CH-14-15 Ensuring Integrity and Availability – Network+ Guide to Networks : Chapter Notes

This Document Contains Chapters 14 to 15 Chapter 14 Ensuring Integrity and Availability At a Glance Instructor’s Manual Table of Contents •Overview •Objectives •Teaching Tips •Quick Quizzes •Class Discussion Topics •Additional Projects •Additional Resources •Key Terms Lecture Notes Overview Because networks are a vital part of keeping an organization running, a student must pay attention to measures that keep LANs and WANs safe and secure. The student can never assume that data is safe on the network until he or she has taken explicit measures to protect the information. In this chapter, the student will learn about protecting networks and their resources from the adverse effects of power flaws, hardware or system failures, malware, and natural disasters. Chapter Objectives After reading this chapter and completing the exercises, the student will be able to: •Identify the characteristics of a network that keep data safe from loss or damage •Protect an enterprise-wide network from malware •Explain fault-tolerance techniques for storage, network design, connectivity devices, naming and addressing services, and servers •Discuss best practices for network backup and recovery •Describe the components of a useful disaster recovery plan and the options for disaster contingencies Teaching Tips What Are Integrity and Availability? 1. Define and explain the term integrity. 2. Define and explain the term availability. 3. Describe various phenomena that may compromise both integrity and availability. 4. Explain how users can compromise integrity and availability: a. Unintentionally b. Intentionally 5. Emphasize that a network professional cannot predict every type of vulnerability. 6. Review general guidelines for protecting a network. a. Define and explain the term redundancy. Malware 1. Define and explain the term malware. a. Note the programs or code that are considered malware. Teaching Tip Point out to the students that term malware is derived from a combination of the words malicious and software. 2. Define and describe a virus. 3. Mention that often, unwanted and potentially destructive programs are called viruses, but that they do not meet the criteria used to define a virus. a. Introduce a Trojan horse as an example. Types of Malware 1. Mention that malware can be classified into different categories based on where it resides on a computer and how it propagates itself. 2. Define and describe a boot sector virus. 3. Define and describe a macro virus. 4. Define and describe a file-infector virus. 5. Define and describe a worm. 6. Define and describe a Trojan horse. 7. Define and describe a network virus. 8. Define and describe a bot. 9. Mention that there are certain characteristics that can make malware harder to detect and eliminate. 10. Explain how some viruses, worms, and Trojan horses use encryption to prevent detection. 11. Explain what stealth malware do to prevent detection. 12. Explain what polymorphic viruses do to prevent detection. 13. Explain how some viruses, worms, and Trojan horses are programmed to activate based on a time dependency. a. Define the term logic bomb. 14. Point out that malware can exhibit more than one of the preceding characteristics. Teaching Tip An excellent resource for learning about new viruses, their characteristics, and ways to get rid of them is McAfee’s Virus Information Library. Perform an in-class demonstration by navigating to the McAfee site at http://home.mcafee.com/VirusInfo/Default.aspx and reviewing the material available at the site. Malware Protection 1. Introduce the need for malware protection by noting that protection against harmful code involves more than just installing anti-malware software. 2. Emphasize that malware protection requires choosing the most appropriate anti-malware program for an environment, monitoring the network, continually updating the anti-malware program, and educating users. 3. Introduce the concept of anti-malware software. a. Emphasize that while some malware is not immediately detectable by users, it may still leave evidence of itself. b. Point out that some evidence can be detected only via anti-malware software. c. Review symptoms that might lead to the suspicion of a virus on a computer. d. Point out that most likely, the student will not notice malware until it has already damaged files. 4. Describe the minimal functions anti-malware software should perform. 5. Explain why an implementation of anti-malware software depends on the computing environment’s needs. 6. Discuss the most important decision when implementing anti-malware software on a network. 7. Mention some examples of popular anti-malware packages. 8. Introduce the concept of anti-malware policies. a. Explain why it is important that all network users understand how to prevent the spread of malware. b. Discuss the benefit an anti-malware policy provides. c. Review suggestions for anti-malware policy guidelines. d. Point out to students that these policies are intended to protect the network from damage and downtime. 9. Explain the concept of hoaxes and what to do if one is received. Teaching Tip The f-secure Web site is a good resource for verifying hoaxes. This Web site also teaches students more about the phenomenon of hoaxes. Perform an in-class demonstration by navigating to the website at http://www.f-secure.com/virus-info/hoax and reviewing the material available at the site. Quick Quiz 1 1. True or False: Integrity refers to the soundness of your network’s files, systems, and connections. Answer: True 2. Which of the following is not considered malware? a. viruses b. worms c. bots d. intentional user errors Answer: D 3. A____ is a program that runs independently and travels between computers and across networks. a. file-infector virus b. Trojan horse c. worm d. network virus Answer: C 4. ____________________ viruses change their characteristics (such as the arrangement of their bytes, size, and internal instructions) every time they are transferred to a new system, making them harder to identify. Answer: Polymorphic 5. True or False: Your implementation of anti-malware software depends on your computing environment’s needs. Answer: True Fault Tolerance 1. Introduce the concept of fault tolerance. 2. Note that fault tolerance can be realized in varying degrees. Environment 1. Introduce the importance of analyzing the physical environment in which network devices operate when considering fault tolerant techniques. 2. Note considerations that need to be addressed when reviewing physical environment fault tolerance. Power 1. Emphasize that power loss or less than optimal power cannot be tolerated by networks. 2. Describe power flaws that can damage equipment. a. Surge b. Noise c. Brownout d. Blackout 3. Explain how network administrators ensure that power remains available and problem free by installing a UPS (uninterruptible power supply). a. Define the term UPS (uninterruptible power supply). b. Describe the varying characteristics of UPS systems. c. Explain the two general categories of UPSs: standby and online. d. Use Figure 14-1 to illustrate standby and online UPSs 4. Define and explain the factors to consider when deciding the correct UPS a network. a. Amount of power needed b. Measuring volt-amps c. Period of time to keep a device running d. Line conditioning e. Cost 5. Introduce the concept of a generator. a. Explain characteristics of their use. b. Describe how to calculate an organization’s crucial electrical demands to determine a generator’s optimal size. c. Use Figure 14-2 to illustrate UPSs and a generator in a network design. Teaching Tip Provide an in-class demonstration by navigating to the APC Web site at http://www.apc.com to review commercially available backup equipment. Network Design 1. Remind students that each physical topology offers certain advantages and disadvantages, and that the students need to assess a networks needs before designing data links. 2. Describe the key to fault tolerance in network design. a. Provide examples of fault tolerant topologies. 3. Walk through the PayNTime example with the class to illustrate redundancy and fault tolerance implementation scenarios. a. Use Figure 14-4 to illustrate VPNs linking multiple customers. b. Use Figure 14-5 to illustrate single T1 connectivity. c. Use Figure 14-6 to illustrate fully redundant T1 connectivity. 4. Ensure students understand the function of link aggregation at the server level. 5. Explain that physical redundancy must be supported by a logical redundancy, which some organizations accomplish via their naming and addressing services. 6. Use Figure 14-8 to explain redundancy of the naming services (DNS). 7. Use Figure 14-9 to explain how DNS can provide logical redundancy to support multiple links or servers. 8. Briefly explain the common address redundancy protocol (CARP) and use Figure 14-10 to explain round-robin DNS with CARP. Servers 1. Explain the redundant components that may be supplied to servers to make them more fault tolerant. 2. Introduce the concept of server mirroring as a sophisticated way to provide fault tolerance. a. Define the term mirroring. b. Define and describe server mirroring. c. Describe one advantage to mirroring. d. Describe two disadvantages to mirroring. 3. Introduce the concept of clustering as a sophisticated way to provide fault tolerance. a. Define the term clustering. b. Explain how clustering among servers is implemented. c. Describe one factor to consider when separating clustered servers. d. Describe the many advantages over mirroring that clustering offers. e. Explain a similarity between mirroring, and clustering. Teaching Tip Students may find more information on Windows Server 2008 Failover Clustering at http://technet.microsoft.com/en-us/magazine/2008.07.failover.aspx Storage 1. Point out to students that the availability and fault tolerance of data storage is related to the availability and fault tolerance of servers. 2. Introduce the concept of RAID. a. Define RAID (Redundant Array of Independent [or Inexpensive] Disks). b. Define the term disk array (or a drive). c. Describe in general how RAID works. d. Explain an advantage of using RAID. e. Describe common characteristic of the many levels of RAID. 3. Point out that RAID may be implemented as a hardware or software solution. a. Define and describe hardware RAID. b. Define and describe software RAID. 4. Introduce the four most common and supported types of RAID found on modern NOSs. Teaching Tip Students may find more information on RAID at http://linas.org/linux/raid.html and http://support.microsoft.com/kb/100110 5. Introduce the concept of NAS (network attached storage). a. Define and describe NAS (network attached storage). b. Describe advantages to using NAS. c. Note the drawback of NAS. d. Use Figure 14-11 to illustrate how a NAS device physically connects to a LAN. e. Explain where the use of NAS is most appropriate. Teaching Tip Students may find more information on network attached storage (NAS) at http://www-03.ibm.com/systems/storage/network 6. Introduce the concept of SANs (storage area networks). a. Define and describe SANs (storage area networks). b. Describe the fault tolerant and speed advantages to using SANs. c. Describe a popular SAN transmission method. d. Use Figure 14-12 to illustrate a SAN connected to a traditional Ethernet network. e. Explain the installation advantage of SAN. f. Explain the scalability advantage SAN provides. g. Note the drawbacks of SAN. h. Explain where the use of SAN is most appropriate. Teaching Tip Students may read more information on SANs in the IBM Redbook: Introduction to Storage Area Networks at: http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg245470.html Data Backup 1. Define the term backup and explain the benefits backups provide. 2. Introduce the many different options that exist for making backups. Backup Media and Methods 1. Mention that several approaches are available when selecting backup media and methods. 2. Point out that each approach will have its own advantages and disadvantages. 3. Review questions to ask and answer to assist in determine the appropriate backup media and method for a network. 4. Introduce optical media as a backup media type. a. Define the term optical media and provide examples. b. Describe one potential disadvantage to using CD-R and recordable DVDs for backups. 5. Introduce tape backups as a backup media type. a. Describe tape backup. b. Note that this method is relatively simple and capable of storing very large amounts of data. c. Describe how tape backup might be implemented on both small and large networks. 6. Introduce external disk drives as a backup media type. a. Define an external disk drive. b. Note that these devices are also known as removable disk drives. c. Describe how they are use for backup and recovery. d. Describe one advantage to using external disk drives. 7. Introduce network storage as a backup media type. a. Describe how backup data may be saved to another place on the network for a WAN. b. Describe how to perform network backups if an organization does not have a WAN or a high-end storage solution. c. Define and describe online backups. d. Discuss characteristics that should be reviewed when evaluating an online backup provider. Backup Strategy 1. Introduce the concept of a backup strategy. 2. Review the questions a solid backup strategy should address. 3. Emphasize that different backup methods provide varying levels of certainty and corresponding labor and cost. 4. Define and explain the archive bit. a. Describe a full backup. b. Describe an Incremental backup. c. Describe a differential backup. 5. Define and describe a backup rotation scheme. a. Describe the Grandfather-Father-Son backup rotation scheme. b. Use Figure 14-13 to illustrate the Grandfather-Father-Son backup rotation scheme. 6. Explain the importance of ensuring that backup activity is recorded in a backup log. 7. Explain the importance of establishing a regular schedule of verification. Disaster Recovery 1. Introduce the concept of disaster recovery. Disaster Recovery Planning 1. Introduce the concept of disaster recovery planning. 2. Discuss sections of a disaster recovery plan relating to computer systems that should be included. 3. Note the benefit of having a comprehensive disaster recovery plan. Disaster Recovery Contingencies 1. Introduce and explain disaster recovery contingency. 2. Define and explain a cold site. 3. Define and explain a warm site. 4. Define and explain a hot site. Quick Quiz 2 1. A(n) ____________________ is a momentary increase in voltage due to lightning strikes, solar flares, or electrical problems. Answer: surge 2. A ____ is a battery-operated power source directly attached to one or more devices and to a power supply (such as a wall outlet) that prevents undesired features of the wall outlet’s A/C power from harming the device or interrupting its services. a. UPS b. generator c. transformer d. SONET Answer: A 3. ____________________ is a fault-tolerance technique in which one device or component duplicates the activities of another. Answer: Mirroring 4. ____________________ is a fault-tolerance technique that links multiple servers together to act as a single server. Answer: Clustering 5. A _____ plan accounts for the worst-case scenarios, from a far-reaching hurricane to a military or terrorist attack. a. continuity b. contingency c. disaster recovery d. survivability Answer: C Class Discussion Topics 1. Discuss the proliferation of malware. How might it be controlled in the future? 2. Discuss the advantages and disadvantages of using software RAID. Additional Projects 1. Have the student select and research one topic from the NAS, SAN or RAID subject areas. Ask them to include an analysis of a current commercial or free product implementing the technology. The final report should consist of the following sections: Introduction, Background and History, Technical Specifications, Implementation, Barriers, and Summary. 2. The grandfather-father-son backup scenario is a classic rotation scheme; however, the advent of cloud-based technologies has caused some to rethink this strategy. Have students study some of the available technologies and write a brief discussion of how online backups can fit into a hybrid solution of on-premise backups along-side online backups. Additional Resources 1. Trend Micro Virus Map http://wtc.trendmicro.com/wtc/default.asp 2. US-CERT http://www.us-cert.gov/ 3. IBM Storage Area Network (SAN) http://www-03.ibm.com/systems/storage/san 4. Microsoft Windows Server 2008 R2 Windows Storage Server http://www.microsoft.com/en-us/server-cloud/windows-server/storage-server.aspx 5. IBM Redbook: SAN - Redundancy and Resiliency Explained http://www.redbooks.ibm.com/abstracts/tips0033.html 6. IBM Redbook: Introduction to Storage Area Networks http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg245470.html 7. IBM Redbook: Harnessing the SAN to Create a Smarter Infrastructure http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/redp4517.html 8. IBM Redbook: IBM System Storage Business Continuity Solutions Overview http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/redp4516.html 9. Overview of Redundant Arrays of Inexpensive Disks (RAID) http://support.microsoft.com/kb/100110 10. Windows Administration: Introducing Windows Server 2008 Failover Clustering http://technet.microsoft.com/en-us/magazine/2008.07.failover.aspx?pr=blog Key Terms archive bit - A file attribute that can be checked (or set to “on”) or unchecked (or set to “off”) to indicate whether the file needs to be archived. An operating system checks a file’s archive bit when it is created or changed. array - A group of hard disks. availability - How consistently and reliably a file, device, or connection can be accessed by authorized personnel. backup - A copy of data or program files created for archiving or safekeeping. backup rotation scheme - A plan for when and how often backups occur, and which backups are full, incremental, or differential. blackout - A complete power loss. Blu-ray - An optical storage format released in 2006 by a consortium of electronics and computer vendors. Blu-ray discs are the same size as recordable DVDs, but can store significantly more data, up to 128 GB on a quadruple-layer disc. Bonding - See link aggregation. boot sector virus - A virus that resides on the boot sector of a floppy disk and is transferred to the partition sector or the DOS boot sector on a hard disk. A boot sector virus can move from a floppy to a hard disk only if the floppy disk is left in the drive when the machine starts. bot - A program that runs automatically. Bots can spread viruses or other malicious code between users in a chat room by exploiting the IRC protocol. brownout - A momentary decrease in voltage, also known as a sag. An overtaxed electrical system may cause brownouts, recognizable as a dimming of the lights. CARP (Common Address Redundancy Protocol) - A protocol that allows a pool of computers or interfaces to share one or more IP addresses. CARP improves availability and can contribute to load balancing among several devices, including servers, firewalls, or routers. cloud backup - See online backup. clustering - A fault-tolerance technique that links multiple servers to act as a single server. In this configuration, clustered servers share processing duties and appear as a single server to users. If one server in the cluster fails, the other servers in the cluster automatically take over its data transaction and storage responsibilities. cold site - A place where the computers, devices, and connectivity necessary to rebuild a network exist, but they are not appropriately configured, updated, or connected to match the network’s current state. cold spare - A duplicate component that is not installed, but can be installed in case of a failure. Common Address Redundancy Protocol – See CARP. differential backup - A backup method in which only data that has changed since the last full or incremental backup is copied to a storage medium, and in which that same information is marked for subsequent backup, regardless of whether it has changed. In other words, a differential backup does not uncheck the archive bits for files it backs up. disaster recovery - The process of restoring critical functionality and data to a network after an enterprise-wide outage that affects more than a single system or a limited group of users. encrypted virus - A virus that is encrypted to prevent detection. external disk drive - A storage device that can be attached temporarily to a computer. failover - The capability for one component (such as a NIC or server) to assume another component’s responsibilities without manual intervention. failure - A deviation from a specified level of system performance for a given period of time. A failure occurs when something does not work as promised or as planned. fault - The malfunction of one component of a system. A fault can result in a failure. Fibre Channel - A distinct network transmission method that relies on fiber-optic media and its own proprietary protocol. Fibre Channel is capable of up to 5-Gbps throughput. file-infector virus - A virus that attaches itself to executable files. When the infected executable file runs, the virus copies itself to memory. Later, the virus attaches itself to other executable files. full backup - A backup in which all data on all servers is copied to a storage medium, regardless of whether the data is new or changed. A full backup unchecks the archive bit on files it has backed up. Grandfather-Father-Son - A backup rotation scheme that uses daily (son), weekly (father), and monthly (grandfather) backup sets. hardware RAID - A method of implementing RAID that relies on an externally attached set of disks and a RAID disk controller, which manages the RAID array. heuristic scanning - A type of virus scanning that attempts to identify viruses by discovering viruslike behavior. hot site - A place where the computers, devices, and connectivity necessary to rebuild a network exist, and all are appropriately configured, updated, and connected to match your network’s current state. hot spare - In the context of RAID, a disk or partition that is part of the array, but used only in case one of the RAID disks fails. More generally, hot spare is used as a synonym for a hot swappable component. incremental backup - A backup in which only data that has changed since the last full or incremental backup is copied to a storage medium. After backing up files, an incremental backup unchecks the archive bit for every file it has saved. integrity - The soundness of a network’s files, systems, and connections. To ensure integrity, you must protect your network from anything that might render it unusable, such as corruption, tampering, natural disasters, and viruses. integrity checking - A method of comparing the current characteristics of files and disks against an archived version of these characteristics to discover any changes. The most common example of integrity checking involves a checksum. Internet Relay Chat - See IRC. IRC (Internet Relay Chat) - A protocol that enables users running special IRC client software to communicate instantly with other participants in a chat room on the Internet. Link aggregation - A fault-tolerance technique in which multiple ports or interfaces are bonded and work in tandem to create one logical interface. Link aggregation can also improve performance and allow for load balancing. load balancer - A device that distributes traffic intelligently between multiple computers. load balancing - An automatic distribution of traffic over multiple links, hard disks, or processors intended to optimize responses. logic bomb - A program designed to start when certain conditions are met. macro virus - A virus that takes the form of an application (for example, a word-processing or spreadsheet) program macro, which may execute when the program is in use. malware - A program or piece of code designed to harm a system or its resources. master name server - An authoritative name server that is queried first on a network when resolution of a name that is not already cached is requested. Master name severs can also be called primary name servers. mirroring - A fault-tolerance technique in which one component or device duplicates the activity of another. NAS (network attached storage) - A device or set of devices attached to a client/server network, dedicated to providing highly fault-tolerant access to large quantities of data. NAS depends on traditional network transmission methods such as Ethernet. network attached storage - See NAS. network virus - A virus that takes advantage of network protocols, commands, messaging programs, and data links to propagate itself. Although all viruses could theoretically travel across network connections, network viruses are specially designed to attack network vulnerabilities. NIC teaming - A type of link aggregation in which two or more NICs work in tandem to handle traffic to and from a single node. offline UPS - See standby UPS. online backup - A technique in which data is backed up to a central location over the Internet. online UPS - A power supply that uses the A/C power from the wall outlet to continuously charge its battery, while providing power to a network device through its battery. optical media - A type of media capable of storing digitized data, which uses a laser to write data to it and read data from it. polymorphic virus - A type of virus that changes its characteristics (such as the arrangement of its bytes, size, and internal instructions) every time it is transferred to a new system, making it harder to identify. primary name server - See master name server. RAID (Redundant Array of Independent [or Inexpensive] Disks) - A server redundancy measure that uses shared, multiple physical or logical hard disks to ensure data integrity and availability. Some RAID designs also increase storage capacity and improve performance. recordable DVD - An optical storage medium that can hold up to 4.7 GB on one single-layered side. Both sides of the disc can be used, and each side can have up to two layers. Thus, in total, a double-layered, two-sided DVD can store up to 17 GB of data. Recordable DVDs come in several different formats. redundancy - The use of more than one identical component, device, or connection for storing, processing, or transporting data. Redundancy is the most common method of achieving fault tolerance. Redundant Array of Independent (or Inexpensive) Disks - See RAID. removable disk drive - See external disk drive. replication - A fault-tolerance technique that involves dynamic copying of data (for example, an NOS directory or an entire server’s hard disk) from one location to another. round-robin DNS - A method of increasing name resolution availability by pointing a host name to multiple IP addresses in a DNS zone file. sag - See brownout. SAN (storage area network) - A distinct network of multiple storage devices and servers that provides fast, highly available, and highly fault-tolerant access to large quantities of data for a client/server network. A SAN uses a proprietary network transmission method (such as Fibre Channel) rather than a traditional network transmission method such as Ethernet. secondary name server - See slave name server. server mirroring - A fault-tolerance technique in which one server duplicates the transactions and data storage of another, identical server. Server mirroring requires a link between the servers and software running on both servers so that the servers can continually synchronize their actions and one can take over in case the other fails. signature scanning - The comparison of a file’s content with known virus signatures (unique identifying characteristics in the code) in a signature database to determine whether the file is a virus. slave name server - A name server that can take the place of a master name server to resolve names and addresses on a network. Slave name servers poll master name servers to ensure that their zone information is identical. Slave name servers are also called secondary name servers. software RAID - A method of implementing RAID that uses software to implement and control RAID techniques over virtually any type of hard disk(s). RAID software may be a third-party package or utilities that come with an operating system NOS. standby UPS - A power supply that provides continuous voltage to a device by switching virtually instantaneously to the battery when it detects a loss of power from the wall outlet. Upon restoration of the power, the standby UPS switches the device to use A/C power again. stealth virus - A type of virus that hides itself to prevent detection. Typically, stealth viruses disguise themselves as legitimate programs or replace part of a legitimate program’s code with their destructive code. storage area network - See SAN. surge - A momentary increase in voltage caused by distant lightning strikes or electrical problems. surge protector - A device that directs excess voltage away from equipment plugged into it and redirects it to a ground, thereby protecting the equipment from harm. tape backup - A relatively simple and economical backup method in which data is copied to magnetic tapes. In many environments, tape backups have been replaced with faster backup methods, such as copying to network or online storage. Trojan - See Trojan horse. Trojan horse - A program that disguises itself as something useful, but actually harms your system. uninterruptible power supply - See UPS. UPS (uninterruptible power supply) - A battery-operated power source directly attached to one or more devices and to a power supply (such as a wall outlet) that prevents undesired features of the power source from harming the device or interrupting its services. uptime - The duration or percentage of time a system or network functions normally between failures. VA - See volt-amp. virus - A program that replicates itself to infect more computers, either through network connections or through floppy disks passed among users. Viruses might damage files or systems or simply annoy users by flashing messages or pictures on the screen or by causing the keyboard to beep. volt-amp (VA) - A measure of electrical power. A volt-amp is the product of the voltage and current (measured in amps) of the electricity on a line. warm site - A place where the computers, devices, and connectivity necessary to rebuild a network exist, though only some are appropriately configured, updated, or connected to match the network’s current state. worm - An unwanted program that travels between computers and across networks. Although worms do not alter other programs as viruses do, they can carry viruses. Chapter 15 Network Management At a Glance Instructor’s Manual Table of Contents •Overview •Objectives •Teaching Tips •Quick Quizzes •Class Discussion Topics •Additional Projects •Additional Resources •Key Terms Lecture Notes Overview In this book, the students have learned the technologies and techniques necessary to design an efficient, fault tolerant, and secure network. However, their work is not finished once all the clients, servers, switches, routers, and gateways have been installed. After a network is in place, it requires continual review and adjustment. A network, like any other complex system, is in a constant state of flux. Whether the changes are caused by internal factors, such as increased demand on the server’s processor, or external factors, such as the obsolescence of a router, the student should count on spending a significant amount of time investigating, performing, and verifying changes to the network. In this chapter, the student will learn about changes dictated by immediate needs as well as those required to enhance the network’s functionality, growth, performance, or security. The student will also learn how best to implement those changes. Chapter Objectives After reading this chapter and completing the exercises, the student will be able to: •Explain basic concepts related to network management •Discuss the importance of documentation, baseline measurements, policies, and regulations to assess and maintain a network’s health •Manage a network’s performance using SNMP-based network management software, system and event logs, and traffic-shaping techniques •Identify the reasons for and elements of an asset management system •Plan and follow regular hardware and software maintenance routines Teaching Tips Fundamentals of Network Management 1. Define and describe the term network management. 2. Explain the scope of network management. a. Note that the scope of network management techniques differs according to the network’s size and importance. 3. Point out that several disciplines fall under the heading of network management. a. Emphasize that all disciplines share the goal of enhancing efficiency and performance while preventing costly downtime or loss. 4. Explain that ideally, network management accomplishes its goals by helping the administrator predict problems before they occur. 5. Point out that before a network professional can assess and make predictions about a network’s health, however, they must measure and understand the networks logical and physical structure and understand how it functions under typical conditions. Documentation 1. Explain that there are many different types of network documentation. 2. Describe the documentation that should be implemented for sound network management. 3. Define the term configuration management. 4. Explain why documenting all aspects of a network promises to save work in the future. 5. Define and explain the term network diagram. 6. Explain how understanding conventions for network documentation can make a network professional’s task easier. a. Point out that the diagrams use icons standardized or made popular by Cisco. 7. Use Figure 15-1 to illustrate a network diagram using Cisco symbols. 8. Point out that network diagrams provide broad snapshots of a network’s physical or logical topology. 9. Define and describe a wiring schematic. 10. Use Figure 15-2 to illustrate a wiring schematic. Teaching Tip Students may download packages of Cisco networking icons at http://www.cisco.com/web/about/ac50/ac47/2.html. Baseline Measurements 1. Define and explain the term baseline. 2. Explain what might be included in baseline measurements. 3. Use Figure 15-3 to illustrate an example baseline for daily network traffic over a six-week period. 4. Note that baseline measurements allow a network professional to compare future performance increases or decreases caused by network changes or events with past network performance. 5. Point out that the more data gathered while establishing a network’s baseline, the more accurate a prediction will be. 6. Describe why network traffic patterns might be difficult to forecast. 7. Explain how a network professional gathers baseline data on the network. Policies, Procedures, and Regulations 1. Explain why an organization should follow rules. 2. Describe internal policies, procedures, and regulations that make for sound network management. 3. Point out that state and federal regulations need to be addressed. a. Describe the CALEA (Communications Assistance for Law Enforcement Act). b. Describe the HIPAA (Health Insurance Portability and Accountability Act). 4. Emphasize that many of the policies and procedures mentioned in this section are not laws, but best practices aimed at preventing network problems before they occur. Fault and Performance Management 1. Point out that after documenting every aspect of a network and following policies and best practices, the network’s status may be assessed on an ongoing basis. 2. Define the term performance management. 3. Define the term fault management. Network Management Software 1. Explain why organizations often use enterprise-wide network management software. 2. Point out that there are many network management software applications. Teaching Tip Some popular applications include IBM’s Tivoli NetView and Cisco’s CiscoWorks. Navigate to each product’s Web page to illustrate the products capabilities. IBM Tivoli: http://www-01.ibm.com/software/tivoli/products/netview CiscoWorks: http://www.cisco.com/en/US/products/sw/cscowork/ps1008 3. Define the term polling. 4. Define the term agent. 5. Describe the objects that may be managed. 6. Explain what is contained in a MIB (Management Information Base). 7. Explain how agents use SNMP (Simple Network Management Protocol). 8. Use Figure 15-4 to illustrate the relationship between a network management application and managed devices on a network. 9. Point out that a network management application can present an administrator with several ways to view and analyze the data. 10. Use Figure 15-5 to illustrate a map showing network status. 11. Explain the benefit and drawback of network management applications. 12. Explain why it is important to collect only useful data and not an excessive amount of routine information. 13. Describe one of the most common network management tools used on WANs. Teaching Tip Navigate to the MRTG (Multi Router Traffic Grapher) Web site at http://oss.oetiker.ch/mrtg to demonstrate capabilities of the product. System and Event Logs 1. Explain how virtually every condition recognized by an operating system can be recorded on a computer. 2. Introduce the Windows-based system event log. 3. Introduce the Windows-based system Event Viewer. 4. Use Figure 15-6 to illustrate an example of data collected in the event log on a workstation running the Windows 7 operating system. 5. Define and describe the UNIX and Linux system log. 6. Point out that most UNIX and Linux operating systems provide a GUI application for easily viewing and filtering the information in syslog files. 7. Explain why using these logs for fault management requires thoughtful data filtering and sorting. Teaching Tip Demonstrate to the class where the event logs can be found on a Windows-based system. Open the logs to see the recorded information. Traffic Shaping 1. Define and describe the term traffic shaping. a. Include an explanation of traffic shaping goals. 2. Describe the techniques used in traffic shaping. a. Define and explain the term traffic policing. 3. Use Figure 15-7 to illustrate how traffic volume might appear on an interface without limits compared to an interface subject to traffic policing. 4. Describe the controversial example of traffic shaping that became known in 2007 with Comcast. 5. Define and explain traffic prioritization. Caching 1. Define and explain the term caching. 2. Define and explain web caching. 3. Explain how caching benefits an ISP. a. Include an explanation of a cache engine. Quick Quiz 1 1. True or False: The scope of network management techniques differs according to the network’s size and importance. Answer: True 2. Because of its status in the networking world and the volume of networking hardware it sells, ____________________ has set trends for network diagramming. Answer: Cisco 3. In addition to internal policies, a network manager must consider ____ regulations that might affect her responsibilities. a. state b. federal c. state and federal d. local Answer: C 4. The network management protocol that provides for both authentication and encryption is ____. a. SMTP b. SNMPv1 c. SNMPv2 d. SNMPv3 Answer: D 5. True or False: Much of the information collected in event logs and syslog files does not point to a problem, even if it is marked with a warning. Answer: True Asset Management 1. Define and explain the concept of asset management. 2. Review the first step of inventory management. 3. Explain that the asset management tool selected depends on an organization’s needs. 4. Describe the benefits of asset management. Change Management 1. Explain why managing change while maintaining a network’s efficiency and availability requires good planning. 2. Introduce change management and techniques for approaching the most common types of software and hardware changes, from installing patches to replacing a network backbone. Software Changes 1. Point out that an important part of keeping a system running optimally is upgrading its software. 2. Describe the common software change types. 3. Review the general steps involved in implementing software changes on a network. 4. Emphasize that generally, upgrading or patching software according to a vendor’s recommendations is a good idea and can often prevent network problems. 5. Define and explain the term patch. a. Describe how they may be distributed. b. Describe how patches are installed. c. Explain how to stay appraised of patches. 6. Define and explain client upgrades. a. Emphasize the importance of reading all documentation before applying the upgrade. b. Note that the upgrade may be completely transparent to the user or offer a new appearance. c. Describe the pre- and post-installation steps. 7. Define and describe shared application upgrades. a. Emphasize that these software upgrades affect all users at once. b. Point out that these upgrades use the same principles as other upgrades. c. Note that because these upgrades tend to enhance functionality, one must weigh the time, cost and effort involved with the true need for the new functionality. d. Note that training may be required for significant changes. 8. Define and describe network operating system upgrades. a. Point out that this is one most critical type of software upgrades a network professional will perform. b. Emphasize that this type of upgrade involves significant, potentially drastic, changes to the way servers and clients operate. c. Note that this type of upgrade requires plenty of forethought, product research, and rigorous testing before being implemented. d. Review with the class, the significant questions that should be asked and answered before this upgrade. e. Reemphasize that this type of upgrade is a complex and far-reaching change, noting that it should not be undertaken with severe budgetary, resource, or time constraints. f. Review steps to undertake when planning an NOS upgrade. 9. Explain that if the software upgrade creates problems in an existing system, a network professional should be prepared to reverse the process. 10. Define the term backleveling. 11. Emphasize that the steps that constitute backleveling differ, depending on the complexity of the upgrade and the network environment involved. 12. Use Table 15-1 to summarize some basic techniques to reverse a software upgrade. 13. Note that a network professional should always refer to the software vendor’s documentation to reverse an upgrade. 14. Emphasize that for backleveling a network operating system upgrade, a network professional should also consult with experienced professionals about the best approach for the network environment. Hardware and Physical Plant Changes 1. Explain why hardware and physical plant changes might occur. 2. Note that the same issues apply to hardware changes as apply to software changes. 3. Review the eleven steps to consider when considering a change to network hardware. 4. Discuss the difficulty involved in adding or upgrading hardware on a network. a. Explain how a great deal depends upon whether an organization or the network professional has used the hardware in the past. b. Note the special steps that may need to be taken due to hardware changing so rapidly. c. Explain the different types of preparation that may need to be taken for the various network device types. •Networked workstation •Networked printer •Hub or access point •Server •Switches and routers d. Emphasize that the most disruptive and complex hardware to add or upgrade is also the most difficult to remove or backlevel. e. Point out that keeping safety in mind when upgrading or installing hardware on a network is important. 5. Discuss the difficulty involved in cabling upgrades on a network. a. Point out that cabling upgrade can require significant planning and time to implement, depending on the size of the network. b. Remind students that troubleshooting cabling problems is easier with current and accurate wiring schematics. c. Emphasize that the best way to ensure that future upgrades go smoothly is to document existing cable before making any upgrades. d. Explain why it is best to consider upgrading the network cabling in phases. e. Discuss why it is important to weigh the importance of the upgrade against its potential for disruption. f. Describe how large and small organizations approach cabling upgrades. 6. Discuss the difficulty involved in network backbone upgrades. a. Emphasize that this is one of the most comprehensive and complex upgrade types. b. Describe the requirements that need to be in place before upgrading the backbone. 7. Discuss the need to provide a way to reverse the hardware change if something should go wrong. a. Point out that if the hardware upgrade is for a faulty device, then there is no possible reinstallation. b. Discuss how old components should be stored in case they are needed to reverse the hardware change. Quick Quiz 2 1. True or False: The first step in asset management is to take an inventory of each node on the network. Answer: True 2. A patch is a form of a(n) ____ change. a. hardware b. software c. monitoring d. asset Answer: B 3. ____________________ upgrades affect all users at once. Answer: Shared application 4. The most critical type of software upgrade a network professional will perform is an upgrade to the ____________________. Answer: NOS (network operating system), network operating system, NOS 5. If you are replacing a(n) ____ hardware component or device, restoration is not possible a. faulty b. live c. important d. critical Answer: A Class Discussion Topics 1. Documenting a network is essential in troubleshooting and support. Discuss the security implications in keeping such documentation. How should an organization balance access to the documentation against protecting the network from intentional hacking, compromise or damage? 2. As a class, discuss how long an upgraded hardware and software components should be stored in case there is a need to back out and reinstall. What considerations should be taken into account when determining the appropriate time to discard old or upgrade equipment? Additional Projects 1. Have the student research network diagramming products on the market and write a report of their findings. The research should include three products and a comparison of the technical specifications, ease of use (if available), price, availability, and product ratings (if available). 2. MRTG is an excellent tool for graphing network performance, but for larger enterprises, the approach used by MRTG is not ideal. Investigate the tool Cacti, which uses a similar database for data collection as MRTG, and determine if such a tool can be used for an organization with several hundred stacks of network switches, dozens of routers, and a complex set of MAN-level links. Additional Resources 1. Communications Assistance for Law Enforcement Act (CALEA) http://www.fcc.gov/calea/ 2. HIPAA (Health Insurance Portability and Accountability Act) http://www.dol.gov/dol/topic/health-plans/portability.htm 3. Cisco Support Page http://www.cisco.com/en/US/support/index.html 4. Cisco PIX Firewall System Log Messages http://www.cisco.com/en/US/docs/security/pix/pix44/system/message/pixemint.html 5. Microsoft Help and Support http://support.microsoft.com/ Key Terms agent - A software routine that collects data about a managed device’s operation and provides it to the network management application running on the console. backleveling - The process of reverting to a previous version of a software application after attempting to upgrade it. cache engine - A network device devoted to storage and delivery of frequently requested files. caching - The local storage of frequently needed files that would otherwise be obtained from an external source. CALEA (Communications Assistance for Law Enforcement Act) - A United States federal regulation that requires telecommunications carriers and equipment manufacturers to provide for surveillance capabilities. CALEA was passed by Congress in 1994 after pressure from the FBI, which worried that networks relying solely on digital communications would circumvent traditional wiretapping strategies. Communications Assistance for Law Enforcement Act - See CALEA. configuration management - The collection, storage, and assessment of information related to the versions of software installed on every network device and every device’s hardware configuration. event log - The service on Windows-based operating systems that records events, or the ongoing record of such events. Event Viewer - A GUI application that allows users to easily view and sort events recorded in the event log on a computer running a Windows-based operating system. fault management - The detection and signaling of device, link, or component faults. Health Insurance Portability and Accountability Act - See HIPAA. HIPAA (Health Insurance Portability and Accountability Act) - A federal regulation in the United States, enacted in 1996. One aspect of this regulation addresses the security and privacy of medical records, including those stored or transmitted electronically. Management Information Base - See MIB. MIB (Management Information Base) - A database used in network management that contains a device’s definitions of managed objects and their data. network diagram - A graphical representation of a network’s devices and connections. network management - The assessment, monitoring, and maintenance of the devices and connections on a network. patch - A correction, improvement, or enhancement to part of a software application, often distributed at no charge by software vendors to fix a bug in their code or to add slightly more functionality. performance management - The ongoing assessment of how well network links, devices, and components keep up with demands on them. polling - A network management application’s regular collection of data from managed devices. Simple Network Management Protocol - See SNMP. Simple Network Management Protocol version 1 - See SNMPv1. Simple Network Management Protocol version 2 - See SNMPv2. Simple Network Management Protocol version 3 - See SNMPv3. SNMP (Simple Network Management Protocol) - An Application layer protocol in the TCP/IP suite used to convey data regarding the status of managed devices on a network. SNMPv1 (Simple Network Management Protocol version 1) - The original version of SNMP, released in 1988. Because of its limited features, it is rarely used on modern networks. SNMPv2 (Simple Network Management Protocol version 2) - The second version of SNMP, which improved on SNMPv1 with faster performance and slightly better security, among other features. SNMPv3 (Simple Network Management Protocol version 3) - A version of SNMP similar to SNMPv2, but with authentication, validation, and encryption for packets exchanged between managed devices and the network management console. SNMPv3 is the most secure version of the protocol. syslog - A standard for generating, storing, and processing messages about events on a system. Syslog describes methods for detecting and reporting events and specifies the format and contents of messages. system log - On a computer running a UNIX or Linux operating system, the record of monitored events, which can range in priority from 0 to 7 (where “0” indicates an emergency situation and “7” simply points to information that might help in debugging a problem). You can view and modify system log locations and configurations in the file /etc/syslog.conf file on most systems (on some systems this is the /etc/rsyslog. conf file). traffic policing - A traffic-shaping technique in which the volume or rate of traffic traversing an interface is limited to a predefined maximum. traffic shaping - Manipulating certain characteristics of packets, data streams, or connections to manage the type and amount of traffic traversing a network or interface at any moment. upgrade - A significant change to an application’s existing code, typically designed to improve functionality or add new features. Web caching - A technique in which Web pages are stored locally, either on a host or network, and then delivered to requesters more quickly than if they had been obtained from the original source. wiring schematic - A graphical representation of a network’s wired infrastructure. Instructor Manual for Network+ Guide to Networks Tamara Dean 9781133608196, 9781133608257, 9781337569330