Bryon Gaskin ISO617 Network Evaluation Network Evaluation-Thomson The company I chose was Thomson. Of focus is local site in Marion. However I feel that this still was still a learning experience for myself as well as the rest of the class because on one hand I have already had a good deal of knowledge of our internal LAN, and that can be a benefit to the rest of the class, this project forced me to go outside the my local group of experts and gather resources from many different resources based around the world. The intention of this paper is not to serve as a road map for a company to follow when they are developing a local area network or a wide area network. The intention of this paper is to give an example of real-world implementation of a LAN-WAN solution and illustrate how a good portion of the trials and tribulations involved in network management are more “management” than “network”. Most of the students in an MBA program are not going to be in the information technology department, instead most MBA students will be on the outside looking in. The opposite holds true for information technology professionals, a good portion of technology professionals don’t understand how information technology intertwines in the business of the company, and instead they tend to focus only on issues they can see or are actually involved in. For security purposes some of the information presented may be a generalization of information instead of actual data, for example IP addresses, router and gateway names may have been changed, etc etc. Bryon Gaskin ISO617 Network Evaluation BACKGROUND INFORMATION: A little background information about Thomson will help one to understand one how difficult it is to manage and maintain a network, but also give some insight as to some of the issues we are confronting today within and external to the company. Many people don’t know what Thomson does, until about the last 3 years Thomson was known primarily for carrying RCA brand TVs and paying for the right to advertise on the RCA dome. However changes in the business environment have forced a refocus of Thomson’s efforts, primarily fueled by the shifting on manufacturing jobs to China and the partnering of Chinese TV manufacturing company TCL. Adding to the changing environment Thomson purchased Technicolor which has several locations around the world and Grassvalley, each of which have presented separate but equally challenging issues that will be discussed later. Today Thomson’s main products have moved from items like TVs to items like MP3 players, DVDs, TV studio equipment, and studio equipped vans and trucks. LOCAL ENVIRONMENT: Computers: Locally, at my site we currently have approximately 250 windows based PCs, 15 Windows NT/ Windows 2000 servers, and a combination of 6 SUN, HP, and IBM Unix servers. LAN Equipment: The core of the LAN is an ACCELAR router, it goes off and connects to over 25, 24 port Nortel network switches. There are a handful of switches that then branch off and connect to 3Com hubs. At the time of the installation of the 3Com hubs it was prohibitively expensive to install layer 3 or 4 switches to locations where there were was only a handful of low use computer that needed connected. For Bryon Gaskin ISO617 Network Evaluation example, you might have an office area that use up most of the ports for office computers but you still have 3 or 4 printers you need to network. At the time it did not seem feasible to spend $2500 for a Nortel Switch. The network is self is 100MB, there are 1Gigabit connections between all switches and the core Accelar router, and from the switch to the client is CAT 5 cabling. Wireless is not used in the location in which I work, however, it is used any many other locations throughout the company. One of the main concerns is how to secure the wireless network. Wireless is less secure because the medium through which the data travels is exposed to potential threats by the mere fact that the signal has no physical barrier preventing it from being intercepted. A traditional land line or (wired) network is exposed to two general types of attack, internal and external. Creativity using firewalls, routers and proxy servers helps prevent external attack. Internal attacks happen when physical access to your internal network takes place. In a traditional wired network the attack would take place when someone would plug his or her computer into a network jack that was active. This normally took place when someone gained access inside one of the buildings housing the LAN. With a wireless network, the distinction between the two types of intrusion are blurred to some degree because now someone who does not have physical access to the property or building housing the LAN can now launch both internal and external attacks at the same time. The time saved by not having to run physical wires to different locations in a building, would and should probably be offset in the additional planning and monitoring that is needed to detect and eradicate breaches and threats. Bryon Gaskin ISO617 Network Evaluation LAN/WAN There are actually 6 connections to the that physically inter the building in which we are housed. There is a T1 for the internal credit union, a T1 for the contracted learning center that his housed in the building, there is a T1 for voice communications for our company, there is Frame Relay connection for our data services, there is a ISDN backup for data services, and an ISDN backup for a the external Cisco router used to control the router. For data services the internal Accelar router connects via fiber cable to a Cisco router that is connects to a Frame Relay. Although there are six access points to the outside world, only two of them actually carry data such as email or allow internet access to employees of the company. Only the Frame Relay and the backup ISDN line are used by the company itself for external communication. WAN specifications: No employees locally have access to do any programming or analysis of the WAN equipment. There are 3 people who have keys who can physically access the WAN equipment. Management and programming of the WAN is done from France, hence the need for ISDN backups to the external Cisco router. The location in Marion is directly connected to headquarters via the Frame Relay. SOFTWARE and SECURITY Network operating systems. Primary network operating system is Windows NT 4.0, which a majority of the client operating systems being Windows 2000. Within the next 3 months a major migration from Windows NT 4.0 to a Windows 2000 domain is planned. Network Maintenance: Bryon Gaskin ISO617 Network Evaluation Three primary software packages are used to monitor and maintain the network. A program called “Netwatch” monitors each of the ports of each of the routers and switches, this data is collected and stored and analyzed to find trends and trouble spots. The next program that is used is called “What’s Up Gold” it is used to monitor if attached advices are up and running on the network. For instance if a switch goes down or the connection the internet goes down then either a “net send message is generated or an email alert is generated or for more serious situations paging alerts can be generated. The last piece of software used is Microsoft’s System Management Server or SMS. SMS is used to collect information from attached network devices such as servers, computers, printers and any other devices that has an IP address out on the network. Data pulled using SMS is stored in a SQL database that can then be manipulated in a variety of ways to pull out selected information about the attached network devices such as up to date statistics on how many and what type of devices are connected to the network. SECURITY: Security is something that is taken very seriously within the company. There are several security measures that are taken a variety of levels both locally and abroad. Lets start with outside and work our way in. All of the access points to the internet sit behind two sets of hardware based firewalls before ever coming in contact with any internal network equipment. Access to the internet is granted via a series of proxy servers that are arranged in a “round robin” setup. SMTP gateways set on both sides of the firewalls. Certain types of files are not allowed to pass through the email systems such as VBS, EXE, COM, and BAT files. If the are detected, the attachments are removed and both the sender and the recipient is notified that the email has had the attachment removed. This Bryon Gaskin ISO617 Network Evaluation level of protection is done at the SMTP gateway as opposed to being executed at the site level, thinking being, that most of the viruses in the wild will come from outside of the network. All servers, desktops and laptops run virus protection developed by a company called TrendMicro. Virus pattern updates and software updates are sent out via a preconfigured spoke and hub setup. On the outside of a virus attacked, 1 administrator can propagate updated virus protection to everyone connected network device is all of Thomson’s computers including those in it’s recently acquired companies within 10 minutes, which equates to about 40,000 computers located in each of the 7 continents. File level security using NTFS not only prevents unauthorized access it also allows for tracking of access by user to specified resources. One of the most important parts of security is constantly reviewing security logs to look for not only the occasional access denied, but more importantly, spotting trends in allowed accesses. You can have the tightest file level security, but often times the week spots are the end user themselves. Many times users will walk away from their computers and stay logged in. This allows anyone who walks past his or her desk to sit down and see what they see. To help circumvent this problem, we implemented a screen saver policy using NT 4.0 Policy Editor. Each time someone logs on, he or she gets a policy that locks out the computer after 4 minutes of inactivity. The other thing that has been implemented is the forcing of password changes. Each user is required to change his or her password every 30 days. This is a doubled edged sword because on one hand the user is forced to change his or her password more frequently, the more often one is required to change his or her password, the more likely they password is to be written down and left where someone can see it. Network Issues: Bryon Gaskin ISO617 Network Evaluation The largest issue facing strictly the network locally, have to do with the ever- changing business layout. Four years ago, there were 4000 production workers and 300 administrative staff. How there are a little of 800 production workers and 200 administrative staff. Constant reorganization causes major hardships for the network and the network administrator. Often times a business decisions are made and IT is not involved in the decision and what you will find is that some part of the network is taken down when another department decides to take down a wall. External to my location they have the opposite problem. The company as a whole is dealing with acquisitions and all of the technological pains that go with acquiring companies that have different types of networks and making them manageable. The problem is only compounded when the business either acquires or partners with companies in other countries. However, a good deal of problems that face not only network administrators and IT managers is the politics involved in IT decisions. For example, the company has outsourced on a global scale all of its telecommunications services including voice and data services. Over the long run, this will save the company approximately 25% at the corporate level, however; at the local level many places will go from paying services in the $2500 a month range to upwards of $20,000 a month. The cost is justified to the company because of the outrageous price for telecommunications in countries like China, Mexico, and Brazil. In other words, established locations take paying a greater share of the total communications charges than they were accustomed to and the newly acquired companies pay less than they would have if they would not have had a global contract for their services. As in most situations, the biggest cause of problems is either miscommunication or lack of communication. Stronger, more direct communication is essential in any Bryon Gaskin ISO617 Network Evaluation relationship between the business side of the company and the IT side of the company. The truth is that in most circumstances IT is a function of the business and not the actual business itself. This is an important concept for not only IT people to understand but as well as management to understand. For the average business it is seen as an unnecessary evil, because often time projects have high upfront costs and the returns are realized over a long period of time. Adding to the strain between management and IT is the fact that IT for the most part does not generate income for the company, at best, IT must be able to improve cash flows by decreasing overall business expenses.