Certification Remember the scene near the end of The Wizard of Oz, when the Wizard grants the Scarecrow a diploma, the Cowardly Lion a medal, and the Tin Man a testimonial? Network certifications are kind of like that. I can picture the scene now: The Wizard: “And as for you, my network-burdened friend, any geek with thick glasses can administer a network. Back where I come from, there are people who do nothing but configure Cisco routers all day long. And they don’t have any more brains than you do. But they do have one thing you don’t have: cer- tification. And so, by the authority vested in me by the Universita Committee- atum E Pluribus Unum, I hereby confer upon you the coveted certification of CND.” You: “CND?” The Wizard: “Yes, that’s, uh, Certified Network Dummy.” You: “The Seven Layers of the OSI Reference Model are equal to the Sum of the Layers on the Opposite Side. Oh rapture I feel like a network administra- tor already” My point is that certification in and of itself doesn’t guarantee that you really know how to administer a network. That ability comes from real-world expe- rience — not exam crams. Nevertheless, certification is becoming increasingly important in today’s competitive job market. So you may want to pursue certification — not just to improve your skills, but also to improve your résumé. Certification is an expensive proposition. The tests can cost several hundred dollars each, and depending on your technical skills, you may need to buy books to study or enroll in training courses before you take the tests. You can pursue two basic types of certification: vendor-specific certification and vendor-neutral certification. The major networking vendors such as Microsoft, Novell, and Cisco provide certification programs for their own equipment and software. CompTIA, a nonprofit industry trade association, provides the best-known vendor-neutral certification. 171

Chapter 12: Help Wanted: Job Description for a Network Administrator

172 Part III: Network Management For Dummies Chapter 13 Big Brother’s Guide to Network Security In This Chapter 䊳 Assessing the risk for security 䊳 Determining your basic security philosophy 䊳 Physically securing your network equipment 䊳 Implementing user account security 䊳 Exploring other network security techniques B efore you had a network, computer security was easy. You simply locked your door when you left work for the day. You could rest easy, secure in the knowledge that the bad guys would have to break down the door to get to your computer. The network changes all that. Now, anyone with access to any computer on the network can break into the network and steal your files. Not only do you have to lock your door, but you also have to make sure that other people lock their doors, too. Fortunately, network operating systems have built-in provisions for network security. This situation makes it difficult for someone to steal your files, even if they do break down the door. All modern network operating systems have security features that are more than adequate for all but the most paranoid users. When I say more than adequate, I mean it. Most networks have security fea- tures that would make even Maxwell Smart happy. Using all these security fea- tures is kind of like Smart insisting that the Chief lower the “Cone of Silence.” The Cone of Silence worked so well that Max and the Chief couldn’t hear each other Don’t make your system so secure that even the good guys can’t get their work done. If any of the computers on your network are connected to the Internet, you have to contend with a whole new world of security issues. For more informa- tion about Internet security, refer to Chapter 23 of this book. Also, if your network supports wireless devices, you have to contend with wireless secu- rity issues. For more information about security for wireless networks, see Chapter 10. Do You Need Security? Most small networks are in small businesses or departments where everyone knows and trusts everyone else. Folks don’t lock up their desks when they take a coffee break, and although everyone knows where the petty-cash box is, money never disappears. Network security isn’t necessary in an idyllic setting like this one, is it? You bet it is. Here’s why any network should be set up with at least some minimal concern for security: ⻬ Even in the friendliest office environment, some information is — and should be — confidential. If this information is stored on the network, you want to store it in a directory that’s available only to authorized users. ⻬ Not all security breaches are malicious. A network user may be routinely scanning through his or her files and come across a filename that isn’t familiar. The user may then call up the file, only to discover that it con- tains confidential personnel information, juicy office gossip, or your résumé. Curiosity, rather than malice, is often the source of security breaches. ⻬ Sure, everyone at the office is trustworthy now. However, what if some- one becomes disgruntled, a screw pops loose, and he or she decides to trash the network files before jumping out the window? What if someone decides to print a few 1,000 checks before packing off to Tahiti? ⻬ Sometimes the mere opportunity for fraud or theft can be too much for some people to resist. Give people free access to the payroll files, and they may decide to vote themselves a raise when no one is looking. ⻬ If you think your network doesn’t contain any data that would be worth stealing, think again. For example, your personnel records probably con- tain more than enough information for an identity thief: names, addresses, phone numbers, Social Security numbers, and so on. Also, your customer files may contain your customers’ credit-card numbers. ⻬ Hackers who break into your network may not be interested in stealing your data. Instead, they may be looking to plant a Trojan horse program on your server, which enables them to use your server for their own pur- poses. For example, someone may use your server to send thousands of 174 Part III: Network Management For Dummies unsolicited spam e-mail messages. The spam won’t be traced back to the hackers; it will be traced back to you. ⻬ Finally, remember that not everyone on the network knows enough about the inner workings of Windows and the network to be trusted with full access to your network’s data and systems. One careless mouse click can wipe out an entire directory of network files. One of the best reasons for activating your network’s security features is to protect the network from mistakes made by users who no offense don’t know what they’re doing. Two Approaches to Security When you’re planning how to implement security on your network, you should first consider which of two basic approaches to security you will take: ⻬ An open-door type of security, in which you grant everyone access to everything by default, and then place restrictions just on those resources to which you want to limit access. ⻬ A closed-door type of security, in which you begin by denying access to everything, and then grant specific users access to the specific resources that they need. In most cases, the open-door policy is easier to implement. Typically, only a small portion of the data on a network really needs security, such as confi- dential employee records or secrets such as the Coke recipe. The rest of the information on a network can be safely made available to everyone who can access the network. If you choose the closed-door approach, you set up each user so that he or she has access to nothing. Then, one begrudging step at a time, you grant each user access only to those specific files or folders that he or she needs. The closed-door approach results in tighter security, but can lead to the Cone of Silence Syndrome: Like Max and the Chief, who can’t hear each other talk while they’re under the Cone of Silence, your network users will con- stantly complain that they can’t access the information that they need. As a result, you’ll find yourself frequently adjusting users’ access rights. Choose the closed-door approach only if your network contains a lot of information that is very sensitive, and only if you are willing to invest a lot of time in administrating your network’s security policy. You can think of the open-door approach as an entitlement model, in which the basic assumption is that users are entitled to network access. In contrast, the closed-door policy is a permissions model, in which the basic assumption is that users are not entitled to anything but must get permissions for every network resource that they access. 175

Chapter 13: Big Brother’s Guide to Network Security