A Home network system come in two basic types. These are cabled (or wired) or wireless. Whichever type home network system you opt for, you basically find out that they both will have some of the same types of equipment, although the specifics will differ between the two.
For any two parts of the network to talk to each other, there has to be a route between them. In a wired network, this is done by physical means – the cables (generally cat 5 or Ethernet cables). These cables come in lengths varying from a few feet to hundreds of yards long. There is a limit to how long a cable can be before a router or a switch must be put in between cables; however, this is a lot longer than most people setting up a home network will need to be concerned with.
With a wireless network, you can’t see the path between components, but they are no less real. Instead of cables, radio waves carry data. Though they may be affected by interference, just as a radio or TV signal, this is almost never an issue in a home network, almost never. Be aware though that metal inside your walls, microwaves, solar flares and the like can interfere with a wireless signal. Even walls can reduce the strength of a wireless signal.
When setting up our home network, you’ll need some equipment to send and receive the signals that will be carried, whether by radio or cables. A network interface card (or NIC), typically an Ethernet card is one component that you will need. These are common and very inexpensive and come in different range of speeds, anywhere between 10MB and 1 GB. The speeds depend on the card you use – a 802.11g wireless network works at 54MB per second, while a 802.11b network runs at 11MB per second. As prices keep dropping, the lower speeds are becoming less commonly seen.
A network interface card can be either cabled or wireless. The cards in two different devices on a network are hardly ever connected directly by cables, but rather are connected to a switch or a router.A switch is a simple device; it’s like a box with ports for the Ethernet cables to connect to. They are extremely inexpensive and work well for networks which don’t need an internet connection. Routers are more commonly used these days though; sometimes multiple routers will be used by home network builders.
A router does exactly as the name implies; it directs network traffic. It performs this function by means of IP addresses and software created for sending and receiving data between devices. Routers can be either wireless or cabled. Each can be found in many different models from different manufacturers. There are different built in software’s with different functionality; some feature antivirus software built in. These routers differ in their number of ports (which decides how many devices can be plugged in to the router). There is also a difference in the speeds at which they operate; they may not run at the speed they are rated at. For instance, a router rated at 54MB may actually run at 6MB.
There are other components which will be part of your home network, such as a cable, DSL or satellite modem for internet connection. The devices listed above are what you’ll need to get started though with the basic set up of your home networks system..
By: Joseph Nyamache
Posts Tagged ‘Network Interface Card’
Setting a Home Network System
February 10th, 2010Discovering Your Local Area Network
January 9th, 2010
In the late 1960’s as large college universities and several research labs gained an ever increasing amount of computers, the need for interconnections that worked at high-speed was great, and the pressure was on. It was not until the mid 1970’s that an answer to the demand was created, they called it LAN.
LAN stands for Local-Area Network, with the ability to cover small areas, such as a home or office or group of buildings (schools, warehouse, etc.), LANs have higher data-transfer rates, smaller range and do not require licensed telecommunication lines as opposed to WAN (Wide-Area Network). ARCNET and Token Ring were two LANs that were widely used in the past. Ethernet and Wi-Fi are two of today’s most common LANs.
A LAN is an important component to gamers. By setting up a LAN, gamers can link together their computers and play with or against their friends. Games, such as “Diablo II” and “S.O.C.O.M.”, allows gamers to cooperate together in a team while either on line or while their computers are connected by LAN.Games, such as “Unreal Tournament” and “Starcraft”, allow gamers connected by the internet or a LAN to work as a team or to compete against each other.computers are usually linked by what is known as a Cat-5 cable to a HUB; and the HUB acts like a mediator. The Cat-5 cable connects to the back of the computer through the Ethernet port on the Network card, network adapter, LAN adapter or NIC (Network Interface Card). A network card operates on both the physical layer and the data link layer; it allows a low-level addressing system, using Mac Addresses, also known as an IP address, and physical access to the networking medium (the HUB). Not all LANs are the same; some use cables while others are wireless.
While other network technology exists, since the mid 1990’s, the Ethernet network card has been leading the crowd, due to low cost and easy integration and use. A unique 48-bit serial number is on every Ethernet network card, stored in the ROM; the serial number is your computers Mac address. The Mac address for every computer must be unique; otherwise only one computer with a given Mac address could be on line and connected to the LAN at a time. The Institute of Electrical and Electronics Engineers is responsible for each unique Mac address getting assigned to vendors of interface controllers; this is so no two network cards share the same Mac address.
At one point network cards were expansion cards that had to be plugged into the motherboard. Most new computers have the network card built into the motherboard; some may even have two ports built in so the computer can be connected to multiple networks. Some companies have started using optical fiber instead of Cat-5 cables or USB cords, because optical fiber is immune to electromagnetic interference. Optical fibers are made of glass or plastic, instead of metal, and carry light along their full length. The electrical signals sent along the optical fiber degrade less during transfer than signals sent along metal wires (Cat-5 cables and USB cords).
By: Victor Epand
Network Security – NIC-Based Intrusion Detection Systems
December 26th, 2009
Overview
The goal of an intrusion detection system is to detect inappropriate, incorrect, and unusual activity on a network or on the hosts belonging to a local network by monitoring network activity. To determine if an attack has occurred or if one has been attempted typically requires sifting through huge amounts of data (gathered from the network, host or file system) looking for clues of suspicious activity. There are two general approaches to this problem — signature detection (also known as misuse detection), where one looks for patterns of well-known attacks, and anomaly detection, that looks for deviations from normal behavior.
Most work on signature and anomaly detection has relied on detecting intrusions at the level of the host processor. A problem with that approach is that even if intrusion activity is detected, one is often unable to prevent the attack from disrupting the system and over utilizing the system CPU (e.g. in the case of denial-of-service attacks).
As an alternative to relying on the host’s CPU to detect intrusions there is growing interest in utilizing the NIC (network interface card) as part of this process, too. The primary role of NICs in computer systems is to move data between devices on the network. A natural extension to this role would be to actually police the packets forwarded in each direction by examining packet headers and simply not forwarding suspicious packets.
Recently there has been a fair amount of activity in the area of NIC-based computing. Related to the work on NIC-based intrusion detection systems is the use of NICs for firewall security. The idea is to embed firewall-like security at the NIC level. Firewall functionality, such as packet filtering, packet auditing, and support for multi-tiered security levels, has been proposed and, actually, commercialized in 3Com’s embedded firewall.
Rationale
The rationale for coupling NIC-based intrusion detection with conventional host-based intrusion detection is based on the following points:
· Functions such as signature- and anomaly-based packet classification can be performed on the NIC, which has its own processor and memory. This makes it virtually impossible to bypass or to tamper with (as compared with software-based systems that rely on the host operating system).
· If the host is loaded with other programs running simultaneously (with the intrusion detection software), then an intrusion detection system that relies on host processing may be slowed down, thereby adversely affecting the bandwidth available for network transmissions. A NIC-based strategy will not be affected by the load on the host.
· With centralized intrusion detection systems one encounters a problem associated with scalability — however, this is not the case with NIC-based intrusion detection. Each individual NIC can handle the in-bound and out-bound traffic of the particular processor/local area network it is connected with, thus effectively distributing the work load.
· NIC-based strategies provide better coverage and functional separation since internal NICs can detect portscans while NICs at the firewall can detect host-scans.
· The NIC-based scheme is flexible, dynamically adaptive, and can work in conjunction with existing host-based intrusion detection systems. The host-based intrusion detection system can download new rules/signatures into the NIC on the fly, making the detection process adaptive.
The Challenge
The current disadvantage to NIC-based intrusion detection is that processing capability on the NIC is much slower and the memory sub-system is much smaller when compared with the host. The task of implementing algorithms on the NIC presents several new challenges. For example, NICs typically are not capable of performing floating point operations. As a result, algorithms implemented for the NIC are forced to resort to estimates based on fixed-point operations. There is also a need to limit the impact on bandwidth and latency for normal, non-intrusive messages. So, the challenge becomes how best to use the NIC’s processing capabilities for intrusion detection.
IDS Algorithms
There are two general approaches to the problem of intrusion detection: signature detection (also known as misuse detection), where one looks for patterns that signal well-known attacks, and anomaly detection, that looks for deviations from normal behavior. Signature detection works reliably on known attacks, but has the obvious disadvantage of not being able to detect new attacks. Though anomaly detection can detect novel attacks, it has the drawback of not being able to discern intent. It can only signal that some event is unusual, but not necessarily hostile, thus generating false alarms.
Signature detection methods are better understood and widely applied. They are used in both host based systems, such as virus detectors, and in network based systems such as SNORT and BRO. These systems use a set of rules encoding knowledge gleaned from security experts to test files or network traffic for patterns known to occur in attacks. A limitation of these systems is that as new vulnerabilities or attacks are discovered, the rule set must be manually updated. Another disadvantage is that minor variations in attack methods can often defeat such systems.
Anomaly detection is a harder problem than signature detection because while signatures of attacks can be very precise, what is considered normal is more abstract and ambiguous. Rather than finding rules that characterize attacks, one attempts to find rules that characterize normal behavior. Since what is considered normal could vary across different environments, a distinct model of normalcy can be learned individually. Much of the research in anomaly detection uses the approach of modeling normal behavior from a (presumably) attack-free training set. Because we cannot predict all possible non-hostile behavior, false alarms are inevitable. Researchers found that when a vulnerable UNIX system program or server is attacked (for example, using a buffer overflow to open a root shell), that the program makes sequences of system calls that differ from the sequences found under normal operation.
Current network anomaly detection systems such as NIDES , ADAM , and SPADE model only features of the network and transport layer, such as port numbers, IP addresses, and TCP flags. Models built with these features could detect probes (such as port scans) and some denial of service (DOS) attacks on the TCP/IP stack, but would not detect attacks of the type where the exploit code is transmitted to a public server in the application payload. Most current anomaly detectors use a stationary model, where the probability of an event depends on its average rate during training, and does not vary with time. While most research in intrusion detection has focused on either signature detection or anomaly detection, most researchers have realized that the two models must work hand-in-hand to be most effective.
Results
The quantitative improvements that were observed for NIC-based IDS when tested against Host-based IDS can be attributed to the fact the operating system of the host does not have to be interrupted with the detection process. Thus on heavily loaded hosts admissible network traffic proceeds at a consistent rate provided the computational and memory resources of the NIC are not stretched. The benefit of having the NIC do the policing is that it can actually prevent network-based intrusions from wrecking havoc on host systems — since the intrusive packet, if caught, never reaches the host operating system. In effect, the NIC acts as a basic shield for the host. If the NIC cannot catch up with the rate the packets are arriving, it can begin dropping the packets as this may be indicative of a denial-of-service attack. If the NIC were to become overwhelmed by a such an attack, the host would be spared from it. It is preferable to sacrifice only the NIC to the attack rather than the entire host machine. However, from a technology perspective we are not far away from 1GHz NIC processors (with appropriately larger memory). With those projected systems one can anticipate that NIC-based intrusion detection will do better both from a quantitative standpoint and from a a qualitative standpoint (as less restrictive and more robust algorithms may be employed).
Final Comments
Last year CyberGuard Corp. announced the availability of the SnapGear PCI635, an embedded firewall network card that fits into standard peripheral slots in PC desktops and servers. The card allows deployment of advanced network security functions, such as virtual private network and firewall and intrusion detection, that protect individual servers and desktops from internal and external threats. The PCI635 can also be configured to prevent desktop users from tampering with security settings, further reducing the threat of security breaches from people on the internal network.
Because this is a NIC-based firewall/VPN/IDS device that is independent of the host, the PCI635 makes the desktop system immune to Windows vulnerability exploits. This is important since software-based security solutions can be rendered useless if the OS is exploited, compromising the computer and potentially the internal network. The intrusion detection system (IDS) is based on Snort and increases security by identifying known security attacks.
By: Steve Leytus
