed by the Local Security Accounts Manager (SAM) on the computer. If the account is in a Microsoft Windows 2000 or Windows Serverâ„¢ 2003 domain, it is managed by Active Directory. If the account is in a Microsoft Windows NT version 4.0 domain, it is managed by a SAM database on the primary domain controller.

Inheritance

A mechanism for propagating access control information down through a tree of objects. In Microsoft Windows NT, an object (such as a file) inherits access control information from its parent object (such as a folder) only when the object is first created. In Windows XP Professional, objects inherit access control information not only when they are created, but also when the parent object’s access control list changes.

Owner

The only security principal who has an inherent right to allow or deny permission to access an object. An object’s owner can give another security principal permission to take ownership. By default, the built-in Administrators group on a computer is assigned a user right that allows this group to take ownership of all objects on the computer.

Security groups

Groups that can be used to organize users and domain objects, thus simplifying administration. Security groups allow you to assign the same security permissions to a large numbers of users, such as employees in a single department or in a single location, ensuring that security permissions are consistent across all members of a group.

Security descriptor

A data structure containing the security information associated with a securable object. A security descriptor identifies an object’s owner by SID. If permissions are configured for the object, its security descriptor contains a discretionary access control list (DACL) with SIDs for the users and groups that are allowed or denied access. If auditing is configured for the object, its security descriptor also contains a system access control list (SACL) that controls how the security subsystem audits attempts to access the object.

Access control list (ACL)

An ordered list of access control entries (ACEs) that define the permissions that apply to an object and its properties. Each ACE identifies a security principal and specifies a set of access rights allowed, denied, or audited for that security principal.

Security settings

Security configuration settings that can be applied to individual computers. These settings can be configured locally on the computer by using the Local Security Policy administration tool, the Microsoft Management Console (MMC) Security Configuration and Analysis snap-in, or, if the computer is a member of an Active Directory domain, through the Security Settings extension to Group Policy.

Auditing of system events

You can use the auditing feature to detect attempts to circumvent protections on resources or to create an audit trail of administrative actions on the system. For example, you can audit failed attempts to open a file. You can also set security policy so that failed logon attempts are recorded in the security event log. If another administrator changes the auditing policy so that failed logon attempts are no longer audited, the log can record this event as well. In an Active Directory environment, you can use Group Policy to centrally control who is allowed to manage security logs on computers joined to a domain.

user or group is stored as part of an ACE in a DACL that is part of the object’s security descriptor.

Rights and Permissions

Access control involves the configuration of rights and permissions, which apply to both the objects on the local computer or network and the potential users (including individuals, computers, and services) of those objects.

A right is authorization to perform an operation. From an administrator’s point of view, there are two types of rights: privileges and logon rights. In Windows XP Professional, only one user right is inherent-the right to allow or deny access to resources that you own. All other user rights must be granted, which means that they can also be withdrawn.

A permission is authorization to perform an operation on a specific object, such as opening a file. Permissions are granted by owners. If you own an object, you can grant any user or security group permission to do whatever you are authorized to do with it.

When permission to perform an operation is not explicitly granted, it is implicitly denied. For example, if Alice allows the Marketing group, and only the Marketing group, permission to read her file, users who are not members of the Marketing group are implicitly denied access. The operating system will not allow users who are not members of the Marketing group to read the file.

Permissions can also be explicitly denied. For example, Alice might not want Bob to be able to read her file, even though he is a member of the Marketing group. She can exclude Bob by explicitly denying him permission to read the file. In fact, this is exactly how explicit denials are best used-to exclude a subset (such as Bob) from a larger group (such as Marketing) that has been given permission to do something.

Each permission that an object’s owner grants to a particular user or group is stored as part of an ACE in a DACL that is part of the object’s security descriptor.

User-Based Authorization

Every application that a user starts runs in the security context of that user.

When a user logs on, an access token is created. The access token contains key security-related information, including the user’s SID, the SIDs of the groups to which the user belongs, and other information about the user’s security context. This access token is then attached to every process that the user runs during that logon session.

An application runs as a process with threads of execution. When an application performs an operation on a user’s behalf, one of the threads performs the operation. For example, when Alice opens a Word document, Microsoft Word, and not Alice, actually opens the file. More precisely, one of the threads of execution performs the operation.

For a thread to gain access to an object such as a file, it must identify itself to the operating system’s security subsystem. Threads and applications do not have a security identity, so they must borrow one from a security principal, such as Alice. When Alice starts an application, it runs as a process within her logon session. When one of the application’s threads needs to open a file, the thread identifies itself as Alice’s agent by presenting her access token. Alice is therefore ultimately responsible for anything that the thread does to the file or system on her behalf.

Before allowing the thread of execution to proceed, the operating system performs an access check to determine whether the security principal associated with the thread has the degree of access that the thread has requested. This access check involves the following steps:

The security subsystem checks the file object’s DACL, looking for ACEs that apply to the user and group SIDs referenced in the thread’s access token.

If a DACL does not exist, access is granted. Otherwise, the security subsystem steps through the DACL until it finds any ACEs that either allow or deny access to the user or one of the user’s groups.

If a deny is found at the user or group level, the access is denied.

If the security subsystem comes to the end of the DACL and the thread’s desired access is still not explicitly allowed or denied, the security subsystem denies access to the object. Therefore, if a DACL exists but is empty, access is by definition denied.

At the conclusion of this process, access is either allowed and the file is opened or access is denied, in which case the file remains closed and an “Access Denied” message is generated.

Creating and deleting user accounts and defining and using security groups are important security tasks. Defining the security restrictions or permissions that might apply to different groups of users and resources in your network will help to simplify the implementation and management of the permissions and restrictions in your organization. For example, you can create a Printer Operators group and give it precisely delineated administrative control over a finite group of printers.

For you to effectively manage security groups in your organization, you need to be familiar with the relationship between accounts, security groups, and built-in security principals. It is also important for you to become familiar with the techniques and tools available for managing group membership.

Built-in security principals apply to any account that is using the computer in a specified way. Built-in security principals allow you to configure security based on the manner in which a resource is being accessed

n increasing number of Windows XP Professional-based systems are connected directly to the Internet and participate in home or small business networks rather than in domains. To simplify the sharing and security model used in these nondomain environments, network logons performed against unjoined Windows XP Professional-based computers are automatically mapped to the Guest account by default. This simplifies the sharing of resources in home or small business networks by eliminating the need to synchronize user names and passwords across all computers in the network. Authenticating users logging on to the network as Guest can provide an additional measure of security for computers connected to the Internet by eliminating the ability to access the computer remotely by using administrative credentials.

Forcing network logons to authenticate as Guest does not affect the following:

Interactive logons.

In addition to console logons, this also includes remote access sessions using Terminal Services or Telnet, which are essentially “remote” occurrences of interactive logon sessions.

Computers that are joined to a domain.

This is not the default for Windows XP Professional-based computers that are joined to a domain because the domain provides single sign-on capabilities for all computers that are in the domain.

Outbound connections.

The authentication and access control settings of the computer that you are attempting to access govern outbound connections.

4.3 Discuss how you control printer queues and other forms of resource usage in the Smith Solicitor network. (P12)

Controlling in printer queues in smith solicitor can be done by changing the printer job setting by setting a priority and to notify the person when the print is done. As well as pause, cancel or resume can be done. To manage print queue firstly, we need to go to st