Does NothingDoes NothingDoes NothingDoes Nothing NowtAdminCase Studiesmodule1Module2Module3Module4Module5Module6Glossary  
nowtPolicy / StrategySoftware evaluationDatabase managementDistributed SystemsNetwork security and accountingHuman Computer InteractionHuman Computer InterfaceSoftware DevelopmentSoftware reliabilityPortability of Datanowt
NowtNetworksNetwork TopologyBridges and repeatersSecurity and accountingQuestionsNowt

Security and Accounting

Networks provide particular security problems that are additional to those experienced by stand-alone systems.

A network is vulnerable to unauthorised access from any of the nodes that are attached. Protection can be provided through network management software which can:

  1. Limit log-on of particular user or group to specified nodes or to specified times
  2. Have a hierarchical password system. This can be implemented by assigning users to groups. These groups can then be assigned particular access rights to directories or files. Typical access rights are:

Read - user can read data from the file but not changes it Write - user can write data to the file Scan - user can see the file name in a directory listing Change - user can re-assign access rights Create - user can create a new file in a directory

A group or an individual user can be granted one or more of these rights to any particular directory or file. In addition the network software can monitor the status of user passwords insisting on a change at particular time intervals, a minimum length and preventing re-use of old passwords.

  1. Network data is particularly vulnerable during transmission. This is particularly true if the transmission is via a public telecommunications network or if the channel involves a radio link. Telephone lines can be tapped, bugs can be installed and radio signals can be easily intercepted. It is important then that data encrypted for transmission so that it will be meaningless if intercepted.
  2. A network that involves remote access is particularly vulnerable to attacks by hackers. A dial back system in which the connection is established from the remote terminal for log in, broken, and the host computer dials the remote terminal back at the location associated with that user ensures that login in is taking place from the expected physical location. This method will not of course work with systems where a user cannot be identified with a particular location.
  3. Network software can monitor use of the system and identify access that is unusual or that breaks an established pattern. The software can either report suspicious access patterns to a supervisor or it can terminate the log in.

A network will usually represent a significant investment for an organisation and the management will want to monitor its cost effectiveness. The network operating system will therefore include some accounting procedures. These may be used to bill departments for usage, sharing out the running costs of the network or, more likely, the accounting information will be used to monitor network usage to ensure that the system is providing value for money.

A network accounting system will record each user log in and log out so that the user can be 'billed' for connection time. It will also record each file access so that the user can be billed for accessing particular files. In addition the network will calculate the users use of network storage - probably based on the number of Kilobytes used multiplied by the number of hours. The billing is normally in terms of some arbitrary unit which can, if necessary, be converted into a final cost that the user pays. Note that three resources are being charged - connection time, access and storage.

 

©LEV