The core of the network in various parts, with the increased traffic, access traffic and rapid growth in data traffic, its processing capacity and computational intensity will also increase accordingly, allowing a single device simply can not afford. In this case, if the existing equipment to do throw a lot of hardware upgrades, which would result in a waste of available resources, and if have to face the next business volume increase, which in turn lead once again the high cost of hardware upgrades inputs, and even superior performance of the device and then can not meet current traffic needs.  As a result, load-balancing mechanism came into being.

 Load balancing (Load Balance) built on top of existing network infrastructure, which provides a cheap and effective and transparent method of expansion of network equipment and servers, bandwidth, increase throughput, enhance network data processing capability, increase network flexibility and availability of.

Read the rest of this entry »

Load balancing has two meanings: First, a large number of concurrent access or data traffic to multiple nodes to share equipment dealt with separately, thus reducing waiting time for response; second, a single heavy-duty computing device sharing to more than one node do in parallel processing, each node device processing after the summary of the results returned to the user, the system processing capacity to be increased significantly

Load-balancing ==>> Load Balance

Due to current network, the various core business volume with the increased traffic and the rapid growth in data traffic, its processing capacity and computational intensity increases accordingly, allowing a single server device simply can not afford. In this case, if the existing equipment to do throw a lot of hardware upgrades, which would result in a waste of available resources, and if again faced with the next increase business volume, this in turn led to the high hardware upgrade once again the cost of inputs, or even superior performance, and then the equipment can not meet the current business volume growth in demand

For this case grew out of a cheap and effective and transparent approach to expanding the existing network equipment and server bandwidth, increase throughput, enhance network data processing capability, increase network flexibility and availability of technology is load balancing (Load Balance ).

Application of load-balancing technology mainly are as below.

1) DNS load balancing load balancing technology is the first achieved through the DNS in the DNS configuration for multiple addresses with a name, so check the name of the client machines will have one of the addresses, allowing access to different customers of different servers to achieve load balancing purposes. DNS load balancing is a simple and effective method, but it can not distinguish between different server, it does not reflect the server’s current state of operation

2) The Proxy Server load balancing using a proxy server, you can forward the request to internal servers, the use of such acceleration model is clearly static web pages can enhance the speed of access. However, you can also consider such a technique, using a proxy server forwards the request to multiple servers evenly, so as to achieve load balancing purposes

3) Address Translation Gateway load balancing to support address translation gateway load balancing can be an external IP address mapping for multiple internal IP addresses, for each TCP connection requests dynamically using one of the internal address to achieve load balancing purposes

4) The agreement internal support load-balancing In addition to these three kinds of load balancing methods in addition, some protocols related to internal support and load balancing features, such as HTTP protocol redirection capabilities, HTTP running on TCP connections at the highest level

5)  NAT load balancing NAT (Network Address Translation Network Address Translation) is to simply convert an IP address to another IP address, are generally used for internal address are not registered and legitimate, have been registered Internet IP addresses between conversion. Internet IP Applicable to solving the Internet IP address of the tense, do not want to know the internal network structure of network externalities such occasions

6) Reverse proxy load balancing approach is general agent proxy on the internal network users to access internet connection to the server request, the client must specify the proxy server, and would have to be sent directly to the internet connection on the server, the request sent to the proxy server processing. Reverse Proxy Internet internet Reverse Proxy (Reverse Proxy) mode refers to the proxy server to accept connection requests on the internet, and then forwards the request to the server on the internal network, and the results obtained from the server back to the internet connection on the request of the client, At this point on the performance of the external proxy server as a server. Internet Reverse proxy load-balancing technology is to be connection requests from the internet on the way to reverse proxy to dynamically transmitted to the internal network on a multi-processing servers, so as to achieve load balancing purposes

7) Hybrid load balancing, in some large-scale networks, due to various hardware devices within the server cluster, each the size of the services provided by such differences, we can consider for each server cluster load balancing using the most appropriate way, and then again This is once again among multiple server farm load balancing or clustered together to provide services to the outside world as a whole (ie, this group of multiple servers as a new server farm), so as to achieve the best performance. We will call this approach hybrid load balancing. This approach is sometimes also used for a single performance of a balanced device does not meet the case of a large number of connection requests

The following list is about the equipment, key to the safe handling of the 10 decision

1) In the time-out equipment, to ensure that all accounts a letter Interest rates and access control tools have been cleared. You do not want to pre-company personnel, using the original workstation connected to the company’s network it, you do not want to connect a computer for remote network access account without the need of the time the network attacker as a tool bar. Therefore, it is the first thing you should do something.

2) Do not think to fill up your hard drive means that junk data have been safely handled.  If the drive contains confidential information, you should be removed before processing operations. Even if you have not been informed that drive the existence of any confidential data, but also should consider whether it should be examined to prevent the omission; if not found, then, do not just put waste inside. shred utility. For the stored data, the only reformat the drive or run the “Clear” command is not enough; shred utility sort of practical attacks can help you more secure delete files. Contains the encrypted data drive during delete operation should be preceded by processing the data, increasing the difficulty of being restored.

In the most extreme cases, the storage device may require the destruction of the physical layer to prevent confidential data from being leaked to the next one to obtain the drive, even in the company’s internal, but also need to do so.  In this case, you may not need its own hands.  Experts could carry out such work for you, and in the realization of the hard disk drive so that data can not be resumed at this point, they may do better than you.  If your request is very strict, can not believe that specializes in the storage device from an external security of the destruction of the company, they should establish a dedicated in-house team and external contractors, and the same equipment, same equipment, has the same skills.

Read the rest of this entry »

3)  For the whole process of elimination to establish an operational list, to ensure that all the steps throughout the process will not be forgotten. In a similar whole department was closed, a large number of computer processing time required, so that treatment may be very important, of course, other time is also very important. But, do not rely solely on the list, but give up their own reflection. You should consider in detail the entire process, clearly its use to prevent any potential risk of endangering the security of the company. When you think of the safety hazards that may arise when, it should be to join the list, and immediately following treatment; list of all items does not necessarily apply to all cases, therefore, need to analyze specific issues.

4)  The device must have a clear-out processing procedures to ensure that processing time does not appear problems caused by errors and negligence.  The best treatment measures according to different categories of equipment, not completely eliminated in one place, complete processing equipment, on the other place, so that you can prevent mistakes in processing and decision-making errors of judgment. For example, perhaps the workstation should be placed on the table and the server racks, until the erase operation is complete (and to some extent they should always be placed there, until the hard disk drive data has been completely cleaned up, and, placed there for the whole system look more normal number). This was also an advantage to you to bring a sense of urgency to safely remove the device, because they need to clear space for other purposes, so it will give you pressure.

5)  Whoever is right out of the machine for processing, after the completion of the entire process to be signed to confirm, if the whole process is more than a common treatment, they have confirmed that the respective needs of each individual’s responsibility.  In this case, in the problems of time, they can confirm who is with the next, you can find out what happened in the end, how bad error.  Time and completion date should be recorded.  Some data should be recorded in detail, including equipment has been dealing with specific components, and their disposal sites, and (then) the depreciated value and replacement cost.

6) Do not delay the safety equipment processing time.  To ensure that priority treatment to prevent errors caused due to personal devices are ignored, where a few weeks, months or even years, until it is people who have found access to the confidential data stored inside a threat to security. And in unnecessarily, do not run the system, you do not want such a system is running in the network, there is no practical use, just give malware and network attacks are opportunities.

7) Identify the configuration of network devices. Pairs of switches, authentication serial servers, and other “smart” network infrastructure management, intelligent network to prevent an attacker from identifying vulnerabilities into your network and systems.

8) For the safe handling of equipment needed to conduct a clear allocation of management, and “chain of custody” to track, to ensure that equipment will not be without an effective safety handle to his or her hands.

9) The corporate network all the computers and network infrastructure equipment to conduct a comprehensive key management, to ensure that no one storage device to be ignored.  Important to remember that even the volatile random access memory in certain limited conditions, can be used as “storage device” to save confidential data. Finally, you must be extremely great importance to the storage of confidential data, and plan well related to protective measures.

10) Do not protect the security of the system into a dead end, because there is no effective safe handling, may result in confidential data to be restored, resulting in security compromised.  Ensure good security practices do not mean to leave the time shut down the computer

Software to utilize existing hardware:

• If you have Windows 98 Second Edition, Windows Me, Windows 2000, or Windows XP, you can use the included Internet Connection Sharing feature.
• WinGate and WinProxy are third-party, shareware alternatives that enable you to configure your computer as a gateway or a proxy server, respectively. (Only recommended if you can’t get ICS to work, if your version of Windwos doesn’t support ICS, or if ICS doesn’t meet your needs). Advantages to using software to share Internet connections:
  • No additional cost, and no additional equipment or wiring to set up.
  • Assuming you have a working LAN, you can be up and running in under 20 minutes.
  • ICS works with any type of Internet connection.
• Drawbacks to using software to share Internet connections:
  • The performance may be slightly slower than a hardware solution (below), although for most intents and purposes, you’ll never notice a difference.
  • The computer hosting the connection must be on for the others to have access to the Internet.
  • The software can be difficult to set up.

Additional hardware:

• A special router is connected directly to the Internet connection adapter.
• Each computer is then connected to the router (which is also a hub), which provides Internet access to all connected computers simultaneously.
• Some routers double as Internet connection adapters, so yoy may need to get one that specifically supports DSL, cable, ISDN, etc. Newer alternatives work with your existing equipment, making them better long-term investments.
• These routers typically are very easy to set up, and support 4 to 10 computers. Since they connect via ethernet, each computer will need an ethernet card.
• Advantages to using hardware to share Internet connections:
  • The hardware provides access to any computer that needs it; no single “host” computer is required to be on at any given time.
  • The hardware usually works independently of the operating system, so you don’t need a version of Windows the specifically supports ICS.
• Drawbacks to using hardware to share Internet connections:
  • The hardware solution is much more expensive, and requires additional cabling and setup.
  • The hardware solution will only work with certain types of Internet connections.

Other alternatives:

• If you have DSL, contact your provider to find out about getting additional IP addresses. Five IP addresses, for example, would typically provide Internet access for four computers without any special software or expensive hardware. The downside is the additional monthly expense, although this can be as low as an extra few dollars per month.

1. Reconnaissance attacks
2. Access attacks 
3. Denial of service (DoS) attacks

Reconnaissance attacks — An intruder attempts to discover and map systems, services, and vulnerabilities.

Access attacks — An intruder attacks networks or systems to retrieve data, gain access, or escalate their access privilege. 

Denial of service (DoS) attacks —An intruder attacks your network in such a way that damages or corrupts your computer system, or denies you and others access to your networks, systems, or services.

1. Unstructured threats
2. Structured threats
3. External threats
4. Internal threats

Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools over the Internet. People are mostly motivated by malicious intent, in this category but most are motivated by the intellectual challenge and are commonly known as script kiddies. They are not the most talented or experienced hackers, but what they have and matters is motivation.

Structured threats consist of hackers who are more highly motivated and are technically sound. They usually understand network system designs and vulnerabilities. They also knows how to create hacking scripts to penetrate the network systems.

External threats are individuals or organizations working outside your company who do not have authorized access to your computer systems or network. They work their way into a network mainly from the Internet or dialup access servers.

Internal threats occur when someone has authorized access to the network with either an account on a server or physical access. They are typically disgruntled former or current employees or contractors.