You are on page 1of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

Objectives

In this session, you will learn about:


Best practices for implementing VPNs and VoIP Tips and tricks on network documentation FAQs related to network planning

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 1 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

Best Practices

When planning for a VPN for an enterprise, you have to consider the following best practices:
Place the VPN gateway outside the firewall. Determine the location of the VPN gateway within the existing network topology. Place the firewall after the VPN gateway and allow the firewall to inspect the traffic that the VPN decrypts. Do not locate the VPN gateway parallel to or behind the firewall. The firewall will not be able to inspect clear-text traffic. Place a VPN gateway such that any Network Address Translation (NAT) for data packets takes place outside the VPN tunnel. Do not place the IDS outside the network firewall.

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 2 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

Best Practices (Contd.)

When planning for VoIP, you should consider the following best practices:
Conduct an audit of the network technology implemented in the enterprise to check if it is compatible with VoIP. Prioritize voice traffic over data on corporate networks. Determine bandwidth requirements. Consider global governmental toll-bypass regulations. Increase the visibility and performance of the VoIP network. Stick to one VoIP provider. Choose equipment that are compatible with each other.

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 3 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

Tips and Tricks

Documenting a network helps reduce the maintenance and management costs. An analysis of the following questions helps in selecting an appropriate network documentation package:
What should be documented? Why should it be documented? Where is the information source? Is all the required information readily available? Who are the users? What structure and naming conventions should be used? What is the feedback process?

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 4 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

FAQs What is a VPN gateway?


A VPN gateway is a device that connects a LAN to a VPN. A VPN gateway is a device that connects a LAN to a VPN. VPN gateways are installed at both ends of a VPN tunnel. The VPN gateway installed at the sending end encrypts the data and the VPN gateway installed at the receiving end decrypts the data.

Does WLAN support Internet connectivity?


Yes. WLAN works just like a LAN but communication takes place without wires.

How reliable is VoIP?


Just as traditional phone lines depend on telephone companies for their maintenance and quality, the reliability of VoIP depends on the Internet Service Provider (ISP). The effectiveness of network lines in VoIP entirely depends on the level of maintenance provided by the ISP.

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 5 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

FAQs (Contd.) How much bandwidth does VoIP require?


You need a broadband connection to make VoIP work successfully. Having more bandwidth allows you to make a greater number of simultaneous calls.

Do VoIP phones require specific hardware to work properly?


You need to have a Private Branch Exchange (PBX) that supports an IP phone.

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 6 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

Practice Questions How does understanding availability requirements help plan an IT infrastructure?
Understanding availability requirements help determine the level of network services required and thereby help determine the cost of setting up an IT infrastructure to fulfill the level of service.

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 7 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

Practice Questions (Contd.) What is the difference between scalability and obsolescence protection?
Scalability is the ability of a network to cope up with future requirements, such as increase in the number of users, expansion of the network, acquisition of new network sites, and installation of new software applications. Obsolescence protection involves planning the purchase of your network devices in such a way that they are able to keep pace with fast changing technologies and higher capacity devices that might be installed in future.

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 8 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

Practice Questions (Contd.) How does network sizing affect network planning?
Network sizing takes care of the number of users using the network and the future requirements that might arise. Thereby, network sizing helps determine the quality and level of network services required. Network sizing helps you estimate the cost of setting up a network that will meet the business as well as technical requirements of an enterprise.

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 9 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

Practice Questions (Contd.) What are the various options available for setting up a WAN infrastructure?
The various options for setting up a WAN infrastructure are: Frame relay X.25 WAN ATM Leased line ISDN ADSL Analog Modems SMDS

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 10 of 21

Planning Windows Network Solutions Installing XP Professional Using Attended Installation

Practice Questions (Contd.) What are VPNs? How does a VPN help provide low cost yet secure WAN communication?
VPNs are networks that use encryption in the lower protocol layers to provide a secure connection through an otherwise insecure network, such as the Internet. VPNs are cheaper than real private networks using private lines. VPNs use encryption to make the data safe on public networks, such as the Internet. In addition, they use the IPsec protocol to ensure better safety of information traveling through VPNs.

Ver. 1.0

Planning Network Solutions / Chapter 5

Slide 11 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

Objectives

In this session, you will learn about:


Best practices for planning IDS Tips and Tricks on planning a security solution FAQs on security measures, such as firewalls and digital signatures

Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 12 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

Best Practices

The best practices for planning IDS are:


Employ measures to use the data gathered from the IDS effectively, such as software tools to evaluate and report IDS findings. Choose a logging system that allows you to gather a large amount of data, backup and recovery procedures, and storage facilities. Ensure that system logs are checked daily for critical incidents and weekly for all other incidents. Develop a standard response procedure to tackle any malicious attempt made on the enterprises network.

Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 13 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

Tips and Tricks The tips and tricks for implementing IDS are:
Use host-based IDS to secure the computers of mobile users in your network. Use network-based IDS to secure your IT infrastructure if you do not want to place an additional workload on the computers of your network. Use hardware instead of software firewalls if security requirements are not very high.

Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 14 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

FAQs How does a firewall work?


A firewall checks the data packets leaving or entering a network to ensure that they are authorized to go to the people they are addressed to. It also checks whether the person or application sending the data is authorized to use the Internet.

What is the difference between a hardware and software firewalls?


A hardware firewall is implemented on network devices, such as routers. Hardware firewalls use packet filtering to know the source and destination addresses of a data packet. Software firewalls are implemented on computers. A software firewall allows only secure applications to communicate over the Internet.

Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 15 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

FAQs (Contd.) What is a digital signature and how do you acquire one?
A digital signature needs to be different each time it is created, and is used to secure objects, such as an electronic document, a picture, or a program. It is created by performing a mathematical calculation on the data that needs securing, such as a password for a Web site. This mathematical calculation produces a unique numerical value, which is encrypted using a private cryptographic key. You cannot buy a digital signature. To create a digital signature, one needs to generate or buy a private cryptographic key, a public key and certificate.

Who recognizes the Certification Authorities (CAs) for digital certificates?


CAs are recognized by vendors that provide Web browsers. Different companies, such as Microsoft and Netscape, recognize different CAs.

What is the lifecycle of a certificate?


Personal and server certificates have a validity of one year. However, the issuing CA can decide the life of a certificate.
Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 16 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

Practice Questions What do you mean by physical security?


Physical security concerns securing various physical devices that form part of an IT infrastructure. The physical devices might include computers, printers, routers, hard disks, and wiring components.

Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 17 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

Practice Questions (Contd.) What are the measures available to ensure physical security?
The various measures to ensure physical security are: Keeping devices under lock and key Implementing biometric measures, such as keycards, fingerprint readers, and retinal scanners Implementing surveillance measures

Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 18 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

Practice Questions (Contd.) Define a security policy?


Every enterprise needs to define a set of rules and regulations to secure its IT infrastructure from various critical situations, such as unauthorized access to data, disclosure of confidential information, and virus attacks. This set of rules and regulations is known as the security policy. A security policy enables you devise appropriate mechanisms and choose technologies to ensure the security of the IT infrastructure.

Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 19 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

Practice Questions (Contd.) Describe how the QoS requirements of an enterprise determine the level of security required in the enterprise.
Depending on the QoS requirements of the enterprise, the enterprise can select an appropriate security method. If the enterprise requires fast access to data, the security will be kept at a low level because it might affect the speed of data access. Alternately, if the enterprise requires highly secure data, the level of security employed will be high.

Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 20 of 21

Planning Windows Security Solutions Installing XP Professional Using Attended Installation

Practice Questions (Contd.) What are the differences between host-based and network-based IDS.
Network-based IDS are deployed on a network. They use raw network packets as the data source to check for any sort of intrusion in a network. Network-based IDS utilize network adapters to monitor and analyze network traffic. You can deploy networkbased IDS to protect a specific segment of the network, in which it is installed. Host-based IDS are installed on different types of computers such as desktops, servers, or laptops. They can provide a second level check and can detect problems missed out by network-based IDS. Therefore, identifying location of the IDS on internal networks can be crucial for providing broad security coverage for an enterprise. You can decide to implement host-based IDS on those computers which are more prone to attack by intruders.

Ver. 1.0

Planning Security Solutions / Chapter 6

Slide 21 of 21