Home > Articles

This chapter is from the book

Evaluating Network Infrastructure Acquisition, Installation, and Maintenance

The IT organization should have both long- and short-term plans that address maintenance, monitoring, and migration to new software. During the acquisition process, the IT organization needs to map software acquisitions to the organization's strategic plan and ensure that the software meets documented compatibility standards. The IT organization needs to understand copyright laws that apply to the software and must create policies and procedures that guard against unauthorized use or copying of the software without proper approval or licensing agreements. It must maintain a list of all software used in the organization, along with licensing agreements/ certificates and support agreements. The IT organization might implement centralized control and automated distribution of software, as well as scan user workstations to ensure adherence to licensing agreements. The following are some key risk indicators related to software acquisition:

  • Software acquisitions are not mapped to the strategic plan.

  • No documented policies are aimed at guiding software acquisitions.

  • No process exists for comparing the "develop vs. purchase" option.

  • No one is assigned responsibility for the acquisition process.

  • Affected parties are not involved with assessing requirements and needs.

  • There is insufficient knowledge of software alternatives.

  • Security features and internal controls are not assessed.

  • Benchmarking and performance tests are not carried out.

  • Integration and scalability issues are not taken into account.

  • Total cost of ownership is not fully considered.

Understanding Network Components Functionality

The IT infrastructure communication is facilitated by integrated network components. These devices, software, and protocols work together to pass electrical transmissions between systems through analog, digital, or wireless transmission types. It is important to understand the devices and standards involved with networking and telecommunications because they are the most complex part of the information architecture. As you read through this section, keep in mind that we are combining network devices, access media, and networking protocols/standards and how they are used in the network infrastructure. A good starting point for gaining this knowledge is to first understand how computers and other network devices communicate. Understanding communication is key to realizing how devices interoperate to provide network services.

In networking, network standards and protocols facilitate the creation of an integrated environment of application and services communication. For organizations to create these environments and provide centralized troubleshooting, organizations have created reference models for network architectures. Three external organizations develop standards and specifications for protocols used in communications:

  • The International Organization for Standardization (ISO)

  • The American Institution of Electrical and Electronic Engineers (IEEE)

  • The International Telecommunications Union–Telecommunications Sector (ITU-T), formerly the International Telegraph and Telephone Consultative Committee (CCITT)

The ISO developed the Open Systems Interconnect (OSI) model in the early 1980s as a proof-of-concept model that all vendors could use to ensure that their products could communicate and interact. The OSI model was not used as directly as a standard, but it gained acceptance as a framework that a majority of applications and protocols adhere to. The OSI model contains seven layers, each with specific functions. Each layer has its own responsibilities with regard to tasks, processes, and services. The separation of functionality of the layers ensures that the solutions offered by one layer can be updated without affecting the other layers. The goal of the OSI model is to provide the framework for an open network architecture in which no one vendor owns the model, but all vendors can use the model to integrate their technologies. The Transmission Control Protocol/Internet Protocol (TCP/IP) is discussed later in this chapter, but it is important to note that TCP/IP was developed and used for many years before the introduction of the OSI model.

The OSI reference model breaks down the complexities of network communication into seven basic layers of functionality and services. To best illustrate how these seven layers work, we can relate how computers communicate to how humans communicate. The following paragraphs describe how a software application’s thought, or data payload, is transferred and prepared for communication by the operating system’s communications services. When this is accomplished, we will then look at how the data payload is transported, addressed, and converted from a logical thought into physical signals that can travel across cables or wireless transmissions.

Step 1: Having and Managing a Thought (Data Encapsulation)

As people, we have learned that it is always wise to think before speaking. In other words, we actually need to formulate a thought to communicate (data payload), format the presentation of the thought for the destination, and manage the thought appropriately. For example, sometimes you might be trying to communicate a complex idea to another person, and you find the need to enhance your normal verbal communication with written diagrams or even hand gestures. These types of efforts might not contain new information in and of themselves, but they are used to facilitate the communication of an idea when words alone fail. Computers and other networking devices sometimes need to use such extracurricular thought management as well. So the first step in communicating a data payload between one computer and another is to pass an application’s thought to the networking services for further manipulation and management. Within the OSI reference model for networking architecture, these processes are handled within Layers 5, 6, and 7. Table 3.2 looks at each of these layers more closely.

Table 3.2  Open Systems Interconnect (OSI) Model

OSI Layer

Purpose

Telecommunication Protocol Examples

Protocol Data Unit

7 (Application)

This is the networking layer that interfaces with applications and operating systems. This is where the user (through an application or operating system activity) first passes off information to networking services for telecommunication.

HTTP, Telnet, SMTP, DNS, SNMP

Data

6 (Presentation)

The data might require special formatting techniques, including (but not limited to) preparation according to special presentation protocols for picture and sound, compression, or even encryption.

ASCII, JPG, GIF, MIDI

 

5 (Session)

Communicating the data might be a special device- to-device bond, or session, for cooperative multidevice communication efforts, for example.

NetBIOS, RPC, SQL

 

Using OSI Layers 7–5 Within the Data PDU

As a user, you will first interface with networking communications by using a network-enabled application. A network-enabled application is capable of utilizing network protocols to send and receive data. Let’s take a look at using your web browser to request and view data from an Internet web server. To view a web page, you must enter a URL web address such as http://www.certifiedtechtrainers.com. This simple process tells your web browser to use the Hypertext Transfer Protocol (HTTP) to contact a web server at www.certifiedtechtrainers.com. Neither you nor the browser needs to encapsulate your request for transport, to encapsulate the request with a formal IP address, or even to encapsulate the request appropriately to traverse your connected networking medium, such as an Ethernet cable. HTTP is a management protocol that invokes and coordinates the services of other networking protocols as necessary. That’s why HTTP is said to be an OSI Layer 7 protocol, or application-layer protocol. HTTP itself is not an application, but it is the protocol used to interface a desktop application such as a web browser with other necessary communication protocols.

When you enter the URL http://www.certifiedtechtrainers.com into your browser, you unknowingly invoked another application-layer protocol called Domain Name Service (DNS). If we agreed to meet at Certified Tech Trainers office, you would need to know the actual street address of the location, right? Likewise, the www.certifiedtechtrainers.com name maps to an actual IP address designated to the web server you intend the HTTP request to be sent to. DNS queries a DNS server to find out the IP address of www.certifiedtechtrainers.com so it can somewhat transparently reformat your request from http://www.certifiedtechtrainers.com to http://24.227.60.114. As you can see, these application-layer protocols are more focused on communication management than on actual request transmission. However, there is still more data management necessary. The default web page you are requesting likely has pictures or sounds. HTTP does not know how to present formatted graphics. Rather, the .gif and .jpg picture protocols operate at OSI Layer 6, the presentation layer, to handle the presentation of some common picture formats found on web pages. At some point, you might submit a request for securely encrypted communication by using https:// instead of http:// in your requested URL (this is often done without the user’s awareness because requests for such a secure connection are often invoked via a link). By doing so, the browser makes a special request to have the HTTP request encrypted with the Secure Sockets Layer (SSL) encryption protocol. In conjunction with HTTP, SSL operates at OSI Layer 5, or the session layer.

At this point, the top three layers—application, presentation, and session—have been used in managing the request for data. This all occurs before consideration of how to transport or logically address the actual packets that need to be transmitted. Looking at all the activity just described, it would make sense that the data itself (data payload) and all the ancillary HTTP, HTTPS, JPG, GIF, and SSL communication could be considered the "thought" we desire to transmit. The technical term for this networking "thought" is the protocol data unit (PDU), known as data. You now understand how a computer needs to think before it speaks, just as you do.

Using OSI Layer 4 Within the Segment PDU

Now that we have a nicely managed data PDU, we need to package the communication appropriately for transport. As an application-layer protocol, HTTP does not transport the data itself. Rather, it manages transferring the data using other protocols to do so. The data PDU can now be encapsulated into a segment for transport using an OSI Layer 4 protocol such as the Transmission Control Protocol (TCP).

Just as you must break your thought into sentences and words for transport via your mouth or hands, the computer must encapsulate segments of the data PDU for transmission as well. TCP is a nifty OSI Layer 4 (transport-layer) networking protocol that is especially adept at this task. Not only does it segment the communication, but it does so in a methodical way that allows the receiving host to rebuild the data easily by attaching sequence numbers to its TCP segments. This sequencing information, along with other special TCP transport management communications, is provided in a TCP header within each data segment TCP encapsulates. Other transport-management communications provided by TCP include implementation of confirmation services for ensuring that all segments reach the intended recipient. When you want to be sure a letter is successfully delivered by the postal service, you might pay the additional cost for requiring a return receipt to be delivered to you upon successful delivery of the letter. If you never receive your return receipt, you could mail another copy of the letter and wait for a second confirmation. Without going into technical specifics, TCP can implement a similar system to ensure reliable transport. However, if you do not have the money or time to arrange for a return receipt for your letter, you might opt to forgo the assurance that the return receipt provides and send it via regular post, which guarantees only best effort, or unreliable delivery.

The technical parallel is to encapsulate the data PDU using the User Datagram Protocol (UDP) at the OSI transport layer instead of TCP. UDP does not implement a system of successful transmission confirmation, and is known as unreliable transport, providing best-effort delivery. The data PDU itself is unchanged either way because it is merely encapsulated by a transport protocol for transmission.

OSI Layer

Purpose

Telecommunication Protocol Examples

Protocol Data Unit

4 (Transport)

Provides for reliable or unreliable delivery. Transport protocols can provide for transmission error detection and correction services.

TCP, UDP

Segment

Using OSI Layer 3 Within the Packet PDU

We now have a data PDU that has been encapsulated within a segment PDU for transport. However, the segment has no addressing information necessary for determining the best path to the intended recipient. By using an OSI Layer 3, or network-layer, protocol such as Internet Protocol (IP), we can encapsulate the segment into a packet with a logical destination address. In the previous example, the segment needs an IP packet header designating 24.227.60.114 as the logical destination address. IP is a network address protocol especially designed for this purpose because it implements a hierarchical addressing scheme.

Imagine if your computer supported listing filenames but did not support a logical directory structure. You could locate files with no problem, as long as not too many files existed on your hard drive. When you have a great number of files, however, you want to be able to logically organize your files into a directory structure to allow you to quickly and easily navigate to your intended file. In a similar fashion, IP supports network and subnetwork groupings of host addresses, which facilitates logical path determination. This is especially important in a large network with many hosts. For example, a router operates as a network segment junction, or gateway, at OSI Layer 3 using IP and IP routing tables to determine optimal paths for packet forwarding. By using IP’s hierarchical addressing, routers can determine which remote routing gateways connect to which remote network or subnetwork host groups. If the network is so small that network groupings of hosts are not necessary, the computers and network devices might not utilize IP at the network layer because doing so would add unnecessary performance overhead, or cost.

OSI Layer

Purpose

Telecommunication Protocol Examples

Protocol Data Unit

3 (Network)

Protocols at this layer provide logical addressing and facilitate path determination.

IP, IPSec, ICMP, RIP, OSPF

Packet

Using OSI Layer 2 Within the Frame PDU

The HTTP data PDU has now been encapsulated within the segment PDU by TCP for transport, and then re-encapsulated within the packet PDU by IP providing an IP address header. Remember that the IP packet can be stripped and rebuilt without affecting the TCP segment, which is a benefit of data encapsulation. At this point, we need to re-encapsulate the IP packet into a vehicle that is appropriate for the connected physical medium.

We are now encountering the great transformation of logical processes into physical signals. Just think of it—when you are able to encapsulate your own thoughts into segments with words and sentences, and then address your thoughts by adding your friend’s name to the front, a miracle occurs when you are able to transform the logical thoughts and processes into physical vibrations and sound waves that can traverse the air (your connected communication medium). The computer’s data needs to make this leap, too. It re-encapsulates the IP packet into a frame that is appropriate for the transmission medium. If Ethernet is being used for the local area network, the IP packet is encapsulated within an Ethernet frame. If the IP packet needs to traverse a point-to-point link to the Internet service provider (via your point-to-point dial-up connection), the packet is encapsulated using PPP. These protocols are used to link the logical data processes with the physical transmission medium. Appropriately, this occurs at OSI Layer 2, or the data link layer.

Why does OSI need a data link layer? It needs a separate encapsulation step because physical media can change along a network path. As an Ethernet frame arrives on one side of a routing gateway, it might need to leave the other using PPP. Because you can strip and rebuild a frame without affecting the packet, segment, or data PDUs inside, frame conversion is entirely possible. This is analogous to taking a trip with an airplane. You and your luggage are the data payload. The car you drive to the airport is an appropriate frame type; your locally connected medium is the streets. When you reach the airport, which serves as a junction gateway between land and air travel, you and your luggage are re-encapsulated from your car into a plane because the plane is the appropriate frame type for traveling in air as opposed to traveling on the roads.

Frame headers provide actual physical addressing information as well. Knowing the logical street address of Certified Tech Trainers is helpful to get to the proper city or neighborhood to meet with CTT. Street addresses can change, however, even if the physical geographic latitude and longitude have not. The data link layer manages a flat network address scheme of Media Access Control (MAC) addresses for physical network interface connections. Whereas IP addressing and routes help the packet get to the near proximity of the intended host, MAC addresses are used by the connected network interfaces to know which frames to receive and process, and which frames are intended for other network interfaces.

OSI Layer

Purpose

Telecommunication Protocol Examples

Protocol Data Unit

2 (Data Link)

Protocols at this layer provide access to media (network interface cards, for example) using MAC addresses. They can sometimes also provide transmission error detection, but they cannot provide error correction.

802.3/802.2, HDLC, PPP, Frame Relay

Frame

Using OSI Layer 1 Within the Bits PDU

We have already processed four of the five steps of data encapsulation. Data has been encapsulated into TCP segments at the OSI transport layer. It was re-encapsulated with IP at the OSI network layer and was then further encapsulated with an Ethernet frame at the OSI data link layer. The last step before transmission is to break the frame into electromagnetic digital signals at the OSI physical layer, which communicates bits over the connected physical medium. These bits are received at the destination host, which can reconstruct the bits into Ethernet frames and decapsulate the frames back to IP packets. The destination host then can decapsulate the IP packets back to TCP segments, which are then decapsulated and put back together to form data. The data can then be processed by OSI application-, presentation-, and session-layer protocols to make the data available to the destination user or user applications.

Table 3.3 describes the seven OSI layers.

Table 3.3  OSI Reference Model and Data Encapsulation

OSI Layer

Purpose

Protocol Examples

PDU

7 (Application)

This is the networking layer that interfaces with applications and operating systems. This is where the user (through an application or operating system activity) first passes off information to networking services for telecommunication.

HTTP, Telnet, SMTP, DNS, SNMP

Data

6 (Presentation)

The data might require special formatting techniques, including (but not limited to) preparation according to special presentation protocols for picture and sound, compression, or even encryption.

ASCII, JPG, GIF, MIDI

 

5 (Session)

Communicating the data might a

special device-to-device bond, or session, for cooperative multi- device communication efforts, for example.NetBIOS, RPC, SQL

 

4 (Transport)

This layer provides for reliable or unreliable delivery. Transport protocols can provide for transmission error detection and correction services.

TCP, UDP

Segment

2 (Data Link)

Protocols at this layer provide access to media (network interface cards, for example) using MAC addresses. They can sometimes also provide transmission error detection, but they cannot provide error correction.

802.3/802.2, HDLC, PPP, Frame Relay

Frame

1 (Physical)

The purpose of hardware at this level is to move bits between devices. Specifications for voltage, wire speed, and pin-out cables are provided at this layer.

Network cabling, wireless transmissions, microwave transmissions

Bits

Networking Concepts and Devices

Now that we have a better comprehension of network architecture according to the OSI reference model, we have the foundation necessary for discussing various networking concepts, issues, and devices.

A variety of network types are common to most organizations, and are discussed in the following sections.

Local Area Networks (LANs)

Local Area Networks are private or nonpublic packet-based switched networks contained within a limited area providing services within a particular organization or group. Services can include file/print sharing, email, and communications. This structure is similar to a gated community or industrial complex, in that the network of roads is designed to be used primarily by internal residents or employees.

In developing the network architecture, the organization must assess cost, speed, flexibility, and reliability. The IT organization should review what physical media will be used for physically transmitting the data, as well as what methods will be available to access the physical network medium. Additionally, the organization must decide on the topology (physical arrangement) and the network components to be used in that topology.

LANs were originally designed to connect users so they could exchange or share data. The devices and software associated with the transmission of data were originally designed to connect devices that were no more than 3,200 feet (1,000m) apart, but these distances can be extended by special devices and software. If the distance between network devices exceeds the recommended length, the signal will attenuate and cause communication problems. Attenuation is the weakening or degradation of signals during transmission. In addition to attenuation, signals can incur electromagnetic interference (EMI), which is caused by electromagnetic waves created by other devices in the same area as the network cabling.

LANs transmit packets to one or more nodes (computing devices) on the network and include the following types of transmissions:

  • Unicast—A sending station transmits single packets to a receiving station.

  • Multicast—A sending station sends a single packet to a specific number of receiving stations.

  • Broadcast—A sending station sends a single packet to all stations on the network.

Generally, the first step in the development of the network architecture is to define the physical media over which network communications (transmissions) will occur. The physical media specifications are contained at the physical layer within the OSI model (see Table 3.3).

Table 3.3  Physical Layer, OSI Model

Type

Use

Physical Standards

Access Standards

Copper: twisted pair(Category 3 and 5)

Short distances (less than 200 feet) Supports voice/data

Ethernet 10Base-T (10Mbps) Ethernet 100Base-T(100Mbps) 10Base-TX (100Mbps) 100Base-T4 (100Mbps1000Base-T (1000Mbps)

IEEE 802.3/802.3u/802.3z Ethernet/Gigabit (Ethernet/Fast) Ethernet CSMA/CD) IEEE 802.5 (Token Ring)

Coaxial cable

Supports voice/data

10Base5 (thick coax 10Mbps) 10Base2 (thin coax10Mbps)

IEEE 802.3

Fiber optic

Long distances Supports voice/data

10Base-F (10Mbps) 100Base-FX (100Mbps) 1000Base-LX (1000Mbps) 1000Base-CX (1000Mbps)

IEEE 802.3/802.3ae/802.3z (Ethernet/Fast Ethernet/Gigabit Ethernet CSMA/CD) IEEE 802.5 (Token Ring)

Wireless

Short distances Supports voice/data

 

802.11 (wireless) 802.11b (2.4GHz–11Mbps) 802.11a (5GHz–54Mbps) 802.11g (2.4GHz–54Mbps)

Physical standards dictate both the speed and the reliability of the network. In networking, this is called the media access technology. The IT organization might determine that because all the users and network devices are contained in one physical location (for example, one building), and a majority of the traffic that will be transmitted on the network is voice and data, it will use Ethernet 100Base-T. Ethernet allows multiple devices to communicate on the same network and usually uses a bus or star topology. In the case of 100Base-T, packets are transmitted at 100Mbps.

Ethernet is known as a contention-based network topology. This means that, in an Ethernet network, all devices contend with each other to use the same media (cable). As a result, frames transmitted by one device can potentially collide with frames transmitted by another. Fortunately, the Ethernet standard dictates how computers deal with communications, transmission controls, collisions, and transmission integrity.

Here are some important definitions to help you understand issues common to Ethernet:

  • Collisions—Result when two or more stations try to transmit at the same time

  • Collision domain—A group of devices connected to the same physical media so that if two devices access the media at the same time, a collision of the transmissions can occur

  • Broadcast domain—A group of devices that receive one another's broadcast messages

How Ethernet Deals with Collisions

As a contention-based topology, Ethernet accepts that collisions will occur and has provided two mechanisms to ensure transmission and data integrity. CSMA/CD is a method by which devices on the network can detect collisions and retransmit. When the collision is detected, the source station stops sending the original transmission and sends a signal to all stations that a collision has occurred on the network. All stations then execute what is known as a random collision back-off timer, which delays all transmission on the network, allowing the original sending station to retransmit.

CSMA/CA is a method by which a sending station lets all the stations on the network know that it intends to transmit data. This intent signal lets all other devices know that they should not transmit because there could be a collision, thereby affecting collision avoidance.

As you have learned, collisions are common to an Ethernet network. However, network architecture can be optimized to keep collisions to a minimum. All computers on the same physical network segment are considered to be in the same collision domain because they are competing for the same shared media. High levels of collisions can result from high traffic congestion due to many devices competing on the same network segment. One way to address collision domains and alleviate excessive collisions is to decrease the size of the collision domain (number of competing network devices) by using bridges, switches, or routers (discussed later in the chapter) to segment the network with additional collision domains. As stated earlier, there are unicast, multicast, and broadcast packets that are transmitted on the network. If two networks are separated by a bridge, broadcast traffic, but not collision traffic, is allowed to pass. This reduces the size of the collision domain. Routers are used to segment both collision and broadcast domains by directing traffic and working at Layer 3 of the OSI model.

A separate media-access technology known as token passing can be implemented in place of Ethernet as part of a network architecture. In token passing, a control frame is passed along the network cabling from device to device; all transmissions are made via the token. When a device needs to send network traffic, it waits for the token to arrive and grants it the right to communicate. The token then takes the data, including the routing information (receiving station[s]) and continues from computer to computer. Each computer on the network checks the token’s routing information to see if it is the destination station. When the destination station receives its data, it sets a bit in the token to let the sending station know that it received the data. Token-passing methods are used by both Token Ring and FDDI networks. Token-passing networks do not have collisions because only one station at a time can transmit data.

Network Topologies

We have discussed media-access technologies, but you might be asking how these are actually implemented in a network architecture. The connectivity of the network cabling and devices is known as the topology. Network topologies fall into the following categories: bus, star, or ring.

Bus Topology

The bus topology is primarily used in smaller networks where all devices are connected to a single communication line and all transmissions are received by all devices. This topology requires the minimum amount of cable to connect devices. A repeater can be used to "boost" the signal and extend the bus configuration. A standard bus configuration can encounter performance problems if there is heavy network traffic or a large number of collisions. In addition, each connection to the bus network weakens the electrical signal on the cable. Cable breaks can cause the entire network to stop functioning. Figure 3.2 depicts a bus topology.

Figure 3.2

Figure 3.2 Bus topology.

Star Topology

In a star topology, each device (node) is linked to a hub or switch, which provides the link between communicating stations. This topology is commonly used in networks today because it provides the capability to add new devices and easily remove old ones. In designing the network, the IT organization needs to ensure that the hubs/switches used will provide enough throughput (speed) for the devices communicating on the network. In contrast to a bus topology, a star topology enables devices to communicate even if a device is not working or is no longer connected to the network. Generally, star networks are more costly because they use significantly more cable and hubs/switches. If the IT organization has not planned correctly, a single failure of a hub/switch can render all stations connected incapable of communicating with the network. To overcome this risk, IT organizations should create a complete or partial mesh configuration, which creates redundant interconnections between network nodes. Figure 3.3 depicts a star topology.

Providing network path redundancy is the best countermeasure or control for potential network device failures. A mesh network topology provides a point-to-point link with every network host. If each host is configured to route and forward communication, this topology provides the greatest redundancy of routes and the greatest network fault tolerance.

Figure 3.3

Figure 3.3 Star topology.

Ring Topology

A ring configuration is generally used in a Token Ring or FDDI network where all stations are connected to form a closed loop. The stations do not connect to a central device and depend on one another for communications. A ring topology generally provides high performance, but a single device or station can stop the network devices from communicating. In a Token Ring network, a failure might occur when one or more stations start beaconing. In beaconing, a message is passed to the devices on the network that a device is failing. This allows the remaining devices to automatically reconfigure the network, to continue communicating. Figure 3.4 shows a ring topology.

As an IS auditor, you will look at the network topology and protocols to determine whether they meet the needs of the organization. The IT organization should monitor performance on the LAN to ensure that it is segmented properly (reducing collision/broadcast domains) and that the bandwidth (10/100/1000Mbps) is sufficient for access to network services. The network should be designed in such a manner that device failures do not bring down the network or cause long delays in network communication (redundancy and disaster recovery). IT management should have a configuration-management plan and procedures in place, to establish how the network will function both internally and externally. This includes performance monitoring.

Figure 3.4

Figure 3.4 Ring topology.

Wide Area Networks (WANs)

WANs provide connectivity for LANs that are geographically dispersed by providing network connectivity and services across large distances. WANs are similar to the series of interstates (highways) that can be accessed within individual states and are used to cross state boundaries.

The devices and protocols used in WAN communications most commonly work at the physical (Layer 1), data link (Layer 2), and network (Layer 3) layers of the OSI reference model. Communication on WAN links can be either simplex (one-way), half-duplex (one way at a time), or full duplex (separate circuits for communicating both ways at the same time). WAN circuits are usually network communication lines that an organization leases from a telecommunications provider; they can be switched or dedicated circuits. As an example, WAN connectivity could involve an organization with a headquarters in one state (say, Virginia) and smaller satellite offices in other states. The headquarters office could have all servers and their associated services in Virginia (email, file sharing, and so on). One way to enable communication with the satellite offices would be to install a WAN circuit. As with LANs, the WAN circuits utilize standard protocols to transmit messages. WAN can use message switching, packet switching, or circuit switching, or can utilize WAN dial-up services through Integrated Services Digital Network (ISDN) or the Public Switched Telephone Network (PSTN).

Virtual private networking (VPN) enables remote users, business partners, and home users to access the organization’s network securely using encrypted packets sent via virtual connections. Encryption involves transforming data into a form that is unreadable by anyone without a secret decryption key. It ensures confidentiality by keeping the information hidden from anyone for whom it was not intended. Organizations use VPNs to allow external business partners to access an extranet or intranet. The advantage of VPNs is that they can use low-cost public networks (Internet) to transmit and receive encrypted data. VPNs rely on tunneling or encapsulation techniques that allow the Internet Protocol (IP) to carry a variety of different protocols (IPX, SNA, and so on).

Metropolitan Area Networks (MANs)

This type of network is larger than a LAN but smaller than a WAN. A MAN can be used to connect users to services within the same city or locality. MANs are similar to the surface roads used to travel from your residence or community to services such as department stores, grocery stores, and your place of business.

Networks exist to facilitate access to application services. The following are some of the common services available within an organization's networking environment:

  • File sharing—This allows users to share information and resources among one another. File sharing can be facilitated by shared directories or groupware/collaboration applications.

  • Email services—Email provides the capability for a user population to send unstructured messages to individuals or groups of individuals via a terminal or PC.

  • Print services—Print services enable users to access printers either directly or through print servers (which manage the formatting and scheduling) to execute print requests from terminals or PCs connected to the network.

  • Remote-access services—These services provide remote access capabilities from a user location to where a computing device appears; they emulate a direct connection to the device. Examples include Telnet and remote access through a VPN.

  • Terminal-emulation software (TES)—TES provides remote access capabilities with a user interface as if that user were sitting on the console of the device being accessed. As an example, Microsoft Terminal Services connects to the remote device and displays the desktop of the remote device as if the user were sitting at the console.

  • Directory services—A directory stores information about users, devices, and services available on the network. A directory service enables users to locate information about individuals (such as contact information) or devices/services that are available within the organization.

  • Network management—Network management provides a set of services that control and maintain the network. It generally provides complete information about devices and services with regard to their status. Network-management tools enable you to determine device performance, errors associated with processing, active connections to devices, and so on. These tools are used to ensure network reliability and provide detailed information that enables operators and administrators to take corrective action.

Because of the complex nature of networking and the variety of standards both in use and constantly evolving, implementation and maintenance poses a significant challenge. Managers, engineers, and administrators are tasked to develop and maintain integrated, efficient, reliable, scalable, and secure networks to meet the needs of the organization. Some basic critical success factors apply to these activities:

  • Interoperability—A large number of devices, system types, and standards usually support network communication. All the components must work together efficiently and effectively.

  • Availability—Organizations need continuous, reliable, and secure access to network devices and services.

  • Flexibility—To facilitate scalability, the network architecture must accommodate network expansion for new applications and services.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020