Showing posts with label computer networks. Show all posts
Showing posts with label computer networks. Show all posts

Tuesday, February 27, 2007

Speed Up Network Browsing

Network sharing was way superior to the Internet file sharing available through a modest modem. Therefore, we all enjoyed our local sharing protocol. Time passed, broadband connections became so spread and popular that the old modem found his imminent death.

Nowadays, we share over the Internet. At such high speeds, the local network rather spread itself outside the local enclosure. However, LAN is not dead. We still use the Local Area Network at the office or in the neighborhood. The only problem is that users are not satisfied when browsing the network.

It seems that communication



between network computers under Windows has some lacks slowing down browsing. Excluding hardware problems, which are not the basis of this article, some tweaks can be applied in order to smooth things out.

All the tweaks have to be done by editing the registry, which means you need to be careful when doing that. To keep yourself out of trouble, make sure you backup the registry before you edit it.

Disable Network Task Scheduler

Applying this tweak, you will disable networked computers search for scheduled tasks. When you try to open a network folder, it will take a while which is not pleasant at all.

Go to Start > Run and type Regedit. When the registry editor opens, locate this path:

HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > RemoteComputer > NameSpace

Once you found it, just delete the following key:

{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

It is possible not to find the keys mentioned above. It's OK. Just proceed to the next tweak.

Raise the threshold level for the requested buffer.

When dealing with a high-latency connection you need to modify (increase) the SizReqBuf value. We are talking here about a buffer, which is set by default to value of 4356 decimal. Microsoft states that this value provides acceptable level of performances under normal conditions. Well, as we are not satisfied how network browsing devolves we consider the “conditions” as being not normal and therefore, we need to change the value. It seems that in most LAN conditions, the best value for the SixReqBuf would be 16384. Use this value on computers equipped with more than 256 MB Ram.

To change the value, first open the Registry Editor (as presented at the previous tweak) and locate

HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > LanmanWorkstation > Parameters and then create a DWORD value named SizReqBuf. Edit it and provide a decimal value of 16384.

Tweak the Network Redirector Buffers

By increasing the number of these buffers, you may get a higher transfer rate for the data that travels though the network. Open the Registry Editor navigate to this location:

HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > LanmanWorkstation > Parameters

Using the procedure explained in the previous tweak, add two new DWORD values:

MaxCmds and MaxThreads

Give both the same value between 0 and 255. It is recommended to choose the value of 64.

Eliminate the shares from My Network Places

Windows has an annoying behavior to place a shortcut in My Network Places for each remote folder accessed through the network. This creates an unpleasant delay when accessing the network. There are two ways to teach Windows not to do that anymore.

For Windows XP Home Edition

Locate HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Policies > Explorer with Registry Editor and add a new DWORD value called NoRecentDocsNetHood setting its value to 1. The value 1 will disable the shares to be added in My Network Places.

For Windows XP Profession

Under this version of Windows, the process is easier. There is no need to edit the registry. Just go to Start > Run and type Gpedit.msc. It will open the Group Policy Editor. Using it, just go to User Configuration > Administrative Templates > Desktop and in the right panel, enable the option: “Do not add shares of recently opened documents to My Network Places”.

Saturday, February 10, 2007

IPv4 Goes IPv6

What is exactly an IP address? The term is the short for Internet Protocol Address and it is the logical address of a network adapter. IP corresponds to the network layer (layer 3) responsible



for end-to-end (source to destination) packet delivery. It works with TCP (Transmission Control Protocol) which deals with the transporting the packages. The term TCP/IP is used when referring to both of the protocols and makes possible network communications where TCP transport is used to deliver data across IP networks.

The concept is pretty easy to understand if you come to think of it. In order to communicate to another computer, you need an address (IP) and means of transportation of the data (TCP).

An IP address can be either private or public. Private addresses are assigned to computers in a LAN (Local Area Network) while public ones are used for the Internet or WAN (World Area Network). All the private IPs are communicating outside the local network through a public IP that is the gateway (the door to the Internet and WAN).

To make an idea on how important are IP addresses, you should know that network routers, web browsers, IM applications, mail clients rely on IP and other network protocols layered on top of the IP. This means that without an IP, there is not much to do. The IP technology started in the '70s and its purpose was to support the first research computer networks.

Nowadays, there are two IP technologies available. IPv4 is the version all home computer networks are currently using. Ipv4 consists of four bytes (32 bits) and for readability purposes, we work with addresses in a notation called dotted decimal. The range of addresses is from 0.0.0.0 to 255.255.255.255. This means that between each of the four numbers comprising the IP address, there will be a dot. The maximum number of IPs given by version 4 of the Internet Protocol is of 4,294,967,296 addresses. For some of you, it may seem large enough to cover today's requirements. However with the continuous expansion of network capabilities of all sorts of mobile devices, the demand will grow and v4 will become insufficient.

A couple of solutions have already been found for increasing the number of possible addresses. Developing IPv6 is one of them. The improved version will use 16 bytes addresses (132 bits) and this translates into an increased number of available IP addresses for the users. The total augmentation will reach 300,000,000,000,000,000,000,000,000,000,000,000,000. That should cover our needs for the next few years (the space is sufficient to cover 1030 addresses per person on the planet).

Another method also based on IPv6 is adding an extension of IPv4. This way, the IP address will consist of a combined notation (the last two bytes pairs in the right will be written in the normal IPv4 dotted decimal notation).

IPv6 or IP Next Generation (IPng) has several advantages compared to IPv4. Scalability is one of them (IPv6 has a 128-bit address while IPv4 has a 32-bit address). The next Generation Internet Protocol version comes with built-in security of the source). The “plug and play” mechanism featured by IPv6 eases the connection of equipment to a network, no manual configuration being needed or through DHCP servers.

The current solution adopted for extending the IP addresses is NAT (Network Address Translation). This is a networking protocol that allows LANs to be set up using a single public IP. It allows setting up a LAN with no special configuration of the Internet connection. Adopting this solution permanently is not too good of an idea as some peer-to peer applications will not work properly if NAT is being deployed in a network.

Also, multimedia applications (video conferences included, VoIP) cannot be used on NAT enabled devices as the protocols of these applications use UDP with dynamic allocation of ports and NAT does not provide the necessary support.

Addressing and routing hierarchy is also improved in the soon to be new IP standard. A larger address space allows allocation of larger address blocks to the ISPs (Internet Service Providers). This way, the ISP can aggregate the prefixes of all the customers into a single prefix and announce it to the IPv6 Internet.

Monday, January 22, 2007

What is IDS?

IDS is an acronym for Intrusion Detection System. An intrusion detection system detects intruders; that is, unexpected, unwanted or unauthorized people or programs on my computer network.

Why do I need IDS? A network firewall will keep the bad guys off my network, right? And my anti-virus will recognize and get rid of any virus I might catch, right? And my password-protected access control will stop the office cleaner trawling through my network after I've gone home, right? So that's it - I'm fully protected, right?

Wrong!

A firewall has got holes to let things through: without it, you wouldn't be able to access the Internet or send or receive emails. Anti-virus systems are only good at detecting viruses they already know about. And passwords can be hacked, stolen or left lying about on post-its.

That's the problem. You can have all this security, and all you've really got is a false sense of security. If anything or anyone does get through these defenses, through the legitimate holes, it or they can live on your network, doing whatever they want for as long as they want. And then there's a whole raft of little known vulnerabilities, known to the criminals, who can exploit them and gain access for fun, profit or malevolence. A hacker will quietly change your system and leave a back door so that he can come and go undetected whenever he wants. A Trojan might be designed to hide itself, silently gather sensitive information and secretly mail it back to source. And you won't even know it's happening - worse, you'll believe it can't be happening because you've got a firewall, anti-virus and access control.

Unless, that is, you also have an intrusion detection system. While those other defenses are there to stop bad things getting onto your network, an intrusion detection system is there to find and defeat anything that might just slip through and already be on your system. And in today's world, you really must assume that things will slip through - because they most certainly will. From the outside, you will be threatened by indiscriminate virus storms; from hackers doing it for fun (or training); and more worryingly from organized criminals specifically targeting you for extortion, blackmail or saleable trade secrets.

From the inside, you will have walk-in criminals using social engineering skills to obtain passwords to, or even use of, your own PCs; from curious staff who simply want to see what their colleagues are earning; and from malcontents with a grievance.

What you really mustn't assume is that this is fanciful, or that you don't have anything worth stealing. According to experts in the field even something as basic as stored HR data on your employees is worth $10 per person on the black market. Search for 'FBI' on this site, and see the variety of attacks and dangers that exist; and how often there is a degree of success despite firewalls and anti-virus and access control. You still need all of those defenses - but you also need an intrusion detection system.
What do I need in IDS?

Intrusion detection describes the intention - not the methodology. There are several different ways by which this can be achieved; so anything that detects intrusions is an IDS. Which method you choose really depends upon what you need: and if you don't already have in-house security expertise, it would be worth employing a consultant to help reach your decision.

Note that IDS is no longer a new technology - it's a mature technology. Since the term is no longer new, it no longer has that 'buzz' required by marketing managers. This has been aggravated by analyst firm the Gartner Group proclaiming that IDS is dead and replaced by IPS. This is wrong. Ignore it. IPS is different to IDS. Vend ors and security experts know this, but the result is that manufacturers are tempted to find new terms - and one of these is Network Behavior Analysis. This is a good and useful approach; but one of the primary purposes of NBA is to detect intrusions – in other words, IDS.

Remember, too, that good security is the right level of security for you. You need to strike the right balance between the cost of the security and the value of your goods - there's no point in spending more on security than the value of what you're protecting. Risk management principles using a thorough risk analysis will help you decide how much to spend.

Armed with this information, you can look for features such as:

* attack halting (stops the attack, whether it is a program or a hacker)
* attack blocking (closes the loop-hole through which the attacker gained access)
* attack alerting (either pop-up to an online admin, or email or SMS to a remote admin)
* information collecting (on what is done by the attack to the network, and from where the attack came - helps gather forensic evidence should a prosecution become necessary or possible)
* full reporting (so that you can learn from your mistakes, and prevent future problems)
* fail-safe features (such as encrypted messages and VPN tunneling within the IDS to hide its presence from, and inhibit interference by, any hacker).

If you've got a large network, or particularly valuable information, you may like to look out for the extras offered with some intrusion detection systems:

* honeypot or padded cell (a fake network or area designed specifically to attract and contain attacks, so that you can analyze them and learn from their behavior)
* vulnerability analysis (so that you can check your network for all known vulnerabilities in order to pre-empt rather than just detect intrusions)
* file integrity checker (a mathematical way of knowing if a file has been altered in any way, and therefore potentially compromised by an intruder)

One other point - don't think that you're so small you don't need or can't find an IDS. IDS as described above is available for large enterprises on down. But even if you just have a couple of PCs, you can still get, and still need, an intrusion detection system. It's just that for a single desktop system it goes by different names and has less automated features: it's a personal firewall and an anti-spyware program. The purpose is the same - to detect and stop intrusions - it's just that here you have to manually keep it up to date and manually conduct regular scans and it isn’t as intelligent or sophisticated.
Where do I get IDS?

Here are a few suppliers to get you started - but keep checking back to this resource center, because we'll be adding more companies and more products all the time:

* AirDefense
* Arbor Networks
* CounterStorm
* Enterasys
* GFI
* ISS
* Lancope
* Snort
* SonicWALL
* StillSecure

It will also be worth looking at Unified Threat Management. This is often a physical device, an appliance, and it just means that you get more than one security feature in a single box. Unified Threat Management will frequently include an IDS.
How can I evaluate IDS?

The first thing you need to do is to make sure that you know what you need, and what you can afford. Then you need to know what's available. Only then can you decide what to get. So first check the Buyer's Guide in this resource centre to see what you can get. Conduct a risk analysis exercise - use a consultant if you need to. And then, knowing what is available and what you need, consult our Comparison Guide and see what product comes closest to that need. And if you have specific queries, problems or worries - get some free help and advice from Ask the Experts .