Transcript Linux+ Guide to Linux Certification

Network+ Guide to Networks,
Fourth Edition
Chapter 13
Ensuring Integrity and Availability
What Are Integrity and Availability?
• Integrity: soundness of network’s programs, data,
services, devices, and connections
• Availability: how consistently and reliably file or
system can be accessed by authorized personnel
– Need well-planned and well-configured network
– Data backups, redundant devices, protection from
malicious intruders
• Phenomena compromising integrity and availability:
– Security breaches, natural disasters, malicious
intruders, power flaws, human error
Network+ Guide to Networks, 4e
2
Viruses
• Program that replicates itself with intent to infect
more computers
– Through network connections or exchange of
external storage devices
– Typically copied to storage device without user’s
knowledge
• Trojan horse: program that disguises itself as
something useful but actually harms system
– Not considered a virus
Network+ Guide to Networks, 4e
3
Types of Viruses
• Boot sector viruses: located in boot sector of
computer’s hard disk
– When computer boots up, virus runs in place of
computer’s normal system files
– Removal first requires rebooting from uninfected,
write-protected disk with system files on it
• Macro viruses: take form of macro that may be
executed as user works with a program
– Quick to emerge and spread
– Symptoms vary widely
Network+ Guide to Networks, 4e
4
Types of Viruses (continued)
• File-infected viruses: attach to executable files
– When infected executable file runs, virus copies
itself to memory
– Can have devastating consequences
– Symptoms may include damaged program files,
inexplicable file size increases, changed icons for
programs, strange messages, inability to run a
program
• Worms: programs that run independently and travel
between computers and across networks
– Not technically viruses
– Can transport and hide viruses
Network+ Guide to Networks, 4e
5
Types of Viruses (continued)
• Trojan horse: program that claims to do something
useful but instead harms system
• Network viruses: propagated via network protocols,
commands, messaging programs, and data links
• Bots: program that runs automatically, without
requiring a person to start or stop it
– Many bots spread through Internet Relay Chat (IRC)
– Used to damage/destroy data or system files, issue
objectionable content, further propagate virus
Network+ Guide to Networks, 4e
6
Virus Characteristics
• Encryption: encrypted virus may thwart antivirus
program’s attempts to detect it
• Stealth: stealth viruses disguise themselves as
legitimate programs or replace part of legitimate
program’s code with destructive code
• Polymorphism: polymorphic viruses change
characteristics every time transferred
• Time-dependence: time-dependent viruses
programmed to activate on particular date
Network+ Guide to Networks, 4e
7
Virus Protection: Antivirus Software
• Antivirus software should at least:
– Detect viruses through signature scanning
– Detect viruses through integrity checking
– Detect viruses by monitoring unexpected file
changes or virus-like behaviors
– Receive regular updates and modifications from a
centralized network console
– Consistently report only valid viruses
• Heuristic scanning techniques attempt to identify
viruses by discovering “virus-like” behavior (may give
“false positives”)
Network+ Guide to Networks, 4e
8
Antivirus Policies
• Provide rules for using antivirus software and
policies for installing programs, sharing files, and
using floppy disks
• Suggestions for antivirus policy guidelines:
– Every computer in organization equipped with virus
detection and cleaning software
– Users should not be allowed to alter or disable
antivirus software
– Users should know what to do in case virus detected
Network+ Guide to Networks, 4e
9
Fault Tolerance
• Capacity for system to continue performing despite
unexpected hardware or software malfunction
• Failure: deviation from specified level of system
performance for given period of time
• Fault: involves malfunction of system component
– Can result in a failure
• Varying degrees
– At highest level, system remains unaffected by even
most drastic problems
Network+ Guide to Networks, 4e
10
Power: Power Flaws
• Power flaws that can damage equipment:
– Surge: momentary increase in voltage due to
lightning strikes, solar flares, or electrical problems
– Noise: fluctuation in voltage levels caused by other
devices on network or electromagnetic interference
– Brownout: momentary decrease in voltage; also
known as a sag
– Blackout: complete power loss
Network+ Guide to Networks, 4e
11
UPSs (Uninterruptible Power Supplies)
• Battery-operated power source directly attached to
one or more devices and to power supply
– Prevents undesired features of outlet’s A/C power
from harming device or interrupting services
– Standby UPS: provides continuous voltage to device
• Switch to battery when power loss detected
– Online UPS: uses power from wall outlet to
continuously charge battery, while providing power
to network device through battery
Network+ Guide to Networks, 4e
12
Servers
• Make servers more fault-tolerant by supplying them
with redundant components
– NICs, processors, and hard disks
– If one item fails, entire system won’t fail
– Enable load balancing
Network+ Guide to Networks, 4e
13
Server Mirroring
• Mirroring: one device or component duplicates
activities of another
• Server Mirroring: one server duplicates
transactions and data storage of another
– Must be identical machines using identical
components
– Requires high-speed link between servers
– Requires synchronization software
– Form of replication
• Servers can stand side by side or be positioned in
different locations
Network+ Guide to Networks, 4e
14
Clustering
• Link multiple servers together to act as single
server
– Share processing duties
– Appear as single server to users
– If one server fails, others automatically take over
data transaction and storage responsibilities
– More cost-effective than mirroring
– To detect failures, clustered servers regularly poll
each other
– Servers must be close together
Network+ Guide to Networks, 4e
15
Storage: RAID (Redundant Array of
Independent (or Inexpensive) Disks)
• Collection of disks that provide fault tolerance for
shared data and applications
– Disk array
– Collection of disks that work together in RAID
configuration, often referred to as RAID drive
• Appear as single logical drive to system
• Hardware RAID: set of disks and separate disk
controller
– Managed exclusively by RAID disk controller
• Software RAID: relies on software to implement
and control RAID techniques
Network+ Guide to Networks, 4e
16
RAID Level 0―Disk Striping
• Simple implementation of RAID
– Not fault-tolerant
– Improves performance
Figure 13-6: RAID Level 0—disk striping
Network+ Guide to Networks, 4e
17
RAID Level 1—Disk Mirroring
• Data from one disk copied to another disk
automatically as information written
– Dynamic backup
– If one drive fails, disk array controller automatically
switches to disk that was mirroring it
– Requires two identical disks
– Usually relies on system software to perform
mirroring
• Disk duplexing: similar to disk mirroring, but
separate disk controller used for each disk
Network+ Guide to Networks, 4e
18
RAID Level 1—Disk Mirroring
(continued)
Figure 13-7: RAID Level 1—disk mirroring
Network+ Guide to Networks, 4e
19
RAID Level 5—Disk Striping with
Distributed Parity
• Data written in small blocks across several disks
– Parity error checking information distributed among
disks
– Highly fault-tolerant
– Very popular
– Failed disk can be replaced with little interruption
• Hot spare: disk or partition that is part of array, but
used only in case a RAID disks fails
• Cold spare: duplicate component that can be
installed in case of failure
Network+ Guide to Networks, 4e
20
RAID Level 5—Disk Striping with
Distributed Parity (continued)
Figure 13-9: RAID Level 5—disk striping with distributed parity
Network+ Guide to Networks, 4e
21
NAS (Network Attached Storage)
• Specialized storage device that provides
centralized fault-tolerant data storage
– Maintains own interface to LAN
– Contains own file system optimized for saving and
serving files
– Easily expanded without interrupting service
– Cannot communicate directly with network clients
Network+ Guide to Networks, 4e
22
NAS (continued)
Figure 13-10: Network attached storage on a LAN
Network+ Guide to Networks, 4e
23
SANs (Storage Area Networks)
Figure 13-11: A storage area network
Network+ Guide to Networks, 4e
24
Data Backup
• Copy of data or program files created for archiving
or safekeeping
– No matter how reliable and fault-tolerant you believe
your server’s hard disk (or disks) to be, still risk
losing everything unless you make backups on
separate media and store them off-site
• Many options exist for making backups
Network+ Guide to Networks, 4e
25
Optical Media
• Capable of storing digitized data
– Uses laser to write and read data
– CD-ROMs and DVDs
• Requires proper disk drive to write data
• Writing data usually takes longer than saving data
to another type of media
Network+ Guide to Networks, 4e
26
External Disk Drives
• Storage devices that can be attached temporarily
to a computer via USB, PCMCIA, FireWire, or
Compact-Flash port
– Removable disk drives
• For backing up large amounts of data, likely to use
external disk drive with backup control features,
high capacity, and fast read-write access
• Faster data transfer rates than optical media or
tape backups
Network+ Guide to Networks, 4e
27
Backup Strategy (continued)
• Archive bit: file attribute that can be checked or
unchecked
– Indicates whether file must be archived
• Backup methods use archive bit in different ways
– Full backup: all data copied to storage media,
regardless of whether data is new or changed
• Archive bits set to “off” for all files
– Incremental backup: copies only data that has
changed since last full or incremental backup
• Unchecks archive bit for every file saved
– Differential backup: does not uncheck archive bits
for files backed up
Network+ Guide to Networks, 4e
28
Disaster Recovery:
Disaster Recovery Planning
• Disaster recovery: process of restoring critical
functionality and data after enterprise-wide outage
• Disaster recovery plan accounts for worst-case
scenarios
– Contact names and info for emergency coordinators
– Details on data and servers being backed up,
backup frequency, backup location, how to recover
– Details on network topology, redundancy, and
agreements with national service carriers
– Strategies for testing disaster recovery plan
– Plan for managing the crisis
Network+ Guide to Networks, 4e
29
Disaster Recovery Contingencies
• Several options for recovering from disaster
– Cold site: place where computers, devices, and
connectivity necessary to rebuild network exist
• Not configured, updated, or connected
– Warm site: same as cold site, but some computers
and devices appropriately configured, updated, or
connected
– Hot site: computers, devices, and connectivity
necessary to rebuild network are appropriately
configured, updated, and connected to match
network’s current state
Network+ Guide to Networks, 4e
30