Network Guide to Networks, Fourth Edition

1
Network Guide to Networks, Fourth Edition

• Chapter 13
• Ensuring Integrity and Availability

2
What Are Integrity and Availability?

• Integrity soundness of networks programs, data,
  services, devices, and connections
• Availability how consistently and reliably file
  or system can be accessed by authorized personnel
• Need well-planned and well-configured network
• Data backups, redundant devices, protection from
  malicious intruders
• Phenomena compromising integrity and
  availability
• Security breaches, natural disasters, malicious
  intruders, power flaws, human error

3
Viruses

• Program that replicates itself with intent to
  infect more computers
• Through network connections or exchange of
  external storage devices
• Typically copied to storage device without users
  knowledge
• Trojan horse program that disguises itself as
  something useful but actually harms system
• Not considered a virus

4
Types of Viruses

• Boot sector viruses located in boot sector of
  computers hard disk
• When computer boots up, virus runs in place of
  computers normal system files
• Removal first requires rebooting from uninfected,
  write-protected disk with system files on it
• Macro viruses take form of macro that may be
  executed as user works with a program
• Quick to emerge and spread
• Symptoms vary widely

5
Types of Viruses (continued)

• File-infected viruses attach to executable files
• When infected executable file runs, virus copies
  itself to memory
• Can have devastating consequences
• Symptoms may include damaged program files,
  inexplicable file size increases, changed icons
  for programs, strange messages, inability to run
  a program
• Worms programs that run independently and travel
  between computers and across networks
• Not technically viruses
• Can transport and hide viruses

6
Types of Viruses (continued)

• Trojan horse program that claims to do something
  useful but instead harms system
• Network viruses propagated via network
  protocols, commands, messaging programs, and data
  links
• Bots program that runs automatically, without
  requiring a person to start or stop it
• Many bots spread through Internet Relay Chat
  (IRC)
• Used to damage/destroy data or system files,
  issue objectionable content, further propagate
  virus

7
Virus Characteristics

• Encryption encrypted virus may thwart antivirus
  programs attempts to detect it
• Stealth stealth viruses disguise themselves as
  legitimate programs or replace part of legitimate
  programs code with destructive code
• Polymorphism polymorphic viruses change
  characteristics every time transferred
• Time-dependence time-dependent viruses
  programmed to activate on particular date

8
Virus Protection Antivirus Software

• Antivirus software should at least
• Detect viruses through signature scanning
• Detect viruses through integrity checking
• Detect viruses by monitoring unexpected file
  changes or virus-like behaviors
• Receive regular updates and modifications from a
  centralized network console
• Consistently report only valid viruses
• Heuristic scanning techniques attempt to identify
  viruses by discovering virus-like behavior (may
  give false positives)

9
Antivirus Policies

• Provide rules for using antivirus software and
  policies for installing programs, sharing files,
  and using floppy disks
• Suggestions for antivirus policy guidelines
• Every computer in organization equipped with
  virus detection and cleaning software
• Users should not be allowed to alter or disable
  antivirus software
• Users should know what to do in case virus
  detected

10
Fault Tolerance

• Capacity for system to continue performing
  despite unexpected hardware or software
  malfunction
• Failure deviation from specified level of system
  performance for given period of time
• Fault involves malfunction of system component
• Can result in a failure
• Varying degrees
• At highest level, system remains unaffected by
  even most drastic problems

11
Power Power Flaws

• Power flaws that can damage equipment
• Surge momentary increase in voltage due to
  lightning strikes, solar flares, or electrical
  problems
• Noise fluctuation in voltage levels caused by
  other devices on network or electromagnetic
  interference
• Brownout momentary decrease in voltage also
  known as a sag
• Blackout complete power loss

12
UPSs (Uninterruptible Power Supplies)

• Battery-operated power source directly attached
  to one or more devices and to power supply
• Prevents undesired features of outlets A/C power
  from harming device or interrupting services
• Standby UPS provides continuous voltage to
  device
• Switch to battery when power loss detected
• Online UPS uses power from wall outlet to
  continuously charge battery, while providing
  power to network device through battery

13
Servers

• Make servers more fault-tolerant by supplying
  them with redundant components
• NICs, processors, and hard disks
• If one item fails, entire system wont fail
• Enable load balancing

14
Server Mirroring

• Mirroring one device or component duplicates
  activities of another
• Server Mirroring one server duplicates
  transactions and data storage of another
• Must be identical machines using identical
  components
• Requires high-speed link between servers
• Requires synchronization software
• Form of replication
• Servers can stand side by side or be positioned
  in different locations

15
Clustering

• Link multiple servers together to act as single
  server
• Share processing duties
• Appear as single server to users
• If one server fails, others automatically take
  over data transaction and storage
  responsibilities
• More cost-effective than mirroring
• To detect failures, clustered servers regularly
  poll each other
• Servers must be close together

16
Storage RAID (Redundant Array of Independent (or
Inexpensive) Disks)

• Collection of disks that provide fault tolerance
  for shared data and applications
• Disk array
• Collection of disks that work together in RAID
  configuration, often referred to as RAID drive
• Appear as single logical drive to system
• Hardware RAID set of disks and separate disk
  controller
• Managed exclusively by RAID disk controller
• Software RAID relies on software to implement
  and control RAID techniques

17
RAID Level 0?Disk Striping

• Simple implementation of RAID
• Not fault-tolerant
• Improves performance

Figure 13-6 RAID Level 0disk striping
18
RAID Level 1Disk Mirroring

• Data from one disk copied to another disk
  automatically as information written
• Dynamic backup
• If one drive fails, disk array controller
  automatically switches to disk that was mirroring
  it
• Requires two identical disks
• Usually relies on system software to perform
  mirroring
• Disk duplexing similar to disk mirroring, but
  separate disk controller used for each disk

19
RAID Level 1Disk Mirroring (continued)
Figure 13-7 RAID Level 1disk mirroring
20
RAID Level 5Disk Striping with Distributed
Parity

• Data written in small blocks across several disks
  
• Parity error checking information distributed
  among disks
• Highly fault-tolerant
• Very popular
• Failed disk can be replaced with little
  interruption
• Hot spare disk or partition that is part of
  array, but used only in case a RAID disks fails
• Cold spare duplicate component that can be
  installed in case of failure

21
RAID Level 5Disk Striping with Distributed
Parity (continued)
Figure 13-9 RAID Level 5disk striping with
distributed parity
22
NAS (Network Attached Storage)

• Specialized storage device that provides
  centralized fault-tolerant data storage
• Maintains own interface to LAN
• Contains own file system optimized for saving and
  serving files
• Easily expanded without interrupting service
• Cannot communicate directly with network clients

23
NAS (continued)
Figure 13-10 Network attached storage on a LAN
24
SANs (Storage Area Networks)
Figure 13-11 A storage area network
25
Data Backup

• Copy of data or program files created for
  archiving or safekeeping
• No matter how reliable and fault-tolerant you
  believe your servers hard disk (or disks) to be,
  still risk losing everything unless you make
  backups on separate media and store them off-site
• Many options exist for making backups

26
Optical Media

• Capable of storing digitized data
• Uses laser to write and read data
• CD-ROMs and DVDs
• Requires proper disk drive to write data
• Writing data usually takes longer than saving
  data to another type of media

27
External Disk Drives

• Storage devices that can be attached temporarily
  to a computer via USB, PCMCIA, FireWire, or
  Compact-Flash port
• Removable disk drives
• For backing up large amounts of data, likely to
  use external disk drive with backup control
  features, high capacity, and fast read-write
  access
• Faster data transfer rates than optical media or
  tape backups

28
Backup Strategy (continued)

• Archive bit file attribute that can be checked
  or unchecked
• Indicates whether file must be archived
• Backup methods use archive bit in different ways
• Full backup all data copied to storage media,
  regardless of whether data is new or changed
• Archive bits set to off for all files
• Incremental backup copies only data that has
  changed since last full or incremental backup
• Unchecks archive bit for every file saved
• Differential backup does not uncheck archive
  bits for files backed up

29
Disaster Recovery Disaster Recovery Planning

• Disaster recovery process of restoring critical
  functionality and data after enterprise-wide
  outage
• Disaster recovery plan accounts for worst-case
  scenarios
• Contact names and info for emergency coordinators
• Details on data and servers being backed up,
  backup frequency, backup location, how to recover
• Details on network topology, redundancy, and
  agreements with national service carriers
• Strategies for testing disaster recovery plan
• Plan for managing the crisis

30
Disaster Recovery Contingencies

• Several options for recovering from disaster
• Cold site place where computers, devices, and
  connectivity necessary to rebuild network exist
• Not configured, updated, or connected
• Warm site same as cold site, but some computers
  and devices appropriately configured, updated, or
  connected
• Hot site computers, devices, and connectivity
  necessary to rebuild network are appropriately
  configured, updated, and connected to match
  networks current state