The Internet has undergone remarkable growth over the last several years. That growth has been fueled both by individual users and by a rush of businesses, schools, and other groups connecting their internal LANs and WANs to the Internet. In this chapter you learn how to connect your own network to the Internet, how to configure your existing network servers and clients to use Internet services, how to publish information to the Internet from your servers, and how to secure your network to protect it from intrusions while doing all of the above.
The Internet is just that: a large network which interconnects many smaller networks into a seamless whole. Originally developed by the U.S. Department of Defense, the Internet started by connecting internal networks at a few universities and think tanks, then gradually expanded. As other regional networks formed, like the New England Area Regional Network (NEARnet) and the Southeastern Universities Research Association Network (SURAnet), they joined the Internet. Commercial companies began to connect, drawn by the promise of easy access to information resources and the simplicity of joining LANs in different geographic regions.
The metaphor of the Internet as an "information superhighway" has perhaps been overused, but it's accurate in some respects. If you build a house, you must make sure it's connected somehow to a street so that you can drive to and from your garage or carport. Likewise, the first step in connecting your network to the Internet is to find a way to move your packets between your LAN and the Internet itself.
In all cases, you'll deal with an Internet service provider, or ISP, to get a connection. ISPs come in all shapes and sizes, from large national providers like UUnet, AT&T, and MCI, to regional providers like Mindspring (in the southeastern U.S.) and iQuest in the U.S. Midwest, to local providers like AIRnet (serving small communities in northern Alabama) and Washington D.C.'s Digital Express.
Before you choose an ISP, it's important to think about your needs. Here are some factors to consider when selecting a provider:
After you've found an ISP to carry your traffic, you still need a physical data path to move that traffic back and forth. There is a variety of communications methods and speeds for connecting your network to the Internet; which one is right for you depends on your needs and your budget.
In this section, you'll learn about some different connection methods and gain an understanding of each method's benefits and drawbacks, as well as some sample costs.
NOTE: There are usually two separate costs involved in getting an Internet connection: the fee you pay to the ISP you choose, and the fee you pay your local phone company for the leased or dialup line that you use to reach the ISP.
Dialups. Dialup connections use an ordinary analog modem (usually at v.34 or v.32bis speeds) and an ordinary analog phone line to connect your network to your ISP. There are two types of dialup connections: on-demand and dedicated. As the names imply, an on-demand connection is only active when your network is generating or receiving Internet traffic, while a dedicated connection is always active.
Using dialup equipment offers some attractive benefits:
If you want more detailed information on connecting modems to your network, see chapter 25, "Adding Network Modems."
Connecting a Dialup Line to Your Network. There are two approaches to connecting your LAN to the Internet over a dialup connection. The first involves connecting one or more modems directly to your network. Just as some laser printers include an Ethernet port that allows them to be connected to the network, some modems or modem/router combinations can be connected directly to your network and shared. When a machine on your network requests a connection to an outside host, the modem connects to your ISP and begins routing packets.
The second, and very similar, approach is to mount a modem on one of your network servers and use the server itself to route IP packets destined for the Internet over the modem. This option is discussed in the section "Adding Internet Capability to Your Servers" later in the chapter.
Leased Lines. Leased line connections get their name from the fact that you lease an actual physical wire (or part of a larger-capacity channel, like an optical fiber) from the local telephone company to carry your traffic. This line is reserved for your use, and it carries your packets to your ISP.
NOTE: In the U.S. telephone system, a single pair of copper wires can carry 56 Kbps. 1.544 Mbps connections (often called a T1 connection, after AT&T's internal code for a 1.544 Mbps line) are made up of 24 pairs of 56 Kbps lines. A DS3 or T3 line runs at a blistering 45 Mbps and is made up of multiple T1s.
Leased lines offer between 56 Kbps and 1.544 Mbps of bandwidth. Fractional leased lines offer smaller increments of bandwidth at a lower cost, but the leased line charges are usually the same. A hybrid line, like AT&T's Switched-56 service, offers the capacity of a leased line on an as-needed, dialup basis. However, these services are fairly expensive, especially when compared to ISDN.
Leased lines offer some unique benefits due to the nature of their physical setup:
Of course, this speed and flexibility don't come without some additional difficulties:
Connecting a Leased Line to Your Network. The leased line requires special hardware, called a channel service unit (CSU) or data service unit (DSU) on each end to connect your existing network to your ISP's facilities. This hardware converts the digital signals from your LAN to analog signals suitable for transmission across the line. This hardware may be combined with a bridge or router to facilitate adding a connection to your existing network. Some manufacturers offer interface cards that fit standard EISA or PCI slots and put data directly onto the computer's bus; these cards can provide a simple way to get connected, especially if you're already doing IP routing on your server itself.
When your local phone company installs your leased line, you'll have a new jack, different from the familiar RJ-11 jack used with standard phones. The exact style of jack depends on the line type and the phone company. You'll use this jack to connect your CSU/DSU to the line.
If you're using a CSU/DSU built into a router, then you'll need to configure the router as part of your network; if you're using a card in your server, you'll need to configure the card using the manufacturer-supplied software, plus you'll need to tell the server how to route TCP/IP packets (see the section "Adding Internet Capability to Your Servers" later in this chapter).
If you need to know more about using bridges and routers in your network, see chapter 14, "Repeaters and Bridges," and chapter 15, "Routers."
ISDN. The Integrated Subscriber Digital Network, or ISDN, provides up to 128 Kbps over a single inexpensive copper pair. Each basic ISDN line (called a BRI line, for "basic rate interface") provides two 64 Kbps B channels (used for data or voice) and one 16 Kbps D channel (used for control and signaling). The B channels can be bonded to provide 128 Kbps of data bandwidth, or they can be used independently to carry voice or data.
If you need more bandwidth, you can get multiple ISDN lines and multiplex them together, all the way up to a primary rate interface (PRI) line--12 B channels and one D channel, for a total capacity of 768 Kbps.
TIP: To find out if ISDN is available in your area, call the National ISDN hotline at 1-800-992-ISDN. They'll ask for your address and phone number, then search your phone company's database to see whether service is available in your area.
The number of installed ISDN lines has been soaring in many regions. Here are some of the reasons why:
Connecting an ISDN Line to Your Network. ISDN connections require special hardware to link your network and the ISDN network. When the phone company installer brings your ISDN line to the point you specify, you'll have yet another kind of wall jack, called a U interface. Most ISDN devices, however, require a different kind of connection--an S/T interface. To bridge the gap between these interfaces, ISDN lines use a terminating device called an NT-1, which electrically terminates the ISDN line and converts the U interface into an S/T interface.
You have two options for actually connecting the ISDN line to your network:
Some ISDN TAs (usually the stand-alone, modem-style ones) include a built-in NT-1; that's a valuable feature because an NT-1 can cost as much as $200. Conversely, some "super" NT-1s (for example, Motorola's BitSurfr Pro) include not only the NT-1 but also standard phone jacks for connecting analog devices and even RS-232 ports! If you're connecting your server to your ISDN device, you may be able to use the RS-232 port on such an NT-1 and avoid a TA altogether.
NOTE: If you want to combine your two B channels into one 128 Kbps virtual channel (known as Bandwidth On Demand, or BONDing), be sure that your selected TA or TA-router supports this feature.
Frame Relay, SONET, and ATM. If you read industry publications like Information Week or InfoWorld, you'll see a lot of discussion of "supernetworks." These include Frame Relay, Synchronous Optical Network (SONET), and Asynchronous Transfer Mode (ATM) networks.
These three network types offer stunning bandwidth--ranging from a few Mbps all the way up to 1-2 Gbps. As you'd expect, they're quite expensive and are usually used to tie together corporate LANs into a wide-area corporate network instead of connecting to the Internet. However, as with most other technologies, increasing adoption is driving prices down, and some companies are starting to use these networks internally.
There are ISPs out there that can provide these types of exotic services, so if you need the bandwidth and don't mind spending the money, you can get connected!
After you have an ISP to carry your traffic and a physical connection between you and your ISP to do the actual work, the next step is to configure your network servers to speak the Internet's protocols.
The Internet's transmission protocol is, the Transmisson Control Protocol/Internet Protocol (TCP/IP). Although your internal network may be using NetBEUI or IPX/SPX, you'll have to make your servers and clients capable of speaking TCP/IP to exchange data with other Internet hosts.
Besides transmission protocols, there are several service protocols in common use; these protocols define how two computers can exchange mail, files, and Web pages over the Internet. Your clients and servers need to have the right software to make them compliant with these protocols as well; otherwise, they won't be able to communicate with the Internet.
Before you start making configuration changes to your servers, you need to ensure that all your Internet plumbing and wiring is in order. It's a good idea to set up a single client system, connected to your ISP via whatever connection method you've chosen, and test out your ISP's configuration with your clients. The sections that follow discuss some issues to be aware of.
Network Addressing. TCP/IP addresses are expressed as four numbers, each between 0 and 255 and separated by periods. For example, 129.135.1.1 is the address of Intergraph's corporate World Wide Web server. Network addresses are unique across the entire Internet; for example, only one machine can have the address 129.135.253.14.
If you're not already running TCP/IP on your internal network, then you face the task of assigning individual TCP/IP addresses to each machine that will be visible to the Internet. Your ISP helps you by assigning you a set of addresses for your network's use. These addresses are reserved for your use in the Internet Network Information Center (InterNIC)'s database, so no one else can use them. However, you're responsible for assigning one address to each machine and making sure that there aren't any duplicates.
This can be a difficult job, especially if you have a lot of machines. Fortunately, there's an Internet protocol that can help: the Dynamic Host Configuration Protocol (DHCP). DHCP provides a way for a not-yet-configured network node to ask a central server what its configuration parameters should be. MacTCP, Microsoft TCP/32 for Windows 3.11, Windows 95, Windows NT Workstation, and Windows NT Server all support DHCP, as do many UNIX versions.
Network Names. Each TCP/IP address also has a name associated with it; for Intergraph's WWW server, the name which matches the 129.135.1.1 address is www.intergraph.com. Your ISP will register a domain name for you with the InterNIC; this name is unique to your organization and identifies your machines and the type of organization they belong to. Table 26.1 shows some of the top-level domains on the Internet.
Top-Level Domain | Meaning |
.com | Commercial: companies and corporations |
.net | Network: ISPs, network service providers, and so on. |
.edu | Educational: colleges, universities, elementary schools, and so on. |
.org | Organizational: nonprofit groups or organizations; non corporate entities |
Country Code | Geographic: entries in this domain are grouped by country; for example, .ca for Canada and .uk for the United Kingdom |
There are other top-level domains; for example, each country in the world has its own domain, like .uk or .fr. Each top-level domain is further subdivided, so that motorola.com, kraft.com, inria.fr (a French research institute), and mit.edu are all assigned blocks of TCP/IP addresses for their own use.
NOTE: .com is mostly used in the U.S. Because the Internet is global, the InterNIC is trying to encourage U.S. users to register by geographic domain instead of by organization, as Net sites in other countries have been doing for years. These U.S. sites fall into the .us domain. For example, the city of Austin, Texas, has a domain name of ci.austin.tx.us.
Mapping Names to Addresses. Computers don't care how they're addressed, but humans like easy-to-read names, like www.intergraph.com, not hard-to-remember numbers like 129.135.1.1. To simplify things for us humans, the Domain Name Service, or DNS, matches computer names to TCP/IP addresses. The Internet's DNS system provides a tree of DNS servers; each top-level domain has a master server, as does each second-level domain (like microsoft.com).
Your network's second-level domain will need access to a DNS server; your ISP will probably give you the address of one of its DNS servers for your use; however, if you're connecting more than a few machines, you may want to run your own local DNS server to allow name resolution within your network. You might also want to maintain your own master server for your domain so that you have easy control over host names and address-to-name mappings.
Microsoft offers a protocol called the Windows Internet Name Service, or WINS, which provides a DNS-like service for mapping NetBEUI names to TCP/IP addresses. When WINS is enabled, clients use broadcast name queries, plus the local LMHOSTS file, to map names to IP addresses. You may or may not run this on your network, depending on how many NetBEUI machines you have and whether you have to interoperate with other client types.
Gateways versus Routers. One distinction that we've glossed over so far has to do with how clients on your network reach the Internet. Before you see how to configure your server for TCP/IP, you should understand the distinction. There are two basic methods for providing Internet access to an existing network.
The first method is the easiest to understand: plunk down a router somewhere on your network, connect your Internet connection to it, and let it handle moving packets around. (Of course, the router might just be a routing process running on your server instead of a physical box.) This approach requires that every client that wants access to the service be configured to speak TCP/IP, so it can be quite labor-intensive. However, it doesn't impose any additional load on the server, and it may generate less network load than the second solution.
The second method involves using gateways. Gateways are programs (or hardware devices) that convert between different protocols on a network. For example, the Columbia AppleTalk Package (CAP) is a gateway that allows UNIX servers speaking TCP/IP to handle AppleTalk packets. By installing a TCP/IP gateway on your non-TCP/IP server, you move the workload away from the client and onto the server.
Most gateways depend on tunneling or encapsulation in some way or another. Both are schemes for wrapping a "foreign" packet, like TCP/IP, in a "native" network packet. As far as the client and server are concerned, a TCP/IP packet encapsulated in an IPX packet is just another IPX packet--until it gets to the gateway, which strips off the IPX header and framing data, decodes the TCP/IP packet, and sends it to the correct destination.
Which solution is right for you? Well, that depends on your network needs and wants. The add-a-router solution is easy to understand and easy to implement, and it scales well for handling heavy traffic loads. The downside: it can require a lot of work to configure each individual client. Using a gateway means more work for whoever maintains the gateway server, as well as more load on the server, but clients won't have to fiddle with their network configurations.
Adding TCP/IP software (usually called a TCP/IP stack) to your server is relatively straightforward. In fact, TCP/IP connectivity has become so important in today's computing environment that, depending on the vendor, your operating system may have come to you with TCP/IP preconfigured and ready to run.
Adding TCP/IP to a NetWare Server. Novell NetWare servers speak Novell's IPX/SPX protocol. This is fine--until you want to connect to the Internet! The simplest solution to mixing TCP/IP and IPX is to run a gateway that converts between the two.
If the gateway's implemented as a NetWare Loadable Module (NLM), it can run on an existing server or a dedicated server; if it's a stand-alone system, similar in concept to a router, it will connect to the network at some other point.
In either case, each client machine will need Internet client software that can send out TCP/IP packets encapsulated in IPX packets. Most gateway vendors include a DLL that provides the Winsock interface for applications but emits encapsulated packets instead of pure TCP/IP. It's the gateway's job to take the encapsulated IPX packets, unencapsulate them, and send the resulting TCP/IP packet to the correct destination.
Firefox, Novell, Internet Junction, Internetware, and Performance Technology all offer suitable gateway packages.
Adding TCP/IP to Windows NT Server. Unlike Windows 3.x, Microsoft designed Windows NT to offer solid, fast TCP/IP support as part of the system's core networking tools. The NT Server installation process offers you a choice of whether to install TCP/IP as a supported protocol; if you said yes, you can skip over the rest of this section.
If you're still here, let's take a look at how you can install and configure TCP/IP on your Windows NT Server. Follow these steps:
NOTE: Most of these steps require that you have Administrator privileges on the machine you're configuring.
Figure 26.1
Use the Windows NT TCP/IP Installation Options dialog box to configure your TCP/IP
installation.
If you want to, you can also host a DHCP server under Windows NT Server. To configure DHCP, use the DHCPADMN program, found in the Windows NT system directory. DHCPADMN allows you to set the TCP/IP configuration parameters for individual clients on your network, including the following:
When an individual machine is set to use DHCP, it can still override the settings from the DHCP server, but this isn't a very good idea. In general, networks that use DHCP should avoid mixing in manual configurations. Microsoft's TCP/IP stacks for its operating system usually prevent users from changing routing or gateway information when DHCP is in use.
UNIX Servers. UNIX servers are popular for Internet use because almost every UNIX variety includes a full range of TCP/IP capabilities, including packet routing, name resolution using DNS, and route tracing. Most manufacturers include software for all the major protocols, including DNS, FTP, SMTP mail, POP mail, and NNTP news, preinstalled on the system disk.
In addition, there's a huge number of third-party Internet packages for UNIX machines; many, like NCSA's Mosaic and HTTP software, are free with source code included or available.
Many UNIX manufacturers, including Sun and Silicon Graphics, offer specially configured Internet server bundles, made up of a UNIX workstation with preloaded software and authoring tools.
The chances are excellent that your UNIX servers already have TCP/IP installed and running; in fact, the whole reason why you have UNIX servers on your network may be because of their TCP/IP support! To configure a particular flavor of UNIX, please refer to your system documentation--a comprehensive guide for all the varieties is much too long to present here.
Adding the necessary capability to your servers is a critical first step; having done that, you'll want to configure your client machines so they can access the services you've made available via your servers.
This section explains how to configure your clients to use TCP/IP, how to add Internet client software for browsing Web pages, transferring files with FTP, and connecting to remote computers with telnet.
Before you can configure your network clients to access Internet services, you have to make sure that they speak the Internet's lingua franca--TCP/IP. This section shows you how to install and configure TCP/IP stacks on your network clients to prepare them for use on the Internet.
TIP: Binding connects a piece of hardware, like a modem or Ethernet card, to a protocol stack. Your network adapter understands how to speak TCP/IP after the adapter and stack are bound together.
Windows NT Workstation. Windows NT includes a fast 32-bit TCP/IP driver as part of the base OS; however, it may not be installed and configured during the default installation. These instructions are for Windows NT Workstation 3.51, but the procedure for Windows NT Server is almost identical.
NOTE: Most of the steps here require that you have Administrator privileges on the machine you're configuring.
How To Tell if TCP/IP Is Installed. Here's how to tell if TCP/IP is installed on your Windows NT client:
Installing TCP/IP. To install or reinstall TCP/IP for Windows NT, follow these steps:
Figure 26.2
Use the Windows NT TCP/IP Installation Options dialog box to configure your TCP/IP
installation.
Configuring TCP/IP. The Windows NT TCP/IP configuration dialog box is very similar to the dialog boxes for Windows 3.11 and Windows 95. If you're using DHCP on your network, you shouldn't manually configure the clients because any settings you change on the clients will override the settings from the DHCP server.
Now that the software is installed, you must tell your network adapter to support TCP/IP in addition to its other protocols and configure TCP/IP itself. Here's what to do:
Figure 26.3
Use the TCP/IP Configuration dialog box to tell Windows NT about the gateways,
routers, and addresses you want to use for communicating via TCP/IP.
Figure 26.4
Use the DNS Configuration dialog box to tell Windows NT about the DNS servers you
want to use for name resolution.
Depending on the changes you've made, Windows NT may require that you restart the machine before it can access TCP/IP services. If you need a restart, a dialog box appears asking your permission before restarting.
Windows 95. When Microsoft built Windows 95, it copied many of Windows NT's most successful features--including the 32-bit TCP/IP stack, which is built right into Windows 95. Depending on your machine's configuration, though, you may need to activate and configure the TCP/IP stack because it's not automatically installed by default.
How To Tell If TCP/IP Is Installed. Here's how to tell if Windows 95's TCP/IP is already installed and bound to one of your network adapters:
Figure 26.5
The Network tabbed dialog box shows whether TCP/IP is installed; in this case, it's
bound to the Windows 95 Dialup Adapter, as it would be if you wanted to install TCP/IP
for use over a modem.
Installing TCP/IP. If the steps shown previously indicate that TCP/IP isn't installed, you'll need to install it. To install TCP/IP, follow these instructions:
Configuring TCP/IP. Now that the TCP/IP stack is correctly installed and bound, you'll need to configure it so that it will work on your network. To configure Windows 95's TCP/IP stack follow these steps:
Figure 26.6
Use the TCP/IP Properties sheet to tell Windows 95 about the gateways, routers,
and addresses you want to use for communicating via TCP/IP.
Depending on the changes you've made here, Windows 95 may or may not require that you restart the machine before it can access TCP/IP services. If you need to reboot, a dialog box appears asking your permission before restarting.
Windows for Workgroups. Configuring TCP/IP services for Windows for Workgroups (WfW) is widely regarded as a black art. Until 1992, Microsoft didn't provide a standard for writing TCP/IP stacks for Windows, so every vendor wrote its own. The predictable result: applications from one vendor wouldn't run on another vendor's stack.
The Winsock standard, introduced in 1992, was an effort to create a standard set of features that all TCP/IP stacks could support. Today, it's quite rare to find any TCP/IP applications that don't support the Winsock specification.
How To Tell If TCP/IP Is Installed. To determine whether Microsoft TCP/32 is already installed on your client, follow these steps:
Installing TCP/IP. If the previous steps indicate that Microsoft TCP/32 isn't installed, don't panic; just use the following steps to install it.
NOTE: To complete the installation, you'll need the "Microsoft TCP/IP-32 for Windows for Workgroups 3.11" disk; Windows NT and Windows 95 provide the TCP/IP drivers as part of the installation, but WfW 3.11 doesn't.
CAUTION: If you've been using any other vendor's TCP/IP stack, Microsoft recommends that you uninstall it by using the Remove button in the Network Drivers dialog box before installing Microsoft TCP/32.
Configuring TCP/IP. Now that TCP/IP-32 is installed, it's time to configure it to work with your network. To do so, follow these steps:
Figure 26.7
Use the Microsoft TCP/IP Configuration dialog box to tell Windows about the gateways,
routers, and addresses you want to use for communicating via TCP/IP.
After you've finished configuring Microsoft TCP/IP-32, you'll have to restart the computer for the changes to take effect.
Many companies connect to the Internet just for access to the World Wide Web (WWW) and its wealth of information and reference sources. To access the WWW, you'll need a browser--the software tool that you use to view Web pages and communicate with Web servers.
NOTE: Netscape Navigator and NCSA Mosaic are both freely available on the Internet, but their use by companies is restricted. Please make sure that you comply with the provisions of their licenses and purchase copies as appropriate for your use.
Installing NCSA's Mosaic. The National Center for Supercomputing Applications (NCSA) invented the original Mosaic, the first graphical WWW browser. Although Spyglass now owns the commercial rights to both the Mosaic name and the code itself, NCSA has continued to develop new features and put them into public releases of its Windows version of Mosaic.
NCSA Mosaic for Windows 2.0, the latest version, is available via anonymous FTP to ftp.ncsa.uiuc.edu in the /MOSAIC/WINDOWS directory. There are separate subdir-ectories for Windows 3.1, Windows 95, and Windows NT. Note that there's no Win16 version; you must be running Win32s, Windows 95, or Windows NT to run Mosaic.
Windows Mosaic is packaged as a self-extracting EXE file; after you've retrieved the file, running the EXE file will produce a set of installation files. Run SETUP.EXE and Mosaic will be installed.
To facilitate installing Mosaic on all your client machines, you may want to create a central directory on one of your file servers so that users can connect to the server and install Mosaic themselves.
For more information on using Mosaic, see Que's Special Edition Using the World Wide Web with Mosaic (ISBN 0-7897-0250-9).
Installing Microsoft's Internet Explorer. Microsoft is among the companies that chose to license Spyglass Mosaic (the commercial version of NCSA's tool) rather than writing its own from scratch. To differentiate Internet Explorer from other Spyglass Mosaic versions, Microsoft has made it fully exploit the features of Windows 95, including support for long file names, shortcuts, and the Windows 95 user interface.
Internet Explorer is part of Microsoft's Plus! pack for Windows 95; to install it, all you have to do is insert the Plus! CD-ROM in your CD-ROM drive and click the Internet Jumpstart icon. The setup installer will place Internet Explorer onto your machine.
Note that Internet Explorer doesn't work with Windows 3.1, Windows for Workgroups, or Windows NT. For complete details on installing and using Internet Explorer, see Que's 10 Minute Guide to Microsoft Internet Explorer (ISBN 0-7897-0628-8).
Installing Netscape's Navigator. Netscape, founded by several former NCSA programmers and the founder of Silicon Graphics, has one of the hottest software packages on the market right now: Netscape Navigator. Navigator offers a wealth of WWW, mail, news, and FTP features, all wrapped in a slick, multithreaded package that takes full advantage of Windows NT and Windows 95.
The latest version of Navigator 2.0, offers a host of new features--including a built-in scripting language, multiple "frames" on a single page, and a nicely integrated e-mail package.
Navigator is available via anonymous FTP from ftp.netscape.com in /NETSCAPE/ WINDOWS. Unlike Internet Explorer and Mosaic, there is a 16-bit version of Navigator; the file names are N16E122.EXE for 16-bit versions and N32E122.EXE for 32-bit software.
Navigator's packaged as a self-extracting EXE file; after you've retrieved the file, running the EXE file produces a set of installation files. Run SETUP.EXE and Navigator is installed.
Of course, there's a lot more to the Internet than just the World Wide Web; Internet e-mail, file transfer (using the File Transfer Protocol, or FTP), and remote logon services (which use the telnet protocol) offer a lot more reasons to get wired. This section discusses installing and using telnet and FTP clients.
TIP: For Winsock users, The Consummate Winsock Applications List, available from http://cwsapps.texas.net, is an invaluable source of information. Mac users should visit the TidBITS page at http://www.tidbits.com for Mac-specific information.
OS/2, Windows 95, and Windows NT all include FTP and telnet clients, but they don't offer much beyond bare-bones functionality. For example, the Windows NT/Windows 95 FTP client is a command-line interface indistinguishable from its UNIX predecessors. Fortunately, because the Winsock standard defines how applications should access the network, it's very easy to change between clients. Let's see what else is out there!
FTP Clients. The basic purpose of an FTP client is to allow you to transfer files back and forth over the Internet. That may sound simple, but then so did the DOS command line.
If your FTP needs are occasional, you might be able to get by with the stock command-line FTP client--provided you don't mind learning FTP's command syntax. A better bet might be to use one of the excellent graphical FTP clients that exist for various platforms. Here are some features to look for when choosing an FTP client:
Telnet Clients. If you want to log on to other computers across the Internet, you'll be using the telnet protocol. Like FTP, telnet sounds simpler than it really is; although the built-in Windows telnet client offers a bare-bones solution, it lacks several essential features that you'll quickly come to miss.
Here are some features you should look for when choosing a telnet client:
Integrated Packages. Integrated packages that combine FTP, telnet, e-mail, and other functions (including WWW browsers, in some cases) have become increasingly popular. Why? They typically offer a consistent user interface, and the components work well together. For example, clicking a WWW URL in a mail message might launch an integrated suite's browser.
Some suites, like Apple's Internet Connection or Netscape's Personal Edition, are really bundles of individual programs, combined with dialup SLIP or PPP modules to provide dialup access.
Most suites depend on Winsock, which is fine if you're running on an OS that includes Winsock support. On Novell networks, you can use a product like Novell's LANWorks 5.0, which provides a Winsock-over-IPX layer that allows the suite to function normally.
Most integrated packages are commercial, like Wollongong's Emissary, InterCon's TCP/Connect II, or CompuServe/Spry's Internet in a Box package. However, there are a few shareware suites, like WinQVT.
Use the guidelines listed previously for choosing FTP and telnet clients to evaluate which integrated package is right for you. In addition, if you're buying a suite that includes e-mail or WWW browsing capability, make sure that what is included will suit your needs.
In many cases--perhaps yours--the driving force behind getting connected to the Internet isn't the desire to access information but the desire to publish it. Many traditional media outlets have discovered that the Internet offers a wealth of opportunity, and even small companies can maintain a visible, viable, and valuable presence on the Internet at a fraction of the cost of conventional advertising.
NOTE: Depending on how your network is configured, you may not be able to publish information to the entire Internet (for example, if your network is firewalled)--but you can still publish via FTP and WWW services for internal use!
HTTP is the HyperText Transfer Protocol--the engine behind the WWW. By running an HTTP server on one of your machines and making it visible on the Internet, you can open up a combination storefront, showroom, and technical support center to the 15-million-plus Internet users who can access the WWW.
In general, the current crop of WWW servers for Macintosh, UNIX, and Windows NT are all fairly similar: they serve WWW pages and can process interactive forms submitted by the client. Most offer address-level access controls and user/password authentication, so you can restrict access to material on your servers. Here's a short list of questions to ask to help find the right server package for your needs:
Before there was a WWW, FTP provided a useful way to move files between computers on the Internet. The large FTP archives of Windows and Macintosh software at the University of Michigan, Washington University in St. Louis, and elsewhere remain among the leading Net sites, just because they're so useful.
You can easily set up an FTP server for internal or external use. FTP service is a nice complement to the WWW; sometimes, users just want to download a file, like a patch or a demo version of a program, and FTP does just fine for that.
You might wonder why you should bother with FTP when other file transfer tools, like UNIX NFS or Windows shared network drives, offer a standard interface that looks like the rest of the OS. Here's a one-word summary: interoperability. Clients using FTP can pull files from your site using anything from America Online to a Cray supercomputer, and everything in between. In addition, you can easily host an FTP server on anything from an old 386 running Linux to a fancy Silicon Graphics web server.
Most net archives, including those offered by major companies and universities, offer anonymous access--anyone can log on and fetch files (most sites prevent anonymous users from uploading files for obvious security reasons). Many sites also provide non-anonymous access; these sites require that you have a username and password to use them, just like logging on via telnet.
The considerations from the previous section apply here, too; you need to decide how many servers you need and whether you want to use one of the many excellent freeware or shareware servers (like Peter Lewis's FTPd for the Mac, or Alun Jones's program of the same name for Windows) or buy commercially supported servers.
The Internet is large, international, and uncontrolled. These attributes have helped it blossom into the valuable resource that it is today, but they also introduce a degree of risk for organizations that connect their own networks to it.
A firewall does just what its name implies: it separates "dangerous" things from things which need protection. For example, there's a firewall between the engine of your car and the passenger compartment. There may also be a firewall between your network and the Internet. Network firewalls serve two purposes: they keep unwanted traffic from reaching into your network, and they restrict the hosts and services that users on your network can connect to on the Internet.
Firewalls can be implemented in a number of ways. Many routers offer configuration options that allow you to force the router to ignore some routing requests, whether inbound or outbound; this blocking effectively prevents users from connecting to nonstandard ports or ports for services that you want to control access to. Several manufacturers make stand-alone firewalls which connect between your Internet connection and your network router. Finally, some software packages, like SurfWatch, allow you to restrict WWW browsing by users on your network.
Firewalls are typically not visible at the individual user level; the network administrators usually maintain them, and they can control which machines can "pierce" the firewall on an address-by-address basis.
If you already know what a proxy shareholder or a proxy holder is, then you understand proxy servers--all they do is accept client requests for services and forward them, if necessary, to a server that can answer them. In a typical proxy installation, all clients in a network point to one proxy server, which is the only machine permitted to make connections that pass through the firewall.
Almost all proxy servers, like those from Netscape and CERN, cache WWW pages. If multiple users request the same page, the page only has to be fetched over the Internet once, until it expires or changes.
Proxy servers are very useful for sites whose Internet connection is slow because proxy caching reduces the total number of requests sent out to the Net. Proxying can also provide useful anonymity for your users; some companies are very sensitive to competitive pressures and don't want to leave a clear trail of what pages their researchers or marketing employees have been visiting. If your ISP provides a proxy server, it's probably worth using it.
If you follow any of the major media, you've probably noticed a variety of reported security problems and vulnerabilities on the Internet. By design, the Internet is an open, collaborative network, with little security designed in. Many vendors have attempted--with varying degrees of success--to layer security on top of Internet standards.
NOTE: As of this writing, the Internet Engineering Task Force (IETF) has introduced a new version of TCP/IP, IPv6, that includes powerful features for verifying the authenticity of connections and protecting data from snoopers by encrypting it at the IP level. IPv6 can interoperate with "classic" TCP/IP, but if you're about to buy equipment or software, make sure to find out whether your vendor plans to support IPv6. The new features are well worth it!
Careful use of firewalling can greatly reduce the risk of an intruder breaking into your internal network from the Internet. Many corporations and universities have their firewalls set to disallow telnet connections to internal hosts from the outside world.
If you're running only machines whose operating systems don't support remote logons, like Windows and the Macintosh OS, don't assume that you have no worries; an attacker can still steal or damage files or data on these types of machines.
Most successful attacks that originate from the Internet are executed by hackers who steal, guess, or eavesdrop on passwords and access numbers--meaning that the best way to protect your machines is to carefully educate your users and administrators.
A complete discussion of security and the Internet could fill a book this size--and it has! The investment of time you make to learn about security risks on the Internet will be repaid many times over in both increased security and peace of mind.
If you don't already have a policy for making sure that new software coming onto your computers is scanned for viruses and that all machines get regular scans, now is an excellent time to start!
Not many PC viruses have been widely spread by the Internet; most often, virus infections come from infected files passed directly from user to user. However, there's only one effective way to protect your machines and that's to protect them. Be sure that you obtain and use a good antivirus tool. Make it a habit--not just a policy--to use it on software you download from the Internet.
For more information on viruses, antivirus software, and protecting your computers from viral infection, see chapter 19, "Antivirus Technology."
Here are some recommendations for configuring your network and services for increased security and safety. This list is only a starting point; make sure to think carefully about your needs and liabilities when setting access and security policies.
As you've seen throughout this chapter, adding Internet access to your existing LAN or WAN isn't that hard. You do need to think ahead to decide what connection methods best suit your needs, and you'll find that extra time invested in security planning will pay off in peace of mind and increased security. Now that you understand what to do to bring Internet access to your network, you may find the following references helpful for providing more detail:
© Copyright, Macmillan Computer Publishing. All rights reserved.