WEB A web application framework (WAF) is

a software framework that is designed to support the development of dynamic

websites, web applications, web services and web resources. The framework aims
to alleviate the overhead associated with common activities performed inweb
development. For example, many frameworks provide libraries for database access,
templating frameworks and session management, and they often promote code
reuse.[1] For a comparison of concrete web application frameworks, see Comparison
of web application frameworks.
As the design of the World Wide Web was not inherently dynamic,
early hypertext consisted of hand-coded HTML that was published on web servers.
Any modifications to published pages needed to be performed by the pages' author.
To provide a dynamic web page that reflected user inputs, the Common Gateway
Interface (CGI) standard was introduced for interfacing external applications with
web servers.[2] CGI could adversely affect server load, though, since each request
had to start a separate process.
Around the same time, full integrated server/language development environments
first emerged, such as WebBase and new languages specifically for use in the web
started to emerge, such as ColdFusion, PHP and Active Server Pages.
While the vast majority of languages available to programmers to use in creating
dynamic web pages have libraries to help with common tasks, web applications
often require specific libraries that are useful in web applications, such as
creating HTML (for example, JavaServer Faces). Eventually, mature, "full stack"
frameworks appeared, that often gathered multiple libraries useful for web
development into a single cohesivesoftware stack for web developers to use.
Examples of this
include ASP.NET, JavaEE (Servlets), WebObjects, web2py, OpenACS, Catalyst,Mojolici
ous, Ruby on Rails, Grails, Django, Zend Framework, Yii,[3] CakePHP[4] and Symfony.

SOFT Device integration BYOD isnt just a new catchphrase,

its a growing trend in which companies permitand even encouragetheir

employees to use their personally owned devices, such as smartphones and tablets,
on the job. Although this might seem attractive, it can make a companys IT
systems and data more vulnerable to malicious activity. For an expanded discussion
on this topic, listen to the podcast that accompanies this column at
www.computer .org/computing-and-the-law. WHAT IS BYOD? Its common for
employees to bring their own devices to their workplaces so they can maintain
contact with family and friends. In those instances, employees use their devices
exclusively for personal reasons. Employers usually dont take issue with that
except, perhaps, if it becomes disruptive, hampers productivity, or creates a
security risk (for example, if its used where classified materials are present). BYOD
refers to the use of these personal devices for business purposes and reflects a
blurring of the line between personal and business use on the same device. For
example, an employee might use his smartphone to access the companys email
system and read and respond to emails in connection with his job. He likewise might
make telephone calls or send and receive text messages that are business related.
If a company allows the use of personally owned devices for business purposes, it
needs to have a policy in place that, among other things, ensures the security of its
systems, protects the confidentiality of its corporate materials, and respects the

privacy of employees. The latter is particularly important, because employees

undoubtedly have significant amounts of personal information on their devices.
REASONS FOR BYOD Some argue that allowing employees to use their personally
owned devices for work-related purposes will increase productivity. An underlying
theory for this is that employees are more attuned their personal devices and will
therefore use them more efficiently and even in some cases use them for work
during their off-hours as well. Personally owned devices are typically more advanced
compared to those that are employer issued, and most people usually prefer having
newer-generation technology. An employer that allows BYOD might create the
perception that its more accommodating to employees needs and, therefore, a
preferred place to work. This can help with recruitment and potentially improve
employee morale. Also, theres the potential of reducing costs. Moving some or all
of the device acquisition and usage costs from the employer to the employee could
benefit the employer. Another reason for allowing BYOD is that its likely a fait
accompli: many employers probably cant prevent employees from using their
devices at work, so adapting to that reality might be the only reasonable option.
BYOD? OMG! Brian M. Gaff, McDermott Will & Emery, LLP B

SOCIAL NETWORKS Misinformation

Propagation in the Age of Twitter
Most Common Web Security Vulnerabilities
For all too many companies, its not until after a breach has occurred that web
security becomes a priority. During my years working as an IT Security professional,
I have seen time and time again how obscure the world of IT Security is to so many
of my fellow programmers.
An effective approach to IT security must, by definition, be proactive and defensive.
Toward that end, this post is aimed at sparking a security mindset, hopefully
injecting the reader with a healthy dose of paranoia. In particular, this guide focuses
on 10 common and significant web security pitfalls to be aware of, including
recommendations on how they can be avoided. The focus is on the Top 10 Web
Vulnerabilities identified by the Open Web Application Security Project (OWASP), an
international, non-profit organization whose goal is to improve software security
across the globe.
A little primer before we start authentication and authorization
When speaking with other programmers and IT professionals, I often encounter
confusion regarding the distinction between authorization and authentication. And
of course, the fact the abbreviation auth is often used for both helps aggravate this
common confusion. This confusion is so common that maybe this issue should be
included in this post as Common Web Vulnerability Zero.
So before we proceed, lets clearly the distinction between these two terms:
Authentication: Verifying that a person is (or at least appears to be) a
specific user, since he/she has correctly provided their security credentials
(password, answers to security questions, fingerprint scan, etc.).

Authorization: Confirming that a particular user has access to a specific

resource or is granted permission to perform a particular action.
Stated another way, authentication is knowing who an entity is,
while authorization is knowing what a given entity can do.

Common Mistake #1: Injection flaws

Injection flaws result from a classic failure to filter untrusted input. It can happen
when you pass unfiltered data to the SQL server (SQL injection), to the browser (XSS
well talk about this later), to the LDAP server (LDAP injection), or anywhere else.
The problem here is that the attacker can inject commands to these entities,
resulting in loss of data and hijacking clients browsers.
Anything that your application receives from untrusted sources must be
filtered, preferably according to a whitelist. You should almost never use a blacklist,
as getting that right is very hard and usually easy to bypass. Antivirus software
products typically provide stellar examples of failing blacklists. Pattern matching
does not work.
Prevention: The good news is that protecting against injection is simply a matter
of filtering your input properly and thinking about whether an input can be trusted.
But the bad news is that all input needs to be properly filtered, unless it can
unquestionably be trusted (but the saying never say never does come to mind
here).
In a system with 1,000 inputs, for example, successfully filtering 999 of them is not
sufficient, as this still leaves one field that can serve as the Achilles heal to bring
down your system. And you might think that putting an SQL query result into
another query is a good idea, as the database is trusted, but if the perimeter is not,
the input comes indirectly from guys with malintent. This is called Second Order SQL
Injection in case youre interested.
Since filtering is pretty hard to do right (like crypto), what I usually advise is to rely
on your frameworks filtering functions: they are proven to work and are thoroughly
scrutinized. If you do not use frameworks, you really need to think hard about
whether not using them really makes sense in your environment. 99% of the time it
does not.
Common Mistake #2: Broken Authentication
This is a collection of multiple problems that might occur during broken
authentication, but they dont all stem from the same root cause.
Assuming that anyone still wants to roll their own authentication code in 2014 (what
are you thinking??), I advise against it. It is extremely hard to get right, and there
are a myriad of possible pitfalls, just to mention a few:
1. The URL might contain the session id and leak it in the referer header to
someone else.
2. The passwords might not be encrypted either in storage or transit.
3. The session ids might be predictable, thus gaining access is trivial.
4. Session fixation might be possible.
5. Session hijacking might be possible, timeouts not implemented right or using
HTTP (no SSL), etc
Prevention: The most straightforward way to avoid this web security vulnerability
is to use a framework. You might be able to implement this correctly, but the former
is much easier. In case you do want to roll your own code, be extremely paranoid
and educate yourself on what the pitfalls are. There are quite a few.

Common Mistake #3: Cross Site Scripting (XSS)

This is a fairly widespread input sanitization failure (essentially a special case
of common mistake #1). An attacker gives your web application JavaScript tags on
input. When this input is returned to the user unsanitized, the users browser will
execute it. It can be as simple as crafting a link and persuading a user to click it, or
it can be something much more sinister. On page load the script runs and, for
example, can be used to post your cookies to the attacker.
Prevention: Theres a simple web security solution: dont return HTML tags to the
client. This has the added benefit of defending against HTML injection, a similar
attack whereby the attacker injects plain HTML content (such as images or loud
invisible flash players) not high-impact but surely annoying (please make it
stop!). Usually, the workaround is simply converting all HTML entities, so
that <script> is returned as &lt;script&gt;. The other often employed method of
sanitization is using regular expressions to strip away HTML tags using regular
expressions on < and >, but this is dangerous as a lot of browsers will interpret
severely broken HTML just fine. Better to convert all characters to their escaped
counterparts.
Common Mistake #4: Insecure Direct Object References
This is a classic case of trusting user input and paying the price in a resulting
security vulnerability. A direct object reference means that an internal object such
as a file or database key is exposed to the user. The problem with this is that the
attacker can provide this reference and, if authorization is either not enforced (or is
broken), the attacker can access or do things that they should be precluded from.
For example, the code has a download.php module that reads and lets the user
download files, using a CGI parameter to specify the file name (e.g., download.php?
file=something.txt). Either by mistake or due to laziness, the developer omitted
authorization from the code. The attacker can now use this to download any system
files that the user running PHP has access to, like the application code itself or other
data left lying around on the server, like backups. Uh-oh.
Another common vulnerability example is a password reset function that relies on
user input to determine whose password were resetting. After clicking the valid
URL, an attacker can just modify the username field in the URL to say something
like admin.
Incidentally, both of these examples are things I myself have seen appearing often
in the wild.
Prevention: Perform user authorization properly and consistently, and whitelist the
choices. More often than not though, the whole problem can be avoided by storing
data internally and not relying on it being passed from the client via CGI
parameters. Session variables in most frameworks are well suited for this purpose.
Common Mistake #5: Security misconfiguration
In my experience, web servers and applications that have been misconfigured are
way more common than those that have been configured properly. Perhaps this
because there is no shortage of ways to screw up. Some examples:
1. Running the application with debug enabled in production.
2. Having directory listing enabled on the server, which leaks valuable
information.
3. Running outdated software (think WordPress plugins, old PhpMyAdmin).

4. Having unnecessary services running on the machine.

5. Not changing default keys and passwords. (Happens way more frequently
than youd believe!)
6. Revealing error handling information to the attackers, such as stack traces.
Prevention: Have a good (preferably automated) build and deploy process,
which can run tests on deploy. The poor mans security misconfiguration solution is
post-commit hooks, to prevent the code from going out with default passwords
and/or development stuff built in.
Common Mistake #6: Sensitive data exposure
This web security vulnerability is about crypto and resource protection. Sensitive
data should be encrypted at all times, including in transit and at rest. No
exceptions. Credit card information and user passwords should never travel or be
stored unencrypted, and passwords should always be hashed. Obviously the
crypto/hashing algorithm must not be a weak one when in doubt, use AES (256
bits and up) and RSA (2048 bits and up).
And while it goes without saying that session IDs and sensitive data should not be
traveling in the URLs and sensitive cookies should have the secure flag on, this is
very important and cannot be over-emphasized.
Prevention:
In transit: Use HTTPS with a proper certificate and PFS (Perfect Forward
Secrecy). Do not accept anything over non-HTTPS connections. Have the
secure flag on cookies.
In storage: This is harder. First and foremost, you need to lower your
exposure. If you dont need sensitive data, shred it. Data you dont have cant
be stolen. Do not store credit card information ever, as you probably dont
want to have to deal with being PCI compliant. Sign up with a payment
processor such as Stripe or Braintree. Second, if you have sensitive data that
you actually do need, store it encrypted and make sure all passwords are
hashed. For hashing, use of bcrypt is recommended. If you dont use bcrypt,
educate yourself on salting and rainbow tables.
And at the risk of stating the obvious, do not store the encryption keys next to the
protected data. Thats like storing your bike with a lock that has the key in it. Protect
your backups with encryption and keep your keys very private. And of course, dont
lose the keys!
Common Mistake #7: Missing function level access control
This is simply an authorization failure. It means that when a function is called on the
server, proper authorization was not performed. A lot of times, developers rely on
the fact that the server side generated the UI and they think that the functionality
that is not supplied by the server cannot be accessed by the client. It is not as
simple as that, as an attacker can always forge requests to the hidden
functionality and will not be deterred by the fact that the UI doesnt make this
functionality easily accessible. Imagine theres an /admin panel, and the button is
only present in the UI if the user is actually an admin. Nothing keeps an attacker
from discovering this functionality and misusing it if authorization is missing.
Prevention: On the server side, authorization must always be done. Yes, always.
No exceptions or vulnerabilities will result in serious problems.
Common Mistake #8: Cross Site Request Forgery (CSRF)

This is a nice example of a confused deputy attack whereby the browser is fooled by
some other party into misusing its authority. A 3rd party site, for example, can make
the users browser misuse its authority to do something for the attacker.
In the case of CSRF, a 3rd party site issues requests to the target site (e.g., your
bank) using your browser with your cookies / session. If you are logged in on one
tab on your banks homepage, for example, and they are vulnerable to this attack,
another tab can make your browser misuse its credentials on the attackers behalf,
resulting in the confused deputy problem. The deputy is the browser that misuses
its authority (session cookies) to do something the attacker instructs it to do.
Consider this example:
Attacker Alice wants to lighten target Todds wallet by transfering some of his
money to her. Todds bank is vulnerable to CSRF. To send money, Todd has to access
the following URL:
http://example.com/app/transferFunds?
amount=1500&destinationAccount=4673243243
After this URL is opened, a success page is presented to Todd, and the transfer is
done. Alice also knows, that Todd frequently visits a site under her control at
blog.aliceisawesome.com, where she places the following snippet:
<img src="http://example.com/app/transferFunds?
amount=1500&destinationAccount=4673243243" width="0" height="0" />
Upon visiting Alices website, Todds browser thinks that Alice links to an image, and
automatically issues an HTTP GET request to fetch the picture, but this actually
instructs Todds bank to transfer $1500 to Alice.
Incidentally, in addition to demonstrating the CSRF vulnerability, this example also
demonstrates altering the server state with an idempotent HTTP GET request which
is itself a serious vulnerability. HTTP GET requests must be idempotent (safe),
meaning that they cannot alter the resource which is accessed. Never, ever, ever
use idempotent methods to change the server state.
Fun fact: CSRF is also the method people used for cookie-stuffing in the past until
affiliates got wiser.
Prevention: Store a secret token in a hidden form field which is inaccessible from
the 3rd party site. You of course always have to verify this hidden field. Some sites
ask for your password as well when modifying sensitive settings (like your password
reminder email, for example), although Id suspect this is there to prevent the
misuse of your abandoned sessions (in an internet cafe for example).
Common Mistake #9: Using components with known vulnerabilities
The title says it all. Id again classify this as more of a maintenance/deployment
issue. Before incorporating new code, do some research, possibly some auditing.
Using code that you got from a random person on GitHub or some forum might be
very convenient, but is not without risk of serious web security vulnerability.
I have seen many instances, for example, where sites got owned (i.e., where an
outsider gains administrative access to a system), not because the programmers
were stupid, but because a 3rd party software remained unpatched for years in
production. This is happening all the time with WordPress plugins for example. If you
think they will not find your hidden phpmyadmin installation, let me introduce you
to dirbuster.
The lesson here is that software development does not end when the application is
deployed. There has to be documentation, tests, and plans on how to maintain and
keep it updated, especially if it contains 3rd party or open source components.

Prevention:
Exercise caution. Beyond obviously using caution when using such
components, do not be a copy-paste coder. Carefully inspect the piece of
code you are about to put into your software, as it might be broken beyond
repair (or in some cases, intentionally malicious).
Stay up-to-date. Make sure you are using the latest versions of everything
that you trust, and have a plan to update them regularly. At least subscribe to
a newsletter of new security vulnerabilities regarding the product.

Common Mistake #10: Unvalidated redirects and forwards

This is once again an input filtering issue. Suppose that the target site has
a redirect.phpmodule that takes a URL as a GET parameter. Manipulating the
parameter can create a URL on targetsite.com that redirects the browser
to malwareinstall.com. When the user sees the link, they will
see targetsite.com/blahblahblah which the user thinks is trusted and is safe to click.
Little do they know that this will actually transfer them onto a malware drop (or any
other malicious) page. Alternatively, the attacker might redirect the browser
to targetsite.com/deleteprofile?confirm=1.
It is worth mentioning, that stuffing unsanitized user-defined input into an HTTP
header might lead to header injection which is pretty bad.
Prevention: Options include:
Dont do redirects at all (they are seldom necessary).
Have a static list of valid locations to redirect to.
Whitelist the user-defined parameter, but this can be tricky.
Epilogue
I hope that I have managed to tickle your brain a little bit with this post and to
introduce a healthy dose of paranoia and web security vulnerability awareness.
The core takeaway here is that age-old software practices exist for a reason and
what applied back in the day for buffer overflows, still apply for pickled strings in
Python today. Security helps you write correct(er) programs, which all programmers
should aspire to.
Please use this knowledge responsibly, and dont test pages without permission!

System integration
In engineering, system integration is defined as the process of bringing
together the component subsystems into one system and ensuring that the
subsystems function together as a system. [1] In information technology, systems
integration[2] is the process of linking together different computing systems and
software applications physically or functionally,[3] to act as a coordinated whole.
The system integrator brings together discrete systems utilizing a variety of
techniques such as computer networking, enterprise application
integration, business process management or manual programming.[4]
A system is an aggregation of subsystems cooperating so that the system is
able to deliver the overarching functionality. System integration involves integrating
existing often disparate systems.

System integration (SI) is also about adding value to the system, capabilities that
are possible because of interactions between subsystems [clarification needed].
In todays connected world, the role of system integration engineers is becoming
more and more important: more and more systems are designed to connect, both
within the system under construction and to systems that are already deployed. [5]
Required skills[edit]
A system integration engineer needs a broad range of skills and is likely to be
defined by a breadth of knowledge rather than a depth of knowledge. These skills
are likely to
include software, systems and enterprise architecture, software and hardware engin
eering, interface protocols, and general problem solving skills. It is likely that the
problems to be solved have not been solved before except in the broadest sense.
They are likely to include new and challenging problems with an input from a broad
range of engineers where the system integration engineer "pulls it all together." [6]
Methods of integration[edit]
Vertical Integration (as opposed to "horizontal") is the process of
integrating subsystems according to their functionality by creating functional
entities also referred to as silos.[7] The benefit of this method is that the integration
is performed quickly and involves only the necessary vendors, therefore, this
method is cheaper in the short term. On the other hand, cost-of-ownership can be
substantially higher than seen in other methods, since in case of new or enhanced
functionality, the only possible way to implement (scale the system) would be by
implementing another silo. Reusing subsystems to create another functionality is
not possible.[8]
Star Integration also known as Spaghetti Integration is a process of
systems integration where each system is interconnected to each of the remaining
subsystems. When observed from the perspective of the subsystem which is being
integrated, the connections are reminiscent of a star, but when the overall diagram
of the system is presented, the connections look like spaghetti, hence the name of
this method. The cost varies because of the interfaces that subsystems are
exporting. In a case where the subsystems are exporting heterogeneous or
proprietary interfaces, the integration cost can substantially rise. Time and costs
needed to integrate the systems increase exponentially when adding additional
subsystems. From the feature perspective, this method often seems preferable, due
to the extreme flexibility of the reuse of functionality. [8]
Horizontal Integration or Enterprise Service Bus (ESB) is an integration
method in which a specialized subsystem is dedicated to communication between
other subsystems. This allows cutting the number of connections (interfaces) to only
one per subsystem which will connect directly to the ESB. The ESB is capable of
translating the interface into another interface. This allows cutting the costs of
integration and provides extreme flexibility. With systems integrated using this
method, it is possible to completely replace one subsystem with another subsystem
which provides similar functionality but exports different interfaces, all this
completely transparent for the rest of the subsystems. The only action required is to
implement the new interface between the ESB and the new subsystem. [8]
The horizontal scheme can be misleading, however, if it is thought that the cost of
intermediate data transformation or the cost of shifting responsibility over business
logic can be avoided.[8]
A common data format is an integration method to avoid every adapter
having to convert data to/from every other applications' formats,Enterprise

application integration (EAI) systems usually stipulate an application-independent

(or common) data format. The EAI system usually provides a data transformation
service as well to help convert between application-specific and common formats.
This is done in two steps: the adapter converts information from the application's
format to the bus's common format. Then, semantic transformations are applied on
this (converting zip codes to city names, splitting/merging objects from one
application into objects in the other applications, and so on).

Systems integrator (SI) definition

A systems integrator (SI) is an individual or business that builds computing systems
for clients by combining hardware and software products from multiple vendors.
Using a systems integrator, a company can align cheaper, pre-configured
components and off-the-shelf software to meet key business goals, as opposed to
more expensive, customized implementations that may require original
programming or manufacture of unique components. Creation of these information
systems may include designing or building a customized architecture or application,
integrating it with new or existing hardware, packaged and custom software, and
communications infrastructure. Some systems integrators working in specialized
areas, like SAPinstallations or upgrades, may offer more customization for specific
applications.

Network management

In computer networks, network management is the operation, administration,

maintenance, and provisioning (OAMP) of networked systems.[1]Network
management is essential to command and control practices and is generally carried
out of a network operations center.
Operation deals with keeping the network (and the services that the network
provides) up and running smoothly. It includes monitoring the network to spot
problems as soon as possible, ideally before users are affected.
Administration deals with keeping track of resources in the network and how
they are assigned. It includes all the "housekeeping" that is necessary to
keep the network under control.
Maintenance is concerned with performing repairs and upgradesfor
example, when equipment must be replaced, when a router needs a patch for
an operating system image, when a new switch is added to a network.
Maintenance also involves corrective and preventive measures to make the
managed network run "better", such as adjusting device configuration
parameters.
Provisioning is concerned with configuring resources in the network to
support a given service. For example, this might include setting up the
network so that a new customer can receive voice service, real time
communications etc.
A common way of characterizing network management functions is FCAPSFault,
Configuration, Accounting, Performance and Security.
Functions that are performed as part of network management accordingly include
controlling, planning, allocating, deploying, coordinating, and monitoring the
resources of a network, network planning, frequency allocation,
predetermined traffic routing to support load balancing,cryptographic
key distribution authorization, configuration management, fault

management, security management, performance management,bandwidth

management, Route analytics and accounting management.
Data for network management is collected through several mechanisms,
including agents installed on infrastructure, synthetic monitoring that simulates
transactions, logs of activity, sniffers and real user monitoring. In the past network
management mainly consisted of monitoring whether devices were up or down;
today performance management has become a crucial part of the IT team's role
which brings about a host of challengesespecially for global organizations. [2]

Information technology consulting

Information technology consulting (also called IT consulting, computer

consultancy, business and technology services, computing
consultancy, technology consulting, and IT advisory) is a field that focuses on
advising businesses on how best to use information technology to meet their
business objectives. In addition to providing advice, IT consultancies
often estimate, manage, implement, deploy, andadminister IT systems on
businesses' behalf, known as outsourcing.

Network Design and Management Overview

A computer network is a grouping of two or more computers to share data,
applications, and networked peripherals such as printers. Employees at all but the
tiniest companies depend on the network to conduct their daily tasks. Local area
networks (LANs) link computers in the same building via wires, while wide area
networks(WANs) connect geographically dispersed computers by radio wave or
telephone line (Frame Relay WANs use the latter). Many companies are also
implementing wireless LANs (WLANs) to give employees and customers the
flexibility of working in conference rooms and common areas without being
tethered to a desk.
Much like buildings, networks must be designed before they can be built.
The network design specifies thenetwork infrastructure, including:
Network topology. The topology is a layout that dictates how the
computers will be connected. Common network topologies include a star, a
bus, and a ring.
Network protocol. This is the format the data takes as it passes over the
network connection. The protocol determines how the computer sends and
receives messages and what type of data compression is used. Ethernet is
one of the most popular protocols, supporting data-transfer rates of up to 10
megabits per second.
Network architecture. The network architecture can take one of several
forms, including peer-to-peer(in which each computer or node on the
network has equal capabilities) and client/server (in which one node, the
server, is more powerful and manages network functions for the client, or
PC, devices).
The network architect must utilize the right mix of technology to provide adequate
network bandwidth for the network users' needs. Network bandwidth is the
amount of data that can be transmitted on a network in a particular amount of
time. Video- and graphic-intensive applications require higher bandwidth than

simple text-based programs. Bandwidth management software helps identify and

alleviate network bottlenecks. Network administrators also use load balancing to
allocate network bandwidth to compute-intensive applications so they won't bring
down overall network performance.
Many companies are choosing to install fiber-optic cables to transmit data on their
network as fiber optic technology is capable of much higher data throughput than
conventional metal cables.
Another critical network feature is fault tolerance, which is the network's ability to
recover from an unexpected failure. Since a company's revenue and reputation
often ride on its network, many companies employ multiple layers of fault
tolerance. These range from a backup power source in case of an electrical power
outage tomirroring the data from one server onto another server that will
automatically take over ("fail over") in case of failure. Network clusters are also
used to prevent unexpected data loss.
With the network design and installation complete, the focus shifts to network
management and maintenance. Network administrators must ensure the network
operates reliably, that its performance or speed is adequate, and that it is secure
from unwanted intrusion. With the advice of internal or external security
professionals, network administrators use techniques and technology, including
firewalls and user authentication, to ensure data stored on a computer on the
network cannot be read without proper authorization.