Chapter Fourteen Ensuring Integrity and Availability.

Chapter FourteenChapter FourteenEnsuring Integrity and Ensuring Integrity and

AvailabilityAvailability

ObjectivesObjectives

Identify the characteristics of a network that Identify the characteristics of a network that keep data safe from loss or damagekeep data safe from loss or damageProtect an enterprise-wide network from Protect an enterprise-wide network from virusesvirusesExplain network- and system-level fault-Explain network- and system-level fault-tolerance techniquestolerance techniquesDiscuss issues related to network backup Discuss issues related to network backup and recovery strategiesand recovery strategiesDescribe the components of a useful disaster Describe the components of a useful disaster recovery planrecovery plan

What Are Integrity and Availability?What Are Integrity and Availability?

IntegrityIntegrity Soundness of a network’s programs, data, Soundness of a network’s programs, data,

services, devices, and connectionsservices, devices, and connections

AvailabilityAvailability Refers to how consistently and reliably a file Refers to how consistently and reliably a file

system to be accessed by authorized system to be accessed by authorized personnelpersonnel

Guidelines for Protecting Your Guidelines for Protecting Your NetworkNetwork

Prevent anyone other than a network Prevent anyone other than a network administrator from opening or changing the administrator from opening or changing the system filessystem files

Monitor the network for unauthorized access Monitor the network for unauthorized access or changeor change Process of monitoring a network for unauthorized Process of monitoring a network for unauthorized

access to its devices is known as access to its devices is known as intrusion intrusion detectiondetection


Record authorized system changes in a Record authorized system changes in a change management systemchange management system

Install redundant componentsInstall redundant components Situation in which more than one component Situation in which more than one component

is installed and ready to use for storing, is installed and ready to use for storing, processing, or transporting data is referred to processing, or transporting data is referred to as as redundancyredundancy


Perform regular health checks on the networkPerform regular health checks on the network

Monitor system performance, error logs, and Monitor system performance, error logs, and the system log book regularlythe system log book regularly

Keep backups, boot disks, and emergency Keep backups, boot disks, and emergency repair disks current and availablerepair disks current and available

Implement and enforce security and disaster Implement and enforce security and disaster recovery policiesrecovery policies

VirusesViruses

VirusVirus Program that replicates itself so as to infect Program that replicates itself so as to infect

more computersmore computers

Trojan horseTrojan horse Disguises itself as something useful but Disguises itself as something useful but

actually harms your systemactually harms your system

Types of VirusesTypes of Viruses

Boot sector virusesBoot sector viruses Reside on the boot sector of a floppy disk and Reside on the boot sector of a floppy disk and

become transferred to the partition sector or become transferred to the partition sector or the DOS boot sector on a hard diskthe DOS boot sector on a hard disk

Macro VirusesMacro Viruses Take the form of a word-processing or Take the form of a word-processing or

spreadsheet program macrospreadsheet program macro

File infected virusesFile infected viruses Attach themselves directly to executable filesAttach themselves directly to executable files

Types of VirusesTypes of Viruses

Network virusesNetwork viruses Propagate themselves via network protocols, Propagate themselves via network protocols,

commands, messaging programs, and data commands, messaging programs, and data linkslinks

WormsWorms Technically not viruses, but rather programs Technically not viruses, but rather programs

that run independently and travel between that run independently and travel between computers across networkscomputers across networks

Trojan horseTrojan horse

Virus CharacteristicsVirus Characteristics

EncryptionEncryption

StealthStealth

PolymorphismPolymorphism

Time-dependenceTime-dependence

Antivirus SoftwareAntivirus Software

Symptoms of a virusSymptoms of a virus Unexplained increases in file sizesUnexplained increases in file sizes Programs launching, running, or exiting more Programs launching, running, or exiting more

slowly than usualslowly than usual Unusual error messages appearing without Unusual error messages appearing without

probable causeprobable cause Significant, unexpected loss of system Significant, unexpected loss of system

memorymemory Fluctuations in display qualityFluctuations in display quality


Functions your antivirus software should Functions your antivirus software should performperform Signature scanningSignature scanning

Comparison of a file’s content with known virus Comparison of a file’s content with known virus signatures in a signature databasesignatures in a signature database

Integrity checkingIntegrity checkingMethod of comparing current characteristics of files and Method of comparing current characteristics of files and disks against an archived version of these disks against an archived version of these characteristics to discover any changescharacteristics to discover any changes

It should detect viruses by monitoring unexpected It should detect viruses by monitoring unexpected file changes or virus-like behaviorsfile changes or virus-like behaviors


Functions your antivirus software should Functions your antivirus software should perform (cont.)perform (cont.) Receive regular updates and modifications Receive regular updates and modifications

from a centralized network consolefrom a centralized network console Consistently report only valid viruses, rather Consistently report only valid viruses, rather

than reporting “false alarms”than reporting “false alarms”Heuristic scanningHeuristic scanning

Attempt to identify viruses by discovering “virus-like” Attempt to identify viruses by discovering “virus-like” behavior behavior

Antivirus PolicyAntivirus Policy

General guidelines for an antivirus policyGeneral guidelines for an antivirus policy Every computer in an organization should be Every computer in an organization should be

equipped with virus detection and cleaning equipped with virus detection and cleaning software that regularly scans for virusessoftware that regularly scans for viruses

Users should not be allowed to alter or Users should not be allowed to alter or disable the antivirus softwaredisable the antivirus software

Users should know what to do in case their Users should know what to do in case their antivirus program detects a virusantivirus program detects a virus

Antivirus PolicyAntivirus Policy

General guidelines for an antivirus policy General guidelines for an antivirus policy (cont.)(cont.) Every organization should have an antivirus Every organization should have an antivirus

team that focuses on maintaining the antivirus team that focuses on maintaining the antivirus measures in placemeasures in place

Users should be prohibited from installing any Users should be prohibited from installing any unauthorized software on their systemsunauthorized software on their systems

Organizations should impose penalties on Organizations should impose penalties on users who do not follow the antivirus policyusers who do not follow the antivirus policy

Virus HoaxesVirus Hoaxes

False alert about a dangerous, new virus False alert about a dangerous, new virus that could cause serious damage to your that could cause serious damage to your workstationworkstation

Usually have no realistic basis and should Usually have no realistic basis and should be ignoredbe ignored

Fault ToleranceFault Tolerance

Capacity for a system to continue Capacity for a system to continue performing despite an unexpected performing despite an unexpected hardware or software malfunctionhardware or software malfunction FailureFailure

Deviation from a specified level of system Deviation from a specified level of system performance for a given period of timeperformance for a given period of time

FaultFaultInvolves the malfunction of one component of a Involves the malfunction of one component of a systemsystem

Fault ToleranceFault Tolerance

Fail-overFail-over Process of one component immediately assuming the Process of one component immediately assuming the

duties of an identical componentduties of an identical component

A sophisticated means for dynamically A sophisticated means for dynamically replicating data over several physical hard replicating data over several physical hard drives is known as drives is known as hard disk redundancyhard disk redundancy, , calledcalled RAID RAID (for (for Redundant Array of Redundant Array of Inexpensive DisksInexpensive Disks))

To assess the fault tolerance of your network, To assess the fault tolerance of your network, you must identify any single point of failureyou must identify any single point of failure

Environment and PowerEnvironment and Power

EnvironmentEnvironment Analyze the physical environments in which Analyze the physical environments in which

your devices operateyour devices operate

PowerPower Whatever the cause, networks cannot tolerate Whatever the cause, networks cannot tolerate

power loss or less than optimal powerpower loss or less than optimal power

Power FlawsPower Flaws

SurgeSurge

Line noiseLine noise

BrownoutBrownout Also known as a Also known as a sagsag

BlackoutBlackout

Uninterruptible Power Supply Uninterruptible Power Supply (UPS)(UPS)

Battery-operated power source directly attached to one Battery-operated power source directly attached to one or more devices and to a power supplyor more devices and to a power supplyStandby UPSStandby UPS

Switches instantaneously to the battery when it detects a loss of Switches instantaneously to the battery when it detects a loss of power from the wall outletpower from the wall outlet

Figure 14-1: Standby UPS

Uninterruptible Power Supply Uninterruptible Power Supply (UPS)(UPS)

Online UPSOnline UPS Uses the A/C Uses the A/C

power from the power from the wall outlet to wall outlet to continuously continuously charge its battery, charge its battery, while providing while providing power to a power to a network device network device through its batterythrough its battery

Figure 14-2: Online UPS

Factors in Choosing a UPSFactors in Choosing a UPS

Amount of power neededAmount of power needed AA volt-amp (VA)volt-amp (VA) is the product of the voltage is the product of the voltage

and current of the electricity on a lineand current of the electricity on a line

Period of time to keep a device runningPeriod of time to keep a device running

Line conditioningLine conditioning

CostCost

GeneratorsGenerators

If your organization cannot withstand a If your organization cannot withstand a power loss of any duration, consider power loss of any duration, consider investing in an electrical generator for your investing in an electrical generator for your buildingbuilding

Generators do not provide surge Generators do not provide surge protection, but do provide clean (free from protection, but do provide clean (free from noise) electricitynoise) electricity

TopologyTopology

Figure 14-3: Fully-meshed network

Figure 14-4: Network with one

redundant connection

TopologyTopology

Figure 14-5: Self-healing SONET ring

TopologyTopology

Figure 14-6: Redundancy between a firm and two customers

TopologyTopology

Figure 14-7: VPNs linking multiple customers

ConnectivityConnectivity

Hot swappableHot swappable Identical components that automatically assume the Identical components that automatically assume the

functions of their counterpart if one suffers a faultfunctions of their counterpart if one suffers a fault

Figure 14-8: ISP connectivity

ConnectivityConnectivity

Load balancingLoad balancing Automatic distribution of traffic over multiple links Automatic distribution of traffic over multiple links

or processors to optimize responseor processors to optimize response

Figure 14-9: Fully redundant system

ServersServers

Server mirroringServer mirroring Fault tolerance technique in which one server Fault tolerance technique in which one server

duplicates the transactions and data storage of anotherduplicates the transactions and data storage of another

Figure 14-10: Server with

redundant NICs

Server ClusteringServer Clustering

Fault-tolerance technique that links Fault-tolerance technique that links multiple servers together to act as a single multiple servers together to act as a single serverserver

Clustered servers share processing duties Clustered servers share processing duties and appear as a single server to usersand appear as a single server to users

Clustering is more cost-effective than Clustering is more cost-effective than mirroringmirroring

StorageStorage

Redundant Array of Inexpensive Disks Redundant Array of Inexpensive Disks (RAID)(RAID) Collection of disks that provide fault tolerance Collection of disks that provide fault tolerance

for shared data and applicationsfor shared data and applications A group of hard disks is called a disk A group of hard disks is called a disk arrayarray The collection of disks working together in a The collection of disks working together in a

RAID configuration is often referred to as the RAID configuration is often referred to as the “RAID drive”“RAID drive”

RAID Level 0—Disk StrippingRAID Level 0—Disk Stripping

Simple implementation of RAID in which data are written Simple implementation of RAID in which data are written in 64 KB blocks equally across all disks in the arrayin 64 KB blocks equally across all disks in the array

Figure 14-11: RAID Level 0—disk stripping

RAID Level 1—Disk MirroringRAID Level 1—Disk Mirroring

Data from one disk are copied to another disk Data from one disk are copied to another disk automatically as the information is writtenautomatically as the information is written

Figure 14-12: RAID Level 1—disk mirroring

RAID Level 3—Disk Stripping with RAID Level 3—Disk Stripping with Parity ECCParity ECC

Disk stripping with a special type of error correction code Disk stripping with a special type of error correction code (ECC)(ECC)

Term Term parityparity refers to the mechanism used to verify the refers to the mechanism used to verify the integrity of data by making the number of bits in a byte sum to integrity of data by making the number of bits in a byte sum to either an odd or even numbereither an odd or even number

TABLE 14-1 Use of parity bits to achieve parity

RAID Level 3—Disk Stripping with RAID Level 3—Disk Stripping with Parity ECCParity ECC

Parity error checkingParity error checking Process of comparing the parity of data read from Process of comparing the parity of data read from

disk with the type of parity used by the systemdisk with the type of parity used by the system

FIGURE 14-13 RAID Level 3—disk stripping with parity ECC

RAID Level 5—Disk Stripping with RAID Level 5—Disk Stripping with Distributed ParityDistributed Parity

Data are written in small blocks across several disksData are written in small blocks across several disks

Figure 14-14: RAID Level 5—disk stripping with distributed parity

Network Attached Storage Network Attached Storage (NAS)(NAS)

Specialized storage device or group of storage devices Specialized storage device or group of storage devices providing centralized fault-tolerant data storage for a networkproviding centralized fault-tolerant data storage for a network

Figure 14-15: Network attached storage on a LAN

Storage Area Networks (SANS)Storage Area Networks (SANS)

Distinct networks of storage devices that Distinct networks of storage devices that communicate directly with each other and communicate directly with each other and with other networkswith other networks

Extremely fault tolerantExtremely fault tolerant

Extremely fastExtremely fast Much of their speed can be attributed to Much of their speed can be attributed to

Fibre ChannelFibre Channel

Storage Area Networks (SANS)Storage Area Networks (SANS)

Figure 14-16: A storage area network

Data BackupData Backup

Copy of data or program files created for Copy of data or program files created for archiving purposesarchiving purposes

Without backing up data and storing them Without backing up data and storing them off-site, you risk losing everythingoff-site, you risk losing everything

Note that backing up workstations or Note that backing up workstations or backing up servers and other host backing up servers and other host systems are different operationssystems are different operations

Tape BackupsTape Backups

Most popular Most popular method for backing method for backing up networked up networked systemssystemsVaultVault Tape storage libraryTape storage library

Figure 14-17: Examples of backup tape media


Figure 14-16: Tape drive on a medium or large network


Questions to ask when selecting the appropriate Questions to ask when selecting the appropriate tape backup solution for your network:tape backup solution for your network: Does the backup drive and/or media provide sufficient Does the backup drive and/or media provide sufficient

storage capacity?storage capacity? Are the backup software and hardware proven to be Are the backup software and hardware proven to be

reliable?reliable? Does the backup software use data error checking Does the backup software use data error checking

techniques?techniques? Is the system quick enough to complete the backup Is the system quick enough to complete the backup

process before daily operations resume?process before daily operations resume?


Questions to ask when selecting the appropriate Questions to ask when selecting the appropriate tape backup solution for your network (cont.):tape backup solution for your network (cont.): How much do the tape drive, software, and media How much do the tape drive, software, and media

cost?cost? Will the backup hardware and software be compatible Will the backup hardware and software be compatible

with existing network hardware and software?with existing network hardware and software? Does the backup system require frequent manual Does the backup system require frequent manual

intervention?intervention? Will the backup hardware, software, and media Will the backup hardware, software, and media

accommodate your network’s growth?accommodate your network’s growth?

Online Backups and Backup Online Backups and Backup StrategyStrategy

Online backupsOnline backups Done over the InternetDone over the Internet

Questions to ask in developing a backup Questions to ask in developing a backup strategy:strategy: What kind of rotation schedule will backups What kind of rotation schedule will backups

follow?follow? At what time of day or night will the backups At what time of day or night will the backups

occur?occur? How will you verify the accuracy of the backups?How will you verify the accuracy of the backups?

Backup StrategyBackup Strategy

Questions to ask in developing a backup Questions to ask in developing a backup strategy (cont.):strategy (cont.): Where will backup media be stored?Where will backup media be stored? Who will take responsibility for ensuring that Who will take responsibility for ensuring that

backups occurred?backups occurred? How long will you save backups?How long will you save backups? Where will backup and recovery Where will backup and recovery

documentation be stored?documentation be stored?

Backup Strategy MethodsBackup Strategy Methods

Full backupFull backup All data on all servers are copied to a storage All data on all servers are copied to a storage

mediummedium

Incremental backupIncremental backup Only data that have changed since the last Only data that have changed since the last

backup are copied to a storage mediumbackup are copied to a storage medium

Differential backupDifferential backup Only data that have changed since the last Only data that have changed since the last

backup are copied to a storage medium, and that backup are copied to a storage medium, and that information is then marked for subsequent information is then marked for subsequent backupbackup

Backup Rotation SchemeBackup Rotation Scheme

Specifies when and how often backups will occurSpecifies when and how often backups will occur

Figure 14-17: Grandfather-father-son backup rotation scheme

Disaster RecoveryDisaster Recovery

Process of restoring critical functionality Process of restoring critical functionality and data after enterprise-wide outage that and data after enterprise-wide outage that affects more than a single system or affects more than a single system or limited group of userslimited group of users

Must take into account the possible Must take into account the possible extremes, rather than relatively minor extremes, rather than relatively minor situationssituations

Pertinent Issues to a Data Pertinent Issues to a Data Recovery PlanRecovery Plan

Contact names for emergency coordinators who will Contact names for emergency coordinators who will execute the disaster recovery responseexecute the disaster recovery response

Details on which data and servers are being backed Details on which data and servers are being backed up, how frequently backups occur, where backups are up, how frequently backups occur, where backups are kept, and how backup data can be recovered in fullkept, and how backup data can be recovered in full

Details on network topology, redundancy, and Details on network topology, redundancy, and agreements with national service carriersagreements with national service carriers

Regular strategies for testing the disaster recovery Regular strategies for testing the disaster recovery planplan

Plan for managing the crisisPlan for managing the crisis

Chapter SummaryChapter Summary

Integrity refers to the soundness of your network’s Integrity refers to the soundness of your network’s files, systems, and connectionsfiles, systems, and connectionsAvailability of a file or system refers to how Availability of a file or system refers to how consistently and reliably it can be accessed by consistently and reliably it can be accessed by authorized personnelauthorized personnelSeveral basic measures can be employed to Several basic measures can be employed to protect data and systems on a networkprotect data and systems on a networkA virus is a program that replicates itself so as to A virus is a program that replicates itself so as to infect more computersinfect more computersIn broad terms, a failure is a deviation from a In broad terms, a failure is a deviation from a specified level of system performance for a given specified level of system performance for a given period of timeperiod of time


Fault tolerance is a system’s capacity to Fault tolerance is a system’s capacity to continue performing despite an unexpected continue performing despite an unexpected hardware or software malfunctionhardware or software malfunction

Networks cannot tolerate power loss or less Networks cannot tolerate power loss or less than optimal powerthan optimal power

Type of network topology that offers the best Type of network topology that offers the best fault tolerance is a mesh topologyfault tolerance is a mesh topology

A backup is a copy of data or program files A backup is a copy of data or program files created for archiving or safekeeping purposescreated for archiving or safekeeping purposes


Have a strategy for backupHave a strategy for backup

Different backup methods provide varying levels Different backup methods provide varying levels of certainty and corresponding labor and costof certainty and corresponding labor and cost

Disaster recovery is the process of restoring Disaster recovery is the process of restoring critical functionality and data after an enterprise-critical functionality and data after an enterprise-wide outage that affects more than a single user wide outage that affects more than a single user or limited group of usersor limited group of users

Every organization should have a disaster Every organization should have a disaster recovery team and disaster recovery planrecovery team and disaster recovery plan

Chapter Fourteen Ensuring Integrity and Availability.

Documents

Transcript of Chapter Fourteen Ensuring Integrity and Availability.