Phare EIONET Centralised Training Session

Slides:



Advertisements
Similar presentations
Chapter 3: Planning a Network Upgrade
Advertisements

Guide to Network Defense and Countermeasures Second Edition
Network Management Basics Network management requirements OSI Management Functional Areas –Network monitoring: performance, fault, accounting –Network.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Firewall Configuration Strategies
Module 10: Routing Fundamentals and Subnets Small Router Purchase Subnetting Example a Basic Subnetting b Subnetting a Class A Network.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
Windows 2008 Overview Lecture 1. Windows Networking Evolution Windows for Workgroups – peer-to-peer networking built into the OS Windows NT – separate.
11 ASSIGNING IP ADDRESSES Chapter 2. Chapter 2: ASSIGNING IP ADDRESSES2 CHAPTER OVERVIEW  Describe the structure of IP addresses and subnet masks. 
Chapter 19 Network Layer: Logical Addressing
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Layering and the TCP/IP protocol Suite  The TCP/IP Protocol only contains 5 Layers in its networking Model  The Layers Are 1.Physical -> 1 in OSI 2.Network.
30/11/ Q & A on Networking. Question No. 1 What is Networking? Two or more computers that are linked in order to share – Resources (such as printers.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
XA R7.8 Upgrade Process and Technical Overview Ruth Anne Pharr Sr. IT Consultant, CISTECH Inc.
Cisco Threaded Case Study
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
IP Addressing & Subnetting
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Computer Emergency Notification System (CENS)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Planning the Addressing Structure Working at a Small-to-Medium Business.
1 Makes Mobile WiMAX Simple Netspan Overview Andy Hobbs Director, Product Management 5 th October 2007.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
NETWORKING COMPONENTS Buddy Steele Assignment 3, Part 1 CECS-5460: Summer 2014.
By Bear Mountain Software, Inc.. How Reliable Are ? ? ? ? Your NT Server Networks Messaging Systems IP-based Services ?
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
Basic component of Network Management Woraphon Lilakiatsakun.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Hour 5 Subnetting 1. you will be able to Explain how subnets and supernets are used Explain the benefits of subnetting Develop a subnet mask that meets.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for IP Routing.
ITE PC v4.0 Chapter 8 1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public  Networks are systems that are formed by links.  People use different.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Subnetting IP Networks Introduction to Networks.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
IP Addressing. A 32-bit logical naming convention A dotted-decimal notation is used: – –Each number represents 8 bits. Number is Part.
19.1 Chapter 19 Network Layer: Logical Addressing Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
Planning the Addressing Structure
Internet Architecture
CompTIA Security+ Study Guide (SY0-401)
Lab A: Planning an Installation
Windows 2008 Overview Lecture 1.
Working at a Small-to-Medium Business or ISP – Chapter 8
CONNECTING TO THE INTERNET
Welcome! Thank you for joining us. We’ll get started in a few minutes.
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS
Introduction to Networking
Firewalls.
Security of a Local Area Network
CompTIA Security+ Study Guide (SY0-401)
Chapter 9: Subnetting IP Networks
Chapter 8: Subnetting IP Networks
Chapter 9: Subnetting IP Networks
Design Unit 26 Design a small or home office network
An Introduction to Computer Networking
Firewalls Purpose of a Firewall Characteristic of a firewall
Professional Network Services
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Planning the Addressing Structure
Planning the Addressing Structure
Planning the Addressing Structure
Allocating IP Addressing by Using Dynamic Host Configuration Protocol
AbbottLink™ - IP Address Overview
How To Configure Hotspot in Virtual Mikrotik on VMware
Chapter 5 IP addresses Classless Addressing
IP Addressing & Subnetting
Layering and the TCP/IP protocol Suite
Presentation transcript:

Phare EIONET Centralised Training Session EIONET node Architecture & Connectivity

Overview of the Presentation EIONET node components Physical architecture Logical architecture Variations IP Addressing issues Additional servers Management of the node Questions & Comments

Eionet node components (standard architecture layout) Internet link Access server (router) EIONET server(s) Firewall node’s LAN

Physical architecture The only requirements from the point of view of physical connections are: EIONET server should be connected to Internet EIONET server should be connected to LAN LAN should be connected to Internet.

Logical architecture “The Internet” is able to access EIONET services LAN should be able to access EIONET services + other services (ex. Mail retrieval) Access to EIONET server(s) should comply to EIONET security policy Access to LAN should comply to local security policy

Logical architecture (cont. …) And that meens… LAN topology and existing wiring style may may impose different solutions than the “standard” EIONET node schematics Local security policy may require ALL computers to be “behind firewall” Internet provider change may also change the interface to an unsupported one ... Etc. ... …we could need variations

Variations Variations in EIONET node’s architecture are possible as long as they implement: Physical connectivity constraints Logical connectivity constraints Compliance to EIONET security policy (applicable to EIONET server(s) Invariance of the way OTHERS see and access your node’s services

Variations (cont. …) In punch-lines: You should ensure the possibility of implementing two (usually) different security policies; eventually on the same machine … You should be able to reliably distinguish between LAN users accessing EIONET server and Internet users AGAIN and AGAIN: your structure should be functionally equal to all other EIONET nodes

Phare EIONET Centralised Training Session Practical issues

large number of workstation in LAN IP addressing scheme When deciding the actual addressing scheme, each EIONET node faces one or more of the following constraints: reduced number of registered IP addresses provided by ISP (a quarter of a C class or less) large number of workstation in LAN foreseeable growth in number of servers/workstations both in LAN and Internet exposed

Terms IP address; dotted decimal notation Network mask Classfull and classless subneting Subnet and Host ID Subnetzero

IP network classes

Divide the available range of addresses

HW &. SW subnetting

Custom Subnetting: the steps

Chart for class C Networks

Determine subnet ID

Last step: Numbering Hosts

Additional servers Physical and logical location of additional servers inside EIONET node structure should be decided studying: Server audience (in terms of: LAN and/or Internet clients) Server capabilities (in terms of protecting itself) Impact to other servers and the node’s structure

Additional servers (cont. …) Open Access Reverse proxy, multi class segment, etc ... EIONET security policy

Management of the node There are several aspects of the node management: System management: servers, routers, firewall(s); includes system backup/restore activity Network management: connectivity, performance, network services Application management: software installation, patches & upgrades; includes applications’ backup, data migration etc. ... System, Network and Applications monitoring: logs, events etc.… Security management: monitoring, updates, alarms, crisis scenarios preparation etc. ...

System management Basic responsibilities for the EIONET node systems manager: SO patches and upgrades: to be performed with balance between fixing bugs, enhancing functionality and keeping full compatibility with installed applications Backup of vital system configuration data before any SO changes and/or reconfigurations are planned Monitors event logs, disk and other resources usage and reacts accordingly to situations that may affect availability and/or quality of services offered by the respective systems Keep users informed of changes, interrupts in operation and client side targeted security threats (I love you message …)

Network management General guidelines: plan carefully structural changes; better still: avoid them monitor network performance at all times, determine the bottleneck before users can feel it if network complexity requires install automated SNMP tools to trap and alert you on unwanted events

Questions & Comments