Comunication Networks

Question 2 : Use the Web to learn more about the history of the Internet. Summarize your findings.

Question 3 : Use the Internet find out more about IPv6 and why it is being adopted. Summarize your findings.

Question 4 : Please brieftly explain the following terms:
DNS, SMTP, HTTP, FTP, hub, switch, firewall, BOOTP, DHCP, SNMP

Question 5 : Design a network topology which includes the following equipment:
Router, hub, switch, PC, DNS server, firewall, Email Server, Proxy Server

Question 6 : Explain why proxy server setting in Internet Explorer is needed in UTAR network environment.

Question 7 : Use the Internet to find out more about iptables, which is the software for combining of tools and Linux kernel support for packet rewriting and fire-walling, and why it is being adopted. Summarize your findings.

Question 8 : Identify the kinds of services of ISPs in Malaysia. You may compare the services and pricing provided by any 2 ISPs in this country.

Question 9 : Use the Web to learn more about the Wireless LAN. Find out why Wireless LAN is being marketed aggressively by carriers and adopted enthusiastically by enterprises.

Question 10: Discuss the importance of Network Security and/or legatimacy in Computer Network

The Internet was the result of some visionary thinking by people in the early 1950s that saw great potential value in allowing computers to share information on research and development in scientific and military fields.

J.C.R. Licklider of MIT, first proposed a global network of computers in 1962. Leonard Kleinrock of MIT and later UCLA developed the theory of packet switching, which was to form the basis of Internet connections. Lawrence Roberts of MIT connected a Massachusetts computer with a California computer in 1965 over dial-up telephone lines. Kleinrock's packet switching theory was confirmed. Roberts moved over to DARPA in 1966 and developed his plan for ARPANET.

The Internet, then known as ARPANET, was brought online in 1969 under a contract let by the renamed Advanced Research Projects Agency (ARPA) which initially connected four major computers at universities in the southwestern US (UCLA, Stanford Research Institute, UCSB, and the University of Utah). The contract was carried out by BBN of Cambridge, MA under Bob Kahn and went online in December 1969.

The Internet was designed in part to provide a communications network that would work even if some of the sites were destroyed by nuclear attack. If the most direct route was not available, routers would direct traffic around the network via alternate routes. The early Internet was used by computer experts, engineers, scientists, and librarians. There were no home or office personal computers in those days, and anyone who used it had to learn to use a very complex system.

E-mail was adapted for ARPANET by Ray Tomlinson of BBN in 1972. He picked the @ symbol from the available symbols on his teletype to link the username and address. The telnet protocol, enabling logging on to a remote computer, was published as a Request for Comments (RFC) in 1972. RFC's are a means of sharing developmental work throughout community. The ftp protocol, enabling file transfers between Internet sites, was published as an RFC in 1973, and from then on RFC's were available electronically to anyone who had use of the ftp protocol.

The visionary Frederick G. Kilgour of the Ohio College Library Center (now OCLC, Inc.) led networking of Ohio libraries during the '60s and '70s. In the mid 1970s more regional consortia from New England, the Southwest states, and the Middle Atlantic states, etc., joined with Ohio to form a national, later international, network. Automated catalogs, not very user-friendly at first, became available to the world, first through telnet or the awkward IBM variant TN3270.

The Internet matured in the 70's as a result of the TCP/IP architecture first proposed by Bob Kahn at BBN and further developed by Kahn and Vint Cerf at Stanford and others throughout the 70's. It was adopted by the Defense Department in 1980 replacing the earlier Network Control Protocol (NCP) and universally adopted by 1983.

The Unix to Unix Copy Protocol (UUCP) was invented in 1978 at Bell Labs. Usenet was started in 1979 based on UUCP. Newsgroups providing a means of exchanging information throughout the world, many Internet sites took advantage of the availability of newsgroups. It was a significant part of the community building that took place on the networks.

Similarly, BITNET (Because It's Time Network) connected IBM mainframes to provide mail services beginning in 1981. Listserv software was developed for this network and later others. Gateways were developed to connect BITNET with the Internet and allowed exchange of e-mail. These listservs and other forms of e-mail discussion lists formed another major element in the community building that was taking place.

In 1986, the National Science Foundation funded NSFNet as a cross country 56 Kbps backbone for the Internet. They set rules for its non-commercial government and research uses. As commands for e-mail, FTP, and telnet were standardized and became a lot easier for non-technical people to learn to use the nets, open up use of the Internet to many more people in universities. Other departments besides the libraries, computer, physics, and engineering departments found ways to make good use of the nets--to communicate with colleagues around the world and to share files and resources. While the number of sites on the Internet was small, it was fairly easy to keep track the resources. But as more and more universities and organizations connected, the Internet became harder to track. There were needs for tools to index the resources that were available.

The first effort to index the Internet was created in 1989, as Peter Deutsch and his crew at McGill University in Montreal, created an archiver for ftp sites, which named Archie. At the same time, Brewster Kahle developed his Wide Area Information Server (WAIS), which would index the full text of files in a database and allow searches of the files. Peter Scott of the University of Saskatchewan brought out his Hytelnet catalog in 1990. He added HyWebCat in 1997 to provide information on web-based catalogs.

In 1991, first friendly interface to the Internet was developed at the University of Minnesota. Gopher's usability was enhanced much more when the University of Nevada at Reno developed the VERONICA searchable index of gopher menus. It was purported to be an acronym for Very Easy Rodent-Oriented Netwide Index to Computerized Archives. A spider crawled gopher menus around the world, collecting links and retrieving them for the index. It was so popular that it was very hard to connect to, even though a number of other VERONICA sites were developed to ease the load. Similar indexing software was developed for single sites, called JUGHEAD (Jonzy's Universal Gopher Hierarchy Excavation and Display).

In 1989, Tim Berners-Lee and others at the European Laboratory for Particle Physics or CERN, proposed a new protocol for information distribution. This protocol, which became the World Wide Web in 1991, was based on hypertext.

In 1993, the development of the graphical browser Mosaic by Marc Andreessen and his team at the National Center For Supercomputing Applications (NCSA) . Later, Andreessen moved to Netscape Corp, produced the most successful graphical type browser and server until Microsoft developed its Microsoft Internet Explorer.

Since Internet was initially funded by the government, it was originally limited to research, education, and government uses. Commercial uses were prohibited unless they directly served the goals of research and education. This policy continued until the early 90's, when independent commercial networks began to grow. It then became possible to route traffic across the country from one commercial site to another without passing through the government funded NSFNet Internet backbone.

Delphi was first national commercial online service to offer Internet access to its subscribers in July 1992. All of limitations on commercial use disappeared in May 1995 when the National Science Foundation ended its sponsorship of the Internet backbone, and all traffic relied on commercial networks. AOL, Prodigy, and CompuServe came online.

Microsoft's full scale entry into the browser, server, and Internet Service Provider market completed the major shift over to a commercially based Internet. Release of Windows 98 in June 1998 with the Microsoft browser well integrated into the desktop. Businesses entering the Internet arena scrambled to find economic models that work. Services such as free web pages, chat rooms, and message boards appeared for community building. Online sales have grown rapidly. AOL's acquisition of Time-Warner was the largest merger in history shows the enormous growth of Internet business! The stock market swooping up as many new technology companies appeared.

Growth of high speed connections: 56K modems, wireless in the past few years. Another trend that�s affect web designers is the growth of smaller devices to connect to the Internet such as Small tablets, pocket PCs, smart phones, game machines.

Internet Protocol version 6 (IPv6) is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4"). It is a network layer IP standard used by electronic devices to exchange data across a packet-switched internetwork. It follows IPv4 as the second version of the Internet Protocol to be formally adopted for general use.

Most of today's internet uses IPv4, but it is beginning to have problems. Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet. That�s why the IPv6 was designed. The main improvement brought by IPv6 is the increase in the number of addresses available for networked devices, allowing, for example, each cell phone and mobile electronic device to have its own address. IPv4 supports 4.3�109 (4.3 billion) addresses, which is inadequate for giving even one address to every living person, much less support the burgeoning emerging market for connective devices. IPv6 supports 3.4�1038 addresses, or 5�1028(50 octillion) for each of the roughly 6.5 billion people alive today, or almost 57 billion addresses for each gram of matter in the Earth.

Invented by Steve Deering and Craig Mudge at Xerox PARC, IPv6 was adopted by the Internet Engineering Task Force in 1994, when it was called "IP Next Generation" (IPng). As of December 2005, IPv6 accounts for a tiny percentage of the live addresses in the publicly-accessible Internet, which is still dominated by IPv4. The adoption of IPv6 has been slowed by the introduction of classless inter-domain routing (CIDR) and network address translation (NAT), each of which has partially alleviated the impact of address space exhaustion. Nevertheless, as of August 2006, the primary IANA pool is expected to run out in the 2009 to 2011 timeframe if current trends continue. The U.S. Government has specified that the network backbones of all federal agencies must deploy IPv6 by 2008. Meanwhile China is planning to get a head start implementing IPv6 with their 5 year plan for the China Next Generation Internet.

It is expected that IPv4 will be supported alongside IPv6 for the foreseeable future. However, ipv4-only clients/servers will not be able to communicate directly with IPv6 clients/servers, and will require service-specific intermediate servers or NAT-PT protocol-translation servers.

The Domain Name System (DNS) is an internet directory services that stores and associates many types of information with domain names, but most importantly, it translates domain names (computer hostnames) to IP addresses. For example, the domain name www.example.com might translate to 198.105.232.4. Because domain names are alphabetic, they're easier to remember. It also lists mail exchange servers accepting e-mail for each domain. In providing a worldwide keyword-based redirection service, DNS is an essential component of contemporary Internet use.

In DNS theory, domain names arranged in a tree, cut into zones, each served by a nameserver. And its system consists of three components: DNS data (called resource records), servers (called name servers), and Internet protocols for fetching data from the servers. The DNS consists of a hierarchical set of DNS servers. Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain and the name servers of any domains "beneath" it. The hierarchy of authoritative DNS servers matches the hierarchy of domains. At the top of the hierarchy stand the root servers: the servers to query when looking up (resolving) a top-level domain name (TLD).

Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. Formally SMTP is defined in RFC 821 (STD 10) as amended by RFC 1123 (STD 3) chapter 5. The protocol used today is also known as ESMTP. It is a relatively simple, text-based protocol, where one or more recipients of a message are specified (and in most cases verified to exist) and then the message text is transferred. It is quite easy to test an SMTP server using the telnet program.

Hypertext Transfer Protocol (HTTP) is a method used to transfer or convey information on the World Wide Web. Its original purpose was to provide a way to publish and retrieve HTML pages.

HTTP is a request/response protocol between clients and servers. The originating client, such as a web browser, spider, or other end-user tool, is referred to as the user agent. The destination server, which stores or creates resources such as HTML files and images, is called the origin server. In between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels.

FTP or File Transfer Protocol is used to connect two computers over the Internet so that the user of one computer can transfer files and perform file commands on the other computer. Specifically, FTP is a commonly used protocol for exchanging files over any network that supports the TCP/IP protocol (such as the Internet or an intranet).

There are two computers involved in an FTP transfer: a server and a client. The FTP server, running FTP server software, listens on the network for connection requests from other computers. The client computer, running FTP client software, initiates a connection to the server. Once connected, the client can do a number of file manipulation operations such as uploading files to the server, download files from the server, rename or delete files on the server and so on. Any software company or individual programmer is able to create FTP server or client software because the protocol is an open standard. Virtually every computer platform supports the FTP protocol.

Node in a computer network called Ethernet hub. An Ethernet hub or concentrator is a special type of network device for connecting multiple twisted pair or fibre optic Ethernet devices together, making them act as a single segment.

It works at the physical layer of the OSI model, repeating the signal received at one port out each of the other ports (but not the original one). The device is thus a form of multiport repeater. Ethernet hubs are also responsible for forwarding a jam signal to all ports if it detects a collision. A hubbed Ethernet network behaves like a shared-medium, that is only one device can successfully transmit at a time and each host remains responsible for collision detection and retransmission.

In a telecommunications network, a switch is a device that channels incoming data from any of multiple input ports to the specific output port that will take the data toward its intended destination. In the traditional circuit-switched telephone network, one or more switches are used to set up a dedicated though temporary connection or circuit for an exchange between two or more parties.

On an Ethernet local area network (LAN), a switch determines from the physical device (Media Access Control or MAC) address in each incoming message frame which output port to forward it to and out of. In a wide area packet-switched network such as the Internet, a switch determines from the IP address in each packet which output port to use for the next part of its trip to the intended destination. In the simplest networks, a switch is not required for messages that are sent and received within the network. For example, a local area network may be organized in a Token Ring or bus arrangement in which each possible destination inspects each message and reads any message with its address.

A firewall is an information technology security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based.

A firewall's basic task is to control traffic between computer networks with different zones of trust. Typical examples are the Internet which is a zone with no trust and an internal network which is and should be a zone with high trust. The ultimate goal is to provide controlled interfaces between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle and separation of duties. Proper configuration of firewalls demands skill from the firewall administrator. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool.

In computing, BOOTP short for Bootstrap Protocol. It is a UDP network protocol used by a network client to obtain its IP address automatically. This is usually done in the bootstrap process of computers or operating systems running on them. The BOOTP servers assign the IP address from a pool of addresses to each client. The protocol was originally defined in RFC 951.

BOOTP enables 'diskless workstation' computers to obtain an IP address prior to loading any advanced operating system. Historically, it has been used for Unix-like diskless workstations (which also obtained the location of their boot image using this protocol) and also by corporations to roll out a pre-configured client installation to newly purchased PCs.

Originally requiring the use of a boot floppy disk to establish the initial network connection, the protocol became embedded in the BIOS of some network cards themselves and in many modern motherboards thus allowing direct network booting. DHCP (Dynamic Host Configuration Protocol) is a more advanced protocol based on BOOTP, but is far more complex to implement. Most DHCP servers also offer BOOTP support.

The Dynamic Host Configuration Protocol (DHCP) is a set of rules used by a communications device (such as a computer, router or networking adapter) to allow the device to request and obtain an Internet address from a server which has a list of addresses available for assignment. This protocol is used when computers are added to a network because these settings are necessary for the host to participate in the network.

DHCP emerged as a standard protocol in October 1993 and functionally became a successor to the older BOOTP protocol, whose leases were given for infinite time and did not support options.

The Simple Network Management Protocol (SNMP) forms part of the internet protocol suite as defined by the Internet Engineering Task Force (IETF). More specifically, it is a Layer 7 or Application Layer protocol that is used by network management systems for monitoring network-attached devices for conditions that warrant administrative attention.

The SNMP's extensible design is achieved with management information bases (MIBs), which specify the management data of a device subsystem, using a hierarchical namespace containing object identifiers, implemented via ASN.1.

Proxy server also called a "proxy," it is a computer system or router that breaks the connection between sender and receiver. Functioning as a relay between client and server, proxy servers are used to help prevent an attacker from invading the private network so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.

Proxy server setting in Internet Explorer is needed in UTAR network environment because:

The word proxy means "to act on behalf of another," and a proxy server acts on behalf of the client and the server (UTAR). All requests from the clients to the Internet go to the proxy server first. The proxy evaluates them, and if allowed, re-establishes the requests on the outbound side to the Internet. Likewise, responses or initial requests coming from the Internet go to the proxy server to be evaluated. The proxy then talks to the client. Both client and server think they are communicating with one another, but, in fact, are dealing only with the proxy.

The advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging.
The functions of proxy, firewall, and caching can be in separate server programs or combined in a single package. Different server programs can be in different computers. For example, a proxy server may in the same machine with a firewall server or it may be on a separate server and forward requests through the firewall.

Netfilter and iptables give a flexibility in protecting the services (firewall feature), powerful routing features (network address translation, or NAT), manipulating packets (packet mangling), and most useful is the connection tracking feature. At the packet filtering (firewall) level, it can control which services may be accessed, and how they may be accessed. At the NAT level, user can use the packet filtering feature, process the packets, and send them to a specific host on the network, service on the same box, or simply drop the request at the doorstep.Netfilter and iptables is the re-designed and heavily improved successor of the previous 2.2.x ipchains and 2.0.x ipfwadm systems.

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains.

Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a `target', which may be a jump to a user-defined chain in the same table.

Iptables uses the concept of separate rule tables for different kinds of packet processing functionality. These rule tables are implemented as functionally separate table modules. The three primary modules are the rule filter table, the NAT table, and the specialized packet-handling mangle table. Each of these three table modules has its own associated module extensions that are dynamically loaded when first referenced, unless you�ve built them directly into the kernel.

The filter table is the default table and the other tables are specified by a command-line option. The filter table has two kinds of feature extensions: target extensions and match extensions. The target extensions include the REJECT packet disposition, the BALANCE and CLUSTERIP targets, the CLASSIFY target, CONNMARK, TRACE, and the LOG and ULOG functionalities. The match extensions support matching on the following:

Traditional, unidirectional outbound NAT�Used for networks using private addresses.

Basic NAT�Address Translation only. Usually used to map local private source addresses to one of a block of public addresses.
NAPT (Network Address Port Translation)�Usually used to map local private source addresses to a single public address (for example, Linux masquerading).

Bidirectional NAT�Two-way address translation allows both outbound and inbound connections. A use of this is bidirectional address mapping between IPv4 and IPv6 address spaces.
Twice NAT�Two-way Source and Destination Address Translation allows both outbound and inbound connections. Twice NAT can be used when the source and destination networks' address spaces collide. This could be the result of one site mistakenly using public addresses assigned to someone else. Twice NAT also can be used as a convenience when a site was renumbered or assigned to a new public address block and the site administrator didn't want to administer the new address assignments locally at that time.

Iptables NAT supports source (SNAT) and destination NAT (DNAT). The NAT table allows for modifying a packet's source address or destination address and port. It has three built-in chains:

The PREROUTING chain specifies destination changes to incoming packets before passing the packet to the routing function (DNAT). Changes to the destination address can be to the local host (transparent proxying, port redirection) or to a different host for host forwarding (ipmasqadm functionality, port forwarding in Linux parlance) or load sharing.
The OUTPUT chain specifies destination changes to locally generated outgoing packets before the routing decision has been made (DNAT, REDIRECT). This is usually done to transparently redirect an outgoing packet to a local proxy, but it can also be used to port-forward to a different host.
The POSTROUTING chain specifies source changes to outgoing packets being routed through the box (SNAT, MASQUERADE). The changes are applied after the routing decision has been made.

The mangle table allows marking, or associating a Netfilter-maintained value, with the packet, as well as making changes to the packet before sending the packet on to its destination. The mangle table has five built-in chains:

The PREROUTING chain specifies changes to incoming packets as they arrive at an interface, before any routing or local delivery decision has been made.
The INPUT chain specifies changes to packets as they are processed, but after the PREROUTING chain is traversed.
The POSTROUTING chain specifies changes to packets as they are exiting the firewall, after the OUTPUT chain is traversed.
The FORWARD chain specifies changes to packets that are forwarded through the firewall.
The OUTPUT chain specifies changes to locally generated outgoing packets.

For the TOS field, the local Linux router can be configured to honor the TOS flags set by the mangle table or as set by the local hosts.

Little information is available about packet marking in the iptables documentation, beyond that it�s used by the Linux Quality of Service implementation and that it�s intended as a communication flag between iptables modules.

The preceding sections provided an overview of the features available in iptables and the general structure and functionality of the individual table modules. The following sections present the syntax used to invoke these features.

Wireless LAN or WLAN is referring to a wireless local area network, which links up to 2 or more computers without using wires, or cables. Instead of using wired LAN, wireless LAN uses radio communication to accomplish the same functionality that a wired LAN has. WLAN utilizes spread-spectrum* technology based on radio waves to allow communication between devices in a limited area, also known as the basic service set. WLAN allow users to move around within a broad coverage area and stays connected to the network, which gives users mobility.

Stations are referring as components which can connect into a wireless medium in a network. All stations are equipped with wireless network interface cards (WNICs). There are two categories for stations: Wireless Clients and Access Points.

The base stations for the wireless network are called as Access Points. The tasks of Access Points are transmitting and receiving radio frequencies for wireless enabled devices to communicate with.

Wireless clients can be referring as a mobile devices, for example laptops, personal digital assistants (PDAs), IP phones or fixed devices, such as desktops and workstations that are equipped with a wireless network interface card.

The Basic Service Set (BSS) is a set of all stations which are able to communicate with one another. BBS falls into two types: Independent BSS and Infrastructure BSS. Each BSS has an id, called the BSSID, it is the MAC address of the access point servicing BSS.

An Extended Service Set (ESS) is a set of connected BSS. Access Points in an extended service set are connected by a distribution system. Each ESS has an ID called the SSID which is a 32 byte (maximum) character string. Example: linksys (the default SSID for Linksys routers).

A distribution system connects Access Points in an extended service set. A distribution system is usually a wired LAN but can be a wireless LAN.

Figure 9.1 Wireless Local Area Network Architecture using an Infrastructure BSS

To answer this question, firstly we need to know what the benefits of Wireless LAN are.

In conclusion, the benefits of Wireless LAN are convenience, Affordability, Mobility and Productivity.

These are the reason to trigger Wireless LAN is being marketed aggressively by carriers and adopted enthusiastically by enterprises. Through EE Times, under the issue of WLAN hardware market to widen,

�London - Wireless-LAN hardware is enjoying buoyant growth, and the nascent WLAN switch market is beginning to expand rapidly. But a report released last week by Datamonitor plc forecasts that WLAN revenue opportunities will diversify as deployment moves beyond the traditional targets of retail and manufacturing to new segments such as financial and professional services, education and health care.

Datamonitor projects the WLAN hardware market will double in value, from approximately $650 million in 2002 to more than $1.3 billion, by 2006. North America will continue to be the revenue-leading region, though strong growth is forecast in Europe, the Middle East, Africa and, especially, Asia-Pacific�

Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access and the effectiveness (or lack) of these measures combined together.

Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component fails to check potentially harmful contents such as computer worms being transmitted over the network. An intrusion prevention system (IPS)[1] helps detect and prevent such malware. IPS also monitors for suspicious network traffic for contents, volume and anomalies to protect the network from attacks such as denial of service. Communication between two hosts using the network could be encrypted to maintain privacy. Individual events occurring on the network could be tracked for audit purposes and for a later high level analysis.

Honeypots*, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network being protected by the honeypot.

Today, the word 'network' has larger connotations. Network now encompasses the whole process of information creation, flow, storage and processing. In other words, it is the lifeline of the process of value creation, on which a company thrives.

The very features of connectivity and accessibility that make networks so indispensable to contemporary society are today creating unforeseen consequences - making it important for organizations to adopt security measures. Some have their applications protected with robust encryption; others are looking to lock down their networks in the face of external threats; still others want to open their networks up to partners, customers and the mobile workforce, without compromising on security.

Enterprises in India are becoming increasingly aware of the need for a better defined security environment, though a recent KPMG survey reveals the shocking fact that more than 70 per cent of Indian corporate still do not have a formal security policy yet.

An enterprise's network, information systems, databases and processes are essential for its survival and must be protected from threats.

Unauthorized users can break into an organization's network to steal information or create damage. Hackers often target business and financial institutions possessing data that can be further exploited. This enhances the role of network security today."

The importance of network security has even prompted the Indian Computer Emergency Response Team (CERT-In) to sign a MoU with Cisco Systems on security co-operation. Both parties will work together to increase Internet security threats faced by critical information infrastructure.

This will be done by improving computer security readiness and raising awareness about the importance of keeping systems and cyber infrastructure secure, software up-to-date and security practices and procedures current.

What are the problems that companies face if their networks are not protected?

The company will lose their competitive advantage, brand, clients� confidentiality, confidence and punitive action by regulators due to non-compliance of strictures.

The ways secure networks for organizations, organization should deploy standard, network-based tools like firewalls and intrusion detection systems as well as host-based security solutions on individual computers. In addition, intrusion prevention systems (IPS) have been proven to block attacks that bypass these traditional security tools through total packet inspection and prevention. Like anti-virus products, intrusion prevention systems are updated. However, they are more comprehensive because IPS blocks a wide range of threats like denial of service attacks, worms, viruses, trojans, buffer overflows, spyware.

Enterprises today have multi-layer data protection mechanism like data security based on role, level, hardware, software etc. But across levels, the only way to get access to data is by putting in the right user name and password, which can be easily hacked. So, the best way is for financial institutions and the government to reduce online fraud including upgrading existing password-based, single-factor customer authentication systems to two-factor authentication.

Network security solutions are easy to deploy than host-based or desktop solutions. Network solutions can protect the entire network through a centralized solution, whereas host-based security solutions, like anti-virus software, must be deployed on individual machines. Deploying host-based security is time-consuming and sometimes it is impossible to control the individual's desktop as in the case of education environments where the university does not "own" the student's computer or in the case of an Internet Service Provider who does not own its customers' machines.

In such a case, a network security solution is much more efficient and can protect the organization and its users from threats. It's also more difficult to update and patch host-based solutions since this must be done on each individual machine. In large organizations with thousands of employees, this can take weeks.


TMNET offer a variety of packages on its broadband services. There is a wide range of bandwidth for user to choose as from 384k to 2M speed, to suit their needs and ability or affordability.	Jaring only offer 3 types of broadband services to their customers. Their customer can only choose 1M bandwidth speed for their usage and purpose.
For the 1M bandwidth broadband, TMNET offer 3 types of package which they cost 88, 99 and 418. RM 88 and RM 99 package will have the features of 1 dynamic IP and 1 email and RM 418 package will have the features of 1 fixed IP and 3 email address.	For the 1M bandwidth broadband, TMNET offer 3 types of package which they cost 88, 99 and 418. RM 88 and RM 99 package will have the features of 1 dynamic IP and 1 email and RM 418 package will have the features of 1 fixed IP and 3 email address.
Offer 4MB of email storage	Offer 20MB of email storage
Offer wired broadband only	Offer both wired and wireless broadband
Coverage area over whole Malaysia mostly	Only available at KL and PJ(wireless broadband) and wired broadband not covered whole Malaysia
Offer dial-up services with RM 35 for the new registration and cost 1 cent per minutes.	Offer dial-up services with RM 20 monthly which include up to 1200 minutes of usage. Exceeds usage charges will be 2.5 cents per minutes for the PSTN line and 4 cents per minutes for the ISDN line.