IP based Security - Networking
Essentials for non-IT professionals
·
Electronic Security Systems – Introduction
·
Overview of analog and digital technology --
·
Network Connectivity Devices and components
·
Working with the IT Department
·
Integrating digital and analog CCTV networks
Electronic Security Systems Introduction
Features of electronic
security systems like CCTV, Access Control, Intrusion
Detection, Fire Fighting systems
Difference
from physical security concepts and advantages of electronic security systems
Most of the electronic
security systems are becoming digital and an interface for connection to IP
networks is being provided to take advantage of IP technologies.
When all security systems are
connected to the same IP network, they become easier to manage and an
alarm/event from one system can be used to trigger event in other systems.
Even though on the same IP
network, all security systems can be logically grouped into a logical security
network. The security policies for this security network within the whole
network can be administered by the security department independently.
Overview of analog and digital technology
Natural electrical /
electromagnetic signals are Analog signals eg human voice and video. These are represented as continuously
variable waves.
Computers only understand
digital signals represented in 1’s and 0’s. All computers use languages and
protocols based on arrangements of these “bits” of 1’s and 0’s.
Digital technology allows all
information—text, sound and video, for example—to be represented and
transmitted as sequences of bits of 1s and 0s.
An ‘’Encoder’’ is used to
convert analog signals into digital signals.
All signals need to travel to
some point in order to be processed and utilized eg
in a security alarm, CCTV network
Transmission of signals in
digital form is much better quality and more efficient. An idea of the difference
in quality can be had by comparing the old telephone systems with the newer
ones.
Analog CCTV
systems use Coaxial cable. The cable can only be used for video signal from one device. Separate
cable must be used for audio and control signals.
Digital CCTV
networks ( IP camera networks),use an 4pair UTP cable which can carry video , audio and control signals
from several devices simultaneously.
Computers connect with each
other to share information and resources. All digital devices are actually
computers designed for specific application. eg smart cards having a computer on a microchip, CCTV camera having on board web server,
These are included in the
term “computer” as used here to explain the basics of networking.
All computers connected to
each other via cable / wireless so they can communicate, form a “network”.
A network is called “IP Network” as TCP/IP network protocol is used to
communicate intelligently between computers.
Once computers are connected to a network, they
can be organized into “logical groups” based on organizational administration
requirements
Ethernet Standards under
802.xx classification specify the data transmission methods, logical and
physical topologies, physical connection media, maximum cable lengths etc.
Local Area Networks (LANs) are formed by joining computers within a specific
area, usually a single office building.
LANs of different buildings
may be connected to each other.
Wide Area Networks ( WANs) is any network that connects LANs over long distances
eg connecting branch offices of a company which are
spread all over the country or world.
Physical
Network Topologies A topology is a
map of the network describing the layout of cables, computers and location of
network components.
Most common topologies are –
Bus Topology All computers
are connected to the same cable. All data is transmitted over this cableand only the computer the data is addressed to accepts
the data.
Star Topology Each computer
is connected to a central point by a separate cable. The central point, which
is a hub or switch passes data between computers.
Mesh Topology Each computer
connects directly to each other. This is mainly used when high redundancy is
needed.
Hybrid mesh topology is used when some computers on the network are provided
direct / multiple connections.
Few computers connected
together form a “segment” which in turn is connected to the “backbone”
by a single cable. The backbone usually will be a higher bandwidth connection.
For example, in a multistory
building, one cable may be laid from ground to the top floor forming the
backbone and individual floors will form segments connected to the backbone.
Computers on a network function
usually in two ways. These are logical types of network architectures
independent of physical connections.
Peer to Peer Networks All computers are equal and there is no
central authority. Each computer is responsible for securing its shared
resources.
Client / Server Networks One computer
is a server and others are clients. The server manages the sharing of resources
among all clients and provides central authority.
Physical
Network Connections Networks
may use wireless technologies to connect but most networks use Unshielded
Twisted Pair cable. Fiber optic connections is used for
high speed and bandwidth, and is suitable in some special conditions.
Unshielded Twisted Pair (UTP) Category 5 cable consists of 8 individually twisted wires that are
twisted together in pairs. It is cheaper and easier to work with compared to
Coaxial cable. It is resistant to electromagnetic interference and transmits
data at fast speeds about 1 Gbps.
Cat 5 cable is connected
using RJ-45 connector which is similar to telephone connecter.
Signaling methods used to
transmit data on the cable determine the bandwidth available for the network. Baseband signaling uses entire bandwidth of the cable for
each signal. In broadband, multiple signals are transmitted on same cable
simultaneously.
Ethernet
Standards for networks using Cat 5 UTP are classified under 802.3
specification. Maximum number of devices on a segment is 1024.
|
Term |
Standard |
Speed |
Distance |
|
Ethernet |
10BaseT |
10 Mbits/s |
100 meters |
|
Fast Ethernet |
100BaseT |
100 Mbits/s |
100 meters |
|
Gigabit Ethernet |
1000BaseT |
1 Gbit/s |
100 meters |
When
using fiber optic cables, maximum cable length can be upto
several kilometers and speeds can be up to 10Gbits/s
Fiber optic cable transmits light rather than electrical signals,
making it immune to interference like EMI and RFI. It
offers much greater bandwidth about 10 Gbps and
maximum permissible distances in Kilometers
Wireless
Networks 802.11 standards defines Wireless Ethernet or Wi-Fi networking commonly used in LANs.
|
|
bandwidth |
Frequency
used |
Range
|
|
802.11b
Wi-Fi |
11
Mbps |
2.4
GHz |
~
38m |
|
802.11a
Wi-Fi |
54
Mbps |
5
GHz |
~35m |
|
802.11g
Wi-Fi |
54
Mbps |
2.4
GHz |
~100m |
|
802.11n
Wi-Fi |
Over
100 Mbps |
2.4
GHz |
~300m |
|
802.15.1Bluetooth |
1-3
Mbps |
2.4
GHz |
<
10 m |
|
802.16
Wi-Max |
Upto 75
Mbps |
2
GHz to 66 GHz |
5
to 30 miles |
Ranges
will be affected depending upon obstructions etc.
WAN Connection types and services WANs typically use circuits provided by a telco
to connect LANs in different geographical locations. These circuits may be
Leased line of fixed bandwidth, ISDN, T1, T3 etc. These connections are usually
expensive depending on the bandwidth.
3G Networks These are the networks owned by mobile telephone
companies. 3G services have been launched recently which provide broadband
internet connections on mobile telephones, i-pods,
PDA’s etc.
Some IP CCTV
cameras may be viewed through connection on a 3GPP compatible device.
Media Access Control (MAC)
or hardware Address Every computer has a MAC or hardware address
typically assigned at the factory.
IP
Addresses Every device on a network which uses TCP/IP protocol (
Transmission Control Protocol/ Internet Protocol) is given a logical address
called IP address. IP addresses are necessary to identify devices and for
reliable communications on the network.
IP
addresses are like unique telephone numbers. Sample IP address: 192.168.1.1 subnet mask : 255.255.255.0
IP
addresses may be assigned manually on devices (Static IP address) or may be dynamic-
assigned automatically by a Dynamic Host Configuration Protocol Server ( DHCP server). Dynamic IP
addresses are assigned each time a device boots up. Routers usually have DHCP servers built in.
Static IP address is
sometimes required for certain functions. When static IP is not available, DDNS service is used to allow the device to function like
it has static IP address.
How data travels on a network Data is grouped into Packets for transmission and assembled again at the
destination. Packets of data contain all the information to identify the source
and destination of the data and other protocol information for intelligent and reliable
connections.
Network
bandwidth The amount of data that can be sent across a cable in a given time is
called bandwidth. Data intensive applications like video consume a lot of
bandwidth. The bandwidth available to different types of applications may need
to be managed for proper functioning of the network.
Power
over Ethernet Power to a network device requiring low voltages ( <
48V) may be supplied using the same network UTP cable that is
used to transmit data. For a single device a splitter is used and for multiple
devices a power distribution unit is used to inject power onto a network UTP cable.
Network Connectivity Devices and components
Network Interface Card ( NIC) provides
physical connection between a computer and the network media ( cable). It will
have an RJ 45 port to plug UTP cable on outside and
connect to computer electronics on the inside. Every NIC
has a hardware address ( MAC address).
Wireless Card provides a means to connect computer to a
wireless network. It will connect to computer electronics on the inside and
will have a small antenna on the outside to receive and transmit wireless
signals.
Patch Panel is a central wiring point for multiple devices
on a UTP network. All cable runs start from here and
go to devices on the network. From patch panel, connections are further made to
hub, switch etc using UTP patch cords.
Repeater amplifies or repeats network signals to extend
the maximum distance of a single network segment.
Hub serves as a central connection point for several network
devices. A passive hub receives network signals and repeats
them on multiple ports.
An active hub also amplifies
the network signal thus helping to extend the maximum length of a network
segment.
Bridge is used to logically separate a single network into two
segments. The primary purpose is to segregate network traffic.
Switching hub (or layer 2
switch) is an intelligent hub which can understand
some of the traffic that passes through it. It receives network signal,
understands which device the signal is meant for and forwards it to that device
instead of broadcasting on the network to all devices like a hub does. This
results in faster communications between devices.
Router Connects multiple networks or segments to form a large WAN and facilitates communication
within the WAN or between networks and the internet. Router understands the network
traffic and sends data to the destination device in the WAN by
the best possible route.
Switch ( Layer 3 switch) In addition to the functionality of layer 2
switch, the layer 3 switch can perform some basic routing functions.
Gateway It is usually a router through which computers on a
network communicate with other networks
Servers Servers provide resources to clients on the network. Servers
may be software or hardware based.
Some
specific types of servers found on the network are
Web server –
Holds and delivers web content using Hypertext Transfer Protocol ( HTTP)
to manage communications with a web browser like Internet Explorer
Remote
access servers – provide and control
remote users access to the network
File server
– holds and distributes files
Print
server – manages all printers on the network
Application servers – Hosts a network application
Database
servers—holds databases and provides
access as needed
Domain
Name Server (DNS) – builds and holds
the table containing host names and domain names of all devices and their
corresponding IP addresses.
Peripherals are devices that are attached to the computer
like printers, speakers, back up devices etc. Some peripherals like printers can
be made available on the network for other users. Some peripherals can be
connected as separate device on the network.
Modems computers
connect to a telco network through a modem. It may be
a modem that
dials through the telephone line or a broadband modemdepending
upon the type of connection.
operational requirements
Network Administration A network Administrator manages the tasks related to creating
accounts and passwords for users and resources, allotting them specific rights
to use network resources. For example, some camera views may be allowed to be
viewed live only at the control room and some may be allowed to be viewed by all
users.
Remote Access Resources
on your network may need to be allowed to be accessed by remote users on other
networks or through the internet. Remote access server manages and controls
incoming connections. Point to point protocol(PPP) and
point to point tunneling protocols (PPTP) are
commonly used to manage remote access.
Storing
/ Backing up data every computer has an internal storage media (disk
drive, flash drive, memory card etc) where all data is stored.
External storage systems
consist of several disk drives offering huge data storage and are connected to
the servers using either Fibre Channel or SCSI
( Small Computer System Interface) interface. Data may also
be backed up so that it may be recovered in case of a disaster or breakdown.
Network security Security
policy of an organization will define how network security is implemented.
Security policies are designed to ensure that only authorized users have access
to the network and they can only access in authorized ways.
Each
resource on network may be allotted a password and only the users given the
password will be able to access it.
Each
user is individually assigned username and password and is allotted rights to
network resources. Only authorized users are able to access resources he is
authorized to access.
Logs
are kept of all attempts to access.
Routers
may have some security features built in like access control through Access Control
Lists ( ACL).
Firewalls
are used when your private network is connected to the internet. It
intelligently examines all incoming and outgoing packets and can be configured
based on security requirements.
Cryptography uses sophisticated algorithms to encrypt the data on the network. Secret keys and public
keys are provided to users and only intended reciepients can access the data by
using their key to de-encrypt.
Access,
Authentication, Authorization
Access process should ensure the correct person is accessing your organizations
resources.
Since passwords can be shared, a physical token in
addition to a password may be used during the authentication process.
Once authenticated, controls should be in place to
make sure individuals only access the resources they are authorized to access.
Anti
virus softwares are installed to prevent threats
posed by malicious programs used by someone having bad intentions. Anti virus
programs continuously monitor all activity and scan all communications for
malicious data.
Network testing and
troubleshooting
Cat 5 cable is tested using a UTP cable tester
which can identify cable faults. It consists of units which are connected to
each end of the cable. LEDs show the status of cable
and identify any faults.