Chapter13 -- ensuring integrity and availability

Chapter 13: Ensuring Integrity and Availability

Network+ Guide to Networks

2

Objectives:

Identify the characteristics of a network that keep data safe from loss or damage

Protect an enterprise-wide network from viruses

3

Objectives: (continued)

Explain network- and system-level fault-tolerance techniques

Discuss issues related to network backup and recovery strategies

Describe the components of a useful disaster recovery plan

4

What are Integrity and Availability?

• Integrity refers to the soundness of a network’s programs, data, services, devices, and connections.

• Availability of a file or system refers to how consistently and reliably it can be accessed by authorized personnel

5

What are Integrity and Availability? (continued)

• General guidelines for protecting your network

• Allow only network administrators to create or modify NOS and application system files

6


• Monitor the network for unauthorized access or changes

• Record authorized system changes in a change management system

• Install redundant components

7


• General guidelines for protecting your network (continued)

• Perform regular health checks on the network

• Check system performance, error logs, and the system log book regularly

8


• Keep backups, boot disks, and emergency repair disks current and available

• Implement and enforce security and disaster recovery policies

9

Viruses

• A virus is a program that replicates itself with the intent to infect more computers

• Other unwanted and potentially destructive programs are called viruses, but technically do not meet the criteria used to define a virus

• Program that disguises itself as something useful but actually harms your system is called a Trojan horse

10

Viruses (continued)

• Types of Viruses• Boot sector viruses, Macro viruses, File-infected

viruses, Worms, Trojan horse, Network viruses, Bots

• Virus Characteristics• Encryption, Stealth, Polymorphism, Time-

dependence

11

Viruses (continued)

• Virus Protection• Antivirus Software

• Suspecting a virus

• Unexplained increases in file sizes

• Significant, unexplained decline in system performance

• Unusual error messages

• Significant, unexpected loss of system memory

• Fluctuations in display quality

12

Viruses (continued)

• Virus Protection

• Antivirus Software

• Antivirus software should perform

• Signature scanning

• Integrity checking

• Monitoring of unexpected file changes

13

Viruses (continued)

• Virus Protection

• Antivirus Software

• Antivirus software should perform (continued)

• Regular updates and modifications

• Consistently report only valid viruses

• Heuristic scanning -- most fallible

14

Viruses (continued)

• Virus Protection• Antivirus Policies

• Virus detection and cleaning software that regularly scans for viruses

• Users not allowed to alter or disable

• Users know what to do

• Antivirus team appointed maintaining antivirus measures

15

Viruses (continued)

• Virus Protection• Antivirus Policies (continued)

• Users prohibited from installing any unauthorized software

• System-wide alerts issued

• Virus Hoaxes• Type of rumor consists of a false alert about a

dangerous, new virus

• Verify a possible hoax

16

Fault Tolerance

• The capacity for a system to continue performing despite an unexpected hardware or software malfunction

• Failure is a deviation from a specified level of system performance for a given period of time

• Fault involves the malfunction of one component of a system

17

Fault Tolerance (continued)

• Environment• Analyze the physical environment in which your

devices operate

• Power• Power Flaws

• Surge—A momentary increase in voltage

• Noise—A fluctuation in voltage levels

• Brownout—A momentary decrease in voltage

• Blackout—A complete power loss

18


• Power (continued)

• Uninterruptible Power Supplies (UPSs)

• Prevents A/C power from harming device or interrupting its services

• Standby UPS provides continuous voltage to a device by switching

• Online UPS providing power to a network device through its battery

19


20


• Which UPS is right for your network• Amount of power needed

• Period of time to keep a device running

• Line conditioning

• Cost

• Generators• If your organization cannot withstand a power loss you

might consider investing in an electrical generator for your building

21


• Topology and Connectivity• Each physical topology inherently assumes certain

advantages and disadvantages

• Supplying multiple paths data can use to travel from any one point to another

22


23


24


25


26


• Servers• Server Mirroring

• Mirroring is a fault-tolerance technique in which one device or component duplicates the activities of another

• In server mirroring, one server continually duplicates the transactions and data storage of another

27


•

28


• Servers• Clustering

• Fault-tolerance technique that links multiple servers together to act as a single server

29


• Storage• Redundant Array of Independent (or Inexpensive)

Disks (RAID)

• Collection of disks that provide fault tolerance for shared data and applications

• Hardware RAID

• Set of disks and a separate disk controller

• Software RAID

• Software to implement and control RAID

30


• Storage• RAID (continued)

• RAID Level 0—Disk Striping RAID Level 0

• data is written in 64 KB blocks equally across all disks in the array

31


32



• RAID Level 1—Disk Mirroring RAID Level 1

• provides redundancy through a process called disk mirroring

33


34



• RAID Level 3—Disk Striping with Parity ECC RAID Level 3

• Involves disk striping with a special error correction code (ECC)

35


36


37



• RAID Level 5—Disk Striping with Distributed Parity

• Highly fault-tolerant

• Data is written in small blocks across several disks

• Parity error checking information is distributed among the disks

38


39


• Storage

• Network Attached Storage

• specialized storage device or group of storage devices that provides centralized fault-tolerant data storage for a network

40


41


• Storage

• Storage Area Networks (SANs)

• Distinct networks of storage devices that communicate directly with each other and with other networks

42


43

Data Backup

• A backup is a copy of data or program files created for archiving or safekeeping

• Tape Backups• Copying data to a magnetic tape

44

Data Backup (continued)

45


• Tape Backups (continued)

• Select the appropriate tape backup solution

• Sufficient storage capacity

• Proven to be reliable

• Data error-checking techniques

• Is the system quick enough

46


• Tape Backups (continued)

• Select the appropriate tape backup solution

• Tape drive, software, and media cost

• Hardware and software be compatible with existing network

• Frequent manual intervention

• Accommodate your network’s growth

47


• Online Backups• Companies on the Internet now offer to back up

data over the Internet

48


• Backup Strategy• What data must be backed up

• What kind of rotation schedule

• When will the backups occur

• How will you verify

49


• Backup Strategy (continued)• Where will backup media be stored

• Who will take responsibility

• How long will you save backups

• Where will backup and recovery documentation be stored

50


• Backup Strategy (continued)

• Different backup methods

• Full backup

• Incremental backup

• Differential backup

51


52

Disaster Recovery

• A disaster recovery plan should identify a disaster recovery team

• Contact for emergency coordinators

• Which data and servers are being backed up

• Network topology, redundancy, and agreements

• Regular strategies for testing

• A plan for managing the crisis

53

Chapter Summary

• Integrity refers to the soundness of your network’s files, systems, and connections

• Several basic measures can be employed to protect data and systems

• A virus is a program that replicates itself

• Boot sector viruses position their code in the boot sector

• Macro viruses take the form of a macro

54

Chapter Summary (continued)

• File-infected viruses attach themselves to executable files

• Network viruses take advantage of network protocols

• A virus bot is a virus that spreads automatically between systems

• Worms are not technically viruses

• A Trojan horse claims to do something useful but instead harms

55


• Any type of virus may have additional characteristics that make it harder to detect and eliminate

• A good antivirus program should be able to detect viruses through signature scanning, integrity checking, and heuristic scanning

• Antivirus software is merely one piece of the puzzle in protecting your network

56


• A virus hoax is a false alert about a dangerous, new virus

• A failure is a deviation from a specified level of system performance for a given period of time

57


• A fault is the malfunction of one component of a system

• Fault tolerance is a system’s capacity to continue performing despite an unexpected hardware or software malfunction

58


• Networks cannot tolerate power loss or less than optimal power

• A UPS is a battery power source directly attached to one or more devices and to a power supply

• A standby UPS provides continuous voltage to a device by switching

59


• An online UPS uses the A/C power from the wall outlet to continuously charge its battery

• For utmost fault tolerance in power supply, a generator is necessary

60


• Network topologies such as a full mesh WAN or a star-based LAN with a parallel backbone offer the greatest fault tolerance

• Hot swappable components can be changed (or swapped) while a machine is still running (hot)

• Critical servers often contain redundant components

61


• Utilizing a second, identical server to duplicate the transactions and data storage of one server is called server mirroring

• Server clustering links multiple servers together to act as a single server

62


• An important storage redundancy feature is a Redundant Array of Independent (or Inexpensive) Disks (RAID)

• Network attached storage (NAS) is a dedicated storage device

• A storage area network (SAN) is a distinct network of multiple storage devices and servers

63


• A backup is a copy of data or program files created for archiving or safekeeping

• A popular, economical method for backing up networked systems is tape backup

• You can also back up data over the Internet

64


• The aim of a good backup rotation scheme is to provide excellent data reliability

• Every organization should have a disaster recovery team

Chapter13 -- ensuring integrity and availability

Technology

Transcript of Chapter13 -- ensuring integrity and availability