Different systems and operators have varying standards of security. At one end are the home users and part timers just trying to get through. The flip side are the career operators, those who have spent hours fine tuning anti-intruder software, audit tracking and plugging weak spots. On the bright side, at least for hackers, is that the more systems you have to adminster, the higher the chances that the sysadmin has left something unpatched or unlocked.
(Virtual Reality Bulletin Board). VeRBs do not tend to be very secure. They are often run by hobbyists, of which most don't have a clue about security. However, underground systems can be much tougher to crack. If any deckers or sysadmin users hang out there, the security will be higher.
These are the universities and colleges (corporate or government owned). Academic sysops are a tough bunch, they have hostile users to contend with, let alone the wannabe hackers. The security isn't fantastic, but it is restrictive.
Admin or research, business systems are on par with laxer academic systems. Computer company systems are a different matter, they have the expertise and goods to up security. Business systems vary depending on what transactions are being carried out on the system:
Moderate security unless a fiscal corporation.
Moderate security, sometimes basic!
Varies, moderate (new consumer goods) to very high (military products).
The financial institutions spend a lot of time and money on good security. It is in their interests, as who would keep their savings in a bank that can be hacked.
Financial systems are often multi-tiered; ie: they have a main choke point, then a few subsystems to do clearing, admin or databasing.
Government systems are a mixed bag, the security depends on what type of operations the system is running. Educational government systems behave as college networks. Likewise, a government clearing house should be considered a financial system. Other systems include:
Administration (a.k.a Red Tape):
Big databases; often citizen registers or censuses, or details on staff or services. Most of these are moderate security. Anything containing private or very sensitive data might be higher.
Court systems, criminal records or police computers. All these will be high security. There will be lots of login verification and it will be very hard to alter any details due to the complexity of the system.
Military systems are rarely connected directly to the Net. However, those that are will have choke points that are seamless. However, due to the mass government connectivity, there is often a weak spot a decker can sneak through. All military systems should be very high security.
This is a dedicated dialler, or teleport, which allows access to another network. A college network may not have a direct net link, but it can access the net via a gateway. Gateway security depends on the owner, but a defended gateway is called a choke point.
These are similar to gateways, but the system is dedicated to security. Choke points sit between the Net and the system to be defended. The idea of a choke point is that to get access from outside is bloody hard, but users inside the network are freer to move around. Choke point security should be at leat a level higher than the protected system.
This is a gateway to a satellite; a long range transceiver or high speed datalink (the latter being the most common). Security varies, but are mostly "moderate plus". Private corporate links or military lines will be tougher. Network Service Providers (NSPs) or "cable companies" will have at least one of these to give their subscribers a nice fat data pipe to another country.
Information is power right? And data has a nasty habit of <ahem> escaping. Well, have hot info is no good unless you have somewhere very, very safe to store it. Data Havens are typically offshore on a remote island or even in orbital locales with a rock hard security system. They specialise in keeping your secrets safe. They are very hard to find, let alone break into. Security will be obscene and if you get any data off the system, you better cover your tracks as the owners may come looking for you.
Before we can dive into the various pidgeon-holes of computer servers, there is a little bit of information you need to know about networks. I'll igore the ins-and-outs of how the computers interconnect and instead concentrate on the structure of a network.
Peer-to-Peer networks are a collection of desktop computers and workstations.
There is no central server and resources are shared between the hosts on an
ad-hoc basis. Security can be a bit of a nightmare as their is no central point
of administration and you can forget about a comprehensive backup system. Peer-to-peer
networks are commonly found in very small offices and some homes.
Note that some operating systems use the peer-to-peer network very well and get around the central administration problem by having each workstation as part of a collective or a domain.
(NB: In the present (2001), Windows NT uses a domain structure, but this is more a case of client/server than peer to peer. However, while user accounts are held centrally, it is possible to access to any device within the domain once you have authenicated to the central domain controller).
A Client-Server network consists, as it's name suggests, of a group of clients connecting to a server. By this, the clients pull data from the server be it word processor files, web documents or database results. The key point here is that the processing is done at the client end. Client-server networks are the most common types around. Just to confuse the issue, some workstation operating systems are capable of acting as low-end servers....so you can share you files in a peer-to-peer manner (if you've got security access).
Server Based Computing is a return to the days of the Mainframe (ask your Grandad about the IBM 3090s). Basically the server has a multi-user operating system that allows lots of people to use the system at the same time. In addition to this is has a remote presentation feature and that sends the keyboard presses and screen updates between the server and client's screen. Because of the low-bandwidth requirements, thin computing means you can access your desktop from any reasonable Net or mobile connection.
Security on the server itself will be fairly restrictive to prevent a user loading any unsuitable application code that could slow down the system and therefore affect all the other server users. Although it looks a bit like Client-Server, server based computing requires almost no computing power at the user's end - indeed, these clients are called thin clients and include mobile phones, street terminals and the wireless cyberoptic net browsers that are all the rage.
Distributed Computing is a weird version of peer to peer and server based computing. This system works by all clients joining together and sharing their processor power and disk arrays. With most domains it is common practice to have at least one main server. This is the host that is guaranteed to be online, so you can be assured of getting access to a few key files. These computing domains are used for heavy batch jobs, jobs that require a lot of computing calculation such as payroll, mathematical modeling or computer simulations.
This section deals with the various types of server that exist. The actual level of security depends on the type of network the host server is in (above). If systems that can be accessed from outside, ie: the internet, will have more protection on them than the internal systems. Indeed, it may not be possible to access internal systems without breaking through the security servers. On very high security networks, the systems you want to get to may not be attached to ANY remote system, so an on-site intrusion may be the only option.
Most network operating systems can perform more than one function, but in where possible, most organisations choose to have servers dedicated to a certain task. All network operating systems come with file, security and backup facilities, but it's a question of if the administrator chooses to install those functions or farm them out to one master computer for that task.
Application Servers are systems that have a multi-user version of the desktop operating system OR they emulate a desktop for the user than then runs the applications as if the user was executing the program on their local machine. This type of server is sometimes referred to as a terminal server - as all the clients act as dumb terminals to the host system.
When using a termnial server, the server does all of the work and the only data transferred between the thin client and the server, are screen refreshes, sound and any keyboard (or dataglove) information. These application servers are often fairly high powered and the security is reasonably tight on them too. This is to prevent users from installing their own software which could crash the server. This is particularly bad news as the server can service anything from 10 to 100 users.
Backup Servers are computer systems that have devices capable of copying large amounts of data to removeable offline storage. In the early 2000s this was done with magnetic tapes (gak!) but technology has moved on to include wide array luminal drives (WALDs) and other acronym inducing technologies. These backups are then removed from the premis and kept in a safe area - often a fire and water proof safe or similar. Should you get you hands on a complete WALD, you've hit the jackpot as it will probably contain most of the company's most important data.
Chokepoint Servers are used as choke points
within a network and control what and where traffic can go. A chokepoint controls
the flow of data between two (or more) networks. This can make certain parts
of a network invisable as well as prevent unauthorised external access. As rule
of thumb a chokepoint server does not contain user account details, these are
held with the security servers.
Typically, the chokepoint is used to prevent hostile traffic coming from the Internet while allowing internal users to get data externally (subject to the configuration of the system). In this context, the internet is considered to be a "dirty network" (ie: unsecure) while the internal network is calle a "clean network" (as it is safe behind the firewall).
In addition to that role, a chokepoint can be used within a private network
to segregate to network access. For example, one network could be an academic
network while the other has finance servers and staff systems (something you
probably wouldn't want a person to break into). In this example, the staff network
is considered to be the "protected network", as it prevents
traffic going in from the student side, but has no controls over traffic coming
from the staff network into the student side.
A security server can be configured in a variety of ways:
Show or not show any servers to users on the dirty segment.
(You can't link to systems if you don't know the name. Often important servers will be protected like this).
Allow traffic from certain users to automatically cross to the protected
network (like the supervisor),
Allow traffic if it originates from a specifc source. That source could be a server (so an application server would always be allowed to question a database server, but a user might not); a specific workstation or any device from a particular network location (and by that I mean, only from the business HQ rather than an area office).
If the protected network is visable (and it often is) AND the user attempts to access a system on the protected network, then query their access rights from a security server and depending on their rights, let them through or block them.
Those are a few of the rules that an administrator can set on a chokepoint.
One really secure systems chokepoints have been used to push all non-authenticated
traffic to a dummy network. This dummy network contains junk data or servers
will little real data on them.
The question is, if you have already got into a network as a certain user and you can't see anymore servers, does that means that their isn't any, or have you been denied from seeing them?
Control Servers are a catch all for a variety of low-key but useful functions. These include video-camera systems, laser printer / large volume printers, electronic doorlocks and maybe autolathe systems. The control system will have or have access to a series of access rights, so it can tell who can use certain functions and who cannot. While the system controls the device, it is unlikely that it will have a full control suite - this is as the server is just the worker, software such as CAD systems will supply the details for an autolathe and a workstation will supply the data for the print server to process.
Database Servers, as their name suggests, hold
large databases and also provide a search interface. This can vary from a full-on
user friendly search page (although I bet you'll need a password to get to the
interesting stuff) to a programmer's interface (namely, you have to program
the query with one of the recent structured query languages around).
For small business and low-end applications, the database server is likely to have it's own front end. For big business (and that includes web portals) the database servers are likely to have application servers creating search results for the user.
File Servers are computer with large storage systems
attached to them. They give users a place to store files and access to these
files is done throught the operating system's security system.
As well as computer with file stores you can also get plug-and-go network storage and the idea behind this is that many users can access the data store rather than having to install a new network server when all you need is extra storage. Of course, keeping all these new technologies up to date with the latest and greatest security patches soon gets out of hand........
Groupware Servers provide diary, email and shared workdesks where users can co-operate on projects together. The weaker ones tend to deliver just email, while the high-end systems provide a VR table where people can meet up and work with each other. Many people still treat email as if they were talking on the phone. By that, I mean that they will often type something they wouldn't dream of writing out for general reading. A number of high profile court cases have been won by very damning emails....
Middleware Servers give a nice front end to the database servers. The user connects to this server and enters a query (subject to password authentication probably). The middleware then requests the data from a database server and formats the results into a more user friendly document. Some middleware servers have been combined with multimedia to provide online office assistants.
A Media Server provides audio, video and in some cases sim data to the end user. These servers have replaced many of the old television transmitters as many people now receive their TV access through the Net. Alsorts of data can be found on these systems, anything from the blandest game shows and soap operas, to high brow operas or huge film databases.
Proxy Servers are used to fetch information on behalf of a user. They are most commonly found serving web page requests to end users and the advantage of this approach, is that the internet data can be screened at this point and access allowed/banned.
A Remote Access Server is a computer system that has
a large collection of incoming telephone connections. This allows mobile or
home users to dial into the computer network directly. This is considered more
secure than accessing a network through the Net.
In some establishments, an incoming connection will be used to start a dial back service. In this instance, the user will dial to their work and the RAS (remote access server) will call them back on a specific telephone number. The idea behind this is that unauthorised users will not be able to stay on the line. Of course, some administrators like to have dial back to a number they can specify.... and these are the lines that hackers aim for.
Security Servers are similar to database servers in that they contain a list of all the authorised users on a system. Just about all network operating systems come with this functionality built-in, otherwise, it would be impossible to control access to the server. The server will be able to validate a user's password and report to another system, what access the user has. These access rights could be to certain files, to certain functions and what programs they can run. Users can also be restricted as to when they can log in (only during office hours), if they can log in remotely (ie: only in the office, or from the internet) and if the organisation has any biometrics equipment (eye/thumb scanners or even smartcards) then is one of those required to log in.
For example: a supervisor should be able to do just about anything on network, but an "install user" would be able to install software to a workstation, but may not have any rights to user home directories. On large networks, you may find that their are more than one of these systems. This is as multiple security servers act as online backups of each other, or replicas. These replicas exist so that should another access server crash, users may still ask another access unit to validate their login requests.
Telephony servers run a company's internal telephone system. Telephone and to some extent, vidphones, are merely specialist computer terminals that route data through the network and to another device. Telephony servers allow the operator to setup all the standard office telephone needs, such as call waiting, group pick up, call diversion or call back. It's also possible to eavesdrop on conversations, but only on unsecure lines...... lastly, some telephony servers control mobile telephones and come with built-in encryption.
The Net makes a great deal of use of VR and not surprisingly this requires a suitable VR server. These systems help supply object information such as textures, sounds and the position of other objects within the VR. VR has been used for many years with building design and of course computer games. VR servers have to be fairly powerful and they can have an adverse affect on network traffic unless managed properly.