Book cover slide

1

• Section 13.1
• Describe the role of SNMP in network management
• Demonstrate how user and group accounts are used
• Section 13.2
• Demonstrate how log files can be used to resolve
  problems
• Explain common backup strategies
• List tasks to be performed to properly maintain
  computer systems

2

• Section 13.3
• Execute simple Windows and Linux script commands
• Identify how script files can be used in a
  network environment
• Explain the roles of the shell and the kernel in
  an operating system
• Section 13.4
• Identify common methods of securing network data
• Create a network security plan

3
pp. 370-375
The Basics of Managing Networks
13.1
Guide to Reading
Main Ideas SNMP-compliant devices can store and
communicate information about themselves.
Individual users can be added to groups, and
groups can be assigned to resource permissions to
make access management easier.
Key Terms Simple Network Management Protocol
(SNMP) Management Information Base
(MIB) username account policies permissions
4
pp. 370-375
The Basics of Managing Networks
13.1
Managing Equipment and SNMP
The Simple Network Management Protocol (SNMP) was
designed to allow devices to store this
information in a database called a Management
Information Base (MIB). This information can
then be retrieved by special applications known
as SNMP management applications.
Simple Network Management Protocol (SNMP) A
protocol that allows a device on the network to
store information about itself, then return that
information when asked. SNMP-compliant devices
are able to store information about themselves.
(p. 370) Management Information Base (MIB) A
database in which information about an SNMP
device, called an agent, is stored. (p. 370)
5
pp. 370-375
The Basics of Managing Networks
13.1
Managing People
Users are network resources that must be managed.
At the network level, user access to resources
is carefully defined. For example, only certain
individuals might be allowed to create files
within a certain folder on the network. Anyone
else attempting to create a file there gets an
access denied message.
6
pp. 370-375
The Basics of Managing Networks
13.1
Managing People
An account must be created for a user before that
user can log on to the network. The user
account also establishes the username and
password.
username A logon name that identifies a specific
user on the network. (p. 372)
7
pp. 370-375
The Basics of Managing Networks
13.1
Managing People
After the user account is established,
permissions can be assigned. A network
administrator may have an account policy that
requires a secure, strong password. Permissions
can be set on a per-user basis. However, it is
less time-consuming for an administrator to
assign permissions to groups of users
simultaneously.
account policy Acceptable user practices. (p.
373) permissions Also called security settings.
Permissions determine the resources to which a
user has access. (p. 373)
8
pp. 370-375
The Basics of Managing Networks
13.1
Managing People
Groups are used to assign network access
permission to many users at a time. Most of the
time, a groups boundaries is a department. For
example, users in the Computer Aided Drafting
(CAD) department could be formed into a CAD Users
group.
9
pp. 370-375
The Basics of Managing Networks
13.1
You Try It

• Activity 13A Viewing Permissions Settings (p.
  374)

10
pp. 377-382
Networking Monitoring Maintenance
13.2
Guide to Reading
Main Ideas Log files and auditing tools are used
to monitor networks. Proper maintenance of
systems includes caring for the physical
well-being, as well as upgrading hardware and
software. Data should be backed up regularly.
Key Terms log file auditing replication uninterru
ptible power supply (UPS)
11
pp. 377-382
Networking Monitoring Maintenance
13.2
Basics of Network Monitoring
When a system develops problems, log files often
serve as the first source of diagnostic
information. A boot log file is created when a
system boots. A log file created by a firewall
application can help identify the IP address of a
hacker trying to access the system.
log file A simple text file that records
information about the device, system, or
application. (p. 377)
12
pp. 377-382
Networking Monitoring Maintenance
13.2
Basics of Network Monitoring

• Network auditing can return information about the
  hardware and software on the network.
• System audits are performed for several reasons,
  including
• verify software licenses are being used
  illegally
• record what software is in use throughout the
  network
• Inventory hardware on a network
• prepare readiness reports prior to upgrading
  hardware or software

auditing The process of examining and verifying
information. (p. 379)
13
pp. 377-382
Networking Monitoring Maintenance
13.2
Scheduled Maintenance and Upgrades

• Important maintenance software and hardware
  tasks
• Keep virus definitions up-to-date.
• Defragment the hard drive.
• Check the case for dust and other debris once
  per month.
• Ensure computers are plugged into a surge
  protector.
• Servers and other essential systems should be
  connected to an uninterruptible power supply
  (UPS) device.

uninterruptible power supply (UPS) A large
rechargeable battery that provides power to
connected devices for a period of time if main
electrical power goes out. (p. 381)
14
pp. 377-382
Networking Monitoring Maintenance
13.2
Scheduled Maintenance and Upgrades
The rule is simple If you cannot get along
without it, back it up.
15
pp. 377-382
Networking Monitoring Maintenance
13.2
You Try It

• Activity 13B Viewing Dr. Watson Log Files (p.
  378)

16
pp. 384-388
Basic Scripting
13.3
Guide to Reading
Main Ideas Script files are often used as part
of the boot and logon processes to control which
resources are available to the user. Linux
commands are interpreted by a shell and passed to
the Linux kernel for execution.
Key Terms script batch file kernel shell alias
17
pp. 384-388
Basic Scripting
13.3
Scripts to Manage
Logon scripts often work in conjunction with the
domain controller to determine the group to which
a user belongs. Third-party scripting
applications reduce the headache of creating
scripts.
18
pp. 384-388
Basic Scripting
13.3
Windows Scripts
Using Microsoft Active Directory, system
administrators can assign individual users, or
groups, a customized logon script. This allows a
user to have network resources configured and
available in whatever arrangement he or she
needs. Scripts are simple text files, often
stored with a .bat extension. This extension
identifies the files as a batch file.
batch file A file similar to a scripteach line
contains instructions that can be read and
executed by the operating system. (p. 385)
19
pp. 384-388
Basic Scripting
13.3
Linux Scripts
At the heart of the Linux OS is the Linux kernel.
A shell is used as the interface from a human
being to the kernel.
kernel The part of a program that is responsible
for allocating resources and communicating
directly with the hardware. (p. 387) shell An
interface from a human being to the kernel that
provides commands that a user can execute on a
processor. (p. 387)
20
pp. 384-388
Basic Scripting
13.3
Linux Scripts
The shell provides commands that a user can
execute. The shell then interprets the
user-friendly command into a kernel-friendly
command. The kernel then translates the command
to something the processor understands.
21
pp. 384-388
Basic Scripting
13.3
Linux Scripts
Commands in Linux often seem long and cryptic,
especially to a Linux newbie, or beginner.
Fortunately, these commands can be aliased to
something easier to remember.
alias A shortcut method for using or writing a
command. (p. 388)
22
pp. 384-388
Basic Scripting
13.3
Linux Scripts
Here is an example that would be a great addition
to a logon script The first line creates
(aliases) a new command, called cdrom, that
executes the mount /mnt/cdrom command. The
second line aliases the command ucdrom to
unmount the drive.
alias cdrom"mount /mnt/cdrom" alias
ucdrom"umount /mnt/cdrom"
23
pp. 384-388
Basic Scripting
13.3
You Try It

• Activity 13C Working with Windows Batch
  Commands
• (p. 385)

24
pp. 389-392
Ensuring Network Security
13.4
Guide to Reading
Main Ideas Network security is a serious
responsibility and must always be maintained.
Access permissions permit access to the resource.
Network security incorporates firewalls, proxies,
encryption, and frequent review of security logs.
Computer viruses are malicious programs.
Key Terms password-protected share access
permission Network Address Translation
(NAT) boot-sector virus file infector virus
25
pp. 389-392
Ensuring Network Security
13.4
Planning for Network Security

• Maintaining network security requires a balance
  between facilitating easy access to data by
  authorized users and restricting access to data
  by unauthorized users. The network administrator
  creates this balance.
• Four major threats to the security of data on a
  network are
• unauthorized access
• electronic tampering
• theft
• intentional or unintentional damage

26
pp. 389-392
Ensuring Network Security
13.4
Security Models

• Assigning permissions and rights to network
  resources are at the heart of securing the
  network.
• Two security models have evolved for keeping data
  and hardware resources safe
• password-protected shares
• access permissions

password-protected share A security method for
keeping data and hardware resources safe in which
a password is assigned to each shared resource.
In most peer-to-peer networks it is the only type
of security available. (p. 390) access
permission Access rights assigned to objects
(such as files, folders, and printers) on a
per-user basis. (p. 390)
27
pp. 389-392
Ensuring Network Security
13.4
Security Models
This table outlines the major permissions
available on Windows networks.
28
pp. 389-392
Ensuring Network Security
13.4
Security Enhancements

• The network administrator can increase the level
  of security on a network by several means
• firewalls
• proxies
• auditing
• encrypting data
• Proxy servers also protect the network using a
  feature called Network Address Translation (NAT).

Network Address Translation (NAT) A network
method of shielding the internal IP addresses
from the outside world by filtering outbound
network traffic. (p. 392)
29
pp. 389-392
Ensuring Network Security
13.4
Computer Viruses

• There are two categories of viruses
• boot-sector viruses
• file infector viruses
• Here is a list of the more common file
  infectors
• companion virus
• macro virus
• polymorphic virus
• stealth virus

boot-sector virus A virus that executes when the
computer is booted. (p. 392) file infector A
virus that attaches itself to a file or program
and activates any time the file is used. (p. 392)
30
Chapter 13
Resources
For more resources on this chapter, go to the
Introduction to Networks and Networking Web site
at http//networking.glencoe.com.