Upload
marilyn-conley
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
Chapter FourteenChapter FourteenEnsuring Integrity and Ensuring Integrity and
AvailabilityAvailability
ObjectivesObjectives
Identify the characteristics of a network that Identify the characteristics of a network that keep data safe from loss or damagekeep data safe from loss or damageProtect an enterprise-wide network from Protect an enterprise-wide network from virusesvirusesExplain network- and system-level fault-Explain network- and system-level fault-tolerance techniquestolerance techniquesDiscuss issues related to network backup Discuss issues related to network backup and recovery strategiesand recovery strategiesDescribe the components of a useful disaster Describe the components of a useful disaster recovery planrecovery plan
What Are Integrity and Availability?What Are Integrity and Availability?
IntegrityIntegrity Soundness of a network’s programs, data, Soundness of a network’s programs, data,
services, devices, and connectionsservices, devices, and connections
AvailabilityAvailability Refers to how consistently and reliably a file Refers to how consistently and reliably a file
system to be accessed by authorized system to be accessed by authorized personnelpersonnel
Guidelines for Protecting Your Guidelines for Protecting Your NetworkNetwork
Prevent anyone other than a network Prevent anyone other than a network administrator from opening or changing the administrator from opening or changing the system filessystem files
Monitor the network for unauthorized access Monitor the network for unauthorized access or changeor change Process of monitoring a network for unauthorized Process of monitoring a network for unauthorized
access to its devices is known as access to its devices is known as intrusion intrusion detectiondetection
Guidelines for Protecting Your Guidelines for Protecting Your NetworkNetwork
Record authorized system changes in a Record authorized system changes in a change management systemchange management system
Install redundant componentsInstall redundant components Situation in which more than one component Situation in which more than one component
is installed and ready to use for storing, is installed and ready to use for storing, processing, or transporting data is referred to processing, or transporting data is referred to as as redundancyredundancy
Guidelines for Protecting Your Guidelines for Protecting Your NetworkNetwork
Perform regular health checks on the networkPerform regular health checks on the network
Monitor system performance, error logs, and Monitor system performance, error logs, and the system log book regularlythe system log book regularly
Keep backups, boot disks, and emergency Keep backups, boot disks, and emergency repair disks current and availablerepair disks current and available
Implement and enforce security and disaster Implement and enforce security and disaster recovery policiesrecovery policies
VirusesViruses
VirusVirus Program that replicates itself so as to infect Program that replicates itself so as to infect
more computersmore computers
Trojan horseTrojan horse Disguises itself as something useful but Disguises itself as something useful but
actually harms your systemactually harms your system
Types of VirusesTypes of Viruses
Boot sector virusesBoot sector viruses Reside on the boot sector of a floppy disk and Reside on the boot sector of a floppy disk and
become transferred to the partition sector or become transferred to the partition sector or the DOS boot sector on a hard diskthe DOS boot sector on a hard disk
Macro VirusesMacro Viruses Take the form of a word-processing or Take the form of a word-processing or
spreadsheet program macrospreadsheet program macro
File infected virusesFile infected viruses Attach themselves directly to executable filesAttach themselves directly to executable files
Types of VirusesTypes of Viruses
Network virusesNetwork viruses Propagate themselves via network protocols, Propagate themselves via network protocols,
commands, messaging programs, and data commands, messaging programs, and data linkslinks
WormsWorms Technically not viruses, but rather programs Technically not viruses, but rather programs
that run independently and travel between that run independently and travel between computers across networkscomputers across networks
Trojan horseTrojan horse
Virus CharacteristicsVirus Characteristics
EncryptionEncryption
StealthStealth
PolymorphismPolymorphism
Time-dependenceTime-dependence
Antivirus SoftwareAntivirus Software
Symptoms of a virusSymptoms of a virus Unexplained increases in file sizesUnexplained increases in file sizes Programs launching, running, or exiting more Programs launching, running, or exiting more
slowly than usualslowly than usual Unusual error messages appearing without Unusual error messages appearing without
probable causeprobable cause Significant, unexpected loss of system Significant, unexpected loss of system
memorymemory Fluctuations in display qualityFluctuations in display quality
Antivirus SoftwareAntivirus Software
Functions your antivirus software should Functions your antivirus software should performperform Signature scanningSignature scanning
Comparison of a file’s content with known virus Comparison of a file’s content with known virus signatures in a signature databasesignatures in a signature database
Integrity checkingIntegrity checkingMethod of comparing current characteristics of files and Method of comparing current characteristics of files and disks against an archived version of these disks against an archived version of these characteristics to discover any changescharacteristics to discover any changes
It should detect viruses by monitoring unexpected It should detect viruses by monitoring unexpected file changes or virus-like behaviorsfile changes or virus-like behaviors
Antivirus SoftwareAntivirus Software
Functions your antivirus software should Functions your antivirus software should perform (cont.)perform (cont.) Receive regular updates and modifications Receive regular updates and modifications
from a centralized network consolefrom a centralized network console Consistently report only valid viruses, rather Consistently report only valid viruses, rather
than reporting “false alarms”than reporting “false alarms”Heuristic scanningHeuristic scanning
Attempt to identify viruses by discovering “virus-like” Attempt to identify viruses by discovering “virus-like” behavior behavior
Antivirus PolicyAntivirus Policy
General guidelines for an antivirus policyGeneral guidelines for an antivirus policy Every computer in an organization should be Every computer in an organization should be
equipped with virus detection and cleaning equipped with virus detection and cleaning software that regularly scans for virusessoftware that regularly scans for viruses
Users should not be allowed to alter or Users should not be allowed to alter or disable the antivirus softwaredisable the antivirus software
Users should know what to do in case their Users should know what to do in case their antivirus program detects a virusantivirus program detects a virus
Antivirus PolicyAntivirus Policy
General guidelines for an antivirus policy General guidelines for an antivirus policy (cont.)(cont.) Every organization should have an antivirus Every organization should have an antivirus
team that focuses on maintaining the antivirus team that focuses on maintaining the antivirus measures in placemeasures in place
Users should be prohibited from installing any Users should be prohibited from installing any unauthorized software on their systemsunauthorized software on their systems
Organizations should impose penalties on Organizations should impose penalties on users who do not follow the antivirus policyusers who do not follow the antivirus policy
Virus HoaxesVirus Hoaxes
False alert about a dangerous, new virus False alert about a dangerous, new virus that could cause serious damage to your that could cause serious damage to your workstationworkstation
Usually have no realistic basis and should Usually have no realistic basis and should be ignoredbe ignored
Fault ToleranceFault Tolerance
Capacity for a system to continue Capacity for a system to continue performing despite an unexpected performing despite an unexpected hardware or software malfunctionhardware or software malfunction FailureFailure
Deviation from a specified level of system Deviation from a specified level of system performance for a given period of timeperformance for a given period of time
FaultFaultInvolves the malfunction of one component of a Involves the malfunction of one component of a systemsystem
Fault ToleranceFault Tolerance
Fail-overFail-over Process of one component immediately assuming the Process of one component immediately assuming the
duties of an identical componentduties of an identical component
A sophisticated means for dynamically A sophisticated means for dynamically replicating data over several physical hard replicating data over several physical hard drives is known as drives is known as hard disk redundancyhard disk redundancy, , calledcalled RAID RAID (for (for Redundant Array of Redundant Array of Inexpensive DisksInexpensive Disks))
To assess the fault tolerance of your network, To assess the fault tolerance of your network, you must identify any single point of failureyou must identify any single point of failure
Environment and PowerEnvironment and Power
EnvironmentEnvironment Analyze the physical environments in which Analyze the physical environments in which
your devices operateyour devices operate
PowerPower Whatever the cause, networks cannot tolerate Whatever the cause, networks cannot tolerate
power loss or less than optimal powerpower loss or less than optimal power
Power FlawsPower Flaws
SurgeSurge
Line noiseLine noise
BrownoutBrownout Also known as a Also known as a sagsag
BlackoutBlackout
Uninterruptible Power Supply Uninterruptible Power Supply (UPS)(UPS)
Battery-operated power source directly attached to one Battery-operated power source directly attached to one or more devices and to a power supplyor more devices and to a power supplyStandby UPSStandby UPS
Switches instantaneously to the battery when it detects a loss of Switches instantaneously to the battery when it detects a loss of power from the wall outletpower from the wall outlet
Figure 14-1: Standby UPS
Uninterruptible Power Supply Uninterruptible Power Supply (UPS)(UPS)
Online UPSOnline UPS Uses the A/C Uses the A/C
power from the power from the wall outlet to wall outlet to continuously continuously charge its battery, charge its battery, while providing while providing power to a power to a network device network device through its batterythrough its battery
Figure 14-2: Online UPS
Factors in Choosing a UPSFactors in Choosing a UPS
Amount of power neededAmount of power needed AA volt-amp (VA)volt-amp (VA) is the product of the voltage is the product of the voltage
and current of the electricity on a lineand current of the electricity on a line
Period of time to keep a device runningPeriod of time to keep a device running
Line conditioningLine conditioning
CostCost
GeneratorsGenerators
If your organization cannot withstand a If your organization cannot withstand a power loss of any duration, consider power loss of any duration, consider investing in an electrical generator for your investing in an electrical generator for your buildingbuilding
Generators do not provide surge Generators do not provide surge protection, but do provide clean (free from protection, but do provide clean (free from noise) electricitynoise) electricity
TopologyTopology
Figure 14-3: Fully-meshed network
Figure 14-4: Network with one
redundant connection
ConnectivityConnectivity
Hot swappableHot swappable Identical components that automatically assume the Identical components that automatically assume the
functions of their counterpart if one suffers a faultfunctions of their counterpart if one suffers a fault
Figure 14-8: ISP connectivity
ConnectivityConnectivity
Load balancingLoad balancing Automatic distribution of traffic over multiple links Automatic distribution of traffic over multiple links
or processors to optimize responseor processors to optimize response
Figure 14-9: Fully redundant system
ServersServers
Server mirroringServer mirroring Fault tolerance technique in which one server Fault tolerance technique in which one server
duplicates the transactions and data storage of anotherduplicates the transactions and data storage of another
Figure 14-10: Server with
redundant NICs
Server ClusteringServer Clustering
Fault-tolerance technique that links Fault-tolerance technique that links multiple servers together to act as a single multiple servers together to act as a single serverserver
Clustered servers share processing duties Clustered servers share processing duties and appear as a single server to usersand appear as a single server to users
Clustering is more cost-effective than Clustering is more cost-effective than mirroringmirroring
StorageStorage
Redundant Array of Inexpensive Disks Redundant Array of Inexpensive Disks (RAID)(RAID) Collection of disks that provide fault tolerance Collection of disks that provide fault tolerance
for shared data and applicationsfor shared data and applications A group of hard disks is called a disk A group of hard disks is called a disk arrayarray The collection of disks working together in a The collection of disks working together in a
RAID configuration is often referred to as the RAID configuration is often referred to as the “RAID drive”“RAID drive”
RAID Level 0—Disk StrippingRAID Level 0—Disk Stripping
Simple implementation of RAID in which data are written Simple implementation of RAID in which data are written in 64 KB blocks equally across all disks in the arrayin 64 KB blocks equally across all disks in the array
Figure 14-11: RAID Level 0—disk stripping
RAID Level 1—Disk MirroringRAID Level 1—Disk Mirroring
Data from one disk are copied to another disk Data from one disk are copied to another disk automatically as the information is writtenautomatically as the information is written
Figure 14-12: RAID Level 1—disk mirroring
RAID Level 3—Disk Stripping with RAID Level 3—Disk Stripping with Parity ECCParity ECC
Disk stripping with a special type of error correction code Disk stripping with a special type of error correction code (ECC)(ECC)
Term Term parityparity refers to the mechanism used to verify the refers to the mechanism used to verify the integrity of data by making the number of bits in a byte sum to integrity of data by making the number of bits in a byte sum to either an odd or even numbereither an odd or even number
TABLE 14-1 Use of parity bits to achieve parity
RAID Level 3—Disk Stripping with RAID Level 3—Disk Stripping with Parity ECCParity ECC
Parity error checkingParity error checking Process of comparing the parity of data read from Process of comparing the parity of data read from
disk with the type of parity used by the systemdisk with the type of parity used by the system
FIGURE 14-13 RAID Level 3—disk stripping with parity ECC
RAID Level 5—Disk Stripping with RAID Level 5—Disk Stripping with Distributed ParityDistributed Parity
Data are written in small blocks across several disksData are written in small blocks across several disks
Figure 14-14: RAID Level 5—disk stripping with distributed parity
Network Attached Storage Network Attached Storage (NAS)(NAS)
Specialized storage device or group of storage devices Specialized storage device or group of storage devices providing centralized fault-tolerant data storage for a networkproviding centralized fault-tolerant data storage for a network
Figure 14-15: Network attached storage on a LAN
Storage Area Networks (SANS)Storage Area Networks (SANS)
Distinct networks of storage devices that Distinct networks of storage devices that communicate directly with each other and communicate directly with each other and with other networkswith other networks
Extremely fault tolerantExtremely fault tolerant
Extremely fastExtremely fast Much of their speed can be attributed to Much of their speed can be attributed to
Fibre ChannelFibre Channel
Data BackupData Backup
Copy of data or program files created for Copy of data or program files created for archiving purposesarchiving purposes
Without backing up data and storing them Without backing up data and storing them off-site, you risk losing everythingoff-site, you risk losing everything
Note that backing up workstations or Note that backing up workstations or backing up servers and other host backing up servers and other host systems are different operationssystems are different operations
Tape BackupsTape Backups
Most popular Most popular method for backing method for backing up networked up networked systemssystemsVaultVault Tape storage libraryTape storage library
Figure 14-17: Examples of backup tape media
Tape BackupsTape Backups
Questions to ask when selecting the appropriate Questions to ask when selecting the appropriate tape backup solution for your network:tape backup solution for your network: Does the backup drive and/or media provide sufficient Does the backup drive and/or media provide sufficient
storage capacity?storage capacity? Are the backup software and hardware proven to be Are the backup software and hardware proven to be
reliable?reliable? Does the backup software use data error checking Does the backup software use data error checking
techniques?techniques? Is the system quick enough to complete the backup Is the system quick enough to complete the backup
process before daily operations resume?process before daily operations resume?
Tape BackupsTape Backups
Questions to ask when selecting the appropriate Questions to ask when selecting the appropriate tape backup solution for your network (cont.):tape backup solution for your network (cont.): How much do the tape drive, software, and media How much do the tape drive, software, and media
cost?cost? Will the backup hardware and software be compatible Will the backup hardware and software be compatible
with existing network hardware and software?with existing network hardware and software? Does the backup system require frequent manual Does the backup system require frequent manual
intervention?intervention? Will the backup hardware, software, and media Will the backup hardware, software, and media
accommodate your network’s growth?accommodate your network’s growth?
Online Backups and Backup Online Backups and Backup StrategyStrategy
Online backupsOnline backups Done over the InternetDone over the Internet
Questions to ask in developing a backup Questions to ask in developing a backup strategy:strategy: What kind of rotation schedule will backups What kind of rotation schedule will backups
follow?follow? At what time of day or night will the backups At what time of day or night will the backups
occur?occur? How will you verify the accuracy of the backups?How will you verify the accuracy of the backups?
Backup StrategyBackup Strategy
Questions to ask in developing a backup Questions to ask in developing a backup strategy (cont.):strategy (cont.): Where will backup media be stored?Where will backup media be stored? Who will take responsibility for ensuring that Who will take responsibility for ensuring that
backups occurred?backups occurred? How long will you save backups?How long will you save backups? Where will backup and recovery Where will backup and recovery
documentation be stored?documentation be stored?
Backup Strategy MethodsBackup Strategy Methods
Full backupFull backup All data on all servers are copied to a storage All data on all servers are copied to a storage
mediummedium
Incremental backupIncremental backup Only data that have changed since the last Only data that have changed since the last
backup are copied to a storage mediumbackup are copied to a storage medium
Differential backupDifferential backup Only data that have changed since the last Only data that have changed since the last
backup are copied to a storage medium, and that backup are copied to a storage medium, and that information is then marked for subsequent information is then marked for subsequent backupbackup
Backup Rotation SchemeBackup Rotation Scheme
Specifies when and how often backups will occurSpecifies when and how often backups will occur
Figure 14-17: Grandfather-father-son backup rotation scheme
Disaster RecoveryDisaster Recovery
Process of restoring critical functionality Process of restoring critical functionality and data after enterprise-wide outage that and data after enterprise-wide outage that affects more than a single system or affects more than a single system or limited group of userslimited group of users
Must take into account the possible Must take into account the possible extremes, rather than relatively minor extremes, rather than relatively minor situationssituations
Pertinent Issues to a Data Pertinent Issues to a Data Recovery PlanRecovery Plan
Contact names for emergency coordinators who will Contact names for emergency coordinators who will execute the disaster recovery responseexecute the disaster recovery response
Details on which data and servers are being backed Details on which data and servers are being backed up, how frequently backups occur, where backups are up, how frequently backups occur, where backups are kept, and how backup data can be recovered in fullkept, and how backup data can be recovered in full
Details on network topology, redundancy, and Details on network topology, redundancy, and agreements with national service carriersagreements with national service carriers
Regular strategies for testing the disaster recovery Regular strategies for testing the disaster recovery planplan
Plan for managing the crisisPlan for managing the crisis
Chapter SummaryChapter Summary
Integrity refers to the soundness of your network’s Integrity refers to the soundness of your network’s files, systems, and connectionsfiles, systems, and connectionsAvailability of a file or system refers to how Availability of a file or system refers to how consistently and reliably it can be accessed by consistently and reliably it can be accessed by authorized personnelauthorized personnelSeveral basic measures can be employed to Several basic measures can be employed to protect data and systems on a networkprotect data and systems on a networkA virus is a program that replicates itself so as to A virus is a program that replicates itself so as to infect more computersinfect more computersIn broad terms, a failure is a deviation from a In broad terms, a failure is a deviation from a specified level of system performance for a given specified level of system performance for a given period of timeperiod of time
Chapter SummaryChapter Summary
Fault tolerance is a system’s capacity to Fault tolerance is a system’s capacity to continue performing despite an unexpected continue performing despite an unexpected hardware or software malfunctionhardware or software malfunction
Networks cannot tolerate power loss or less Networks cannot tolerate power loss or less than optimal powerthan optimal power
Type of network topology that offers the best Type of network topology that offers the best fault tolerance is a mesh topologyfault tolerance is a mesh topology
A backup is a copy of data or program files A backup is a copy of data or program files created for archiving or safekeeping purposescreated for archiving or safekeeping purposes
Chapter SummaryChapter Summary
Have a strategy for backupHave a strategy for backup
Different backup methods provide varying levels Different backup methods provide varying levels of certainty and corresponding labor and costof certainty and corresponding labor and cost
Disaster recovery is the process of restoring Disaster recovery is the process of restoring critical functionality and data after an enterprise-critical functionality and data after an enterprise-wide outage that affects more than a single user wide outage that affects more than a single user or limited group of usersor limited group of users
Every organization should have a disaster Every organization should have a disaster recovery team and disaster recovery planrecovery team and disaster recovery plan