Many books and articles attempt to provide an overview of the many networking options available, explain the advantages and disadvantages of each, and allow the reader to select the most suitable technology for his or her requirements. This book, however, is not intended for the user that needs (or even cares about) a complete survey of networking technologies. As a result, it will be assumed that you want to install an Ethernet network using Windows 98 as the operating system on some or all of the computers. This is not a controversial decision, since Ethernet has been the most popular networking technology in the world for over twenty years.

The other assumption that this book makes concerns the size of your network. As you go beyond twenty or so machines, networking becomes more complicated and requires a good deal more planning and maintenance. Usually, once a network grows to this size, it begins to function more on the client/server paradigm than as peer to peer, and requires servers running Windows NT, 2000, or another network operating system.

Having these basic decisions made for you, however, doesn't mean that you won't be able to exercise your own choices in the design of your network and the policies with which you'll run it. It only means that the technologies assumed here have benefits that will simplify the tasks of installing, maintaining, and using your network. Indeed, you will find that there are more than enough decisions for you to make as go about planning your networking strategy.

Planning is the most important element of network construction, no matter how large or small the LAN is to be. Much of this book concerns networking strategies and techniques that a new administrator should be familiar with before installing or even purchasing any network hardware. Table 3-1 lists the questions that should be answered during the planning phase, briefly explains why they are important, and specifies where to look for more information on the subject.

Once you have decided to install an Ethernet network, the next step in the physical plan is consider the physical layout. If you are going to be networking a collection of computers that already exist in a home or office, you will probably want to cable the machines together in their current locations. If you are installing the entire network (including the PCs) at a new location, you should consider the requirements of the network when you develop the floor plan for your site.

For anything but the smallest, most informal network, it is a good idea to create an actual floor plan (either on paper or in some sort of graphics application) showing the locations of the computers to be connected, other devices such as hubs and printers, and services like telephone jacks and electrical outlets. In particular, you should document the locations of the cables connecting the computers and other devices, especially if the cables are to be installed in the walls and ceilings or otherwise hidden from view.

Clearly this step is not called for in the case of a two- or three-node home network, but if you plan to hire contractors to perform any installation, expansion, or support tasks, the more documentation you have on the configuration of the network, the easier it will be to work on it later.

For a basic 10BaseT or 100BaseTX Ethernet network using a single hub, the cabling guidelines are simple. All of the cables linking the computers to the hub must be no more than 100 meters (328 feet) long. In most cases, the computers in the average home or office are much closer to each other than this, but you must consider the actual path of the cable when calculating these distances.

If, for example, you plan to install the cable along the baseboards of your home through several rooms, you must factor in the additional length required to run up and around doorways and other obstacles when you calculate the distance between machines. The type of cable installation you choose to perform (or have professional installers perform) can also have a bearing on these distances. Snaking wires through walls and ceilings rather than along the walls can either add or subtract from the amount of cable required to connect two machines, depending on the nature of the structure.

The location of the hub can is also an important element of the network layout. Since each cable leading to the hub can be up to 100 meters long, you can have two computers that are 200 meters apart if you install the hub at the midpoint between the two machines. The hubs used for networks of this size are small, unobtrusive devices that you can install in almost any location that has an electrical outlet. They require no monitoring, and need not be located anywhere near the computers they connect.

However, you want to be sure that the hub is protected from damage by everyday foot traffic and other environmental forces. A malfunction in one computer or cable affects only that one computer. If the hub is damaged, its cables disconnected, or its power supply interrupted, the entire network will cease to function. Unlike the metal-cased, rack-mounted affairs used on large networks, hubs for workgroup networks are small, often have plastic cases, and are relatively fragile. Locating the hub behind a desk or in a closet where it is protected is good idea.

A typical small office network will consist of computers located in a few rooms, all of which are adjacent to each other. If this is the case, you can place the computers in virtually any location that is convenient. If you must span distances longer than 200 meters, you can use multiple hubs to extend the maximum distance between machines. Note, however, that 100BaseTX Fast Ethernet imposes stricter limitations on the maximum number of hubs used on the network than 10BaseT.

Although 10BaseT and 100BaseT Ethernet are installed in what is referred to as a star topology, the "star" is figurative, not literal. As long as all of the computers are connected to the hub by a cable less than 100 meters long, there is no need for them to be equidistant from each other or use the same length cable, as in an actual star.

The single most complicating factor in the network layout is when computers and printers have to be located in different rooms, or worse, on different floors. However, this is strictly a cable installation problem; it does not affect the functionality of the network. See Chapter 5, Wiring a Home or Office Network, for more information on the cable installation process.

Depending on the size of your office and the furniture you will use, you may also want to consider where on or near the desk the computer will go. If your are buying new PCs for the network, the location of the machine can determine which type of case you purchase. Mini-tower systems are very popular today because they require a small footprint on the desktop and can also be placed underneath the desk. Desktop systems require more space, but you can usually place the monitor on top of them.

If you already have desktop systems, there usually is not a problem with running them on their sides so that they will fit under a desk. The only problem you may have would be with loading tray-style CD-ROM drives in the upright position. If the case is wide enough, the computer may stand up by itself; otherwise, you may want to purchase a stand designed specifically to hold it upright.

Another factor to consider when planning the layout of your network is the electromagnetic interference that can be generated both by computers and by other nearby devices. The signals travelling through network cables can be disrupted by the interference generated by other electrical cables, fluorescent light fixtures, and other electrical devices operating nearby. If, for example, you plan to install network cables within a dropped ceiling containing fluorescent light fixtures, you should route the cables around the fixtures, taking into account the additional distance involved in your segment length calculations.

In most cases, the electric devices found in the average home or office should not present a problem, but if you are installing a network in a factory or other place where heavy electrical machinery is operating, you may have a problem. In cases like this, you can choose a different type of cable that is better suited to the environment. Shielded twisted pair (or STP) is functionally similar to UTP cable, except that the shielding around the wires is thicker and more resistant to interference. Thick Ethernet, the original Ethernet medium, is also highly resistant to interference, but is difficult to work with and hard to find these days. The ultimate solution for this problem is fiber optic cable. While fiber optic is also difficult to work with and a good deal more expensive than copper, the nature of the technology renders it completely immune to electrical interference.

All of these alternate media complicate the network construction process considerably by adding expense and inconvenience. In most cases, it would be best to try using UTP cable and route it away from possible sources of interference. If you are determined to install a network in an extremely adverse environment, then you might have to consider calling in a professional to assess the situation.

Another potential source of interference problems when planning your network is the proximity of magnetic fields to your computer equipment. Magnetic storage media like floppy disks and hard disk drives can be ruined by exposure to the magnetic fields generated by audio speakers, electric motors, and other devices. The speakers sold for use with computers are usually shielded to prevent contamination of the magnetic media, but in a home or other environment where stereo speakers or other magnetic devices are located near the computers, a problem may arise.

Monitors can also generate fields that interfere with the function of other monitors. Sometimes, in offices with cubicles that place monitors back to back on both sides of a thin dividing wall, you can see the field disturbance in annoying patterns on the monitor screens. Sometimes you can eliminate the problem by simply shifting the monitors to different positions on the desks. In other cases, some additional shielding may be necessary. Believe it or not, flat metal cookie-baking sheets placed against the wall behind each monitor can be ideal for this purpose.

Office workers that are unaware of how computers store data may also find that the metal mini-tower systems on their desks are ideal targets for refrigerator magnets and other cute little decorations. You should discourage this practice in no uncertain terms.

In addition to plotting out the distances between your computers, you should also consider the access that your PCs will require to other services and devices. For example, if you are planning to use modems to connect your computers to the Internet or host remote users through dial-up connections, you must be aware of the proximity of the systems to the available phone lines.

Another consideration should be the proximity of your systems to a suitable source of power. If you don't have electrical outlets near enough to the locations of your computers and other devices, it might be a good idea to have some electrical work done to your site as well. If your network will be located all in one room, you should be aware of how much of a load you're placing on the individual circuits. A room with multiple outlets all connected to the same circuit is functionally identical to plugging all of your machines into a single outlet. For up to three or four computers, this may not be a problem (depending on the service supplied to the building), but ten or twelve machines can be too much for the average circuit to handle.

All of the computers on your network should get their electrical power from a source with a surge protection circuit. This will protect your expensive equipment against power surges resulting from electrical storms or other disturbances in the service. If you must use extension cords to provide power to certain devices, be sure that they all have a functioning ground (a three-prong plug in the U.S.).

Depending on the type of applications you intend to use and the nature of your business, it may be a good idea to protect some or all of your computers with an uninterruptible power supply. A UPS is a device containing a battery that is constantly charged by standard AC current, into which you plug your computers or other devices. When a power failure occurs, the UPS continues to supply battery power to the devices for a period of time. UPS' are not intended to enable users to continue working in the event of a blackout; the point of using them is to give you time to shut down your computers in the proper manner when a power failure occurs.

When a Windows system is improperly shut down, it is possible for files that are open at the time to be corrupted. Databases and other important business files are particularly subject to damage in this way. If you intend to run an application that works with data that is vitally important to you or your company, protecting the system on which the data is stored is a good idea. Depending on how many systems you have to protect and their locations, you can purchase either small UPS units intended for individual systems or large ones that several computers can share. Of course, if you choose the latter option, you must account for the UPS in your floor plan so that computers requiring protection have access to it.

Environmental systems are another factor you may have to consider. Computers, monitors, printers, and other office devices can generate large amounts of heat. Laser printers, copiers, and fax machines can also give off fumes that are unhealthy to everyone and intolerable to people that are particularly sensitive. Depending on the nature of your business and your network's users, noise may also be a problem. All of these conditions can contribute to the creation of a workplace in which productivity suffers because of adverse conditions.

A single room with ten or twelve computers and a couple of printers in it, as well as the people who use them, can get to be extremely warm in the summer months if there is not adequate cooling and ventilation. You might also find workers complaining of headaches and other ailments caused by the fumes combined with other discomforts. In some cases, users may be continuously bothered by the fan noise in the average PC.

You can address these problems by installing additional ventilators or air conditioning equipment and locating printers, copiers, and other such devices away from where users regularly work. Placing a computer under a desk instead of on it can reduce the fan noise.

The location that you choose for a printer is important both in terms of convenience to your users and the method that you will use to connect the printer to the network. Your first consideration should be questions like who will access the printer and how often? You should select a location for the printer that provides its users with convenient access without bothering them with excessive noise and fumes, and without taking up half of a user's desk. However, there are definitely factors to consider other than finding a central location that is easily accessible to everyone that needs to print.

Chief among these factors is whether you will connect your printer to a Windows 98 machine using a standard parallel or serial connection, or connect it directly to the network using one of the third party network interface devices designed for use with printers. These devices take the form either of an external box or a card that you insert into a printer with an expansion slot. Both types have a jack that lets you connect them directly to a hub with a standard network cable. The software that comes with the product enables Windows 98 systems to locate the print server device on the network and send print jobs to it.

The advantages and disadvantages of these two network printer connection methods are summarized in Table 3-2.

If you are building your network on a tight budget, Windows 98 is perfectly capable of sharing workstation-connected printers without the use of third party products. However, if the ideal location for your network printer is more than ten feet from the nearest workstation, then an external print server may be the perfect solution.

When you share a workstation printer, the computer to which it's attached functions as the print server. This means that the computer receives the print jobs from the other systems on the network, stores them on its local drive, and feeds them to the printer at the appropriate rate. Depending on the amount and type of printing done by your network's users, these processes can place a considerable burden on the PC functioning as the print server. A user working at this station is likely to notice a degradation in performance that is at least annoying and at worst intolerable. The problem will be particularly bad if your users regularly print very long documents or documents that contain a lot of complex graphics (especially in color), as these types of print jobs can consist of files that are many megabytes long.

One possible solution to this problem is to use an especially well-equipped system for the print server. A large, fast hard disk, extra memory, and fast processor will help to minimize the performance hit (and go a long way towards satiating the user stuck with the printer on his or her desk). Another possibility is to use an older, underpowered system that you don't need for anything else as the print server, and dedicate it exclusively to this task.

Third-party print server devices eliminate this problem, since they exist as separate entities on the network, and are not permanently associated with any particular workstation. The industry standard for devices of this type is the JetDirect line of print servers manufactured by Hewlett Packard. Many HP printers have expansion slots that can hold a JetDirect print server on a card; for other types of printers, HP also markets standalone print server devices. These devices take the form of a small box into which you plug a network cable and a parallel cable that connects to the printer, as shown in figure 3-13. External print servers come in versions that support various networking protocols and cable types, and various numbers of printers. A simple, external JetDirect print server supporting one printer for an Ethernet network runs about $150.

Another advantage of an external print server is that you can situate the printer in any location that a network cable can reach. For a standard 10BaseT network, this means that the printer can be up to 100 meters away from the hub. This is a far more flexible arrangement than the maximum 9 foot cable length recommended for a parallel connection. Moving the printer farther away from the workstations means that users are less likely to be bothered by the desktop clutter, noise, and fumes that a printer can generate.

Apart from basic file and printer sharing, you should also consider early what other services you plan to provide to your network users, as these decisions can affect your hardware purchases as well as the network installation process. The following sections examine some of the most common services installed on small networks. The details of purchasing and deploying the hardware and software required for these services appear later in this book. It is not absolutely necessary to decide at the outset what services you will provide, as all of the systems can be retrofitted as upgrades. However, including them in the initial planning process can sometimes same you time, effort, and money expended on a solution that will later be replaced.

Internet access has become virtually synonymous with personal computing, and one of the big advantages of installing a network is the ability to share a single Internet connection among several users. If you plan to provide Internet access to some or all of your network users, you can use individual modems for each PC, but this will require multiple phone lines and ISP (internet service provider) accounts. As an alternative, you should consider using one system to connect to the Internet and then configuring the other computers on the network to share that connection. In essence, the connected system is functioning as a router between your local network and the network operated by your ISP.

Sharing an Internet connection can cut expenses, because only one computer requires the hardware and software needed to connect to the ISP. In addition, users have immediate access to Internet resources through the LAN, without having to wait for the modem to dial and connect. Shared access also makes sense when your users require only limited access to the Internet. If, for example, you only want to provide your users with access to Internet e-mail, a single dial-up connection shared by your entire network could be sufficient. For web browsing and other applications, a faster connection such as an ISDN or cable modem will probably be required.

During the planning stage, you will want to consider how much bandwidth your users will require and what technology you will use to provide it. Table 3-3 lists the most common types of Internet connections used on small networks, the speeds at which they run, and a summary of the applications for which you can use them.

The applications provided in this table are rough estimates of the bandwidth required for the specified activities. Your users' needs may be greater or less than average, and require an adjustment to the estimations.

Once you decide which connection type to use, you should plan for the purchasing and installation that will be required to implement it. Dial-up connections are easy, as they require only the installation of a modem, and possibly an additional phone line. Cable modems are also relatively easy, because the cable company usually supplies the modem itself and takes care of the entire installation process. ISDN can be much more problematic because you have to deal with your phone service provider as well as an ISP. In addition, you might have to purchase the proper hardware yourself.

Once you arrange for the connection, you have to determine how you will share it with the other systems on the network. Window 98 does not provide this capability itself; you must purchase a software program that enables the operating system to route the IP protocol to the rest of the network. For more information on Internet connection types and implementing them in a routed network environment, see Chapter 10, Accessing the Internet.

E-mail is another basic network service that you will probably want to implement. The decisions that you should make at this early stage concern which type of e-mail service you want to provide and what products you will use to provide it. If you will be connecting your network to the Internet, you will want your users to be able to send and receive Internet e-mail, but it is also possible to set up an internal e-mail system, or a combination of the two.

With Internet e-mail, a user on your network can send mail to any other user on the network, but the message has to travel out to the mail server through your internet connection and then back in to the recipient over the same connection. For a typical text-only e-mail message, this is no problem, but if a large file is attached to the message, you may find that the entire bandwidth of the Internet connection is monopolized for long periods of time as the file is transferred. It just makes no sense for a message to travel thousands of miles around the Internet in order to reach a computer located a few yards away. An internal e-mail server enables users on the same network to exchange messages (including attachments) almost instantaneously, without utilizing the Internet connection.

Setting up your own e-mail server requires the installation of either an e-mail software package on an existing computer or a dedicated e-mail server device. You should decide early on whether the additional functionality of an internal e-mail server is worth the extra expense. In any case, you will have to decide which e-mail client your users will run.

Application services such as database and web servers also require planning, even if no special hardware is needed for the deployment. Client/server applications often need additional system resources on the server end to provide the storage and processing capabilities required to support multiple clients. You may have to purchase (or upgrade) your PCs with additional memory and/or disk space to accommodate the server software.

If you are going to be networking together a collection of existing PCs, you probably will not want to make radical changes in your users' working habits. However, if you're building a new network it can be a good idea to plan out in advance where you will store the data shared by your users. For more information on developing an application and storage strategy for your network, see Chapter 9, Network Applications.

Security must be an element of your network plan. Unless you work in complete isolation from other users, there is always a chance that someone might access your data or damage your system, whether deliberately or not. Even on the most informal network, such as two computers connected in a home, you should take steps to protect the systems from unauthorized access. Even if you don't have files on your computer that you don't want the kids to see, you should prevent them from accessing your system files and applications, so that they are not inadvertantly deleted.

Internet access presents a much greater threat. The people who inhabit the subculture of hackers and high-tech vandals do not need a reason to trash your system; just the thrill of conquest is enough. Apart from direct access to your shares, the dangers from an Internet connection can include insidious programs called viruses, trojans, and worms. Protecting yourself from these intrusions is a necessity.

Protecting your computers from unauthorized access over the LAN is not a sign of distrust. The situation is actually no different from storing expensive crystal glassware in a sturdy cabinet. You don't necessarily expect family members or co-workers to try to break your things, but accidents do happen, and you're just trying to protect yourself against them.

The primary danger inherent in networking your computers is giving people unlimited access to the file system. A single misplaced keystroke or mouse-click can delete a word processing file containing that vital report you wrote for work or the final chapter of your novel. Even worse is the possibility of disabling your system entirely, such as by deleting the C:\Windows directory.

To protect yourself against this type of accident, be careful about what directories you choose to share with the network. Many times on small networks, people find that the easiest course of action is to simply create a single share at the root of each drive in the system, providing anyone on the network with access. This is not necessarily a bad idea, as long as you exercise some control over that access. A read-only share of the entire drive enables network users to access any of your files without giving them the ability to modify or delete them. You should, however, be more judicious about the full control access you grant to a system's drives. Only the network administrator should have full control access to the entire drive. Other users should have no reason to access directories like C:\Windows or C:\Program Files, that contain the operating system and application files.

For directories that you do want to share with other users on the network, it is best to store them in one place, away from program and operating system files, such as in the C:\My Documents directory. You can then create a share out of this directory, granting full control to those users that need it. For more information on creating a network-wide data storage and sharing strategy, see "Sharing Data Files," in Chapter 9, Network Applications.

The share-level file system access control mechanism built into Windows 98 does not have the flexibility of user-level access control (which requires a Windows NT or 2000 server). You cannot grant access to files and directories based on user or group names, nor can you specify levels of access beyond Read-Only and Full Control. For this reason, a Windows 98-only network is not suitable for an installation where document security is a high priority

Sometimes, by concerning themselves with network access control issues, network administrators neglect the physical security of the workstations under their control. Even if you carefully protect a computer's file system by judiciously creating and configuring shares, this does nothing to stop an intruder from walking up to the machine when the user is away from the desk and accessing the files directly. Depending on the sensitivity of the data stored on the computers, part of the job of creating an adequate security policy for your network might be to utilize other features to protect the systems, such as BIOS passwords, screen saver passwords, and even locked office doors.

Another potential security risk to a network is the introduction of viruses by unwitting users. While viruses and other harmful programs introduced through an Internet connection are a definite risk, it is also possible for users to damage their systems by installing outside software onto their computers or using infected disks. Once a single machine on the network is infected, it is easy for the virus to spread throughout the whole network.

As a general rule, you should not permit users to install unauthorized software onto a business network, and you should scan systems regularly for virus infections. Depending on the needs of the users and the nature of the network, you can take steps to prevent people from installing applications or running personal programs using system policies, but once again, a Windows 98-only network is probably not suitable for a high-security installation.

Internet connections represent a far greater security hazard than internal systems, and they are more difficult to protect. Whenever you provide your network users with the ability to access resources outside the network, you open up the network to the possibility of intrusion from outside. A door normally lets people in as well as out, unless you take steps to secure it.

Typically, when a computer connects to the Internet using a dial-up modem connection, the ISP's server provides it with the IP address that identifies it on the Internet. Every computer connected to the Internet must have an IP address, and this is essentially what provides the means for outsiders to access the system. Although many users don't realize it, their activities while connected to the Internet are not anonymous. Most web sites log the IP addresses of every visitor, and with the help of the ISP that owns the address, can trace any unauthorized or illegal activities back to the user.

In many cases, it is also possible for hackers and other criminals to discover the IP address of a particular user and attempt to gain access to their system. This access can range from simple attempts to pentrate the system's share passwords to more elaborate forms of intrusion. For example, it is not uncommon for corporations with relatively unprotected networks to discover that outsiders are using their systems to host FTP or web sites containing large amounts of pirated software and other data.

Fortunately, ISP's typically assign IP addresses dynamically to each dial-up connection. This means that your computer will have a different IP address each time that you connect. This greatly reduces the chances of anyone accessing your system, because your Internet identity is always changing. Another form of protection is provided when the ISP assigns unregistered IP addresses to users. An unregistered address is one that is inaccessible from the Internet, thus preventing outside intruders from accessing your system.

When a computer is connected to a network and to the Internet at the same time, you can conceivably open up the entire network to intrusion. If the network uses the TCP/IP protocols, it is possible for the system connected to the Internet to function as a gateway to the rest of the network. This is usually not possible with a Windows 98 system, because Windows 98 cannot route TCP/IP traffic between networks. This means that although the connected system may be in danger, the rest of the network usually is not.

The situation changes, however, when you use a Windows 98 system to host a shared connection to the Internet. By definition, the connected system is in this case functioning as a router, and it is theoretically possible for Internet users to access any computer on your network through that router. Chapter 10, Accessing the Internet, describes various methods for sharing an Internet connection with the network. In most cases, the software products required to enable Windows 98 to route TCP/IP traffic between the local network and the Internet require you to use unregistered IP addresses for your computers. This automatically prevents intrusion from outside the local network.

Other Internet access solutions present different security problems. Cable television companies that provide Internet access use unregistered IP addresses for their client systems, but they also connect the computers to an Ethernet network with the other subscribers in the area. Most of the time, the installers disable Windows 98's file and printer sharing when they connect the system to the network, but if you're running your own LAN, this is not practical. What this means is that other Windows users on the cable network can see your machine and your shares. If you don't have adequate passwords on them, they can even access your files. However, as with a dial-up connection, they won't be able to access the rest of the network.

The Internet poses other threats besides direct access via IP addresses, however. Files downloaded from the Internet can contain viruses and other destructive programs, such as trojans, which are programs that masquerade as innocent applications but can actually damage your files, and worms, which are designed to infiltrate programs and destroy data. Some of these programs are also spread by other methods, such as in e-mail messages and word processor macros. It's difficult to police your users' activities on the Internet, but you can protect your network by using virus scanners that examine all incoming files, including e-mail attachments, for potentially dangerous programs.