Network+ Guide

Ensuring Integrity and Availability

Objectives
Identify the characteristics of a network that keeps data safe from loss or damage Protect an enterprise-wide network from viruses Explain network- and system-level fault-tolerance techniques Discuss issues related to network backup and recovery strategies Describe the components of a useful disaster recovery plan and the options for disaster contingencies

What Are Integrity and Availability?

Integrity: soundness of networks programs, data, services, devices, and connections Availability: how consistently and reliably file or system can be accessed by authorized personnel
Need well-planned and well-configured network Data backups, redundant devices, protection from malicious intruders

Phenomena compromising integrity and availability:

Security breaches, natural disasters, malicious intruders, power flaws, human error

What Are Integrity and Availability? (continued)

General guidelines for protecting network:
Allow only network administrators to create or modify NOS and application system files Monitor network for unauthorized access or changes Record authorized system changes in a change management system Install redundant components Perform regular health checks

What Are Integrity and Availability? (continued)

General guidelines for protecting network (continued):
Check system performance, error logs, and system log book regularly Keep backups, boot disks, and emergency repair disks current and available Implement and enforce security and disaster recovery policies

Viruses
Program that replicates itself with intent to infect more computers
Through network connections or exchange of external storage devices Typically copied to storage device without users knowledge

Trojan horse: program that disguises itself as something useful but actually harms system
Not considered a virus

Types of Viruses
Boot sector viruses: located in boot sector of computers hard disk
When computer boots up, virus runs in place of computers normal system files Removal first requires rebooting from uninfected, write-protected disk with system files on it

Macro viruses: take form of macro that may be executed as user works with a program
Quick to emerge and spread Symptoms vary widely

Types of Viruses (continued)

File-infected viruses: attach to executable files
When infected executable file runs, virus copies itself to memory Can have devastating consequences Symptoms may include damaged program files, inexplicable file size increases, changed icons for programs, strange messages, inability to run a program

Worms: programs that run independently and travel between computers and across networks
Not technically viruses Can transport and hide viruses

Types of Viruses (continued)

Trojan horse: program that claims to do something useful but instead harms system Network viruses: propagated via network protocols, commands, messaging programs, and data links Bots: program that runs automatically, without requiring a person to start or stop it
Many bots spread through Internet Relay Chat (IRC) Used to damage/destroy data or system files, issue objectionable content, further propagate virus

Virus Characteristics
Encryption: encrypted virus may thwart antivirus programs attempts to detect it Stealth: stealth viruses disguise themselves as legitimate programs or replace part of legitimate programs code with destructive code Polymorphism: polymorphic viruses change characteristics every time transferred Time-dependence: time-dependent viruses programmed to activate on particular date

Virus Protection: Antivirus Software

Antivirus software should at least:
Detect viruses through signature scanning Detect viruses through integrity checking Detect viruses by monitoring unexpected file changes or virus-like behaviors Receive regular updates and modifications from a centralized network console Consistently report only valid viruses
Heuristic scanning techniques attempt to identify viruses by discovering virus-like behavior (may give false positives)

Antivirus Policies
Provide rules for using antivirus software and policies for installing programs, sharing files, and using floppy disks Suggestions for antivirus policy guidelines:
Every computer in organization equipped with virus detection and cleaning software Users should not be allowed to alter or disable antivirus software Users should know what to do in case virus detected

Antivirus Policies (continued)

Suggestions for antivirus policy guidelines (continued):
Antivirus team should be appointed to focus on maintaining antivirus measures Users should be prohibited from installing any unauthorized software on their systems Systemwide alerts should be issued to network users notifying them of serious virus threats and advising them how to prevent infection

Virus Hoaxes
False alerts about dangerous, new virus that could cause serious damage to systems
Generally an attempt to create panic Should not be passed on Can confirm hoaxes online

Fault Tolerance
Capacity for system to continue performing despite unexpected hardware or software malfunction Failure: deviation from specified level of system performance for given period of time Fault: involves malfunction of system component
Can result in a failure

Varying degrees
At highest level, system remains unaffected by even most drastic problems

Environment
Must analyze physical environment in which devices operate
e.g., excessive heat or moisture, break-ins, natural disasters

Can purchase temperature and humidity monitors

Trip alarms if specified limits exceeded

Data Backup
Copy of data or program files created for archiving or safekeeping
No matter how reliable and fault-tolerant you believe your servers hard disk (or disks) to be, still risk losing everything unless you make backups on separate media and store them off-site

Many options exist for making backups

Backup Media and Methods

To select appropriate solution, consider following questions:
Sufficient storage capacity? Reliability? Data error checking techniques? System efficient enough to complete backup process before daily operations resume? Cost and capacity? Compatibility? Frequent manual intervention? Scalability?

Optical Media
Capable of storing digitized data
Uses laser to write and read data CD-ROMs and DVDs

Requires proper disk drive to write data Writing data usually takes longer than saving data to another type of media

Tape Backups
Relatively simple, capable of storing large amounts of data, at least partially automated On relatively small networks, standalone tape drives may be attached to each server On large networks, one large, centralized tape backup device may manage all subsystems backups
Usually connected to computer other than file server

External Disk Drives

Storage devices that can be attached temporarily to a computer via USB, PCMCIA, FireWire, or Compact-Flash port
Removable disk drives

For backing up large amounts of data, likely to use external disk drive with backup control features, high capacity, and fast read-write access Faster data transfer rates than optical media or tape backups

Network Backups
Save data to another place on network
Must back up data to different disk than where it was originally stored

Most NOSs provide utilities for automating and managing network backups Online backup: saves data across Internet to another companys storage array
Strict security measures to protect data in transit Backup and restoration processes automated

Backup Strategy
Strategy should address following questions:
What data must be backed up? Rotation schedule? Time backups occur? Method of accuracy verification? Where and how long will backup media be stored? Who will take responsibility? How long will backups be saved? Where will documentation be stored?

Backup Strategy (continued)

Archive bit: file attribute that can be checked or unchecked
Indicates whether file must be archived

Backup methods use archive bit in different ways

Full backup: all data copied to storage media, regardless of whether data is new or changed
Archive bits set to off for all files

Incremental backup: copies only data that has changed since last full or incremental backup
Unchecks archive bit for every file saved

Differential backup: does not uncheck archive bits for files backed up

Backup Strategy (continued)

Determine best possible backup rotation scheme
Provide excellent data reliability without overtaxing network or requiring a lot of intervention Several standard backup rotation schemes
Grandfather-father-son: Uses DAILY (son), weekly (father), and monthly (grandfather) backup sets

Make sure backup activity recorded in backup log Establish regular schedule of verification

Backup Strategy (continued)

Figure 13-13: The grandfather-father-son backup rotation scheme

Disaster Recovery: Disaster Recovery Planning

Disaster recovery: process of restoring critical functionality and data after enterprise-wide outage Disaster recovery plan accounts for worst-case scenarios
Contact names and info for emergency coordinators Details on data and servers being backed up, backup frequency, backup location, how to recover Details on network topology, redundancy, and agreements with national service carriers Strategies for testing disaster recovery plan Plan for managing the crisis

Disaster Recovery Contingencies

Several options for recovering from disaster
Cold site: place where computers, devices, and connectivity necessary to rebuild network exist
Not configured, updated, or connected

Warm site: same as cold site, but some computers and devices appropriately configured, updated, or connected Hot site: computers, devices, and connectivity necessary to rebuild network are appropriately configured, updated, and connected to match networks current state

Summary
Integrity refers to the soundness of your networks files, systems, and connections Several basic measures can be employed to protect data and systems on a network A virus is a program that replicates itself so as to infect more computers, either through network connections or through external storage devices passed among users A good antivirus program should be able to detect viruses through signature scanning, integrity checking, and heuristic scanning

Summary (continued)
The goal of fault-tolerant systems is to prevent faults from progressing to failures Fault tolerance is a systems capacity to continue performing despite an unexpected hardware or software malfunction A UPS is a battery power source that prevents undesired features of the power source from harming the device or interrupting its services For utmost fault tolerance in power supply, a generator is necessary

Summary (continued)
Critical servers often contain redundant NICs, processors, and/or hard disks to provide better fault tolerance Server mirroring involves utilizing a second, identical server to duplicate the transactions and data storage of one server Clustering links multiple servers together to act as a single server RAID is an important storage redundancy feature

Summary (continued)
Backups can be saved to optical media (such as CDs and DVDs), tapes, external disk drives, or to another location on a network The aim of a good backup rotation scheme is to provide excellent data reliability but not to overtax your network or require much intervention Disaster recovery is the process of restoring your critical functionality and data after an enterprisewide outage that affects more than a single system or a limited group of users