Chapter 13 Network Maintenance and Security
Download
Report
Transcript Chapter 13 Network Maintenance and Security
Section 13.1
• Describe the role of SNMP in network management
• Demonstrate how user and group accounts are used
Section 13.2
• Demonstrate how log files can be used to resolve
problems
• Explain common backup strategies
• List tasks to be performed to properly maintain
computer systems
Section 13.3
• Execute simple Windows and Linux script commands
• Identify how script files can be used in a network
environment
• Explain the roles of the shell and the kernel in an
operating system
Section 13.4
• Identify common methods of securing network data
• Create a network security plan
pp.
13.1
370-375
The Basics of Managing Networks
Guide to Reading
Main Ideas
Key Terms
SNMP-compliant devices
can store and
communicate information
about themselves.
Individual users can be
added to groups, and
groups can be assigned to
resource permissions to
make access
management easier.
Simple Network
Management Protocol
(SNMP)
Management Information
Base (MIB)
username
account policies
permissions
pp.
13.1
370-375
The Basics of Managing Networks
Managing Equipment and SNMP
The Simple Network
Management Protocol
(SNMP) was designed to
allow devices to store this
information in a database
called a Management
Information Base (MIB).
This information can then
be retrieved by special
applications known as
SNMP management
applications.
Simple Network
Management Protocol
(SNMP) A protocol that
allows a device on the
network to store information
about itself, then return that
information when asked.
SNMP-compliant devices are
able to store information
about themselves. (p. 370)
Management Information
Base (MIB) A database in
which information about an
SNMP device, called an
agent, is stored. (p. 370)
pp.
13.1
370-375
The Basics of Managing Networks
Managing People
Users are network resources that must be managed.
At the network level, user access to resources is carefully
defined. For example, only certain individuals might be
allowed to create files within a certain folder on the
network. Anyone else attempting to create a file there gets
an access denied message.
pp.
13.1
370-375
The Basics of Managing Networks
Managing People
An account must be
created for a user before
that user can log on to the
network.
The user account also
establishes the username
and password.
username A logon name
that identifies a specific user
on the network. (p. 372)
pp.
13.1
370-375
The Basics of Managing Networks
Managing People
After the user account is
established, permissions
can be assigned.
A network administrator
may have an account
policy that requires a
secure, strong password.
Permissions can be set
on a per-user basis.
However, it is less timeconsuming for an
administrator to assign
permissions to groups of
users simultaneously.
account policy Acceptable
user practices. (p. 373)
permissions Also called
security settings.
Permissions determine the
resources to which a user
has access. (p. 373)
pp.
13.1
The Basics of Managing Networks
Managing People
Groups are used to
assign network access
permission to many users
at a time.
Most of the time, a
group’s boundaries is a
department.
For example, users in the
Computer Aided Drafting
(CAD) department could
be formed into a CAD
Users group.
370-375
pp.
13.1
The Basics of Managing Networks
You Try It
• Activity 13A – Viewing Permissions Settings (p. 374)
370-375
pp.
13.2
377-382
Networking Monitoring & Maintenance
Guide to Reading
Main Ideas
Key Terms
Log files and auditing
tools are used to monitor
networks. Proper
maintenance of systems
includes caring for the
physical well-being, as
well as upgrading
hardware and software.
Data should be backed up
regularly.
log file
auditing
replication
uninterruptible power
supply (UPS)
pp.
13.2
377-382
Networking Monitoring & Maintenance
Basics of Network Monitoring
When a system develops
problems, log files often
serve as the first source of
diagnostic information.
A boot log file is created
when a system boots.
A log file created by a
firewall application can
help identify the IP
address of a hacker trying
to access the system.
log file A simple text file that
records information about the
device, system, or
application. (p. 377)
pp.
13.2
377-382
Networking Monitoring & Maintenance
Basics of Network Monitoring
Network auditing can return
information about the
hardware and software on
the network.
System audits are performed
for several reasons,
including:
• verify software licenses are
being used illegally
• record what software is in use
throughout the network
• Inventory hardware on a
network
• prepare readiness reports prior
to upgrading hardware or
software
auditing The process of
examining and verifying
information. (p. 379)
pp.
13.2
377-382
Networking Monitoring & Maintenance
Scheduled Maintenance and Upgrades
Important maintenance
software and hardware
tasks:
• Keep virus definitions up-todate.
• Defragment the hard drive.
• Check the case for dust and
other debris once per month.
• Ensure computers are plugged
into a surge protector.
• Servers and other essential
systems should be connected to
an uninterruptible power
supply (UPS) device.
uninterruptible power
supply (UPS) A large
rechargeable battery that
provides power to connected
devices for a period of time if
main electrical power goes
out. (p. 381)
pp.
13.2
377-382
Networking Monitoring & Maintenance
Scheduled Maintenance and Upgrades
The rule is simple: If you cannot get along without it, back
it up.
pp.
13.2
377-382
Networking Monitoring & Maintenance
You Try It
• Activity 13B – Viewing Dr. Watson Log Files (p. 378)
pp.
13.3
Basic Scripting
Guide to Reading
Main Ideas
Key Terms
Script files are often used
as part of the boot and
logon processes to control
which resources are
available to the user.
Linux commands are
interpreted by a shell and
passed to the Linux kernel
for execution.
script
batch file
kernel
shell
alias
384-388
pp.
13.3
Basic Scripting
Scripts to Manage
Logon scripts often work in conjunction with the domain
controller to determine the group to which a user belongs.
Third-party scripting applications reduce the headache of
creating scripts.
384-388
pp.
13.3
384-388
Basic Scripting
Windows Scripts
Using Microsoft Active
Directory, system
administrators can assign
individual users, or groups, a
customized logon script. This
allows a user to have
network resources
configured and available in
whatever arrangement he or
she needs.
Scripts are simple text files,
often stored with a “.bat”
extension. This extension
identifies the files as a batch
file.
batch file A file similar to a
script—each line contains
instructions that can be read
and executed by the
operating system. (p. 385)
pp.
13.3
384-388
Basic Scripting
Linux Scripts
At the heart of the Linux
OS is the Linux kernel. A
shell is used as the
interface from a human
being to the kernel.
kernel The part of a
program that is responsible
for allocating resources and
communicating directly with
the hardware. (p. 387)
shell An interface from a
human being to the kernel
that provides commands that
a user can execute on a
processor. (p. 387)
pp.
13.3
Basic Scripting
Linux Scripts
The shell provides
commands that a user
can execute. The shell
then interprets the userfriendly command into a
kernel-friendly command.
The kernel then translates
the command to
something the processor
understands.
384-388
pp.
13.3
384-388
Basic Scripting
Linux Scripts
Commands in Linux often
seem long and cryptic,
especially to a Linux
newbie, or beginner.
Fortunately, these
commands can be
aliased to something
easier to remember.
alias A shortcut method for
using or writing a command.
(p. 388)
pp.
13.3
384-388
Basic Scripting
Linux Scripts
Here is an example that would be a great addition to a
logon script:
alias cdrom="mount /mnt/cdrom"
alias ucdrom="umount /mnt/cdrom"
The first line creates (aliases) a new command, called
“cdrom,” that executes the “mount /mnt/cdrom” command.
The second line aliases the command “ucdrom” to
unmount the drive.
pp.
13.3
Basic Scripting
You Try It
• Activity 13C – Working with Windows Batch Commands
(p. 385)
384-388
pp.
13.4
389-392
Ensuring Network Security
Guide to Reading
Main Ideas
Key Terms
Network security is a
serious responsibility and
must always be
maintained. Access
permissions permit
access to the resource.
Network security
incorporates firewalls,
proxies, encryption, and
frequent review of security
logs. Computer viruses
are malicious programs.
password-protected share
access permission
Network Address
Translation (NAT)
boot-sector virus
file infector virus
pp.
13.4
389-392
Ensuring Network Security
Planning for Network Security
Maintaining network security requires a balance between
facilitating easy access to data by authorized users and
restricting access to data by unauthorized users. The
network administrator creates this balance.
Four major threats to the security of data on a network are:
• unauthorized access
• electronic tampering
• theft
• intentional or unintentional damage
pp.
13.4
389-392
Ensuring Network Security
Security Models
Assigning permissions
and rights to network
resources are at the heart
of securing the network.
Two security models have
evolved for keeping data
and hardware resources
safe:
• password-protected
shares
• access permissions
password-protected share
A security method for
keeping data and hardware
resources safe in which a
password is assigned to
each shared resource. In
most peer-to-peer networks it
is the only type of security
available. (p. 390)
access permission Access
rights assigned to objects
(such as files, folders, and
printers) on a per-user basis.
(p. 390)
pp.
13.4
389-392
Ensuring Network Security
Security Models
This table outlines the major permissions available on
Windows networks.
pp.
13.4
389-392
Ensuring Network Security
Security Enhancements
The network administrator
can increase the level of
security on a network by
several means:
• firewalls
• proxies
• auditing
• encrypting data
Proxy servers also protect
the network using a
feature called Network
Address Translation
(NAT).
Network Address
Translation (NAT) A
network method of shielding
the internal IP addresses
from the outside world by
filtering outbound network
traffic. (p. 392)
pp.
13.4
389-392
Ensuring Network Security
Computer Viruses
There are two categories
of viruses:
• boot-sector viruses
• file infector viruses
Here is a list of the more
common file infectors:
• companion virus
• macro virus
• polymorphic virus
• stealth virus
boot-sector virus A virus
that executes when the
computer is booted. (p. 392)
file infector A virus that
attaches itself to a file or
program and activates any
time the file is used. (p. 392)
Chapter 13
Resources
For more resources on this chapter, go to the Introduction
to Networks and Networking Web site at
http://networking.glencoe.com.