jump down to:
As our own networks expanded it very soon became clear that networks were the very foundation that all other systems were built upon. Without them, both computers and their valuable data were isolated and resources that might otherwise be shared were duplicated at great expense.
Introducing connectivity allowed more than just the sharing of data and hardware resources. It was not long before data of a more malicious nature, like viruses and worms, became prevalent. Hackers attained notoriety for gaining unauthorised access to systems and data.
There are potentially devastating consequences for ill-prepared companies. In providing communications facilities there comes the additional problem of security; both internally, within a company, and with the outside world when internet connections are introduced.
These allow all the data for a company to be stored in one secure, centralised location. They are typically configured with general access folders, (all employees), and folders that have access limitations imposed on them so that only selected users are authorised to the data, (managers).
There would normally be dangers in putting all your eggs in one basket, but a server usually has more than one hard disk inside. Data is either mirrored across those disks or spread across them in another way that protects the data from being lost in the event of a single hard disk failure, (RAID). Additionally, data is saved to backup media, (normally tapes), at frequent intervals, (usually each night). The back-ups are cycled to provide maximum protection.
These can be set up in different ways. They may be permanently online and available for senders to pass mail to. Alternatively, they may be offline, but connecting to an internet service provider at regular intervals, (say, every five minutes).
The mail headers are interpreted and routed according to predefined rules. Some of the rules might be for the filtering of spam, (e.g. send anything containing the word “Viagra” in the title to the junk mail folder). Other rules would be for the routing of mail to the correct recipient according to the names or nicknames found.
These are used in larger companies to minimise the amount of traffic going across the internet connection. All internet bound traffic is funnelled through the proxy server which checks the web page being requested against those it has temporarily stored on its’ internal hard disk, (the cache). If the requested page matches then it is fetched from the local hard disk, otherwise the request is forwarded to the internet gateway, (i.e. the firewall).
Proxies can also be used to permanently deny access to inappropriate websites, (pornography, etc.); or to deny access during working hours but allow access at other times, (e.g. allow access to e-Bay during lunchtime only).
These allow a fast and easy connection to the internet, but often do little more than route traffic from the internet to the PC originally requesting the data, (a system called NAT). Not all routers are equal and better ones have some firewall functionality built in, though inevitably this is limited in scope.
These go one step further than a router in combating the risk of connecting to the vociferous world of the internet. Typically, all packets of data sent out are monitored by the firewall and traffic returned must be in synchronisation with the monitored data packets in order to be accepted back onto the network. This keeps unsolicited traffic at bay. This technique is often referred to as stateful packet inspection, (SPI for short).
Better firewalls also monitor the traffic passing through, (like website traffic). They deny any traffic that looks like it has been deliberately malformed to cause security issues, (normally with Windows systems). Generally, firewalls are dedicated servers running a modified, (i.e. hardened), Linux operating system requiring minimal hardware resources to run efficiently.
Nowadays, large companies employ dedicated network security specialists working with state-of-the-art firewall technology in order to keep their systems protected. These companies invariably have satellite offices connected to their head office. The connectivity is made possible via VPN’s, (Virtual Private Networks), provided by those same firewalls. All data that is sent across the internet through these VPN’s is securely encrypted to prevent anybody from intercepting and making use of it.
For small to medium sized businesses the cost of implementing as much for themselves might be thought to be prohibitive, but this is not necessarily the case. The networks of a smaller company are proportionally smaller and less complex. They are therefore easier to build and control and do not require a skilled full-time support person.
VPN’s are immensely useful to small businesses too:
- A satellite office could easily be a home worker. The company network is effectively extended to their home providing a telephone extension linked to the main switchboard, (using VoIP), and access to e-mail and file servers etc.
- The company's file server(s) can be backed up to a remote file server overnight as either a replacement or supplement to on-site backups. This remote server can be used immediately in the event of a loss of the primary server due to failure, theft, etc. It can also be used to build a new primary server more quickly than acquiring new hardware and restoring from tapes.
- Data that should not be stored on-site can be stored securely at a remote location – e.g. CCTV camera’s can stream video data to a remotely located server. Thieves are unable to determine where the remote server is located and are therefore unable to remove evidence.
HCS have experience in all the aforementioned technologies and are able to offer:
- Network Design and Security.
- Installation and Support of desktop PC’s and servers.
- Broadband Integration and Internet Security using PFsense firewall.
- VPN’s allowing secure access to remote systems.
- Voice over IP Telephone systems using FreePBX software.
- Remote Backup.
- Remote Storage.