Despite the advent of the personal computer revolution in the late 1970s/early 1980s, computer networking can be traced all the way back to the early 1950s, more than 20 years earlier. Perhaps unsurprisingly, it’s yet another technology that grew out of the Second World War, with one of the first implementations being the connection of U.S. military radar systems.
The advent of what has come to be known as the Internet can also be traced back before the Advanced Research Projects Agency Network (ARPANET) system in 1969 to an earlier project run by the creators of ARPANET, the Defense Advanced Research Projects Agency (DARPA), in 1962, just four years after the organization’s creation. This is an organization that is still developing cutting-edge technologies today.
In fact, the networking of personal computer systems arrived comparatively late, with many businesses still using stand-alone IBM PCs, PC clones, and Apple computers until the widespread adoption of 10Base-type networks from companies such as Novell in the mid-1980s, which sometimes required a specially modified operating system to work. These were typically custom networking solutions operating over coaxial cable (the cable that was also used to connect your television to its antenna).
10Base-type networks could theoretically handle traffic up to 10Mbps, though in reality, cable limitations such as signal leakage and interference frequently dropped this to as little as 4Mbps.
Because coaxial cable is an analog, and not a digital, signal technology, configuration could often be tricky. Parameters such as baud rate (the signal modulation rate in pulses per second), initialization strings, and attention commands (AT) needed to be manually configured on each PC, and different networks would use different configurations.
These days we frequently take networking speeds of 100Gbps for granted (80,000 times faster than the maximum theoretical speed of the original 10Base networks). The digital Ethernet connections we use today were first developed in the 1970s by Xerox, Intel, and the Digital Equipment Corporation, and they helped bring about networking standards in 1983, which grew into the widespread adoption of digital networks after the advent of the Category 5 network cable, which we still use today.
Indeed, the networking we use to connect our PCs and devices to each other, and to the Internet, is still constantly evolving. We’ve been using Wi-Fi since the late 1990s, though it’s gone through many changes and upgrades during this time and has gradually evolved to other networking standards, such as cellular and superfast wireless broadband networks.
The pace of change of networking over the past 50 years has been so pronounced that, just as with other technologies such as displays, processors, and the Internet, it’s difficult to accurately predict where it’ll be 10 or 20 years from now. We’re already seeing wireless connections for displays, and Bluetooth connections for peripherals are commonplace. All of these are networking technologies, and all grew from the work of DARPA in the 1960s.
Fortunately, or perhaps unfortunately depending on how you view these things, the standards for networking are well-established and rarely change, with each new technology ratified by the Institute of Electrical and Electronics Engineers (IEEE) before moving into widespread production. This may hold back our networking potential in years to come, as new standards and technologies will be inevitably required to leverage the full potential of what we’ll be using in the future, and ratification can sometimes take time. For now, however, these standards help make networking straightforward and simple to configure and maintain.
My Network Is Bigger Than Your Network!
But, I hear you ask, how does this simplicity explain the fact that my company network is constantly suffering from outages, bottlenecks, and misconfigured devices?
The networking problems we face today are commonly linked to the complexity of the networks we create. If you look at a typical business, there will be tens, hundreds, thousands, or even tens of thousands of PCs connected to one or more servers, switches, and a router. There will also be other network devices in use, including Network Attached Storage (NAS) drives, networked printers, video-conferencing systems, security camera systems, and more besides. On top of this, the company will operate one or more Wi-Fi networks, and to each of these will be connected a PC, laptop, tablet, or smartphone running one of several different types of operating system, each with its own configuration options and remote management challenges. When you throw secure virtual private networks (VPNs) into the mix to allow the workforce to securely tunnel into the company network from home, other offices, or client and public locations over Wi-Fi or mobile broadband, you quickly come to realize just how complex the networks we take for granted today can be.
Expand this into the wider world, and we not only encounter the networks of other companies but those of vast datacenters, national wired and wireless telephony and data systems, and connections to satellites in orbit. All of this requires constant observation and management, so even a company with dedicated network management personnel, of which you may be one, won’t be able to solve every problem that occurs. Everything is, quite literally, connected to everything else.
In reality, you’re unlikely to be asked to repair a networking problem with a satellite in orbit (though if you are, please send us a photo). It’s much more likely that the problem you face will be either local to a PC or single device or confined to a small area. Major outages tend to be easier to diagnose, such as a bulldozer at the construction site next door that has ripped through the main fiber-optic cabling outside, or one of your service providers is itself suffering an outage. So, what are the different types of network systems and hardware you’re likely to use and encounter?
HOSTS, LMHOSTS, and WINS
You may never use it, but your Windows PC has a little file hidden away in the Windows directory called HOSTS, which you can find in the %windir%system32driversetc folder. In fact, all operating systems come with a version of this file, including Google’s Android and Apple’s iOS and OS X operating systems.
The HOSTS file , as shown in Figure 1-1, is used to map hostnames (local network, intranet, or domain names) to specific IP addresses online or on the local network (though perhaps it’s most commonly used to point web sites such as Amazon and Facebook to the IP address 0.0.0.0 so as to make them inaccessible to the user because that address doesn’t point to anything).
Figure 1-1. The Windows HOSTS file
The HOSTS file is not commonly used on modern PCs and computing devices, as the Domain Name System (DNS) takes care of name resolution (see the following note), which is the mapping of hostnames to IP addresses on the Internet and your local networks.
Note
Name resolution is the process of retrieving the underlying numeric address values for computers and network resources, where the operating system has permitted easily remembered string names to be assigned as the identify of a computer, or resource, for use by the user. On Windows PCs, this refers to the process of retrieving the underlying IP address needed to communicate with a host or domain that is identified by a text-based computer name, or a domain address.
Windows PCs also come with a file in the same directory as HOSTS, called LMHOSTS (LAN Manager Hosts) , as shown in Figure 1-2, and Windows PCs can also use a service called Windows Internet Name Service (WINS) to resolve Network Basic Input/Output System (NetBIOS) names to IP addresses.
Figure 1-2. The LMHOSTS file
WINS was Microsoft’s own alternative to DNS and is now used by only a few very old legacy applications and systems. You shouldn’t be using WINS on your PCs unless you still have machines running Windows 95, Windows 98, or Windows Me on your network (and why would you want to do that?) as these systems will still need the NetBIOS system to find domain controllers and other computers on LAN networks. NetBIOS differs from the fully qualified domain names (FQDNs) that DNS and HOSTS use by allowing only 15-character computer names with no domain name component.
On modern PCs, FQDNs are used for this job instead, but if you think you may have NetBIOS devices on your network or applications on your PC, you can monitor your network for traffic on UDP port 137, which is the port that WINS uses for the NetBIOS service.
WINS exists in Windows today only to enable backward compatibility with older systems. Should you find that you do need to configure WINS, Microsoft has a technical reference online, which you can find at http://pcs.tv/2eRhWdn , and the LMHOSTS file contains instructions on how you can use it to create mappings of IP addresses to NetBIOS names.
Enterprise Networks
Network engineers create enterprise networks to serve large companies, corporations, and, well, enterprises. The main purpose of such a network is to securely connect workstations, domain controllers, various types of servers, devices, and numerous other resources, and to make those resources available to users based on their NTFS and Share permissions as well as their position in the company.
For example, network administrators will typically have full control over the physical network but likely won’t have access to any specific employee data, such as Social Security numbers. And, while human resources employees will have access to employees’ personal information, they likely won’t have access to information regarding sales and inventory, and they certainly can’t perform network tasks such as configuring a print server or installing a domain controller.
Of course, there are other reasons for having an enterprise network, including but not limited to managing data storage and configuring remote access, but what we want to offer right now is simply a general description of what an enterprise network offers so we can segue into our main topic, authentication technologies.
Authentication Technologies
To access an enterprise network and the resources on it, two things must happen. The user must supply credentials to authenticate who they are, and those credentials must be examined by an authentication server. If those credentials are valid, access to the network is granted. As part of this process, authorization to resources is also given, as applicable to that specific user.
Authorization defines what the user can and can’t access while connected to the network and involves both Share and NTFS permissions, group membership, and more. Authentication and authorization are two vastly different areas of study. Here we’re going to talk about authentication and how user credentials are protected during the login process.
In the most basic authentication scenario, a user sits at their assigned workstation, on-site, in the company’s building. The user types their username and password, and those credentials are passed along the local network and authenticated by the designated authentication server. Even in this simple scenario, those credentials must be encrypted and secured. It would be a disaster if those credentials were somehow obtained by a hacker, perhaps one sitting outside the building with a sniffing device. In another scenario, the user is off-site, using a personal laptop, and accesses the company network over the Internet.
Whatever the case, protecting credentials and authentication must be a secure process. This is where authentication protocols come in. In computing, a protocol is a set of rules that computers follow to communicate with each other, and they generally involve encryption of some sort. There are lots of protocols, but in the following sections we’ll discuss only a few that are the most common.
Point-to-Point Protocol (PPP )
In this protocol, servers are used to validate remote clients before they can access a network. For the most part, this is done using passwords. The password has to be shared between the two in advance. PPP is used to make a direct connection. Connections that use PPP include direct connections such as cell phones, serial cables, phone lines, and dial-up.
Password Authentication Protocol (PAP )
PAP is one of the oldest and weakest protocols. The client sends credentials consisting of a username and password, which are sent as plain text and, thus, vulnerable to attacks. PAP is used as a last resort in networks today. Other protocols are much more secure.
Challenge-Handshake Authentication Protocol (CHAP )
CHAP is more secure than PAP and is sometimes used by Internet service providers (ISPs) to authenticate clients. CHAP can identify the client again and again during a session. A random string is involved in authentication, and both the client and the server must know this string, but the string is never passed over the network.
Extensible Authentication Protocol (EAP)
EAP is more popular than PAP or CHAP and is widely used over the various IEEE networks. It is a general authentication framework for wireless and point-to-point connections and comes in many forms including EAP-TLS and EAP-MD5 among others. EAP encapsulates EAP messages. Encapsulation involves adding a header and (sometimes a) footer to the various layers of a protocol stack and services both the OSI model and the TCP/IP suite of protocols.
Kerberos
Kerberos is the default authentication method for the more recent Microsoft server products including Server 2012. This protocol requires a trusted third party be included in the encryption and decryption of user credentials. This protocol allows secure connections over unsecured networks, such as the Internet.
Viewing Protocol Options on a Windows 10 Client Machine
To see what protocols are available for any Windows-based computer, access the Status dialog box for the active network connection by following these steps:
In the Search window on the taskbar, type Network and Sharing.
Click Network and Sharing in the results.
Click the active connection. In Figure 1-3, this is a wireless connection.
Figure 1-3. The Status dialog box for the active network
From the Status dialog box, click the Properties option to the right of Details. (In Figure 1-3 that’s Wireless Properties.)
Click the Security tab.
Note the settings for the security type and encryption type. Write these down if you plan on making changes here.
If you don’t see network authentication protocols (not shown in Figure 1-3), change the “Security type” setting to WPA2-Enterprise.
Under “Choose a network authentication method,” review the protocols available. Figure 1-4 shows an example.
Figure 1-4. Viewing network authentication methods
Review any other settings as desired.
Click Cancel. Click Close.
Caution It’s important not to make changes to the authentication method without first checking with the network administrator. If the protocols don’t match, authorization can’t be granted.
IPsec
IPsec is a protocol that works at the network layer of the communications model. IPsec is often used to secure virtual private networks. IPsec provides two security options. Authentication Header (AH) is the first and allows authentication for the sender of data. Encapsulating Security Payload (ESP) is the second, which allows the authentication of the sender but also provides encryption of data.
The specific information involved with this protocol is added to the packet in a header. There are two modes: transport and tunnel. In transport mode, the payload of the packet is usually encrypted or authenticated. In tunnel mode, the entire packet is encrypted and authenticated.
Popular Connection Technologies
When users are sitting at their desk, on-site, they likely use on-site technologies for securing their transmissions. One of the options network administrators configure is to connect via Ethernet, with a direct line to the local router, which connects users to the local intranet and the resources on it. Mechanisms exist on enterprise networks to secure this type of transmission. But when users are out of the office, the on-site options aren’t available to them. In these cases, other technologies are used. One popular option is a virtual private network.
VPNs
VPNs allow clients to use shared and public networks to transmit data securely to and from a distant private network, often one an enterprise offers. This enables users to access the company intranet from anywhere, including hotel rooms, conference centers, and coffee shops, safely and securely. To make this possible, a private “tunnel” is created that forms a direct connection between the user and the applicable intranet server. The data that’s sent and received through the tunnel is encrypted as well. The server must run the appropriate VPN services to make this happen, and the client must have a VPN connection set up to use it.
Let’s take a minute to see how setting up a VPN looks on the client side. If you opt to follow along with the process, you’ll be able to see what has to be available for configuration on the server side as well as what needs to be configured on the client. Once the VPN is set up, the connection will appear in the list of available networks on the taskbar (available by clicking the Network icon).
To create a VPN on a Windows 10 client, follow these steps:
Click Start and click Settings. It’s an icon that looks like a cog or wheel.
If you see a back arrow at the top of this window, click it.
Click Network & Internet.
Click VPN in the left pane. See Figure 1-5.
Figure 1-5. The Settings window and VPN options
Click “Add a VPN connection.”
Work through the wizard, selecting the VPN provider, network name, server name or address, VPN type, type of sign-in, and, optionally, username and password. For the VPN type, select the appropriate protocol. See Figure 1-6.
Figure 1-6. Selecting the protocol type
Click Save.
To see the VPN and connect to it, click the Network icon on the taskbar. See Figure 1-7.
Figure 1-7. New connections appear in the Network list
Workplace Join
There was a time when the only remote connection option corporations gave employees was through company-owned laptops. Administrators would configure those laptops with VPNs or similar technologies and the user would access the enterprise intranet using them. Nowadays, though, with the popularity of bring-your-own-device (BYOD) policies , users need access from their own devices as well. Microsoft addressed this issue with the addition of Workplace Join. Workplace Join works with the Azure Active Directory Device Registration service to allow users and administrators to create a solution that is both flexible and secure for all involved.
Note
Windows 8.1, Windows 10, iOS 6.0+, and Android 4.0+ devices use Workplace Join.
Workplace Join offers the following features :
Uses device authentication to manage known devices.
Enables administrators to control access to company resources through authentication (and authorization).
Provides a seamless sign-in experience as well as a single sign-on (SSO) experience. SSO reduces the number of password prompts users encounter.
Requires Azure Active Directory Device Registration, and administrators must work through the process to configure on-premise conditional access.
Summary
Networks are complex and often vast behemoths, with so many potential bottlenecks and problem areas that it’s a wonder we still use them at all. However, they are also the essential glue that holds our businesses and organizations together.
It’s those connections that you’ll look at in the next chapter. How do you join computers to different types of network, and then how do you manage those connections to ensure stability and a reliable service? These questions and more will be answered.