Chapter 1 Introduction to Computers and C Programming

1
CS 56

• Networking Essentials

Chapter 10 Ensuring Network Security
Sonny Huang
2
Chapter 10 Ensuring Network Security

• Outline
• Making Networks Secure
• Maintaining a Healthy Network Environment
• Avoiding Data Loss

3
Making Networks Secure

• Planning for Network Security
• A. Overview
• 1. In a network environment, there must be
  assurance that sensitive data will remain
  private.
• 2. It is equally important to protect network
  operations from deliberate or unintentional
  damage.
• 3. Requires a balance between facilitating easy
  access to data by authorized users and
  restricting access to data by unauthorized users.

4
Making Networks Secure

• 4. Four major threats to the security of data on
  a network are
• a. Unauthorized access
• b. Electronic tampering
• c. Theft
• d. Intentional or unintentional damage
• 5. Data security is not always implemented or
  supported properly.
• 6. It is the administrators task to ensure that
  the network remains reliable and secure, free
  from those threats.

5
Making Networks Secure

• Most attacks on networks take place from within
  company walls. Many security plans address only
  attacks from outside. Teach users how to protect
  against viruses, as well as intruders.

6
Making Networks Secure

• B. Level of Security
• 1. Extent and level depend on the type of network
  environment.
• 2. Banks require more extensive security than a
  LAN that links the computers in a small community
  organization.

7
Making Networks Secure

• C. Setting Policies
• 1. Overview
• a. Securing a network requires establishing a set
  of rules, regulations, and policies so that
  nothing is left to chance.
• b. Implement policies that set the tone and help
  to guide the administrator and users through
  changes.
• 2. Prevention
• a. Best way to design data security policies is
  to take a proactive, preventative approach.
• b. When unauthorized access is prevented, data
  remains secure.

8
Making Networks Secure

• c. Administrator must understand the tools and
  methods available to keep data safe.
• 3. Authentication
• a. A user must enter a valid user name and
  password.
• b. A password authentication system is the first
  line of defense against unauthorized users.
• c. Do not let overreliance on this authentication
  process lull you into a false sense of security.
• d. Authentication works only in a server-based
  network in which the user name and password must
  be authenticated from the security database.

9
Making Networks Secure

• D. Training
• 1. Unintentional errors lead to security
  failures.
• 2. Knowledgeable users are less likely to cause
  an accidental error and ruin a resource by
  permanently corrupting or deleting data than a
  novice user.
• 3. Administrator should ensure that everyone who
  uses the network is familiar with its operating
  and security procedures.
• 4. Develop a short, clear guide to what users
  need to know, and require that new users attend
  appropriate training classes.

10
Making Networks Secure

• E. Securing Equipment
• 1. Overview
• a. Keep data safe by ensuring the physical
  security of the network hardware.
• b. Extent of security required depends on
• (1) Size of the company
• (2) Sensitivity of the data
• (3) Available resources
• c. In a peer-to-peer network, users are usually
  responsible for the security of their own
  computers and data.

11
Making Networks Secure

• d. In a server-based network, security is the
  responsibility of the network administrator.
•  
• It is a good idea to lock the computer room so
  that not even the cleaning staff can get into the
  room. Untrained people with physical access can
  cause a range of network difficulties. At a
  minimum, lock keyboards. The degree of security
  established and maintained depends on the
  sensitivity of the organizations data and the
  resources available for protecting it.

12
Making Networks Secure

• 2. Securing the Servers
• a. Secure the servers from accidental or
  deliberate tampering.
• b. Tactfully prevent unauthorized people from
  fixing the server.
• c. Lock the servers in a dedicated computer room
  with limited access.

13
Making Networks Secure

• 3. Securing the Cables
• a. Copper media, such as coaxial cable, emit
  electronic signals that mimic the information the
  cable carries like a radio.
• b. These signals can be monitored with electronic
  listening equipment.
• c. Copper cable can also be tapped so that
  information can be stolen directly from the
  original cable.
• d. Cable runs that handle sensitive data should
  be accessible only to authorized people.
• e. Proper planning can make cable runs
  inaccessible to unauthorized people.

14
Making Networks Secure

• Security Models
• A. Overview
• 1. Administrator needs to ensure that the network
  resources will be safe from both unauthorized
  access and accidental or deliberate damage.
• 2. Policies for assigning permissions and rights
  to network resources are at the heart of securing
  the network.
• 3. Two security models have evolved for keeping
  data and hardware resources safe
• a. Password protected shares (share-level
  security).
• b. Access permissions (user-level security).

15
Making Networks Secure

• B. Password Protected Shares
• 1. Simple security method that allows anyone who
  knows the password to obtain access to that
  particular resource.
• 2. Requires assigning a password to each shared
  resource.
• 3. Access to the shared resource is granted when
  a user enters the correct password.
• 4. Resources can be shared with different types
  of permissions Read Only, Full, and Depends on
  Password.

16
Making Networks Secure

• Shares are available on FAT and NTFS partitions.
  Share-level passwords protect directories, not
  individual files.
•  
• C. Access Permissions
• 1. Overview
• a. Involves assigning certain rights on a
  user-by-user basis.
• b. User types a user name and password when
  logging on to the network.
• c. Server validates this user name and password
  combination and uses it to grant or deny access
  to shared resources by checking access to the
  resource against a user access database.

17
Making Networks Secure

• d. Provides a higher level of control over access
  rights.
• e. Because user-level security is more extensive
  and can determine various levels of security, it
  is usually the preferred model in larger
  organizations.
•  
• User-level passwords protect directories and
  their files individually.

18
Making Networks Secure

• 2. Resource Security
• a. After the user has been authenticated and
  allowed on the network, the security system gives
  the user access to the appropriate resources.
• b. Users have passwords resources have
  permissions.
• c. Administrator determines which users are
  members of which groups.
• d. Permissions control the type of access to a
  resource.

19
Making Networks Secure

• e. Windows NT Server Permissions.
• (1) Read Reads and copies files in the shared
  directory.
• (2) Execute Executes (runs) the files in the
  directory.
• (3) Write Creates new files in the directory.
• (4) Delete Deletes files in the directory.
• (5) No Access Prevents the user from gaining
  access to directories, files, or resources.

20
Making Networks Secure

• Different NOSs give different names to these
  permissions.

21
Making Networks Secure
22
Making Networks Secure

• 3. Group Permissions
• a. Administrator assigns each user the
  appropriate permissions to each resource.
• b. Most efficient way to manage permissions is to
  use groups.
• c. Use Windows NT Explorer to set permissions.
• d. Permissions for groups work in the same way as
  for users.
• e. Administrator reviews which permissions are
  required by each account and assigns the accounts
  to the proper groups.

23
Making Networks Secure

• Windows NT Server allows users to select the
  file or folder for which they want to set group
  permissions.
•  
•  

Windows NT Explorer is used to set permissions
24
Making Networks Secure

• The group Everyone has been granted Read access
  to the directory public. This allows members of
  the group Everyone to read, but not delete or
  modify, the files in the public directory.
•  
•  

25
Making Networks Secure

• Assigning users to appropriate groups is more
  convenient than having to assign separate
  permissions to every user individually.
•  
•  
• Video Note c10dem01 video shows a presentation
  of share-based and server-based network security.

26
Making Networks Secure

• Security Enhancements
• A. Firewalls
• 1. Security systems are usually a combination of
  hardware and software intended to protect an
  organizations network against external threats
  coming from another network.
• 2. Audit and record the volume of network traffic
  and provide information about unauthorized access
  attempts.
• 3. Incoming and outgoing communication is routed
  through a proxy server outside the organizations
  network.

27
Making Networks Secure

• 4. Proxy server determines file access to the
  organizations network.
• 5. Proxy server filters and discards requests
  not consider appropriate, including requests for
  unauthorized access to proprietary data.
•  
• A proxy server is a firewall component that
  manages Internet traffic to and from a LAN.

28
Making Networks Secure

• B. Auditing
• 1. Reviewing records in the security log of a
  server is called auditing.
• 2. Tracks network activities by user accounts.
• 3. Should be a routine element of network
  security.
• 4. Helps administrators identify unauthorized
  activity.
• 5. Records can indicate how the network is being
  used.

29
Making Networks Secure

• 6. Auditing can track functions such as
• a. Logon attempts
• b. Connection and disconnection from designated
  resources
• c. Connection termination
• d. Disabling of accounts
• e. Opening and closing of files
• f. Changes made to files
• g. Creation or deletion of directories
• h. Directory modification
• i. Server events and modifications
• j. Password changes
• k. Logon parameter changes

30
Making Networks Secure

• C. Diskless Computers
• 1. No floppy drives or hard disks.
• 2. Can do everything a computer with disk drives
  can do except store data on a local floppy disk
  or hard disk.
• 3. Ideal choice for maintaining security because
  users cannot download data and take it away.
• 4. Do not require boot disks.
• 5. Communicate with the server and log on by
  means of a special Read Only Memory (ROM) boot
  chip installed on the computers NIC.
• 6. When the computer is turned on, the ROM boot
  chip signals the server that it is ready to start.

31
Making Networks Secure

• 7. Server responds by downloading boot software
  into the diskless computers RAM and
  automatically presents the user with a logon
  screen as part of the boot process.
• 8. After the user logs on, the computer is
  connected to the network.
• 9. All computer activity must be conducted over
  the network traffic will increase accordingly.
• 10. Network must be capable of handling
  increased demands.

32
Making Networks Secure

• D. Data Encryption
• 1. Data Encryption Basics
• a. Data encryption utilities scramble data before
  it goes onto the network.
• b. Makes the data unreadable even by someone who
  taps the cable and attempts to read the data as
  it passes over the network.
• c. When the data arrives at the proper computer,
  the code for deciphering encrypted data decodes
  the bits, translating them into understandable
  information.

33
Making Networks Secure

• d. Advanced data encryption schemes automate both
  encryption and decryption.
• e. Best encryption systems are hardware-based and
  can be expensive.

34
Making Networks Secure

• 2. Data Encryption Standards (DES)
• a. Traditional standard for encryption developed
  by IBM and adopted in 1975 as a specification for
  encryption by the U.S. government.
• b. System describes how data should be encrypted
  and provides the specifications for the key to
  decryption.
• c. U.S. government continues to use DES.
• d. Both the sender and receiver need to have
  access to the decryption key.
• e. The only way to get the key from one location
  to another is to physically or electronically
  transmit it, which makes DES vulnerable to
  unauthorized interception.

35
Making Networks Secure

• 3. Commercial COMSEC Endorsement Program (CCEP)
• a. Newer standard that may eventually replace
  DES.
• b. CCEP introduced by National Security Agency
  (NSA) and allows vendors with the proper security
  clearance to join.
• c. Approved vendors are authorized to incorporate
  classified algorithms into communications systems.

36
Making Networks Secure

• Computer Viruses
• A. Overview
• 1. Becoming more common.
• 2. Bits of computer programming, or code, that
  hide in computer programs or on the boot sector
  of storage devices.
• 3. Primary purpose of a virus is to reproduce
  itself as often as possible and thereby disrupt
  the operation of the infected computer or the
  program.
• 4. A simple annoyance or completely catastrophic
  in its effect.
• 5. Written with an intent to do harm.

37
Making Networks Secure

• 6. Boot Sector Virus
• a. Resides in the first sector of a floppy disk
  or hard disk drive.
• b. Executes when computer boots.
• c. Common method of transmitting viruses from one
  floppy disk to another.
• 7. File Infector Virus
• a. Attaches itself to a file or program.
• b. Activates any time the file is used.

38
Making Networks Secure

• 8. Common File Infectors
• a. Companion Virus So named because it uses the
  name of a real program.
• b. Macro Virus Difficult to detect and is
  becoming more common written as a macro for a
  specific application.
• c. Polymorphic Virus Changes its appearance
  every time it is replicated.
• d. Stealth Virus To hide from detection, it
  returns false information to antivirus programs.
•  
• Keep virus detection data up-to-date. New viruses
  appear daily.

39
Making Networks Secure

• B. Virus Propagation
• 1. An exchange between two computers must take
  place before transmission of the virus occurs.
• 2. In the early days, the principal source of
  infection was through the exchange of data on
  floppy disks.
• 3. Proliferation of LANS and growth of the
  Internet have opened many new pathways to rapidly
  spreading viruses.
• 4. Some virus creators provide easy-to-use
  software containing directions for how to create
  a virus.
• 5. An emerging method of spreading a virus is
  through e-mail services.

40
Making Networks Secure

• 6. A virus can be located in an inviting
  attachment to an e-mail message.
• 7. A Trojan Horse virus is packaged inside an
  enticing cover.
• 8. Common ways computers exchange information
  include
• a. CD-ROMs
• b. Cables directly connecting two computers
• c. Floppy disk drives
• d. Hard disk drives
• e. Internet connections
• f. LAN connections
• g. Modem connections
• h. Portable or removable drives
• i. Tape

41
Making Networks Secure

• C. Consequences of a Virus
• 1. Common symptoms of computer virus infection
• a. Computer will not boot.
• b. Data is scrambled or corrupted.
• c. Computer operates erratically.
• d. A partition is lost.
• e. Hard drive is reformatted.
• 2. Peer-to-peer network
• a. All things are shared equally.
• b. Any infected computer has direct access to
  any computer or resource that is shared to the
  network.

42
Making Networks Secure

• 3. Server-based networks
• a. Some have built-in protection because
  permission is required to obtain access to some
  portions of the server and, therefore, the
  network.
• b. More likely that a workstation will be
  infected than a server, although servers are not
  immune.
• c. As the conduit from one computer to another,
  the server participates in the transmission of
  the virus, even though it might not be affected.

43
Making Networks Secure

• D. Virus Prevention
• 1. Effective antivirus strategy is an essential
  part of a network plan.
• 2. Good antivirus software is essential.
• 3. Virus protection software can do some of the
  following
• a. Warn of a potential virus.
• b. Keep a virus from activating.
• c. Remove a virus.
• d. Repair some of the damage caused by a virus.
• e. Keep a virus in check after it activates.
• 4. Preventing unauthorized access to the network
  is one of the best ways to avoid a virus.

44
Making Networks Secure

• 5. Some standard preventive measures are
• a. Passwords to reduce the chance of
  unauthorized access.
• b. Well-planned access and privilege assignments
  for all users.
• c. User profiles to structure the users network
  environment, including network connections and
  program items that appear when the user logs on.
• d. A policy that sets out which software can be
  loaded.
• e. A policy that specifies rules for
  implementing virus protection on client
  workstations and network servers.
• f. Ensuring that all users are informed about
  computer viruses and how to prevent their
  activation.

45
Maintaining a Healthy Network Environment

• Computers and the Environment
• A. Negative environmental impacts on electronic
  equipment, while not always dramatic, do exist.
• B. Slow and steady deterioration process can
  lead to intermittent but increasingly more
  frequent problems until a catastrophic system
  failure occurs.
• C. By recognizing these problems before they
  occur and taking appropriate steps, one can
  prevent or minimize such failures.

46
Maintaining a Healthy Network Environment

• D. Computers and network equipment require
  specific environments in order to function
  properly.
• E. Most computers are installed in
  environmentally controlled areas even with such
  controls in place, computers are not immune from
  the effects of their surroundings.
• F. When accessing how environmental conditions
  will affect a computer network, the first step is
  to consider the climatic conditions of the
  region.
• G. Different climatic circumstances require
  different steps be taken to ensure that the
  environment does not negatively affect the
  network.

47
Maintaining a Healthy Network Environment

• H. Environmental conditions for computers are
  assumed to be the same as prevailing office
  conditions.
• I. Environmental factors can affect network
  wiring that often runs through walls and in
  ceilings, basements, and sometimes outside.
• J. Think in terms of the global (entire) network,
  visible or out of sight, and not just the local
  components.
• K. Environmentally triggered disasters are
  usually the result of a long period of slow
  deterioration, rather than a sudden catastrophe.

48
Maintaining a Healthy Network Environment

• Creating the Right Environment
• A. Overview
• 1. The network administrator creates policies
  governing safe practices around network
  equipment, and implements and manages an
  appropriate working environment for the network.
• 2. Electronic equipment is designed to operate
  within the same range of temperature and humidity
  that feels comfortable to human beings.

49
Maintaining a Healthy Network Environment

• B. Temperature
• 1. Electronic equipment generates heat during
  normal operation, and it usually has a cooling
  fan designed to maintain the temperature within
  the specified limits.
• 2. An environment in which the temperature is
  constantly cycling between hot and cold presents
  the worst scenario for electronic equipment.
• 3. Extreme changes cause metal components to
  expand and contract, which eventually may lead to
  equipment failure.

50
Maintaining a Healthy Network Environment

• C. Humidity
• 1. High humidity promotes corrosion.
• 2. Corrosion can increase the resistance of
  electrical components, occurring first on
  electrical contacts.
• 3. Corroded contacts on expansion cards and cable
  connections will cause intermittent failures.
• 4. Most equipment will function adequately
  between 50 and 70 percent relative humidity.
• 5. Control temperature and humidity in the server
  room.
•  
• In environments with low humidity, take extra
  care to avoid static electricity.

51
Maintaining a Healthy Network Environment

• D. Dust and Smoke
• 1. Dust is electrostatically attracted to
  electronic equipment.
• 2. Dust acts as an insulator that affects the
  cooling of components.
• 3. Dust can hold electrical charges, making them
  conductive.
• 4. Smoke coats the surfaces of electronic
  components, acting as both insulator and
  conductor.
• 5. Smoke residue also enhances the accumulation
  of dust.

52
Maintaining a Healthy Network Environment

• E. Human Factors
• 1. Few employees have any awareness of the
  ventilation requirements for computer equipment
  they impede the natural flow of air in and around
  the equipment.
• 2. Spilling of liquid refreshments takes a toll
  on keyboards and computers.
• 3. Space heaters can overheat computers.
• 4. Space heaters can overload the power outlets,
  tripping circuit breakers, or even causing fires.

53
Maintaining a Healthy Network Environment

• F. Hidden Factors
• 1. Because we do not see these hidden elements on
  a daily basis, we assume that all is well until
  something goes wrong.
• 2. Wiring is one network component that can cause
  problems, especially wires lying on the floor.
• 3. Wires that run through an attic can easily be
  damaged by accident during repairs to other
  objects in the attic.
• 4. Bugs and rodents of all kinds are another
  hidden factor.
•  
• Video Note c10dem02 video shows a presentation
  of how environmental factors affect computers,
  servers, and networks.

54
Maintaining a Healthy Network Environment

• G. Industrial Factors
• 1. Computers in Manufacturing.
• a. Entire manufacturing process can be monitored
  and controlled from a central location.
• b. Equipment can even contact telephone
  maintenance personnel at home when there is a
  problem.
• c. Manufacturing environments often have little
  or no control over temperature and humidity.
• d. Atmosphere can be contaminated with corrosive
  chemicals.
• e. Manufacturing environments that utilize heavy
  equipment with large electrical motors can wreak
  havoc on the stability of computer-operated
  systems and networks.

55
Avoiding Data Loss

• Data Protection
• A. A site disaster is defined as anything that
  causes loss of data.
• B. Many large organizations have extensive
  disaster recovery plans to maintain operations
  and rebuild after a natural disaster such as an
  earthquake or a hurricane.
• C. Many include a plan to recover the network.
• D. Disaster recovery for a network goes beyond
  the replacing of the physical hardware the data
  must be protected as well.

56
Avoiding Data Loss

• E. Causes of a network disaster include
• 1. Component failure
• 2. Computer viruses
• 3. Data deletion and corruption
• 4. Fire caused by arson or electrical mishaps
• 5. Natural disasters, such as lightning, floods,
  tornadoes, and earthquakes
• 6. Power supply failure and power surges
• 7. Theft and vandalism

57
Avoiding Data Loss

• F. Downtime spent recovering data from backup
  storage (if backups exist) could result in a
  serious loss of productivity.
• G. Without backups, the consequences are even
  more severe, possibly resulting in significant
  financial losses.
• H. To prevent or recover from data loss
• 1. Tape backup systems.
• 2. Use an uninterruptible power supply (UPS).
• 3. Build fault tolerant systems.
• 4. Use optical drives and disks.

58
Avoiding Data Loss

• Any or all of these approaches can be used,
  depending on how valuable the data is to the
  organization budget constraints may also limit
  security protection.
•  
• Tape Backup
• A. Overview
• 1. Simplest, most inexpensive way to avoid
  disastrous loss of data is to implement a
  schedule of periodic backups with storage
  offsite.
• 2. First line of defense against data loss.
• 3. A secure backup strategy minimizes the risk of
  losing data.

59
Avoiding Data Loss

• 4. To back up data requires
• a. Appropriate equipment.
• b. Regularly scheduled backups.
• c. Ensuring that backup files are current.
• d. Personnel assigned to make sure this schedule
  is carried out.
• 5. Any expense incurred from equipment costs is
  likely to be minimal compared to the value of
  what will be saved in the event of data loss.
•  
• Backups are the traditional method for data
  recovery, and the first line of defense. Some
  NOSs come with scheduling software that allows
  for automatic after-hour backups.

60
Avoiding Data Loss

• B. Implementing a Backup System
• 1. If you cant get along without it, back it
  up.
• 2. Whether you backup entire disks, selected
  directories, or files depends on how fast you
  will need to be operational after losing
  important data.
• 3. Critical data should be backed up according
  to daily, weekly, or monthly schedules, depending
  on how critical the data is and how frequently it
  is updated.
• 4. Schedule backup operations during periods of
  low system use.
• 5. Users should be notified when the backup will
  be performed so that they will not use the server
  during backup operations.

61
Avoiding Data Loss

• C. Selecting a Tape Drive
• 1. Determine how much data needs to be backed up.
• 2. Determine the network requirements for backup
  reliability, capacity, and speed.
• 3. Assess the cost of the tape drive and related
  media.
• 4. Assess the tape drives compatibility.
• Ideally, a tape drive should have more than
  enough capacity to back up a networks largest
  server. It should also provide error detection
  and correction during backup and restore
  operations.

62
Avoiding Data Loss

• D. Backup Methods
• 1. Full backup Backs up and marks selected
  files, whether or not they have changed since the
  last backup.
• 2. Copy Backs up all selected files without
  marking them as being backed up.
• 3. Incremental backup Backs up and marks
  selected files only if they have changed since
  the last time they were backed up.
• 4. Daily copy Backs up only those files that
  have been modified that day, without marking them
  as being backed up.
• 5. Differential backup Backs up selected files
  only if they have changed since the last time
  they were backed up, without marking them as
  being backed up.

63
Avoiding Data Loss

• Another effective method is to schedule
  streaming backups throughout the day. A low cost
  technique that achieves highly reliable storage
  and retrieval of data, it is useful when a steady
  supply of data is required by a particular
  application or computer.

64
Avoiding Data Loss

• E. Testing and Storage
• 1. Test before committing to it.
• 2. Test regularly to verify its effectiveness.
• 3. Test restore procedures to ensure that
  important files can be restored quickly.
• 4. Make two copies of each tape One to be kept
  onsite, and the other stored offsite in a safe
  place.
• 5. Storing tapes in a fireproof safe can keep
  them from actually burning however, the heat
  from a fire will still ruin stored data.
• 6. Replace tapes regularly.

65
Avoiding Data Loss

• F. Maintaining a Backup Log
• 1. Maintaining a log of all backups is critical
  for later file recovery.
• 2. A copy of the log should be kept with the
  backup tapes, as well as at the computer site.
• 3. Log should record the following information
• a. Date of backup
• b. Tape-set number
• c. Type of backup performed
• d. Which computer was backed up
• e. Which files were backed up
• f. Who performed the backup
• g. Location of the backup tapes

66
Avoiding Data Loss

• G. Installing the Backup System
• 1. Tape drives can be connected to a server or a
  computer.
• 2. Backups can be initiated from the computer to
  which the tape drive is installed or over the
  network.
• 3. Backup and restore operations occur very
  quickly when run from a server because data does
  not travel across the network.
• 4. Backing up across the network is the most
  efficient way to back up multiple systems
  however, it creates a great deal of network
  traffic and slows the network down considerably.

67
Avoiding Data Loss

• 5. It is important to perform backups during
  periods of low network use because network
  traffic can cause performance degradation.
• 6. If multiple servers reside in one location,
  placing a backup computer on an isolated segment
  can reduce network traffic.

68
Avoiding Data Loss

• Uninterruptible Power Supply (UPS)
• A. Overview
• 1. An automated external power supply designed to
  keep a server or other device running in the
  event of a power failure.
• 2. Can interface with an operating system such as
  Microsoft Windows NT.
• 3. Two crucial components
• a. A power source to run the server for a short
  time
• b. A safe shutdown management service

69
Avoiding Data Loss

• 4. Power source is usually a battery, but the UPS
  can also be a gasoline engine running an AC power
  supply.
• 5. If power fails, users are notified and warned
  by the UPS to finish their tasks.
• 6. Waits a predetermined amount of time and
  performs an orderly system shutdown.
• 7. If power is restored while UPS is active, UPS
  will notify the users that the power has
  returned.
• 8. A good UPS system will
• a. Prevent any more users from accessing the
  server.
• b. Send an alert message to the network
  administrator through the server.

70
Avoiding Data Loss

• B. Types of UPS Systems
• 1. Online UPS systems.
• a. When power source fails, UPS batteries
  automatically take over.
• b. Process is invisible to users.
• 2. Stand-by UPS systems.
• a. Start when power source fails.
• b. Less expensive than online systems, but not
  as reliable.
•  
• Stand-by UPSs are slower to react to power
  failures and sometimes not reliable enough to
  prevent system failures.

71
Avoiding Data Loss

• C. Implementing UPS
• 1. Will UPS meet the basic power requirements of
  this network?
• 2. How many components can it support?
• 3. Does UPS communicate with the server to
  notify it when a power failure has occurred and
  the server is running on batteries?
• 4. Does UPS guard against power spikes and
  surges?
• 5. What is the life span of a UPS battery? How
  long can it be inactive before it starts to
  degrade?
• 6. Will UPS warn the administrator and users
  that it is running out of power?

72
Avoiding Data Loss

• Fault Tolerant Systems
• A. Overview
• 1. Protect data by duplicating or placing it in
  different physical sources, such as partitions or
  disks.
• 2. Redundancy is a prominent feature common to
  most fault tolerant systems.
• 3. Data redundancy allows access to data even if
  part of the data system fails.
• 4. Should never replace regular backup of servers
  and hard disks.

73
Avoiding Data Loss

• 5. Fault tolerant systems offer these
  alternatives for data redundancy
• a. Disk striping
• b. Disk mirroring
• c. Sector sparing
• d. Mirrored drive arrays
• e. Clustering
•  
• A carefully planned backup strategy is the best
  insurance policy for recovering lost or damaged
  data.

74
Avoiding Data Loss

• B. Redundant Array of Independent Disks (RAID)
• 1. Overview
• a. Fault tolerance options are standardized and
  categorized into levels.
• b. Levels offer various combinations of
  performance, reliability.
•  
• RAID also offers better use of disk space and
  improved performance.

75
Avoiding Data Loss

• 2. Level 0 Disk Striping
• a. Divides data into 64KB blocks and spreads it
  equally in a fixed rate and order among all disks
  in an array.
• b. Does not provide any fault tolerance because
  there is no data redundancy.
• c. If any partition in the disk array fails, all
  data is lost.
• d. A stripe set combines multiple areas of
  unformatted free space into one large logical
  drive, distributing data storage across all
  drives simultaneously.
• e. In Windows NT, a stripe set requires at least
  two physical drives and can use up to 32.
• f. Can combine areas on different types of
  drives, such as SCSI, ESDI, and IDE.

76
Avoiding Data Loss

• g. Makes one large partition out of several small
  partitions, which offers better use of disk
  space and multiple disk controllers will result
  in better performance.
• 3. Level 1 Disk Mirroring
• a. Duplicates a partition and moves the
  duplication onto another physical disk.
• b. Always two copies of the data, with each copy
  on a separate disk.
• c. Any partition can be mirrored.
• d. Simplest way to protect a single disk against
  failure.
• e. Can be considered a form of continual backup
  because it maintains a fully redundant copy of a
  partition on another disk.

77
Avoiding Data Loss

• 4. Duplexing
• a. Consists of a mirrored pair of disks with an
  additional disk controller on the second drive.
• b. Reduces channel traffic and potentially
  improves performance.
• c. Intended to protect against disk controller
  failures as well as medial failures.
• 5. Level 2 Disk Striping with Error Correction
  Code (ECC)
• a. When a block of data is written, the block is
  broken up and distributed (interleaved) across
  all data drives.
• b. Requires a larger amount of disk space than
  parity checking methods.

78
Avoiding Data Loss

• 6. Level 3 ECC Stored as Parity
• a. Similar to Level 2
• b. Requires only one disk to store parity
•  
• The term parity refers to an error checking
  procedure in which the number of 1s must always
  be the sameeither odd or evenfor each group of
  bits transmitted without error.

79
Avoiding Data Loss

• 7. Level 4 Disk Striping with Large Blocks
• a. Moves away from data interleaving by writing
  complete blocks of data to each disk in the
  array.
• b. A separate check disk is used to store parity
  information.
• c. Each time a write operation occurs, the
  associated parity information must be read from
  the check disk and modified.
• d. Works better for large block operations than
  for transaction-based processing.

80
Avoiding Data Loss

• 8. Level 5 Striping with Parity
• a. Most popular approach to fault tolerant
  design.
• b. Supports a minimum of 3 to 32 drives and
  writes the parity information across all the
  disks in the array (the entire stripe set).
• c. Data and parity information are arranged so
  that the two are always on different disks.
• d. If a single drive fails, enough information
  is spread across the remaining disks to allow the
  data to be completely reconstructed.
• e. Parity stripe block is used to reconstruct
  data for a failed physical disk.

81
Avoiding Data Loss

• 9. Level 10 Mirrored Drive Arrays
• a. Mirrors data across two identical RAID 0
  drive arrays.
•  
• Windows NT Disk Administrator can be used for
  all disk partitioning and mirroring.

82
Avoiding Data Loss

• C. Sector Sparing
• 1. Windows NT Server operating system offers an
  additional fault tolerant feature called sector
  sparing, also known as hot fixing.
• 2. If bad sectors are found during disk I/O
  (input/output), the fault tolerant driver will
  attempt to move the data to a good sector and map
  out the bad sector.
• 3. If the mapping is successful, the file system
  is not alerted.
• 4. It is possible for SCSI devices to perform
  sector sparing, but ESDI and IDE devices cannot.
• 5. Some NOSs, have a utility that notifies the
  administrator of all sector failures and of the
  potential for data loss if the redundant copy
  also fails.

83
Avoiding Data Loss

• D. Microsoft Clustering
• 1. Microsofts implementation of server
  clustering.
• 2. Clustering refers to a group of independent
  systems that work together as a single system.
• 3. Fault tolerance is built into clustering
  technology.
• 4. If a system within the cluster fails, the
  cluster software will disperse the work from the
  failed system to the remaining systems in the
  cluster.
• 5. Clustering is not intended to replace current
  implementations of fault tolerant systems,
  although it does provide an excellent enhancement.

84
Avoiding Data Loss

• E. Implementing Fault Tolerance
• 1. Most advanced NOSs offer a utility for
  implementing fault tolerance.
• 2. Disk Administrator program is used to
  configure Windows NT Server fault tolerance.
• 3. If the disk is moved to a different
  controller or its ID is changed, Windows NT will
  still recognize it as the original disk.
• 4. Use Disk Administrator to configure various
  disk configurations, including
• a. Stripe sets with parity
• b. Mirror sets
• c. Volume sets
• d. Stripe sets

85
Avoiding Data Loss

• Optical Drives and Disks
• A. Overview
• 1. Optical drive is a generic term that is
  applied to several devices.
• 2. Optical drive manufacturers provide a large
  array of storage configurations that are either
  network-ready or can be used with a network
  server.
•  
• In optical technology, data is stored on a rigid
  disk by altering the disks surface with a laser
  beam.
•  

86
Avoiding Data Loss

• B. Compact Disc (CD-ROM) Technology
• 1. CDs are the most common form of optical data
  storage.
• 2. Only allow information to be read.
• 3. ISO 9660 specification defines an
  international format standard for CD-ROM.
• 4. Up to 650 MB of data on a 4.73-inch disk.
• 5. Portable and replaceable, and because data on
  a CD-ROM cannot be changed, files cannot be
  accidentally erased.
• 6. Standard recording formats and inexpensive
  readers make CDs ideal for data storage.
• 7. Are also available in a multisession format
  called CD-recordable (CD-R).

87
Avoiding Data Loss

• 8. Can now be used for incremental updates and
  inexpensive duplication.
• 9. Also offered in a rewritable format called
  CD-rewritable.
• C. Digital Video Disc (DVD) Technology
• 1. DVD family of formats is replacing the CD-ROM
  family of formats.
• 2. Also known as digital versatile disc.
• 3. DVD has five formats
• a. DVD-ROM.
• (1) Also read-only discs.

88
Avoiding Data Loss

• (2) Storage capacity of 4.7 GB (single-sided,
  single-layer), 9.4 GB (double-sided,
  single-layer), 8.5 GB (single-sided,
  double-layer), 17 GB (double-sided,
  double-layer).
• (3) Backward-compatible with CD-Audio and
  CD-ROM.
• (4) Drives can play DVD-R and all the DVD
  formats.
• b. DVD Video
• c. DVD Audio
• d. DVD-R (the R stands for recordable)
• (1) Format for write-once (incremental updates).
• (2) Specifies 3.95 GB for single-sided discs and
  7.9 GB for double-sided discs.
• (3) UDF is the file system.

89
Avoiding Data Loss

• (3) UDF is the file system.
• e. DVD-RAM
• (1) Format for rewritable discs.
• (2) Specifies 2.6 GB for single-sided discs and
  5.2 GB for double-sided discs.
• (3) Disc cartridge as an option.
• D. WORM (Write Once, Read Many) Technology
• 1. Has helped initiate the document imaging
  revolution.
• 2. Uses laser technology to permanently alter
  sectors of the disc, thereby permanently writing
  files onto the media.
• 3. Device can write only once to each disc.
• 4. Typically employed in imaging systems,
  rendering images static and permanent.

90
Avoiding Data Loss

• E. Rewritable Optical Technology
• 1. Magneto-Optical (MO) drives are more widely
  accepted because the media and drive
  manufacturers use the same standards and their
  products are compatible.
• 2. Phase Change Rewritable (PCR) comes from one
  manufacturer (Matsushita/Panasonic), and the
  media comes from two manufacturers (Panasonic and
  Plasmon).

91
Avoiding Data Loss

• F. Multifunction Drives
• 1. One version uses firmware in the drive that
  first determines whether a disc has been
  formatted for write-once or rewritable recording
  and then acts on that disc accordingly.
• 2. In the MO version, two entirely different
  media are used.
• 3. Rewritable discs are conventional MO disks,
  but write-once media are traditional WORM media.

92
Avoiding Data Loss

• Disaster Recovery
• A. Disaster Prevention
• 1. Focus on factors that are controllable.
• 2. Determine the best method of prevention.
• 3. Implement and enforce the preventive measures
  chosen.
• 4. Continually check for new and better methods
  of prevention.
• 5. Perform regular and routine maintenance on
  all network hardware and software components.
• 6. Remember that training is the key to
  preventing network disasters of the human kind.

93
Avoiding Data Loss

• B. Disaster Preparation
• 1. Not all disasters can be prevented.
• 2. Each community is different recovery plans
  must consider different factors.
• 3. Implement a plan for hardware, software, and
  data.
• 4. Inventory all hardware and software,
  including date of purchase, model, and serial
  number.
• 5. Physical components of a network can be
  easily replaced and are usually covered by some
  form of insurance, but data is highly vulnerable
  to disaster.
• 6. Store backups in a secure place, such as a
  bank safe deposit box, away from the network
  site.
• 7. To fully recover from any disaster
• a. Create a disaster recovery plan.
• b. Implement the plan.
• c. Test the plan.