This Document Contains Chapters 8 to 10 Chapter 8 Network Operating System Fundamentals At a Glance Instructor’s Manual Table of Contents • Overview • Objectives • Teaching Tips • Quick Quizzes • Class Discussion Topics • Additional Projects • Additional Resources • Key Terms • Technical Notes for Hands-On Projects • Using Virtualization for Hands-On Projects Lecture Notes Overview Chapter 8 will introduce students to the major components of an OS. They also learn about the features of common network operating systems and the differences between client and server OSs. At the end of the chapter, students will be able to plan for the installation of an operating system and ensure its proper operation. Objectives • Describe the major components of an OS including file system, processes, and the kernel • Discuss network operating systems and compare and contrast a client with a server OS • Describe the components of virtualization and discuss virtualization products • Plan for the installation of an operating system and perform post-installation tasks Teaching Tips Operating System Fundamentals 1. Simplify and describe what an operating system does for users and software by providing access to a computer’s physical components. The File System 1. Explain what a file system is: the underlying architecture that stores and organizes files into a logical structure. List the goals/objectives of a functional file system. 2. Describe how space on a drive is divided into sectors, each sector usually being 512 bytes. These sectors are then grouped into clusters. Students should understand what affects different cluster sizes can have on performance and space availability. 3. Show students the most common method of organization for file systems, the hierarchical filing method. This consists of a file system root (C: for windows, / for Linux). 4. Briefly mention the ability of some file systems to index their own contents for improved search functionality. 5. Introduce the concept of secure file access using permissions. Mention some of the more common file systems that have the ability to use permissions, and which ones do not support secure file access, such as FAT. Teaching Tip Emphasize that file systems are logical; they do not segment the hard drive any way physically for a file. If possible, demonstrate this by doing a hex dump of a hard drive on Linux as an extra side project. Processes and Services 1. Define the word process, and explain the different types of processes. a. Processes that are set to start on boot for Windows are called Services. b. Processes that start on boot for Linux are called Daemons 2. Detail how processes can be multitasked, using time slicing to divide CPU computing cycles. Context switching is used to describe the act of changing to another process entirely. 3. Describe the two types of multitasking and how each manages the CPU: a. Preemptive—OS controls the CPU b. Cooperative—Process controls the CPU 4. Introduce the concept of threads, and multithreaded applications that are designed to be run on multiprocessing systems. a. You should discuss the prevalence of multicore processors and distinguish these from multiprocessor systems. Multiprocessor implies multiple physical chips, whereas multicore refers to a single chip that has multiple processors internally. The distinction becomes important when purchasing server licenses. The Kernel 1. Explain the role of the kernel in managing and controlling the operating system. a. Direct students to Figure 8-5 in the book and discuss the layered model for operating system structure. Teaching Tip Have students take a look at this page on kernels for a comparison of different kinds of kernels: http://en.wikipedia.org/wiki/Kernel_%28computing%29. Quick Quiz 1 1. A ____________ is the method by which an OS stores, organizes, and manages access to files on a storage device. Answer: file system 2. In the hierarchical filing method, what is the top of the hierarchy called? Answer: root of the file system 3. A ____________ is a program that’s loaded into memory and run by the CPU. a. thread b. process c. service d. file Answer: process 4. Name at least two important tasks performed by the kernel. Answer: schedules processes to run, making sure high-priority processes are taken care of first; manages memory to ensure that two applications don’t attempt to use the same memory space; and makes sure I/O devices are accessed by only one process at a time 5. How do CPUs accomplish multitasking? a. Time slicing b. Multiprocessing c. Context switching d. Preemptive multitasking Answer: Time slicing Network Operating System Overview 1. Break down the meaning of ‘network operating system’ versus what desktop operating systems have become, and what features a server OS might have over a desktop OS. The Role of a Client Operating System 1. Students should already understand the client-server relationship, so you should explain what kind of client software might be present on a client operating system, such as: a. DHCP client b. DNS client c. HTTP client d. File-sharing client e. E-mail client 2. Cover the DHCP lease process and what part the DHCP client plays in renewing or leasing an IP address from a DHCP server. Students should be aware of some different types of DHCP broadcast packets and their functions: a. DHCP Discover b. DHCP Offer c. DHCP Request d. DHCP Ack 3. Describe the role of the DNS client service in resolving names to IP addresses, and how DNS suffixes affect queries made to a DNS server. 4. Explore the use of an HTTP client (Web browser) and how it functions with Web pages. Demonstrate how a Web browser can use HTTP/HTTPS for file transfer as well, largely replacing FTP. 5. Demonstrate the use of a file-sharing client, such as used to access Windows shares over a network with the Server Message Block (SMB) protocol. a. Discuss the function of a redirector in determining whether a resource is local or remote. b. Show how UNC paths can be used to access network resources in Windows. c. Explain the differences between the Windows drive letter path and the root drive in Linux. 6. Elaborate on the usage of e-mail clients, and discuss some of the more common e-mail protocols available to these clients, such as those found in the following list. Afterwards, break down the communication process involved in sending or receiving mail using the given protocol, and discuss some of the advantages of using IMAP over POP3. You should also mention webmail as an alternative. a. POP3 b. SMTP c. IMAP Teaching Tip Have students review Simulation 18: How E-mail Works. The Role of a Server Operating System 1. Briefly explain the purpose of a server operating system and why a server operating system is different than a desktop operating system in terms of what is expected of it. Centralized User Account and Computer Management 1. Describe authentication and authorization, and explain why the two are separate. Authentication involves identifying who has access, whereas authorization is the process of granting or denying access of an authenticated user. 2. Go into detail about how account management works for a domain versus a workgroup network, and why a workgroup of 10 machines would require 10 usernames and passwords for one user to grant access to resources on each machine. 3. Explain to students how Active Directory gives the ability to enforce policies for network use and security, via Group Policy. Centralized Storage 1. Elaborate on the different kinds of centralized storage available: a. Network-attached storage devices b. Storage area networks c. Cloud-based storage 2. Discuss where you might see some of these storage types used, whether it be on campus networks or large data centers. a. Network-attached storage involves a dedicated server for sharing storage, though network appliances in a small box exist with limited capabilities. b. Storage area networks are high speed/high cost that share entire hard drives to other devices on the network. c. Cloud-based storage moves the responsibility for hosting the data storage to a hosting company. Infrastructure Services 1. List some of the infrastructure services needed for basic network functionality. 2. Describe the role of a DHCP server and its elements: a. IP address scope—defines the range of IP addresses for assignment b. Scope options—Settings like default gateway for the scope c. Reservations—Keep a reserved address ready for a particular MAC address d. Exclusions—Do not assign or hand out the defined IP addresses e. DHCP server service—Lists on UDP port 69 for client requests 3. Detail how a DNS server is used, and describe some of the following elements and how they’re utilized: a. DNS zones b. Cache c. Root hints d. DNS server service Server and Network Fault Tolerance 1. Give examples of some features that are normally only available for server OSs, such as a. Support for hot-swappable devices—Devices that can be removed while the server is running b. Server clustering—Students should understand the different types of cluster, such as a failover cluster compared to a load-balancing cluster c. Redundant high-end disk systems—Explain what a RAID is Additional Server Features 1. Briefly discuss some additional features available on the server side: a. Remote access b. Database server c. Client/server applications d. Virtualization Teaching Tip Take a look at http://www.microsoft.com/windowsserver2008/en/us/solutions.aspx to see some of the extra services and solutions Microsoft has to offer on its server side. Quick Quiz 2 1. The ____________ is responsible for communicating with a DNS server to resolve computer and domain names to IP addresses. Answer: DNS client 2. When a user or an application requests a resource, a ____________ intercepts the request and then examines it to determine whether the resource is local (on the computer) or remote (on the network). Answer: redirector 3. The process of granting or denying an authenticated user’s access to network resources is called what? Answer: authorization 4. A ____________ is two or more servers configured to operate as a single unit for load-balancing purposes. a. Dual-core server b. fault-tolerant cluster c. load-balancing cluster d. multimode cluster Answer: load-balancing cluster 5. Which port is used by DNS to answer queries on? a. TCP 63 b. UDP 63 c. TCP 52 d. UDP 53 Answer: UDP 53 Operating System Virtualization 1. Explain how virtualization works, allowing for the use of multiple operating systems on a single machine. Define some of the basic components involved with virtualization: a. Virtual machines b. Host computers c. Virtualization software d. Hypervisors e. Virtual disks f. Virtual networks g. Snapshots 2. Students should understand the basics of virtualization, and how much of a physical machine’s functionality can be reproduced virtually. Hosted Virtualization 1. Introduce students to the idea of hosted virtualization, and give details as to some of the requirements of running hosted virtualization software. 2. Give some examples as to how hosted virtualization can be useful, and how it can be applied. Having isolated software and network functionality inside a virtual machine could help test new updates or new software outside of a production environment. 3. List some of the virtualization products available for students, and give special attention to the free versions of these products, as these will be the ones students are most interested in. a. VMware Workstation (Win & Linux) b. VMware Player (Win & Linux) c. VMware Fusion (Workstation for Mac) d. Microsoft Virtual PC (Win) e. VirtualBox (Win & Linux & Mac & Unix) 4. Demonstrate some basic usage of VMware Workstation, if students haven’t already used the software previously. Mention some of the features of this product that make it unique, such as 3D acceleration (particularly useful when dealing with graphics editing). 5. Tie in the usage of VMware Player as VMWare’s free alternative to Workstation. Students should note that their ability to create and edit existing virtual machines using Player is extremely limited. 6. Demonstrate the use of Virtual PC, and draw some comparisons to the other products shown. 7. Show Oracle’s VirtualBox software, and give some comparisons to the other software products available. One of the major benefits students should note about VirtualBox is that it is an open source project, meaning it is widely available on multiple platforms. However, it lacks some of the more robust features of VMware’s offerings. Teaching Tip Some of VMware’s bare-metal solutions are free as well, such as VMware vSphere ESXi, which is free so long as you do not require centralized management or extensive additional features. Bare-Metal Virtualization 1. Discuss some of the options available for bare-metal virtualization hypervisors: a. Microsoft Hyper-V b. Citrix XenServer c. VMware vSphere 2. Review what management tools might be available for controlling these hypervisors, such as SCVMM for Hyper-V or vCenter server for vSphere. Installing an OS 1. Explain the task of installing an OS, and discuss what planning needs to be done, how requirements should be considered, and what needs to be done as part of post-installation. Planning for and Installing Windows Server 2008 1. Students should know what factors to consider when installing Windows Server 2008. a. When selecting hardware, students should keep in mind the bare minimum hardware requirements of the OS, as well as the requirements for a stable server. b. Students should also be aware of licensing constraints when using Windows, such as memory limitations for specific versions, or CPU limitations. c. Discuss the different editions of Windows Server 2008, and describe what hardware limitations they have. Compare different versions to show what features exist at what edition of Windows Server 2008. d. Talk with students about the preinstallation decisions that should be made, such as the server name or IP address. It is important that students be aware of what tasks a particular server will perform prior to installation, as this can dictate certain settings during install. Organizations often have naming conventions, such as dc1 for domain controllers, and renaming a server after it has been joined to a domain is a messy process. e. Make students aware of the post-installation tasks, such as server license activation, the configuration of automatic updates, or the addition of server roles and features. Planning for and Installing Linux 1. Students should understand the need for checking hardware compatibility lists when installing Linux. 2. The success of a Linux install on hardware is often dependent on what distribution is used as well; students should know about some of the more popular choices, especially on the server side. Some of the more popular variants include: a. Red Hat Enterprise Linux based distros b. Novell SuSE Enterprise c. Ubuntu Server 3. Cover some of the installation tasks on Linux and how they differ from Windows. The Linux install involves more decisions, especially in regard to configuration and software packages installed. Quick Quiz 3 1. What is the name of the OS installed on a virtual machine? Answer: guest OS 2. What are the two main types of virtualization? Answer: hosted and bare-metal 3. A ____________ is a partial copy of a VM made at a particular moment, used to restore the VM to its original state. Answer: snapshot 4. What is the minimum memory requirement for running Windows Server 2008? Answer: 512MB RAM Class Discussion Topics 1. Have the class discuss for what reasons do they think virtualization has become so popular. Students should discuss when and where they think virtualization would be useful as well as cost efficient. Virtualization shouldn’t always be the answer, but it can be used in most cases to cut costs and significantly reduce environmental impacts. Additional Projects 1. Get students to try the various free applications for virtual machines. Have them try several different unique features for each one, and then discuss which one they found most useful. Familiarity with virtual products is becoming more and more necessary to function thanks to mixed environments. The more familiar a student is with what software is available, the better. Additional Resources 1. http://www.virtualbox.org/ 2. http://www.vmware.com/products/player/ 3. http://en.wikipedia.org/wiki/Comparison_of_Linux_distributions Key Terms authentication The process of identifying who has access to the network. The most common form of authentication is a logon with a username and password. authorization The process of granting or denying an authenticated user’s access to network resources. bare-metal virtualization The hypervisor implements OS virtualization by running directly on the host computer’s hardware and controls and monitors guest OSs. batch file A text file containing a list of commands you ordinarily type at the command prompt. You can run the batch file by typing its name at the command prompt and the entire list of commands contained in the file is executed sequentially. cloud storage A data storage method in which some or all of an organization’s data is stored on servers located offsite and maintained by a storage hosting company. context switching Occurs when the OS suspends one process and activates another process. cooperative multitasking The OS can’t stop a process; when a process gets control of the CPU, it maintains control until it satisfies its computing needs and informs the OS that another process can be activated. DNS zone A database of primarily hostname and IP address pairs that are related by membership in an Internet or a Windows domain. exclusion One or more IP addresses that are excluded from the DHCP IP address scope. failover cluster A server cluster configuration that is used to provide fault tolerance so that if one server fails, the other immediately takes over its functions with no or little downtime. file system The method by which an OS stores, organizes, and manages access to files on a storage device, such as a hard drive. host computer The physical computer on which virtual machine software is installed and virtual machines run. hosted virtualization Implements OS virtualization by being installed in a general-purpose host OS, such as Windows 7 or Linux, and the host OS accesses host hardware on behalf of the guest OS. hot-swappable device A computer device that can be removed, replaced, or added to a server while it’s running. hypervisor The component of virtualization software that creates and monitors the virtual hardware environment, which allows multiple VMs to share physical hardware resources. IP address scope A component of a DHCP server, it is a range of IP addresses the server leases to clients that request an IP address. load-balancing cluster A server cluster configuration that provides high-performance computing and data access by spreading the workload among multiple computers. multiprocessing A feature of some OSs that allow two or more threads to be executed concurrently by separate CPUs or CPU cores. multithreaded application An application that has two or more threads that can be scheduled separately for execution by the CPU. See also thread. network appliance A device equipped with specialized software that performs a limited task, such as file sharing. Network appliances are often packaged without video interfaces, so you don’t configure them with an attached keyboard and monitor. network-attached storage (NAS) A dedicated server device designed solely for providing shared storage for network users. preemptive multitasking A form of multitasking in which the OS controls which process gets access to the CPU and for how long. process A program that’s loaded into memory and run by the CPU. It can be an application a user interacts with or a program with no user interface that communicates with and provides services to other processes. redirector An OS client component that intercepts resource requests and determines whether the resource is local or remote. redundant array of independent disks (RAID) A storage configuration of two or more disks, usually in a fault-tolerant arrangement so that if one disk fails, the data is preserved and the server can continue to operate. reservation An IP address tied to a particular MAC address. When a client requests an IP address from the DHCP server, if the client’s MAC address matches an address specified by a reservation, the reserved IP address is leased to the client instead of getting it from the scope. server cluster Two or more servers configured to operate as a single unit. The most common types of server clusters are failover clusters and load-balancing clusters. service A process that runs in the background and provides services to other processes; for example, the DNS client and server components are services. snapshot A partial copy of a virtual machine made at a particular moment used to restore the virtual machine to its state when the snapshot was taken. thread The smallest unit of software that can be scheduled to run. time slicing The process by which a CPU’s computing cycles are divided among more than one process. virtual machine (VM) The virtual environment that emulates a physical computer’s hardware and BIOS. virtualization A process implemented in a software environment that emulates a computer’s hardware and BIOS, allowing multiple OSs to run on the same physical computer at the same time. Technical Notes for Hands-On Projects All projects in this book that use the Sharing and Security option for folders assume that the Use simple file sharing option has been disabled. Hands-On Project 8-1: This project requires a computer with Windows installed. Hands-On Project 8-2: This project requires a computer with Linux installed or a Linux Live CD; this project uses the Ubuntu 10.4 installation DVD, which contains a Live CD option, but others can be used. Hands-On Project 8-3: This project requires a computer with Windows installed. Hands-On Project 8-4: This project requires a computer with Linux installed or a Linux Live CD; this project uses the Ubuntu 10.4 installation DVD, which contains a Live CD option, but others can be used. Hands-On Project 8-5: This project requires a computer with Windows installed. Hands-On Project 8-6: This project requires a computer with Windows installed. Hands-On Project 8-7: This project requires a computer with Windows installed. Hands-On Project 8-8: This project requires a computer with Windows installed; a computer with a shared printer that all student computers can connect to, or students can connect to each other’s shared printers. Using Virtualization for Hands-On Projects The following Hands-On Projects/Challenge Labs have been identified as those that students can do using virtual machines rather than physical machines. Hands-On Project 8-1 Hands-On Project 8-2 Hands-On Project 8-3 Hands-On Project 8-4 Hands-On Project 8-5 Hands-On Project 8-6 Hands-On Project 8-7 Hands-On Project 8-8 (Note: If working with partners, ensure that the network connection is set to bridged and that the hosting machine is connected to the same network.) Challenge Lab 8-1 Challenge Lab 8-2 (Note: The install of VMware Player must be done in the host, but the rest of the lab can be done in a virtual machine.) Chapter 9 Server Management and Administration At a Glance Instructor’s Manual Table of Contents • Overview • Objectives • Teaching Tips • Quick Quizzes • Class Discussion Topics • Additional Projects • Additional Resources • Key Terms • Technical Notes for Hands-On Projects • Using Virtualization for Hands-On Projects Lecture Notes Overview Chapter 9 will introduce students to the creating and working with user and group accounts. They also learn how to manage permissions for users and groups and how to work with shared files and printers. At the end of the chapter, students will learn about the importance of fault tolerance and backup solutions. Objectives • Create and work with user and group accounts • Create and manage permissions on storage volumes • Work with shared files and printers • Monitor a system’s performance and reliability • Describe fault tolerance and backup solutions Teaching Tips Managing User and Group Accounts 1. Discuss user accounts and groups as a means to facilitate authenticated access to resources on the network. Account and Password Conventions 1. Talk about some of the methods of standardizing a naming convention for usernames. 2. Discuss how to secure passwords through diversity of conventions such as enforcing minimum length, complexity requirements, or changing frequency. Teaching Tip It might be helpful to very briefly mention some of the methods malicious users will try to break into accounts. Most commonly, brute forcing is used, but it is time consuming. The amount of time brute forcing takes for a password increases dramatically with password length. Working with Accounts in Windows 1. Mention the two default users that are created as part of a Windows install immediately after installation: Guest and Administrator, with Guest being disabled by default. 2. Describe the basic task of creating a user account on a Windows Active Directory domain controller, and define what an Organizational Unit (OU) is. 3. Show students some of the options available for configuring user accounts in AD that provide ease of management: a. User must change password at next logon b. User cannot change password c. Password never expires d. Account is disabled 4. Demonstrate the process of creating a group in Windows Active Directory, and list some of the options available when creating a group, such as group scope: a. Domain Local b. Global c. Universal 5. List some of the default groups internal to Windows, and describe some of the abilities that members of these groups have. 6. Explain the usage of special identity groups, such as Creator Owner and Everyone. These groups do not appear as objects in AD, but can be assigned permissions. 7. Describe what a user profile is and where it is located in Windows. a. Students should understand some of the different ways the user profile is implemented on Windows 7/Server 2008 versus XP/Server 2003. b. They should also be aware of some of the more important folders and files that make up a user profile, such as the ntuser.dat file. c. Roaming profiles should also be mentioned, as they change the location of the profile. Working with Accounts in Linux 1. Demonstrate the usage of the adduser command on Linux and the requirements for running this command. a. Oftentimes you need to be root or preface the command with “sudo” in order to perform administrative tasks on Linux. 2. Next, demo the passwd command as a means to change user passwords. 3. Locate the /etc/passwd and /etc/groups files on the Linux system and display their contents so that students can see how users and group information is tracked in Linux. Teaching Tip Most distributions have GUI tools for the creation of users and passwords. On Gnome-based distributions such as Ubuntu, the tools can be found under System >> Administration. Quick Quiz 1 1. ____________ are used to organize users so that the assignment of resource permissions and rights can be managed more easily than working with many user accounts. Answer: Group accounts 2. What two accounts are created when Windows is first installed? Answer: Administrator and Guest 3. ____________ contain users from the domain in which they’re created but can be assigned permissions to resources in other domains. a. Domain local groups b. Global groups c. Local groups d. Universal groups Answer: Global groups 4. What kind of profile follows the user no matter which computer he or she logs on to? a. Local profile b. Domain profile c. Mobile profile d. Roaming profile Answer: roaming profile 5. Where are the user accounts stored in a basic Linux install? a. /etc/groups b. /etc/password c. /etc/passwd d. /etc/users Answer: /etc/passwd Storage and File System Management 1. Describe some of the challenges involved in keeping up with storage on large networks. Volumes and Partitions 1. Define the terms volume and partition, and explain their differences. 2. Basic disks can be divided into one to four primary partitions, or at least one extended partition that can contain several logical partitions, provided there are fewer than four primary partitions. 3. Students need to know that the active partition is the partition that stores the boot files, whereas the boot partition stores the OS files. 4. Linux uses device driver names plus a letter to describe disks, such as /dev/sda for the first SATA or SCSI disk, and a number to mark the partitions on that device. Make sure students can figure out what hard drive and partition number is described by /dev/sdb2 Teaching Tip On older Linux distributions the student might be exposed to, the device name for PATA/IDE-based disks was hd* instead of sd*. On modern Linux distributions, all PATA- and SATA-based disks appear as sd* because they both now use the same kernel driver. The FAT File System 1. Describe the FAT file system, its variations, and its limitations. The NTFS File System 1. When discussing NTFS, be sure to compare its advanced features to FAT, which lacks: a. Disk quotas b. Volume mount points c. Shadow copies d. File compression e. Encrypting File System (EFS) 2. Disk quotas should be discussed as a means to control disk space and limit the amount of space a user could potentially monopolize. 3. Briefly explain what shadow copies are and how they provide protection against accidentally deleted user files or corruption. The Linux File System 1. List the variety of file systems available to Linux, such as Ext3, Ext4, Reiser, and XFS. 2. Explain how permissions work on Linux for the three user types: owner, group, and other. Working with Shared Files and Printers 1. Quickly preview the ability to share files among computers on a network, either using SMB on Windows or NFS on Linux. Sharing Files and Printers in Windows 1. Students should first understand that NTFS permissions and share permissions affect access over the network. Only three share permissions exist: a. Read b. Change c. Full Control 2. Describe the steps to take in order to share a directory in Windows, and then discuss some of the options available while sharing the directory. 3. Define some of the components involved in sharing a printer. Most importantly, students should know what the following are: a. Print device b. Printer c. Print server d. Print queue 4. Detail what functions a print server can handle when computers are not directly connected to a print device 5. Demonstrate to students how to share a printer in order to make a machine a print server. This is usually done via the Sharing tab of a print server’s Properties dialog box. Sharing Files and Printers in Linux 1. Show students how to share files and printers in Samba in Linux. Teaching Tip There are a number of different methods for sharing files on Linux, and not all options were specifically designed for file access. If Secure Shell (SSH) is running on the Linux system, you can often use a utility like WinSCP (or just scp on Linux) to transfer files using the SSH protocol. Quick Quiz 2 1. A ____________ is part or all of the space on one or more disks that contains or is ready to contain a file system. a. partition b. sector c. volume d. cluster Answer: volume 2. True or False: NTFS permissions can only be configured on files. Answer: False – NTFS permissions can be configured on files and folders. 3. What are the three permissions used to control access to files and folders in Linux? Answer: read, write, and execute 4. What is the dominant file-sharing protocol used by Windows and supported by Linux and MAC OS? a. File Sharing Protocol (FSP) b. Server Message Block (SMB) c. Network File System (NFS) d. Secure File Transfer Protocol (SFTP) Answer: Server Message Block (SMB) 5. Which of the following is not a file system available in Linux? a. Ext5 b. Ext4 c. Ext3 d. ReiserFS Answer: Ext5 Monitoring System Reliability and Performance 1. Elaborate on some of the tools available for monitoring system performance in Windows Server 2008 versus Windows 7/Vista: a. Task Manager b. Event Viewer c. Performance Monitor d. Windows System Resource Manager (Not available for Windows 7/Vista) Event Viewer 1. Event Viewer is used to examine log entries; show students an example of the different types of events a. Information—Indicated by an I in a white circle b. Warning—Indicated by a black exclamation point inside a yellow triangle c. Error—Indicated by a white exclamation point inside a red circle 2. Talk about the different log files available in Event Viewer, such as Application, Security, Setup, and System logs. Teaching Tip Event Viewer often has a large number of events. Students would benefit from the knowledge that “Find” can be used to narrow down the type of event or information being searched for. Performance Monitor 1. Demonstrate the use of the Performance Monitor and what it can be used for. a. This utility is named Performance and Reliability Monitor in Server 2008 R1 and Vista; the name change occurs on Windows 7 and Server 2008 R2. b. Students should learn about the different areas of Performance Monitor: i. Monitoring tools ii. Data collector sets iii. Reports c. Discuss what Performance Monitor is capable of tracking, and explain the two modes of operation available: i. Real time ii. Saved performance logs 2. This program can be used to create performance baselines; explain to students when baselines are created and how often they should be reevaluated on a network. a. Show how to create a custom baseline using data collector sets. Windows System Resource Manager 1. Explain how Windows System Resource Manager can be used to provision resources on the fly, using various policies. Backup and Fault Tolerance 1. Discuss backup as a means to provide data safety, and fault tolerance as a means to ensure data delivery. Windows Backup 1. Windows Backup should be explored in depth so that students are aware of what options are available when seeking to prevent data loss. 2. Talk about some of the options available for backing up data on Server 2008 compared to Windows 7. Protecting Data with Fault Tolerance 1. Discuss the different options for providing fault tolerance, for example: a. Redundant power supply or uninterruptible power supply b. Redundant disk systems c. Server clustering 2. Define some of the terminology involved with redundant power supplies and UPS systems. 3. Discuss the different types of RAID commonly used: a. RAID 0 b. RAID 1 c. RAID 5 4. Server clustering can provide fault tolerance in the form of a failover cluster or distribute load in a load-balancing cluster. Explain to students the benefits of both options. Quick Quiz 3 1. What are the three levels of the Event Viewer? Answer: Information, Warning, Error 2. ____________ consists of a collection of tools for pinpointing which resources are being overloaded and how they’re being overloaded. Answer: Performance Monitor 3. Why are regular backups important? Answer: restore a system to working order in the event of a disk failure or file corruption and allows you to restore files that were accidentally deleted 4. Name the three forms of fault tolerance for networks and servers. Answer: Redundant power supply (or UPS), redundant disk systems, server clustering Class Discussion Topics 1. Have students discuss when performance baselines should be taken and how they should be used to make improvements. For example, in a large network, when would be a good time to take an accurate baseline of typical performance: at 10-11 AM or 1-2 AM? Should you take multiple baselines in order to fully understand when your peak usage periods are? When should a baseline be updated? Additional Projects 1. Task students with finding some of the more commonly used Linux distributions, both on the desktop and on the server end. Then have students make comparisons between the distributions to see what differences are prevalent. Students should hopefully notice that most differences are miniscule and apply to user experience primarily. Additional Resources 1. http://distrowatch.com/ 2. http://en.wikipedia.org/wiki/RAID 3. http://www.linuxquestions.org 4. http://www.ubuntu.com/desktop/get-ubuntu/download Key Terms active partition A partition that can hold boot files the BIOS loads before it can start the OS. baseline A record of performance data gathered when a system is performing well under normal operating conditions. The baseline can then be compared with data collected during peak resource demands to give your insight into your system’s capabilities and limitations. basic disk A disk configuration in which the space on the disk can be divided into one to four partitions. boot partition The partition or logical drive holding the Windows OS files. data collector set A feature of Performance Monitor that specifies the performance counters you want to collect, how often to collect them, and the time period. default groups Special groups with rights already assigned; created during installation in a Windows environment. disk mirroring A fault-tolerant disk configuration in which data is written to two hard drives rather than one so that if one disk fails, the data isn’t lost. disk quotas A feature available on some file systems that allows an administrator to set a limit to how much disk space a user’s files can occupy. disk striping with parity A fault-tolerant disk configuration in which parts of several physical disks are linked in an array, and data and parity information are written to all disks in this array. If one disk fails, data can be reconstructed from the parity information written on the others. dynamic disk A disk configuration in Windows that can be divided into one or more volumes. You can create up to 1000 volumes per dynamic disk (although no more than 32 is recommended). A dynamic disk offers features that a basic disk doesn’t, namely RAID. extended partition It’s a partition type that can be divided into one or more logical drives, each of which can be formatted and assigned a drive letter. failover cluster Involves two or more servers sharing a high-speed link used to synchronize data continuously. One server is designated as the primary server, and the others are standby servers. If the primary server fails, a standby server takes its place as the primary server. load-balancing cluster Two or more servers that appear as a single unit to users. All servers in the cluster operate and share the server load. local profile A user profile stored on the same system where a user logs on; created from a hidden profile called Default the first time a user logs on to the system. Network File System (NFS) The native Linux file-sharing protocol. NTFS permissions A feature on the Windows NTFS file system that gives administrators fine-grained access control over folders and files for both network users and interactive users. power conditioning A method of cleaning the power input, removing noise caused by other devices on the same circuit. primary partition A partition type that can be formatted with a file system and assigned a drive letter or mounted in an empty folder on an existing drive letter. It’s also called a volume. redundant power supply A second power supply unit in the computer case. Each unit is capable on its own of maintaining adequate power to the computer, so if one power supply fails, the other unit takes on the full load. right In Windows, defines the type of action a user can perform, such as creating file shares or installing software. roaming profile A user profile in a Windows environment that’s stored on a server and can be accessed from any computer the user logs on to. server cluster Two or more servers that are interconnected and appear as a single unit. Server Message Block (SMB) The Windows file-sharing protocol. special identity groups A type of group in Windows in which membership is controlled dynamically by Windows, can’t be viewed or changed manually, and depends on how an account accesses the OS. For example, membership in the Authenticated Users group is assigned to a user account automatically when the user logs on to a computer or domain. surge protection Power protection that evens out spikes or sags in the main current and prevents them from affecting a computer. system partition The active primary partition storing the Windows boot loader. uninterruptible power supply (UPS) A power-protection device that includes a battery backup to take over if the main current fails. Usually incorporates power conditioning and surge protection. user profile A collection of a user’s personal files and settings that define his or her working environment. volume Part or all of the space on one or more disks that contains or is ready to contain a file system. In Windows, volumes with file systems are usually assigned a drive letter. In Linux, volumes are mounted in the file system and accessed as though they were just another folder. Technical Notes for Hands-On Projects All projects in this book that use the Sharing and Security option for folders assume that the Use simple file sharing option has been disabled. Hands-On Project 9-1: This project requires a classroom computer with a Windows client OS installed. Windows 7 is used in this project, but the steps are similar for Windows Vista and XP. Hands-On Project 9-2: This project requires a classroom computer with a Windows client OS installed. Windows 7 is used in this project, but the steps are similar for Windows Vista and XP. Hands-On Project 9-3: This project requires a classroom computer with Linux installed or a Linux Live CD. This project uses Ubuntu Linux 10.4, but the steps are similar in most Linux distributions. These labs will also work with Ubuntu 10.10, the latest available from Canonical. Hands-On Project 9-4: This project requires a classroom computer with Linux installed or a Linux Live CD; this project uses the Ubuntu 10.4 installation DVD, which contains a Live CD option, but others can be used. These labs will also work with Ubuntu 10.10, the latest available from Canonical. Hands-On Project 9-5: This project requires a classroom computer with one unallocated disk. Hands-On Project 9-6: This project requires a computer with a volume designated as the D drive and formatted with NTFS. Hands-On Project 9-7: This project requires a Linux computer with an unallocated disk. Hands-On Project 9-8: This project requires a computer with a volume designated as the D drive and formatted with NTFS. Hands-On Project 9-9: This project requires a classroom computer running Windows 7. Hands-On Project 9-10: This project requires a classroom computer. Hands-On Project 9-11: This project requires a classroom computer. Using Virtualization for Hands-On Projects The following Hands-On Projects/Challenge Labs have been identified as those that students can do using virtual machines rather than physical machines. Hands-On Project 9-1 Hands-On Project 9-2 Hands-On Project 9-3 Hands-On Project 9-4 Hands-On Project 9-5 Hands-On Project 9-6 Hands-On Project 9-7 Hands-On Project 9-8 Hands-On Project 9-9 Challenge Lab 9-1 Challenge Lab 9-2 Chapter 10 Introduction to Network Security At a Glance Instructor’s Manual Table of Contents • Overview • Objectives • Teaching Tips • Quick Quizzes • Class Discussion Topics • Additional Projects • Additional Resources • Key Terms • Technical Notes for Hands-On Projects • Using Virtualization for Hands-On Projects Lecture Notes Overview Chapter 10 will teach students how to develop a network security policy. They also learn how to secure physical access to network equipment and how to secure network data. At the end of the chapter, students will learn how to use tools to find network security weaknesses. Objectives • Develop a network security policy • Secure physical access to network equipment • Secure network data • Use tools to find network security weaknesses Teaching Tips Network Security Overview and Policies 1. Give a brief talk about how network security contrasts with usability from a user’s standpoint. Developing a Network Security Policy 1. Discuss how to make unobtrusive security into a good network security policy that users can understand, obey, and yet still manage to get work done. Teaching Tip To learn more about security policies, refer to RFC 2196 at www.faqs.org/rfcs/rfc2196.html. Determining Elements of a Network Security Policy 1. Outline the elements of a network policy; you should discuss what information should be covered by a policy, such as acceptable use and Internet use policies. Understanding Levels of Security 1. Detail the questions that students should ask when attempting to secure a network, such as costs involved, or what should be protected and how likely a threat is to be an issue. 2. Next, discuss some different levels of security: a. Highly restrictive security policies and what they entail b. Moderately restrictive security policies and how they compare with other policies in terms of security c. Open security policies and where they might be used 3. Discuss some of the more common elements in any security policy regarding information such as what antivirus software should be used, or disaster recovery plans. Securing Physical Access to the Network 1. Explain why physical security is important when trying to maintain a secure network. Physical Security Best Practices 1. Cover some of the more basic requirements of a server room and how the room, as well as the devices inside the room, should be secured. a. Discuss how wiring can be secured or hidden to prevent eavesdropping. b. Make students aware of the need for a disaster recovery plan as part of the physical security plan. c. Teach students the environmental requirements that should also be considered when selecting locations for servers, such as heat. d. Discuss how students could secure servers with locking cabinet racks in easily accessible areas. e. Make sure to give attention to internetworking device security, as many of the same requirements for servers apply here. Additional care should be given to any configuration files that may have secure passwords on them. Teaching Tip Visit http://www.sans.org/reading_room/whitepapers/physcial/ for whitepapers involving physical security. Quick Quiz 1 1. Which element of a network security policy explains proper or improper use of the Internet? Answer: Internet use policy 2. ____________ outlines the policies for backup procedures, virus protection, and disaster recovery. a. Privacy policy b. Data protection policy c. Acceptable use policy d. Access policy Answer: Data protection policy 3. What are the three levels of security? Answer: Highly restrictive, moderately restrictive, open 4. True or False: Server rooms should be equipped with power that’s preferably on a circuit separate from other electrical devices. Answer: True 5. Which policy explains the manner in which security compliance or violations can be verified and what consequences a violation should have? a. Acceptable use policy b. Privacy policy c. Auditing policy d. Data protection policy Answer: Auditing policy Securing Access to Data 1. Briefly summarize the different means by which data on a network can be secured. Implementing Secure Authentication and Authorization 1. Students should understand the difference between authentication and authorization. a. Authentication determines who a user is. b. Authorization determines whether a user has access to a resource. 2. Detail the options available for setting password requirements under Windows, as well as the options available under Linux. 3. Talk about some good and bad practices for setting passwords (and how these relate to how password policies should be configured). 4. Demonstrate the ability to enforce logon hours and logon locations for Windows users, as well as how this compares with the Linux options. 5. Explore some of the ways authorized access to files and folders can be implemented. For Windows, discuss share permissions and file system permissions. Teaching Tip Linux permissions can be just as confusing as Windows extended permissions, despite their apparent simplicity. Direct students to http://en.wikipedia.org/wiki/Filesystem_permissions#Traditional_Unix_permissions for an in-depth look at Unix/Linux-style permissions. Securing Data with Encryption 1. Discuss some key points about encryption as a brief summary. 2. Explain some basics of encryption and IPSec, such as what a pre shared key is or what digital certificates do. Discuss some of the processes involved with the use of digital certificates. Tie these technologies into IPSec. 3. List some of the options available for securing data on disk drives, such as the Encrypting File System on Windows. You should also mention Bitlocker as a full-disk encryption solution, and detail the modes it is capable of operating in. Securing Communication with Virtual Private Networks 1. Explore the uses of a virtual private network in connecting remote users to remote networks. a. Discuss how VPNs provide security through “tunneling” and encapsulation. 2. Describe the three implementations of VPN that Windows Server 2008 supports: a. Point-to-Point Tunneling Protocol (PPTP) b. Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec) c. Secure Socket Tunneling Protocol (SSTP) 3. Describe some of the implementations available on Linux and Mac in client and server form. 4. Summarize some of the benefits of using a VPN: a. Security b. Mobility c. Costs Protecting Networks with Firewalls 1. Talk about the necessity of firewalls for securing a network, and discuss the different options for installing a firewall. a. Discuss software versus hardware firewalls. b. Students should know what protocols can be used to make rules on firewalls. c. Define what a stateful packet inspection firewall does and how it compares to a stateless packet inspection firewall. 2. Routers can be used as rudimentary firewalls; students should understand what an ACL is. 3. Cover how an intrusion detection system (IDS) can be used to notify administrators of security breaches. 4. Review Network Address Translation and how it protects clients from being world reachable. Protecting a Network from Worms, Viruses, and Rootkits 1. Define the following terms: a. Virus b. Worm c. Backdoor d. Trojan e. Malware 2. Discuss how the risks in the preceding list can be spread through networks, and cover how networks can be protected by these threats. 3. Educate students on the use of good antivirus software, and provide some examples of popular antivirus software. Protecting a Network from Spyware and Spam 1. Spam and spyware, although different, affect users in much the same way. Discuss with students the differences between these two threats. a. Students should be aware of how both spyware and spam are spread. b. Cover some basic anti-spyware software, such as Microsoft Security Essentials (which is also antivirus). c. Educate students on methods to avoid being taken advantage of by spyware and spam. Implementing Wireless Security 1. Discuss methods to secure wireless networks, such as: a. Non broadcasted SSIDs b. MAC Address Filtering c. Wired Equivalency Protocol (WEP) d. Wi-Fi Protected Access (WPA) e. 802.11i 2. Some of these methods mentioned have drawbacks or aren’t as secure as may be required to ensure a secure network. Teaching Tip Although WPA is generally considered secure, you should stress that it can still be vulnerable to brute force attacks/poorly chosen keys. Quick Quiz 2 1. What are the four characteristics of a complex password policy? Answer: lowercase letters, uppercase letters, numbers, and special characters 2. True or False: Use passwords based on your login name so that it is easy to remember. Answer: False – easy for hackers to guess 3. Many network administrators use ____________ technologies to safeguard data as it travels across the Internet and within the company network. a. wireless b. encryption c. point-to-multipoint d. peer-to-peer Answer: encryption 4. An ____________ usually works like a firewall or router with ACLs. Answer: intrusion detection system (IDS) 5. When NAT is used on a network, what must happen before an outside device can communicate with an inside device? a. The inside device must initiate the communication. b. The outside device must initiate the communication. c. The router must contact the source for the destination device. d. The outside device must communicate at the exact same time as the inside device. Answer: A. The inside device must initiate the communication. Using an Attacker’s Tools to Stop Network Attacks 1. Discuss with students the practice of penetration-testing networks, and using the same tools used by would-be attackers. You should list some of the more common steps of an attack: a. Discovery of network resources using port scanners b. Gaining access to network resources using brute force password guessing techniques or default account settings c. Disabling network resources using denial of service Teaching Tip The air crack-ng suite is an example of a tool that students can use to test network penetration with wireless networks using WEP: http://www.aircrack-ng.org/. Quick Quiz 3 1. A ____________ determines which TCP and UDP ports are available on a particular computer or device. Answer: port scanner 2. What device allows you to capture packets and determine which protocols are running? Answer: protocol analyzers 3. A ____________ attack is an attacker’s attempt to tie up network bandwidth so that it renders resources useless to legitimate users. Answer: denial-of-service (DOS) 4. What is a program that sends a large number of ping packets to a host? Answer: ping flood Class Discussion Topics 1. Get students to talk about some of the ways they would secure a typical server room, or have them pretend to secure a server room. What steps should be taken to make a room secure? How do their decisions compare with some real-world examples? Additional Projects 1. Have students research some of the more common security attacks. You could have students group together and research specific kinds of attacks, such as one group being responsible for network attacks, one for physical security attacks, and one for software vulnerabilities. An example of software vulnerability can be demonstrated by setting NTFS permissions on a file, then using an Ubuntu Live CD to mount the NTFS partition and copy the file or view contents, regardless of permissions. Additional Resources 1. http://en.wikipedia.org/wiki/Filesystem_permissions#Differences_between_operating_systems 2. http://packetstormsecurity.org/ 3. http://www.backtrack-linux.org/ Key Terms 802.11i A security extension to 802.11 and a successor to Wi-Fi Protected Access that is the currently accepted best security protocol for wireless networks. backdoor A program installed on a computer that permits access to the computer, thus bypassing the normal authentication process. cracker Someone who attempts to compromise a network or computer system for the purposes of personal gain or to cause harm. denial-of-service (DoS) attack An attempt to tie up network bandwidth or services so that network resources are rendered useless to legitimate users. digital certificates A digital document used in encryption and authentication protocols that identifies a person or computer and is verifiable by a certificate authority. Encrypting File System (EFS) A feature available on Windows operating systems that allows file contents to be encrypted on the disk. These files can be opened only by the file creator or designated agents. encryption A technology used to make data unusable and unreadable to anybody except authorized users of the data. firewall A hardware device or software program that inspects packets going into or out of a network or computer and then discards or forwards those packets based on a set of rules. hacker Sometimes a derogatory term to describe an unskilled or undisciplined programmer. Hacker can also mean someone who is highly skilled with computer systems and programs and is able to use some of the same tools attackers use to poke around networks or systems, but not for evil purposes. hoax virus A type of virus that’s not really a virus but simply an e-mail announcement of a made-up virus. Its harm lies in people believing the announcement and forwarding the message on to others. intrusion detection system (IDS) Usually a component of a firewall, an IDS detects an attempted security breach and notifies the network administrator. An IDS can also take countermeasures to stop an attack in progress. IP Security (IPSec) An extension to the IP protocol suite that creates an encrypted and secure conversation between two hosts. Kerberos authentication An authentication protocol used in a Windows domain environment or on a Linux system. Kerberos authentication uses OS-generated keys, which makes this method more secure than having an administrator enter keys. MAC address filtering A security method often used in wireless networks, whereby only devices with MAC addresses specified by the administrator can gain access to the wireless network. malware Any software designed to cause harm or disruption to a computer system or otherwise perform activities on a computer without the consent of the computer’s owner. penetration tester A term used to describe a security consultant who is able to detect holes in a system’s security for the purpose of correcting these vulnerabilities. ping scanner An automated method for pinging a range of IP addresses. port scanner Software that determines which TCP and UDP ports are available on a computer or device. preshared key A series of letters, numbers, and special characters, much like a password, that both communicating devices use to authenticate each other’s identity. protocol analyzers Programs or devices that can capture packets traversing a network and display packet contents in a form useful to the user. rootkits Forms of Trojan programs that can monitor traffic to and from a computer, monitor keystrokes, and capture passwords. They are among the most insidious form of Trojan software because they can mask that the system has been compromised by altering system files and drivers required for normal computer operation. shadow passwords A secure method of storing user passwords on a Linux system. spam Unsolicited e-mail. The harm in spam is the loss of productivity when people receive dozens or hundreds of spam messages daily and the use of resources to receive and store spam on e-mail servers. spoofed address A source address inserted into a packet that is not the actual address of the sending station. spyware A type of malware that monitors or in some way controls part of your computer at the expense of your privacy and to the gain of some third party. social engineering A tactic used by attackers in which users perform a function such as opening an infected e-mail attachment, sending a hoax virus, or providing a password unaware that they are aiding the attacker. stateful packet inspection (SPI) A filtering method used in a firewall, whereby packets are not simply filtered based on packet properties but also the context in which packets are being transmitted. If a packet is not part of a legitimate, ongoing data conversation, it’s denied. Trojan program A program that appears to be something useful, such as a free utility you can use on your computer, but in reality contains some type of malware. virtual private networks (VPNs) Temporary or permanent connections across a public network that use encryption technology to transmit and receive data. virus A malicious program that spreads by replicating itself into other programs or documents. A virus usually aims to disrupt computer or network functions by deleting and corrupting files. war drivers Attackers who drive around with a laptop or PDA looking for wireless LANs to access. Wi-Fi Protected Access (WPA) A wireless security protocol that is the successor to Wired Equivalency Protocol. WPA has enhancements that make cracking the encryption code more difficult. Wired Equivalency Protocol (WEP) A form of wireless security that encrypts data so that unauthorized people receiving wireless network signals can’t interpret the data easily. worm A self-replicating program, similar to a virus, that uses network services such as e-mail to spread to other systems. Technical Notes for Hands-On Projects All projects in this book that use the Sharing and Security option for folders assume that the Use simple file sharing option has been disabled. Hands-On Project 10-1: This project requires a classroom computer. Hands-On Project 10-2: This project requires a classroom computer with Linux installed or a Linux Live CD. This project uses Ubuntu Linux 10.4 Hands-On Project 10-3: This project requires a classroom computer. Hands-On Project 10-4: This project requires a classroom computer with access to the Internet. Hands-On Project 10-5: This project requires a classroom computer with access to the Internet. Hands-On Project 10-6: This project requires a computer with access to the Internet. Using Virtualization for Hands-On Projects The following Hands-On Projects/Challenge Labs have been identified as those that students can do using virtual machines rather than physical machines. Hands-On Project 10-1 Hands-On Project 10-2 Hands-On Project 10-3 Hands-On Project 10-4 Hands-On Project 10-5 Hands-On Project 10-6 Challenge Lab 10-1 Challenge Lab 10-2 Instructor Manual for Guide to Networking Essentials Gregory Tomsho 9781111312527, 9781305105430, 9788131502136
Close