Transcript Chapter 13

Network+ Guide to Networks,
Fourth Edition
Chapter 13
Ensuring Integrity and Availability
Objectives
• Identify the characteristics of a network that keeps
data safe from loss or damage
• Protect an enterprise-wide network from viruses
• Explain network- and system-level fault-tolerance
techniques
• Discuss issues related to network backup and
recovery strategies
• Describe the components of a useful disaster
recovery plan and the options for disaster
contingencies
Network+ Guide to Networks, 4e
2
What Are Integrity and Availability?
• Integrity: soundness of network’s programs, data,
services, devices, and connections
• Availability: how consistently and reliably file or
system can be accessed by authorized personnel
– Need well-planned and well-configured network
– Data backups, redundant devices, protection from
malicious intruders
• Phenomena compromising integrity and availability:
– Security breaches, natural disasters, malicious
intruders, power flaws, human error
Network+ Guide to Networks, 4e
3
What Are Integrity and Availability?
(continued)
• General guidelines for protecting network:
– Allow only network administrators to create or modify
NOS and application system files
– Monitor network for unauthorized access or changes
– Record authorized system changes in a change
management system
– Install redundant components
– Perform regular health checks
Network+ Guide to Networks, 4e
4
What Are Integrity and Availability?
(continued)
• General guidelines for protecting network
(continued):
– Check system performance, error logs, and system
log book regularly
– Keep backups, boot disks, and emergency repair
disks current and available
– Implement and enforce security and disaster
recovery policies
Network+ Guide to Networks, 4e
5
Viruses
• Program that replicates itself with intent to infect
more computers
– Through network connections or exchange of
external storage devices
– Typically copied to storage device without user’s
knowledge
• Trojan horse: program that disguises itself as
something useful but actually harms system
– Not considered a virus
Network+ Guide to Networks, 4e
6
Types of Viruses
• Boot sector viruses: located in boot sector of
computer’s hard disk
– When computer boots up, virus runs in place of
computer’s normal system files
– Removal first requires rebooting from uninfected,
write-protected disk with system files on it
• Macro viruses: take form of macro that may be
executed as user works with a program
– Quick to emerge and spread
– Symptoms vary widely
Network+ Guide to Networks, 4e
7
Types of Viruses (continued)
• File-infected viruses: attach to executable files
– When infected executable file runs, virus copies
itself to memory
– Can have devastating consequences
– Symptoms may include damaged program files,
inexplicable file size increases, changed icons for
programs, strange messages, inability to run a
program
• Worms: programs that run independently and travel
between computers and across networks
– Not technically viruses
– Can transport and hide viruses
Network+ Guide to Networks, 4e
8
Types of Viruses (continued)
• Trojan horse: program that claims to do something
useful but instead harms system
• Network viruses: propagated via network protocols,
commands, messaging programs, and data links
• Bots: program that runs automatically, without
requiring a person to start or stop it
– Many bots spread through Internet Relay Chat (IRC)
– Used to damage/destroy data or system files, issue
objectionable content, further propagate virus
Network+ Guide to Networks, 4e
9
Virus Characteristics
• Encryption: encrypted virus may thwart antivirus
program’s attempts to detect it
• Stealth: stealth viruses disguise themselves as
legitimate programs or replace part of legitimate
program’s code with destructive code
• Polymorphism: polymorphic viruses change
characteristics every time transferred
• Time-dependence: time-dependent viruses
programmed to activate on particular date
Network+ Guide to Networks, 4e
10
Virus Protection: Antivirus Software
• Antivirus software should at least:
– Detect viruses through signature scanning
– Detect viruses through integrity checking
– Detect viruses by monitoring unexpected file
changes or virus-like behaviors
– Receive regular updates and modifications from a
centralized network console
– Consistently report only valid viruses
• Heuristic scanning techniques attempt to identify
viruses by discovering “virus-like” behavior (may give
“false positives”)
Network+ Guide to Networks, 4e
11
Antivirus Policies
• Provide rules for using antivirus software and
policies for installing programs, sharing files, and
using floppy disks
• Suggestions for antivirus policy guidelines:
– Every computer in organization equipped with virus
detection and cleaning software
– Users should not be allowed to alter or disable
antivirus software
– Users should know what to do in case virus detected
Network+ Guide to Networks, 4e
12
Antivirus Policies (continued)
• Suggestions for antivirus policy guidelines
(continued):
– Antivirus team should be appointed to focus on
maintaining antivirus measures
– Users should be prohibited from installing any
unauthorized software on their systems
– Systemwide alerts should be issued to network
users notifying them of serious virus threats and
advising them how to prevent infection
Network+ Guide to Networks, 4e
13
Virus Hoaxes
• False alerts about dangerous, new virus that could
cause serious damage to systems
– Generally an attempt to create panic
– Should not be passed on
– Can confirm hoaxes online
Network+ Guide to Networks, 4e
14
Fault Tolerance
• Capacity for system to continue performing despite
unexpected hardware or software malfunction
• Failure: deviation from specified level of system
performance for given period of time
• Fault: involves malfunction of system component
– Can result in a failure
• Varying degrees
– At highest level, system remains unaffected by even
most drastic problems
Network+ Guide to Networks, 4e
15
Environment
• Must analyze physical environment in which
devices operate
– e.g., excessive heat or moisture, break-ins, natural
disasters
• Can purchase temperature and humidity monitors
– Trip alarms if specified limits exceeded
Network+ Guide to Networks, 4e
16
Power: Power Flaws
• Power flaws that can damage equipment:
– Surge: momentary increase in voltage due to
lightning strikes, solar flares, or electrical problems
– Noise: fluctuation in voltage levels caused by other
devices on network or electromagnetic interference
– Brownout: momentary decrease in voltage; also
known as a sag
– Blackout: complete power loss
Network+ Guide to Networks, 4e
17
UPSs (Uninterruptible Power Supplies)
• Battery-operated power source directly attached to
one or more devices and to power supply
– Prevents undesired features of outlet’s A/C power
from harming device or interrupting services
– Standby UPS: provides continuous voltage to device
• Switch to battery when power loss detected
– Online UPS: uses power from wall outlet to
continuously charge battery, while providing power
to network device through battery
Network+ Guide to Networks, 4e
18
UPSs (continued)
• Factors to consider when deciding on a UPS:
– Amount of power needed
• Power measured in volt-amps
– Period of time to keep a device running
– Line conditioning
– Cost
Network+ Guide to Networks, 4e
19
Generators
Figure 13-2: UPSs and a generator in a network design
Network+ Guide to Networks, 4e
20
Topology and Connectivity
• Key to fault tolerance in network design is
supplying multiple possible data paths
– If one connection fails, data can be rerouted
– On LANs, star topology and parallel backbone
provide greatest fault tolerance
– On WANs, full mesh topology offers best fault
tolerance
– SONET networks highly fault-tolerant
• Redundancy in network offers advantage of
reducing risk of lost functionality and profits from
network faults
Network+ Guide to Networks, 4e
21
Topology and Connectivity (continued)
Figure 13-3: VPNs linking multiple customers
Network+ Guide to Networks, 4e
22
Topology and Connectivity (continued)
• Automatic fail-over: use redundant components
able to immediately assume duties of an identical
component in event of failure or fault
• Can provide some level of fault tolerance by using
hot swappable parts
• Leasing redundant T1s allows for load balancing
– Automatic distribution of traffic over multiple links or
processors to optimize response
Network+ Guide to Networks, 4e
23
Topology and Connectivity (continued)
Figure 13-5: Fully redundant T1 connectivity
Network+ Guide to Networks, 4e
24
Servers
• Make servers more fault-tolerant by supplying them
with redundant components
– NICs, processors, and hard disks
– If one item fails, entire system won’t fail
– Enable load balancing
Network+ Guide to Networks, 4e
25
Server Mirroring
• Mirroring: one device or component duplicates
activities of another
• Server Mirroring: one server duplicates
transactions and data storage of another
– Must be identical machines using identical
components
– Requires high-speed link between servers
– Requires synchronization software
– Form of replication
• Servers can stand side by side or be positioned in
different locations
Network+ Guide to Networks, 4e
26
Clustering
• Link multiple servers together to act as single
server
– Share processing duties
– Appear as single server to users
– If one server fails, others automatically take over
data transaction and storage responsibilities
– More cost-effective than mirroring
– To detect failures, clustered servers regularly poll
each other
– Servers must be close together
Network+ Guide to Networks, 4e
27
Storage: RAID (Redundant Array of
Independent (or Inexpensive) Disks)
• Collection of disks that provide fault tolerance for
shared data and applications
– Disk array
– Collection of disks that work together in RAID
configuration, often referred to as RAID drive
• Appear as single logical drive to system
• Hardware RAID: set of disks and separate disk
controller
– Managed exclusively by RAID disk controller
• Software RAID: relies on software to implement
and control RAID techniques
Network+ Guide to Networks, 4e
28
RAID Level 0―Disk Striping
• Simple implementation of RAID
– Not fault-tolerant
– Improves performance
Figure 13-6: RAID Level 0—disk striping
Network+ Guide to Networks, 4e
29
RAID Level 1—Disk Mirroring
• Data from one disk copied to another disk
automatically as information written
– Dynamic backup
– If one drive fails, disk array controller automatically
switches to disk that was mirroring it
– Requires two identical disks
– Usually relies on system software to perform
mirroring
• Disk duplexing: similar to disk mirroring, but
separate disk controller used for each disk
Network+ Guide to Networks, 4e
30
RAID Level 1—Disk Mirroring
(continued)
Figure 13-7: RAID Level 1—disk mirroring
Network+ Guide to Networks, 4e
31
RAID Level 3—Disk Striping with
Parity ECC
• Disk striping with special error correction code
(ECC)
– Parity: mechanism used to verify integrity of data by
making number of bits in a byte sum to either an odd
or even number
• Even parity or odd parity
• Tracks integrity of data on disk
• Parity bit assigned to each data byte when written to
disk
• When data read, data’s bits plus parity bit summed
(parity should match)
Network+ Guide to Networks, 4e
32
RAID Level 3—Disk Striping with
Parity ECC (continued)
Figure 13-8: RAID Level 3—disk striping with parity ECC
Network+ Guide to Networks, 4e
33
RAID Level 5—Disk Striping with
Distributed Parity
• Data written in small blocks across several disks
– Parity error checking information distributed among
disks
– Highly fault-tolerant
– Very popular
– Failed disk can be replaced with little interruption
• Hot spare: disk or partition that is part of array, but
used only in case a RAID disks fails
• Cold spare: duplicate component that can be
installed in case of failure
Network+ Guide to Networks, 4e
34
RAID Level 5—Disk Striping with
Distributed Parity (continued)
Figure 13-9: RAID Level 5—disk striping with distributed parity
Network+ Guide to Networks, 4e
35
NAS (Network Attached Storage)
• Specialized storage device that provides
centralized fault-tolerant data storage
– Maintains own interface to LAN
– Contains own file system optimized for saving and
serving files
– Easily expanded without interrupting service
– Cannot communicate directly with network clients
Network+ Guide to Networks, 4e
36
NAS (continued)
Figure 13-10: Network attached storage on a LAN
Network+ Guide to Networks, 4e
37
SANs (Storage Area Networks)
Figure 13-11: A storage area network
Network+ Guide to Networks, 4e
38
Data Backup
• Copy of data or program files created for archiving
or safekeeping
– No matter how reliable and fault-tolerant you believe
your server’s hard disk (or disks) to be, still risk
losing everything unless you make backups on
separate media and store them off-site
• Many options exist for making backups
Network+ Guide to Networks, 4e
39
Backup Media and Methods
• To select appropriate solution, consider following
questions:
–
–
–
–
–
–
–
–
Sufficient storage capacity?
Reliability?
Data error checking techniques?
System efficient enough to complete backup process
before daily operations resume?
Cost and capacity?
Compatibility?
Frequent manual intervention?
Scalability?
Network+ Guide to Networks, 4e
40
Optical Media
• Capable of storing digitized data
– Uses laser to write and read data
– CD-ROMs and DVDs
• Requires proper disk drive to write data
• Writing data usually takes longer than saving data
to another type of media
Network+ Guide to Networks, 4e
41
Tape Backups
• Relatively simple, capable of storing large amounts
of data, at least partially automated
• On relatively small networks, standalone tape
drives may be attached to each server
• On large networks, one large, centralized tape
backup device may manage all subsystems’
backups
– Usually connected to computer other than file server
Network+ Guide to Networks, 4e
42
External Disk Drives
• Storage devices that can be attached temporarily
to a computer via USB, PCMCIA, FireWire, or
Compact-Flash port
– Removable disk drives
• For backing up large amounts of data, likely to use
external disk drive with backup control features,
high capacity, and fast read-write access
• Faster data transfer rates than optical media or
tape backups
Network+ Guide to Networks, 4e
43
Network Backups
• Save data to another place on network
– Must back up data to different disk than where it was
originally stored
• Most NOSs provide utilities for automating and
managing network backups
• Online backup: saves data across Internet to
another company’s storage array
– Strict security measures to protect data in transit
– Backup and restoration processes automated
Network+ Guide to Networks, 4e
44
Backup Strategy
• Strategy should address following questions:
–
–
–
–
–
–
–
–
What data must be backed up?
Rotation schedule?
Time backups occur?
Method of accuracy verification?
Where and how long will backup media be stored?
Who will take responsibility?
How long will backups be saved?
Where will documentation be stored?
Network+ Guide to Networks, 4e
45
Backup Strategy (continued)
• Archive bit: file attribute that can be checked or
unchecked
– Indicates whether file must be archived
• Backup methods use archive bit in different ways
– Full backup: all data copied to storage media,
regardless of whether data is new or changed
• Archive bits set to “off” for all files
– Incremental backup: copies only data that has
changed since last full or incremental backup
• Unchecks archive bit for every file saved
– Differential backup: does not uncheck archive bits for
files backed up
Network+ Guide to Networks, 4e
46
Backup Strategy (continued)
• Determine best possible backup rotation scheme
– Provide excellent data reliability without overtaxing
network or requiring a lot of intervention
– Several standard backup rotation schemes
• Grandfather-father-son: Uses DAILY (son), weekly
(father), and monthly (grandfather) backup sets
• Make sure backup activity recorded in backup log
• Establish regular schedule of verification
Network+ Guide to Networks, 4e
47
Backup Strategy (continued)
Figure 13-13: The “grandfather-father-son” backup rotation
scheme
Network+ Guide to Networks, 4e
48
Disaster Recovery:
Disaster Recovery Planning
• Disaster recovery: process of restoring critical
functionality and data after enterprise-wide outage
• Disaster recovery plan accounts for worst-case
scenarios
– Contact names and info for emergency coordinators
– Details on data and servers being backed up,
backup frequency, backup location, how to recover
– Details on network topology, redundancy, and
agreements with national service carriers
– Strategies for testing disaster recovery plan
– Plan for managing the crisis
Network+ Guide to Networks, 4e
49
Disaster Recovery Contingencies
• Several options for recovering from disaster
– Cold site: place where computers, devices, and
connectivity necessary to rebuild network exist
• Not configured, updated, or connected
– Warm site: same as cold site, but some computers
and devices appropriately configured, updated, or
connected
– Hot site: computers, devices, and connectivity
necessary to rebuild network are appropriately
configured, updated, and connected to match
network’s current state
Network+ Guide to Networks, 4e
50
Summary
• Integrity refers to the soundness of your network’s
files, systems, and connections
• Several basic measures can be employed to
protect data and systems on a network
• A virus is a program that replicates itself so as to
infect more computers, either through network
connections or through external storage devices
passed among users
• A good antivirus program should be able to detect
viruses through signature scanning, integrity
checking, and heuristic scanning
Network+ Guide to Networks, 4e
51
Summary (continued)
• The goal of fault-tolerant systems is to prevent
faults from progressing to failures
• Fault tolerance is a system’s capacity to continue
performing despite an unexpected hardware or
software malfunction
• A UPS is a battery power source that prevents
undesired features of the power source from
harming the device or interrupting its services
• For utmost fault tolerance in power supply, a
generator is necessary
Network+ Guide to Networks, 4e
52
Summary (continued)
• Critical servers often contain redundant NICs,
processors, and/or hard disks to provide better fault
tolerance
• Server mirroring involves utilizing a second,
identical server to duplicate the transactions and
data storage of one server
• Clustering links multiple servers together to act as
a single server
• RAID is an important storage redundancy feature
Network+ Guide to Networks, 4e
53
Summary (continued)
• Backups can be saved to optical media (such as
CDs and DVDs), tapes, external disk drives, or to
another location on a network
• The aim of a good backup rotation scheme is to
provide excellent data reliability but not to overtax
your network or require much intervention
• Disaster recovery is the process of restoring your
critical functionality and data after an enterprisewide outage that affects more than a single system
or a limited group of users
Network+ Guide to Networks, 4e
54