pointer

Monthly Archives: December 2010

How to Play By the Rules of Fast Ethernet

Posted on by .

    The truth is everyone who uses Ethernet has wished from time to time that their network was faster. When Ethernet was first designed in the late 1970s, 10Mbps was like a ride on the autobahn.

    With today’s bandwidth-intensive multimedia applications that number is barely adequate. For example, full motion video for video conferencing can require up to 25 Mbps. That means that classic Ethernet, at 10 Mbps, can only deliver poor quality real-time video for a single session. Fast Ethernet, which runs at 100 Mbps, allows for watching a broadcast presentation in one window while running a conference with three people in three other windows, while still leaving enough margin for network-based application usage.

    Below are two primary areas to think about, if you want to play by the rules, when it comes to upgrading your network from 10Mbps to 100Mbps:

    1. Cabling
    A common problem with Fast Ethernet is the different cabling specifications. In Fast Ethernet, twisted pair cabling either needs to be category 5 or category 3 with proper twist on all four pairs. In classic Ethernet, it was easy to distinguish  between 10Base-2 for 10Base-5. With Fast Ethernet, special care must be taken to verify that the entire connection between station and concentrator either supports TX’s 31.25MHz signal or maintains T4′s four pairs with proper twist. There are a number of good cable testers and pair scanners available to help in determining this for your network.

    2. Hubs
    The problem with hubs is the number allowed in a single collision domain. Classic Ethernet allows hubs to be cascaded up to four deep between any two stations. In Fast Ethernet, the number of hubs allowed in a collision domain is drastically reduced to only a single hub. Sometimes it may be possible to have more than one hub in a collision domain, but it will probably be easier over the long term to design a Fast Ethernet network assuming that only one hub is allowed.

    What the IEEE 802.3 spec does not explicitly state is that this limitation only applies to shared 100BASE-T, not switched 100BASE-T. Because switches act like bridges in defining a separate collision domain, installing Fast Ethernet switches will allow you to work around the single-hub problem. Even if it is not necessary to deliver dedicated switched Fast Ethernet to each desktop, Fast Ethernet hubs can be connected to switches. Connecting a number of repeaters to a switch will provide shared Fast Ethernet and allow you to maintain the size of your network.

    The increase in speed and quality is well worth the transition to Fast Ethernet, however the number of hubs, along with the length and the type of cabling, need to be considered when upgrading your network to make sure it’s an easy switch and has an overall positive impact on your organization.

      Cyber Attacks: 5 Ways to Keep Your Guard Up

      Posted on by .

        Let’s face it, the statistics are just not in your favor when it comes to avoiding cyber attacks. Just to cite a few, 85% of those surveyed by Trusted Strategies in September 2009 either had or expect a cyber attack within 36 months. Care to take the 1:6 odds on this table? Combine that with the fact that the number of personal records compromised in cyber attacks jumped 500% in 2009, and I don’t think this is a bet that anyone wants to take. Cyber attacks are now dominated by organized criminal activity, with 91% of the personal records compromised in 2009 linked to organized criminal groups.

        And not all attacks are financially motivated, as witnessed by the distributed denial of service (DDoS) attacks launched last week against several sites, including those belonging to Amazon, Mastercard, Visa, PayPal, and others after terminating WikiLeaks accounts. Given the speed with which these attacks were mounted, it’s beginning to feel like successful attacks can be carried out anytime and anywhere, as long as the motivation is compelling. And it looks as if botnets are being recruited for the DDoS attacks.

        So what can you do? Cyber attacks are by their nature designed to be covert, especially those targeting personal or financial data, so identification and elimination can be difficult. Diligence is the key, and there are many ways to keep your guard up. Roland Dobbins, a solutions architect at Arbor Networks, felt the attacks were “able to achieve disproportionate impact due to the unpreparedness of the defenders.” Here are five key ways to help ensure you are doing everything you can to keep the overwhelming odds in your favor.

        Processes, Processes, Processes
        Even the most sophisticated technological solutions cannot overcome absent, poor or unmonitored processes. In a study done by the Verizon Business RISK team published in July 2010, 67% of network breaches were aided by significant errors, with 87% considered avoidable through simple or intermediate controls, in other words, with adequate processes in place with constant validation that these processes are being followed.

        Use Network Recorders
        Network recorders are appliances designed to capture, store, analyze and mine high speed network traffic. The most capable appliances can capture at greater than 10Gbps, with zero packet loss, and include either large amounts of built-in storage or a SAN interface. Network recorders can be placed at core switches to capture all enterprise traffic, thereby recording a breach even if it is not detected until a later time. With the recording you can determine exactly how the attack happened, what damage has been done and perhaps even the source of the breach.

        Establish Network Baselines
        It’s really hard to know if something funny is going on with the network if you have no idea of how it normally behaves. Baselines provide a record of how your network is behaving, over time, so you always have a reference at hand for comparison when you suspect something out of the ordinary.

        Monitor Security on Both Sides of the Firewall
        Most security solutions are designed to monitor traffic traversing the firewall. Though this does a good job of protecting you from external threats, it does nothing to prevent threats from within, which, according to the Verizon Business RISK Team report, resulted in 20% of the network breaches. Packet-level monitoring and analysis solutions installed at key network and data center connections can provide detailed security data as well as overall network monitoring and troubleshooting to secure your entire network.

        Watch for Minor Policy Violations
        Industry studies indicate a correlation between minor policy violations by employees, like illegal content on a corporate computing asset, and more serious data breaches down the road involving the same computing asset. This could be due to malicious behavior, but is just as likely to be due to careless activity on the computing asset that eventually makes the asset vulnerable. Constantly monitoring for minor policy violations can protect you from more serious breaches down the road.