Peer-to-Peer Networks

Typical of this phase of networking is the peer-to-peer network, in which each computer on the network has an equal ability to make its resources available to all the others. Examples are Appletalk, standard on the Apple Macintosh since 1984, Microsoft Windows for Workgroups, and Novell Personal NetWare. Microsoft continues to provide peer-to-peer networking in Windows 95 and Windows NT Workstation. The ease with which users of peer-to-peer networks can share files and printers is both appealing and alarming.

If you work with a small group of trusted colleagues, this approach to networking can be both convenient and efficient. But as such networks grow, systems become harder to manage and trust is spread thinner. Access is difficult to control, because the network operating system was not designed with control in mind. All connections between a peer-to-peer network and other systems, such as the Internet or a dial-up line for a remote user are a security threat. For example, unless specific and nonobvious precautions are taken, any machine on a Windows 95 peer-to-peer network which dials out to the Internet immediately creates a path by which any other system on the Internet can access your shared resources.¹⁷

---

¹⁷For a test, point your Web browser to www.omna.com/yes/mwc/info, a page that tells you how your Windows 95 machine is configured.

---

Server-Based Networks

Novells’ main Netware product has always been a server-based network operating system and this path was followed by IBM, and later Microsoft (in the form of Microsoft LAN Manager which has evolved into Windows NT Server). Note that PCs connected to a network file server as clients act as workstations, not terminals. In other words, they do not give up their ability to locally input, process, store, and output. Furthermore, unless they are logged onto the network, the network cannot have any effect on their security, which has serious implications. For example, when a PC has been logged off, the network operating system cannot control access to directories on its hard drive or prevent the user running locally stored applications.

Similarly, the network file server may scan both server and client directories for malicious code, but it cannot scan clients when they are not clients, that is, when they are logged off. This means that viruses can still infect machines that are part of the network. When an infected local machine later logs onto the network, it can spread the virus to the server.

While it is typical for the network file server to require that only authorized users, with valid users name and passwords, be allowed to use network resources, the network itself cannot identify users who do not log on. Theft, destruction, or corruption of data that are stored locally on a client is thus entirely possible, unless additional controls are in place. However, some interesting variations are possible when PCs are networked. For example, it is possible to configure desktop machines so that they cannot be operated unless they are logged onto the network. This can be achieved by extending the BIOS-based security described earlier (other examples of enhanced BIOS include alerting the network if the PC is logged off or disconnected).

Network Computers

If access to local storage is also blocked at the BIOS level, or removed completely, then the desktop computer becomes a truly dedicated client, useless without its properly authenticated network connection. Of course, some might argue that the machine is no longer a “personal computer,” but from a security perspective the response is likely to be “so what?”. In fact, today’s networking technology allows the network to provide users with their own sever-based storage and their own customized applications and settings, without the need for local storage. This facilitates centralized management of security tasks such as backup, authentication, and malicious code scanning.

The personal computer (PC) is thus transformed into the network computer (NC), a reincarnation of the diskless workstations that flopped in the 1980s. Back then, server-based software was far less exciting than the code you could run on standalone desktop machines, which were first adopted by eager do-it-yourself programmers who were people with a natural aptitude for productive use of the technology. Now that more than 50% of the workers in America have to use a computer of some kind, there is less need for each one of those computers to be personally managed and controlled.