Network Associates Internet Security Recognize

Introduction to Intranets

What precisely is an intranet? It’s one of those terms that’s more thrown around than understood, and has become more of a buzzword than a commonly understood idea. Simply put, an intranet is a private network with Internet technology employed as the underlying architecture. An intranet is built using the Internet’s TCP/IP protocols for communications. TCP/IP protocols may be run on galore hardware platforms and cabling schemes. The underlying hardware is not what makes an intranet-it’s the software protocols that matter.

Intranets may co-exist with other local area networking technology. In some companies, existent “legacy systems” including mainframes, Novell networks, minicomputers, and respective databases, are being integrated into an intranet. A wide assortment of tools grant this to happen. Common Gateway Interface (CGI) scripting is oftentimes employed to access bequest databases from an intranet. The Java programming language may be employed to access bequest databases as well.

With the enormous growth of the Internet, an increasing number of humans in corporations use the Internet for communication with the outside world, for gathering information, and for doing business. It didn’t take long for persons to recognize that the elements that worked so well on the Internet could be evenly valuable internally and that is why intranets are getting so popular. Some corporations do not have TCP/IP networks, the protocol required to access the resources of the Internet. Creating an intranet in which all the selective information and resources may be employed seamlessly has galore benefits. TCP/IP-based networks make it easy for people to access the network remotely, such as from home or while traveling. Dialing into an intranet in this way is much like connecting to the Internet, except that you’re connecting to a private network rather of to a public Internet provider. Interoperability among networks is another substantial bonus.

Security systems discerned an intranet from the Internet. A company’s intranet is protected by firewalls-hardware and software compoundings that concede only sure people to access the intranet for specific purposes.

Intranets may be applied for anything that existent networks are applied for-and more. The ease of publishing info on the World Wide Web has made them general places for posting corporate info such as company news or company procedures. Corporate databases with easy-to-build front-ends use the Web and programming languages such as Java.

Intranets grant people to work together more effortlessly and more effectively. Software known as groupware is another indispensable percentage of intranets. It allows humans to collaborate on projects; to percentage information; to do videoconferencing; and to establish secure procedures for production work. Free server and client software and the multitude of services, like newsgroups, stimulated the Internet’s growth. The consequence of that growth stimulated and fueled the growth of intranets. The ease with which info may be shared, and with which people may commune with one another will proceed to drive the building of intranets.

A Global View of an Intranet

An intranet is a private corporate or instructional network that uses the Internet’s TCP/IP protocols for it is underlying transport. The protocols may run on a potpourri of network hardware, and may likewise co-exist with other network protocols, such as IPX. People from inside an intranet may get at the larger Internet resources, but those on the Internet cannot get into the intranet, which allows only restricted access from the Internet.

• Videoconferencing is an crucial application that requires sending massive quantities of data. Intranets may be built using elements that grant the exceedingly high bandwidths required for transferring such information.

• Often an intranet is composed of a number of dissimilar networks inside a corporation that all commune with one another by way of TCP/IP. These discerned networks are many times referred to as subnets.
• Software that allows humans to commune with each other by way of e-mail and public message boards and to collaborate on work using workgroup software is amidst the most powerful intranet programs. Applications that concede dissimilar corporate departments to post information, and for humans to fill out corporate forms, such as time sheets, and for tapping into corporate financial info are very popular.
• Much of the software used on intranets is standard, off-the-shelf Internet software such as the Netscape Navigator and the Microsoft Explorer Web browsers. And customized programs are ofttimes built, using the Java programming language and CGI scripting.
• Intranets may likewise be employed to concede companies to do business-to-business transactions, such as ordering parts, sending invoices, and making payments. For extra security, these intranet-to-intranet dealings need never go out over the public Internet, but may travel over private leased lines instead.
• Intranets are a powerful system for permitting a company to do business online, for example, to grant any individual on the Internet to order products. When somebody orders a product on the Internet, selective information is sent in a secure manner from the public Internet to the company’s intranet, where the order is processed and completed.
• In order to protect sensible corporate information, and to make sure that hackers don’t harm computer systems and data, security barriers called firewalls protect an intranet from the Internet. Firewall technology uses a combining of routers, servers and other hardware and software to grant people on an intranet to use Internet resources, but blocks outsiders from getting into the intranet.
• Many intranets have to connect to “legacy systems”-hardware and databases that were built before an intranet was constructed. Legacy systems often use older technology not based on the intranet’s TPC/IP protocols. There are a potpourri of ways in which intranets may tie to bequest systems. A mutual way is to use CGI scripts to access the database info and pour that selective information into HTML formatted text, making it available to a Web browser.
• Information sent all over an intranet is sent to the proper destination by routers, which thoroughly question each TCP/IP packet for the IP address and determine the packet’s destination. It then sends the packet to the next router nearest to the destination. If the packet is to be delivered to an address on the same subnetwork of the intranet it was sent from, the packet may be competent to be delivered directly without having to go through any other routers. If it is to be sent to another subnetwork on the intranet, it will be sent to another internal router address. If the packet is to be sent to a destination outside the intranet-in other words, to an Internet destination-the packet is sent to a router that connects to the Internet

How TCP/IP and IPX Work on Intranets

What distinguishes an intranet from any other kind of private network is that it is based on TCP/IP-the same protocols that utilise to the Internet. TCP/IP refers to two protocols that work together to deliver data: the Transmission Control Protocol (TCP) and the Internet Protocol (IP). When you send data throughout an intranet, the info is broken into little packets. The packets are sent independently through a series of switches called routers. Once all the packets arrive at their destination, they are recombined into their introductory form. The Transmission Control Protocol breaks the selective information into packets and recombines them on the receiving end. The Internet Protocol handles the routing of the info and makes sure it gets sent to the proper destination.

1. In numerous companies, there may be a mix of TCP/IP-based intranets and networks based on other networking technology, such as NetWare. In that instance, the TCP/IP engineering of an intranet may be employed to send selective information among NetWare or other networks, using a technique called IP tunneling. In this instance, we’ll look at data being sent from one NetWare network to another, by way of an intranet. NetWare networks use the IPX (Internet Packet Exchange) protocol as a way to deliver data-and TCP/IP networks can’t recognize that protocol. To get around this, when an IPX packet is to be sent throughout an intranet, it is basi encapsulated inside an IP packet by a NetWare server quintessentially for and consecrated to providing the IP transport mechanism for IPX packets.

2. Data sent within an intranet ought to be broken up into packets of less than 1,500 characters each. TCP breaks the data into packets. As it brings about each packet, it calculates and adds a checksum to the packet. The checksum is based on the byte values, that is, the precise amount of info in the packet.
3. Each packet, along with the checksum, is put into distinguished IP wrappers or “envelopes.” These wrappers integrate selective information that details incisively where on the intranet-or the Internet-the selective information is to be sent. All of the wrappers for a given piece of selective information have the same addressing data so that they may all be sent to the same emplacement for reassembly.
4. The packets travel amongst networks by intranet routers. Routers thoroughly examine all IP wrappers and look at their addresses. These routers determine the most effective path for sending each packet to it is final destination. Since the traffic load on an intranet ofttimes changes, the packets may be sent along dissimilar routes, and the packets may arrive out of order. If the router sees the address is one located inside the intranet, the packet may be sent directly to it is destination, or it may rather be sent to another router. If the address is located out on the Internet, it will be sent to another router so it may be sent all over the Internet.
5. As the packets arrive at their destination, TCP calculates a checksum for each packet. It then compares this checksum with the checksum that has been sent in the packet. If the checksums don’t match, TCP knows that the data in the packet has been corrupted for the duration of transmission. It then discards the packet and asks that the original packet be retransmitted.
6. TCP includes the capacity to check packets and to determine that all the packets have been received. When all the non-corrupt packets are received, TCP assembles them into their original, united form. The header info of the packets relays the sequence of how to reassemble the packets.
7. An intranet treats the IP packet as it would any other, and routes the packet to the receiving NetWare network. On the receiving NetWare network, a NetWare TCP/IP server decapsulates the IP packet-it discards the IP packet, and reads the initial IPX packet. It may now use the IPX protocol to deliver the data to the proper destination.

How the OSI Model Works

A group called the International Standards Organization (ISO) has put together the Open Systems Interconnect (OSI) Reference Model, which is a model that describes seven layers of protocols for computer communications. These layers don’t recognise or care what is on adjacent layers. Each layer, essentially, only sees the reciprocal layer on the other side. The sending application layer sees and talks to the application layer on the destination side. That speech takes place no matter of, for example, what structure exists at the physical layer, such as Ethernet or Token Ring. TCP combines the OSI model’s application, presentation, and session layers into one which is also called the application layer.

• The application layer refers to application interfaces, not programs like word processing. MHS (Message Handling Service) is such an interface and it operates at this level of the OSI model. Again, this segmentation and interface approach means that a potpourri of email programs may be used on an intranet so long as they conform to the MHS frequent at this application interface level.

• The formally presenting something layer quintessentially merely provides a ordinary interface amid the application layer and the network layers. This type of segmentation allows for the great flexibleness of the OSI model since apps may vary endlessly, but, as long as the results conform to this frequent interface, the apps need not be concerned with any of the other layers.
• The session layer allows for the communication among sender and destination. These conversations keep out of the way of confusedness by speaking in turn. A token is passed to control and to indicate which side is permitted to speak. This layer executes transactions, like saving a file. If something prevents it from completing the save, the session layer, which has a record of the introductory state, returns to the primary state rather than permitting a corrupt or not complete dealing to occur.
• The transport layer segments the data into adequate for the purpose packet sizes and is responsible for data integrity of packet segments. There are various levels of service that may be imposed at this layer, including segmenting and reassembly, error recovery, flow control, and others.
• The IP wrapper is put around the packet at the network or Internet layer. The header includes the source and destination addresses, the sequence order, and other data necessary for rectify routing and rebuilding at the destination.
• The data-link layer frames the packets-for example, for use with the PPP (Point to Point). It likewise includes the logical link share of the MAC sublayer of the IEEE 802.2, 802.3 and other standards.
• Ethernet and Token Ring are the two most mutual physical layer protocols. They function at the MAC (Media Access Control) level and move the data over the cables based on the physical address on each NIC (Network Interface Card). The physical layer includes the physical parts of the IEEE 802.3 and other specifications.

How TCP/IP Packets Are Processed

Protocols such as TCP/IP determine how computers commune with each other over networks such as the Internet. These protocols work in concert with each other, and are layered on top of one another in what is normally referred to as a protocol stack. Each layer of the protocol is designed to accomplish a specific intent on both the sending and receiving computers. The TCP stack combines the application, presentation, and the session layers into a single layer also called the application layer. Other than that change, it follows the OSI model. The illustration underneath shows the wrapping procedure that occurs to transmit data.

• The TCP application layer formats the info being sent so that the layer under it, the transport layer, may send the data. The TCP application layer performs the equivalent actions that the top three layers of OSI perform: the application, presentation, and session layers.

• The next layer down is the transport layer, which is responsible for transferring the data, and ensures that the info sent and the data received are in fact the same data-in other words, that there have been no faults introduced for the duration of the sending of the data. TCP divides the selective information it gets from the application layer into segments. It attaches a header to each segment. The header holds info that will be applied on the receiving end to see to it that the data hasn’t been altered en route, and that the segments may be in the right manner recombined into their initial form.
• The third layer prepares the selective information for deliverance by putting them into IP datagrams, and determining the proper Internet address for those datagrams. The IP protocol works in the Internet layer, also called the network layer. It puts an IP wrapper with a header onto each segment. The IP header includes selective information such as the IP address of the sending and receiving computers, and the length of the datagram, and the sequence order of the datagram. The sequence order is added because the datagram could conceivably exceed the size permitted for network packets, and so would need to be broken into littler packets. Including the sequence order will concede them to be recombined properly.
• The Internet layer checks the IP header and checks to see whether the packet is a fragment. If it is, it puts together fragments back into the introductory datagram. It strips off the IP header, and then sends the datagram to the transport layer.
• The transport layer looks at the remaining header to determine which application layer protocol-TCP or UDP-should get the data. Then the proper protocol strips off the header and sends the info to the receiving application.
• The application layer gets the selective information and performs, in this case, an HTTP request.
• The next layer down, the selective information link layer, uses protocols such as the Point-to-Point Protocol (PPP) to put the IP datagram into a frame. This is done by putting a header-the third header, after the TCP header and the IP header-and a footer around the IP datagram to fra-me it. Included in the frame header is a CRC check that checks for faults in the info as the data travels over the network.
• The data-link layer ensures that the CRC for the frame is right, and that the selective information hasn’t been modified while it was sent. It strips off the frame header and the CRC, and sends the frame to the Internet layer.
• On the receiving computer, the packet travels through the stack, but in the opposite order from which the packet was created. In other words, it starts at the bottom layer, and moves it is way up through the protocol stack. As it moves up, each layer strips off the header info that was added by the TCP/IP stack of the sending computer.
• The final layer is the physical network layer, which specifies the physical characteristics of the network being applied to send data. It describes the actual hardware standards, such as the Ethernet specification. The layer receives the frames from the selective information link layer, and translates the IP addresses there into the hardware addresses required for the specific network being used. Finally, the layer sends the frame over the network.
• The physical network layer receives the packet. It translates the hardware address of the sender and receiver into IP addresses. Then it sends the frame up to the data link layer.

How Bridges Work

Bridges are hardware and software compoundings that connect dissimilar parts of a single network, such as dissimilar subsections of an intranet. They connect local area networks (LANs) to each other. They are in general not used, however, for connecting entire networks to each other, for example, for connecting an intranet to the Internet, or an intranet to an intranet, or to connect an entire subnetwork to an entire subnetwork. To do that, more sophisticated pieces of technology called routers are used.

1. When there is a great amount of traffic on an Ethernet local area network, packets may collide with one another, reducing the efficacy of the network, and decelerating down network traffic. Packets may collide because so much of the traffic is routed amid all the workstations on the network.

2. In order to cut down on the collision rate, a single LAN may be subdivided into two or more LANs. For example, a single LAN may be subdivided into assorted departmental LANs. Most of the traffic in each departmental LAN stays within the division LAN, and so it needn’t travel through all the workstations on all the LANs on the network. In this way, collisions are reduced. Bridges are employed to link the LANs. The only traffic that needs to travel throughout bridges is traffic bound for another LAN. Any traffic within the LAN need not travel throughout a bridge.
3. Each packet of data on an intranet has more selective information in it than just the IP information. It also includes addressing info required for other underlying network architecture, such as for an Ethernet network. Bridges look at this outer network addressing data and deliver the packet to the proper address on a LAN
4. Bridges consult a learning table that has the addresses of all the network nodes in it. If a bridge finds that a packet belongs on it is own LAN, it keeps the packet inside the LAN. If it finds that the workstation is on another LAN, it forwards the packet. The bridge constantly updates the learning table as it monitors and routes traffic.
5. Bridges may connect LANs in a potpourri of dissimilar ways. They may connect LANs using serial connections over established phone lines and modems, over ISDN lines, and over direct cable connections. CSU/DSU units are employed to connect bridges to telephone lines for remote connectivity.
6. Bridges and routers are at times combined into a single product called a brouter. A brouter handles both bridging and routing tasks. If the data needs to be sent only to another LAN on the network or subnetwork, it will act only as a bridge delivering the selective information based on the Ethernet address. If the destination is another network entirely, it will act as a router, examining the IP packets and routing the info based on the IP address.

How Intranet Routers Work

Just as routers direct traffic on the Internet, sending info to it is proper destination, and routers on an intranet carry out the same function. Routers-equipment that is a combining of hardware and software-can send the info to a computer on the same sub network inside the intranet, to another network on the intranet, or outside to the Internet. They do this by examining header info in IP packets, and then sending the info on it is way. Typically, a router will send the packet to the next router nearest to the final destination, which in turn sends it to an even closer router, and so on, until the data reaches it is intended recipient.

1. A router has input ports for receiving IP packets, and output ports for sending those packets toward their destination. When a packet comes to the input port, the router examines the packet header, and checks the destination in it versus a routing table-a database that tells the router how to send packets to respective destinations.

2. Based on the data in the routing table, the packet is sent to a peculiar output port, which sends the packet to the next nearest router to the packet’s destination.
3. If packets come to the input port more speedily than the router may routine them, they are sent to a keeping area called an input queue. The router then processes packets from the queue in the order they were received. If the number of packets received surpasses the capacity of the queue (called the length of the queue), packets may be lost. When this happens, the TCP protocol on the sending and receiving computers will have the packets re-sent.
4. In a simple intranet that is a single, totally self-contained network, and in which there are no connections to any other network or the intranet, only minimal routing need be done, and so the routing table in the router is exceedingly simple with very few entries, and is constructed mechanically by a program called ifconfig.
5. In a somewhat more elaborated intranet which is composed of a number of TCP/IP-based networks, and connects to a fixed number of TCP/IP-based networks, static routing will be required. In static routing, the routing table has specific ways of routing info to other networks. Only those pathways may be used. Intranet administrators may add routes to the routing table. Static routing is more flexible than minimal routing, but it can’t alter routes as network traffic changes, and so isn’t suitable for a heap of intranets.
6. In more complex intranets, dynamic routing will be required. Dynamic routing is applied to permit multiple routes for a packet to reach it is final destination. Dynamic routing also allows routers to alter the way they route info based on the amount of network traffic on a lot of paths and routers. In dynamic routing, the routing table is called a dynamic routing table and changes as network conditions change. The tables are built dynamically by routing protocols, and so constantly alter according to network traffic and conditions.
7. There are two wide types of routing protocols: interior and exterior. Interior routing protocols are specifically used on internal routers inside an intranet that routes traffic bound only for inside the intranet. A mutual interior routing protocol is the Routing Information Protocol (RIP). Exterior protocols are specifically applied for external routers on the Internet. AÊcommon exterior protocol is the Exterior Gateway Protocol (EGP).

Intranets come in dissimilar sizes. In a little company, an intranet may be composed of only a handful of computers. In a medium-sized business, it may include dozens or hundreds of computers. And in a big corporation, there may be thousands of computers disseminate throughout the globe, all connected to a single intranet. When intranets get large, they need to be subdivided into person subnets or subnetworks.

To grasp how subnetting works, you primary need to grasp IP addresses. Every IP address is a 32-bit numeric address that unambiguously identifies a network and then a specific host on that network. The IP address is divided into two sections: the network section, called the netid, and the host section, called the hostid.

Each 32-bit IP address is handled differently, according to what class of network the address refers to. There are three main classes of network addresses: Class A, Class B, and Class C. In galore classes, more of the 32-bit address space is devoted to the netid, while in others, more of the address space is committed to the hostid. In a Class A network, the netid is composed of 8 bits, while the hostid is composed of 24 bits. In a Class B network, both the netid and the hostid are composed of 16 bits. In a Class C network, the netid is composed of 24 bits, while the hostid is composed of 8 bits. There’s a simple way of knowing what class a network is in. If the firstborn number of the IP address is less than 128, the network is a Class A address. If the original number is from 128 to 191, it’s a Class B network. If the firstborn number is from 192 to 223, it’s a Class C network. Numbers above 223 are reserved for other purposes. The littler the netid, the less number of networks that may be subnetted, but the more spectacular number of hosts on the network. A Class A rating is best for big networks while a Class C is best for little ones.

To fabricate a subnet, the demarcation line on the IP address is moved among the netid and the hostid, to give the netid more bits to work with and to take away bits from the hostid. To do this, a special number called a subnet mask is used.

Subnetting is used when intranets grow over a sure size and they commence to have problems. One problem is management of host IP addresses-making sure that each computer on the network has a proper, up-to-date host address, and that old host addresses are put out of use until necessitated in the future. In a corporation disseminate out over assorted locations-or throughout the world-it’s difficult, if not impossible, to have one person responsible for managing the host addresses at each emplacement and section in the company.

Another problem has to do with a assortment of hardware limitations of networks. Dissimilar networks may all be part of an intranet. An intranet may have a lot of sections that are Ethernet, other segmentations that are Token Ring networks, and conceivably other segmentations that use dissimilar networking technologies altogether. There is no easy way for an intranet router to link these dissimilar networks together and route the selective information to the proper places.

Another set of troubles has to do with the physical limitations of network technology. In galore kinds of networks, there are a lot of rigorous limitations on how far cables may extend in the network. In other words, you can’t go over a sure distance of cabling without using repeaters or routers. A “thick” Ethernet cable, for example, may only be extended to 500 meters, while a “thin” Ethernet cable may only go to 300 meters. Routers may be used to link these cables together, so that an intranet may be extended well beyond those distances. But when that is done, each length of wire is basically considered it is own subnetwork.

Yet one more set of difficulties has to do with the volume of traffic that travels throughout an intranet. Often in a corporation, in a given department, most of the traffic is intradepartmental traffic-in other words, mail and other info that humans within a section send to each another. The volume of traffic outside to other departments is substantially less. What’s called for is a way to confine intradepartmental traffic inside the departments, to cut down on the amount of info that needs to be routed and managed throughout the entire intranet.

Subnetting solves all these troubles and more. When an intranet is divided into subnets, one central administrator doesn’t have to manage each aspect of the entire intranet. Instead, each subnet may take care of it is own administration. That means littler organizations within the more spectacular institution may take care of difficulties such as address management and a potpourri of troubleshooting chores. If an intranet is subnetted by subsections or departments, it means that each division or section may guide the development of it is own network, while adhering to standard intranet architecture. Doing this allows departments or sectionalizations more freedom to use engineering to pursue their business goals.

Subnets also get around difficulties that arise when an intranet has within it dissimilar kinds of network architecture, such as Ethernet and Token Ring technologies. Normally-if there is no subnetting-a router can’t link these dissimilar networks together because they don’t have their own addresses. However, if each of the dissimilar networks is it is own subnet-and so has it is own network address-routers may then link them together and decently route intranet traffic.

Subnetting may likewise cut down on the traffic journeying all over the intranet and it is routers. Since much network traffic may be confined within departments, having each section be it is own subnet means that all that traffic need never cross an intranet router and cross the intranet-it will stay within it is own subnet.

Subnetting may also increase the security on an intranet. If the payroll department, for example, were on it is own subnet, then much of it is traffic would not have to travel all over an intranet. Having it is info journeying throughout the intranet could mean that an individual could conceivably hack into the data to read it. Confining the info to it is own subnet makes that much less likely to happen.

Dividing an intranet into subnets may also make the entire intranet more stable. If an intranet is separated in this way, then if one subnet goes down or is many times unstable, it won’t affect the rest of the intranet.

This all may sound rather confusing. To see how it’s done, let’s take a look at a network, and see how to use the IP address to create subnets. Let’s say we have a Class B network. That network is assigned the address of 130.97.0.0. When a network is given an address, it is assigned the netid numbers-in this case, the 130.97-and it may assign the host numbers (in this case, 0.0) in any way that it chooses.

The 130.97.0.0 network is a single intranet. It’s getting too big to manage, though, and we’ve decisive to divide it into two subnets. What we do is somewhat straightforward. We take a number from the hostid field and use it to distinguish each of the subnets. So one subnet gets the address 130.97.1.0, and the other gets the address 130.97.2.0. Individual machines on the initial subnet get addresses of 130.97.1.1, 130.97.1.2, and so on. Individual machines on the second subnet get addresses of 130.97.2.1, 130.97.2.2 and so on.

Sounds simple. But we have a problem. The Internet doesn’t recognize 130.97.1.0 and 130.97.2.0 as discerned networks. It treats them both as 130.97.0.0 since the “1″ and “2″ that we’re using as a netid is only known to the Internet as a hostid. So our intranet router will not be competent to route incoming traffic to the proper network.

To solve the problem, a subnet mask is used. A subnet mask is a 32-bit number in IP form applied by intranet routers and hosts that will aid routers perceive how to route selective information to the proper subnet. To the outside Internet, there is still only one network, but the subnet mask allows routers inside the intranet to send traffic to the proper host.

A subnet mask is a number such as 255.255.255.0 (the built-in default for Class C addresses; the Class B default is 255.255.0.0 and the default for Class A is 255.0.0.0). A router takes the subnet mask and applies that number versus the IP number of incoming mail to the network by using it to carry out a calculation. Based on the resulting IP number, it will route mail to the proper subnet, and then to a queer computer on the subnet. For consistency, every one in a queer intranet will use the same subnet mask.

Subnetting an Intranet

When intranets are over a sure size, or are disseminate over various geographical locations, it becomes difficult to manage them as a single network. To solve the problem, the single intranet may be subdivided into assorted subnets, sections of an intranet that make them requiring little effort to manage. To the outside world, the intranet still looks as if it’s a single network.

1. If you’re building an intranet and want it to be connected to the Internet, you’ll need a distinguishable IP address for your intranet network, which the InterNIC Registration Services will handle. There are three classes of intranet you may have: Class A, Class B, or Class C. Generally, a Class A rating is best for the biggest networks, while a Class C is best for the smallest. A Class A network may be composed of 127 networks, and a total of 16,777,214 nodes on the network. A Class B network may be composed of 16,383 networks, and a total of 65,534 nodes. A Class C network may be composed of 2,097,151 networks, and 254 nodes.

2. When an intranet is assigned an address, it is assigned the initial two IP numbers of the Internet numeric address (called the netid field) and the remaining two numbers (called the hostid field) are left blank, so that the intranet itself may assign them, such as 147.106.0.0. The hostid field comprises of a number for a subnet and a host number.
3. When an intranet is connected to the Internet, a router handles the occupation of sending packets into the intranet from the Internet. In our example, all incoming mail and selective information comes to a router for a network with the netid of 147.106.0.0.
4. When intranets grow-for example, if there is a section located in another building, city, or country-there needs to be galore way to manage network traffic. It may be impractical and physically inconceivable to route all the selective information necessary amid some dissimilar computers disseminate throughout a building or the world. A second network-called a subnetwork or subnet-needs to be created.
5. In order to have a router handle all incoming traffic for a subnetted intranet, the primary byte of the hostid field is used. The bits that are used to distinguish among subnets are called subnet numbers. In our example, there are two subnets on the intranet. To the outside world, there appears to be only one network.
6. Each computer on each subnet gets it is own IP address, as in a normal intranet. The combining of the netid field, the subnet number, and then ultimately a host number, forms the IP address.
7. The router must be informed that the hostid field in subnets will have to be treated differently than non-subnetted hostid fields, other than as supposed or expected it won’t be competent to decently route data. In order to do this, a subnet mask is used. A subnet mask is a 32-bit number such as 255.255.0.0 that is applied in concert with the numbers in the hostid field. When a calculation is performed using the subnet mask and the IP address, the router knows where to route the mail. The subnet mask is put in people’s network configuration files.

Overview of an Intranet Security System

Any intranet is vulnerable to attack by people intention on destruction or on stealing corporate data. The open nature of the Internet and TCP/IP protocols expose a corporation to attack. Intranets require a assortment of security measures, including hardware and software combinings that provide control of traffic; encryption and passwords to validate users; and software tools to prevent and heal viruses, block objectionable sites, and monitor traffic.

• The generic term for a line of defense versus intruders is a firewall. A firewall is a hardware/software combining that controls the type of services permitted to or from the intranet.

• Proxy servers are another mutual tool employed in building a firewall. A proxy server allows system administrators to track all traffic coming in and out of an intranet.
• A bastion server firewall is setup to withstand and prevent unauthorized access or services. It is distinctively segmented from the rest of the intranet in it is own subnet or perimeter network. In this way, if the server is broken into, the rest of the intranet won’t be compromised.
• Server-based virus-checking software may check each file coming into the intranet to make sure that it’s virus-free.
• Authentication schemes are an crucial part of any intranet security scheme. Authentication schemes are employed to see to it that any person attempting to log into the intranet or any of it is resources is the person they assert to be. Authentication systems specifically use user names, passwords, and encryption systems.
• Server-based site-blocking software may bar humans on an intranet from getting objectionable material. Monitoring software tracks where humans have gone and what services they have used, such as HTTP for Web access.
• One way of ensuring that the defective humans or erroneous info can’t get into the intranet is to use a filtering router. This is a special kind of router that examines the IP address and header data in each packet coming into the network, and allows in only those packets that have addresses or other data, like e-mail, that the scheme administrator has decisive must be permitted into the intranet.

All intranets are vulnerable to attack. Their underlying TCP/IP architecture is identical to that of the Internet. Since the Internet was built for greatest or most complete or best possible openness and communication, there are innumerable proficiencies that may be applied to attack intranets. Attacks may implicate the theft of critical company selective information and even cash. Attacks may ruin or deny a company’s computing resources and services. Attackers may break in or pose as a company employee to use the company’s intranet resources.

Firewalls are hardware and software compoundings that block intruders from access to an intranet while still permitting humans on the intranet to access the resources of the Internet. Depending on how secure a web site needs to be, and on how much time, money, and resources may be expended on a firewall, there are numerous kinds that may be built. Most of them, though, are built using only a few elements. Servers and routers are the necessary elements of firewalls.

Most firewalls use numerous kind of packet filtering. In packet filtering, a screening router or filtering router looks at each packet of data traveling among an intranet and the Internet.

Proxy servers on an intranet are used when somebody from the intranet wants to access a server on the Internet. A request from the user’s computer is sent to the proxy server rather of directly to the Internet. The proxy server contacts the server on the Internet, receives the info from the Internet, and then sends the selective information to the requester on the intranet. By acting as a go-between like this, proxy servers may filter traffic and maintain security as well as log all traffic amid the Internet and the network.

Bastion hosts are to a great extent fortified servers that handle all incoming requests from the Internet, such as FTP requests. A single bastion host handling incoming requests makes it requiring little effort to maintain security and track attacks. In the event of a break in, only that single host has been compromised, rather of the entire network. In a lot of firewalls, multiple bastion hosts may be used, one for each dissimilar kind of intranet service request.

How Firewalls Work

Firewalls protect intranets from any attacks launched versus them from the Internet. They are designed to protect an intranet from unauthorized access to corporate information, and detrimental or denying computer resources and services. They are also designed to stop persons on the intranet from accessing Internet services that may be dangerous, such as FTP.

1. Intranet computers are permitted access to the Internet only after passing through a firewall. Requests have to pass through an internal screening router, also called an internal filtering routeror choke router. This router prevents packet traffic from being sniffed remotely. A choke router examines all pack-ets for data such as the source and destination of the packet.

2. The router compares the data it finds to rules in a filtering table, and passes or drops the packets based on those rules. For example, a good deal of services, such as rlogin, may not be permitted to run. The router likewise might not grant any packets to be sent to specific distrustful Internet locations. A router may also block each packet traveling amidst the Internet and the internal network, except for e-mail. System administrators set the rules for determining which packets to grant in and which to block.
3. When an intranet is protected by a firewall, the frequent internal intranet services are available-such as e-mail, access to corporate databases and Web services, and the use of groupware.
4. Screened subnet firewalls have one more way to protect the intranet-an exterior screening router, also called an exterior filtering router or an access router. This router screens packets among the Internet and the perimeter network using the same kind of technology that the interior screening router uses. It may screen packets based on the same rules that employ to the internal screening router and may protect the network even if the internal router fails. It also, however, may have further and added rules for screening packets distinctively designed to protect the bastion host.
5. As a way to further protect an intranet from attack, the bastion host is placed in a perimeter network-a subnet-inside the firewall. If the bastion host was on the intranet rather of a perimeter network and was broken into, the intruder could gain access to the intranet.
6. A bastion host is the main point of contact for connections coming in from the Internet for all services such as e-mail, FTP access, and any other info and requests. The bastion host services all those requests-people on the intranet contact only this one server, and they don’t directly contact any other intranet servers. In this way, intranet servers are protected from attack.

Network Associates Internet Security Recognize

Panasonic Pan/tilt network camera- Wireless- 2 Input external connectors- Sends H.264 or MPEG-4 and JPEG images simultaneously- Image transfer by timer, alarm, motion, sound or humane presence- HTTPS Data encryption deters electronic eavesdropping.

The little and discreet profile fits almost anyplace in your home or office.

A Camera with the Ability to See, Hear, Feel and Interact
Introducing the Panasonic BL-C230—the most recent addition to the Panasonic Network Camera family. The crystal clear video effigy is easy to access right from your PC or hand-held device. An on-screen user interface with the capacity to pan, tilt, and zoom allows you to adjust camera view wherever you may be. And with Triple Sensor engineering science detecting changes in sound, motion, and body heat, this camera is the next best thing to being two places at once.

Triple Sensor Technology
The Panasonic BL-C230 camera offers a Triple Sensor with the capacity to track changes in movement, sound, and body temperature in your indoor atmospheres. When the Triple Sensor is activated, an instant email alert is sent directly to your mobile phone or PC with a captured effigy from your network camera.

Body Heat Sensor – Monitors the presence of humans in a room and may be discretely placed at the entryway of your home or office.
Motion Sensor - Works well in still areas, such as stores and restaurants after hours, and will alert you with an email and effigy capture when it detects movement, such as for the duration of an accident or break-in.
Sound Sensor – Perfect for a baby’s room or with new pets. This sensor will alert you to any noises made in the room.

Connection and Monitoring
The BL-C230 is a wireless model with built-in anntenae, effortlessly connecting directly to a wireless network. Your network camera user interface may be accessed right from your PC or mobile phone. Panasonic Network Camera has built-in memory storage for security and personal purposes. Refer to your captured videos and images to monitor live-in nannies, office activity, or store employees. Share videos of your loved ones with family and friends.

The BL-C230 is likewise compatible with Panasonic’s Viera Cast™ Televisions. With a few easy clicks of the remote, watch up to eight connected cameras around your home or office. The following Panasonic HDTVs will help BL-C230 Network Camera:

• TC-PG10 series with 42, 46, 50, and 54-inch screen
  
• TC-PG15 series with 42, 46, and 50-inch screen
  
• TC-PV10 series with 50, 54, 58, and 65-inch screen
  
• TC-P54Z1

Convenient Internet access provides peace of mind while you’re away.

See There When You Can’t Be There
The convenience, simple installation, and instant email alerts in this dependable video monitoring system make for peace of mind…at the click of a button.

BL-C230 Wireless H.264/MPEG-4 Network Camera Features

• Wireless connection (IEEE 802.11 b/g)
• Image transfer by timer, alarm, motion, sound or humane presence
• Plug & Play installation
• Access by way of hand-held device or PC
• No PC required on site
• Email alert notifications
• H.264 compression for high quality images
• Built-in memory for storing images and video

What’s in the Box
BL-C230 camera, AC Adapter, Set-up CD-ROM, Screws (6), Washers (4), Safety Wire, and Installation Guide