Chapter 11 Security, Chapter 11 Security, Backup and User TrainingBackup and User Training
11.1 Security Threats11.1 Security Threats
11.2 Backup and Restore11.2 Backup and Restore
11.3 User Training and Support11.3 User Training and Support
Chapter 11 Security, backup, support
11.1 Security Threats
Consequences of poor security:Company secrets fallen into wrong hands Disclosure of personal informationInformation may be modified or destroyedNetwork cannot functionThe network becomes a center that spreads virus
Security threats External threats Internal threats
11.1.1 Against External Threats
External threats due to hackers
Methods include: Front-door attack
obtains an access rights to log on a systemcracking
• use a program to generate passwords
Backdoor attackmakes use of the bugs in NOS
Wireless attackaccessing through wireless connection
Chapter 11 Security, backup, support
11.1.1 Against External Threats
A. Against Front-door Attacks
Several ways to against front-door attacks: firewall restricting access to server dial-back
Chapter 11 Security, backup, support
11.1.1 Against External Threats
A. Against Front-door Attacks
1. Firewall is a software (or, sw + hw) to prevent unauthorised access sits between
router, and network
decides messages to pass through Techniques:
packet filteringcompares the IP address of packets against a blacklist
network address translator (NAT) hides the IP addresses of computers inside a network
Chapter 11 Security, backup, support
11.1.1 Against External Threats
A. Against Front-door Attacks
2. Restricting access to a server limit access to a server based on the Ethernet MAC addresses
3. Dial-back for remote access to a LAN using modem Procedures:
1. user dials the system2. user logs in3. system terminates the connection4. system dials the preprogrammed phone number
Chapter 11 Security, backup, support
11.1.1 Against External Threats
B. Against Backdoor Attacks
Backdoor attacks takes advantages of security holes
problems in NOS done by worm
a malicious programinstalls a “backdoor” to the victim system
• allow hackers to get incarries out DoS attack
• overload computational resources • consume the bandwidth
Outbreak: many networks are harmed in short period Solution: update the NOS with patches regularly
Chapter 11 Security, backup, support
11.1.1 Against External Threats
C. Against Wireless Attacks
Wireless signals travel through air easy to intercept
Protection by encryption
WEP (Wired equivalent privacy) WPA (Wi-Fi Protected Access)
Issues The encryption capability of many wireless devices is non-activated by
default. Encryption can be broken:
e.g. WEP (Wired equivalent privacy) has been broken Solution:
Activate encryption Use a strong authentication Share out resources only when needed
Chapter 11 Security, backup, support
11.1.2 Against Internal Threats
Internal threats internal users access files that they are not supposed to
accesse.g. students access teachers’ files
caused by improper account settingusers leaving their seats without logging offusers writing down their passwords
Chapter 11 Security, backup, support
11.1.2 Against Internal Threats
A. Account Security
Account security means managing user accounts properly to enhance the security of a network. includes the following settings
Set up groups and assign access rightsRemove “guest” Rename the default administrative account.Set password policies Watch for incorrect password attemptsEstablish times of day for log on
Chapter 11 Security, backup, support
11.1.2 Against Internal Threats
B. Directory Permission
Directory permission rights assigned to users includes
create only• add new file to a directory only
• similar to a mailbox on street read only
• open a file for viewing, but cannot change the filechange
• open/edit/delete files
• but, cannot grant rights to other usersfull control
Chapter 11 Security, backup, support
11.1.2 Against Internal Threats
C. Against Malicious software
Malicious software developed for the purpose of doing harm to a compute
system How is a computer infected?
opening the attachment in an e-mail sharing of data files use of illegal software installing software from an unknown source attacked by hackers who spread the virus
Chapter 11 Security, backup, support
11.1.2 Against Internal Threats
C. Against Malicious software
Avoiding infection Install anti-virus software in each computer.
Update the virus definition file regularlyScan your hard disk to check for virus regularlyScan all downloaded files and e-mail attachments
Do not open or forward e-mails with attachments from unknown sources
Do not use illegal software. Install firewall Install latest patches for OS and application software Make sure that your computer will not boot from a floppy
disk drive or CD-ROM drive
Chapter 11 Security, backup, support
11.2 Backup and Restore (1/3)
A. Full and Incremental backups Full backup
copies all files from a hard disk to the backup mediacan take very long time slow down the network done once every week
Incremental backupbackup only those files modified since the last full backupdone every night
Chapter 11 Security, backup, support
11.2 Backup and Restore (2/3)
B. Backup medium magnetic tape or optical disk choice based on
speed, reliability, storage duration
C. Location for storing backup copies safe location away from the network system locked physically
Chapter 11 Security, backup, support
11.2 Backup and Restore (3/3)
D. Configure the scheduled backups schedule backup after busy hours
E. Test the ability to recover from backups regularly test the ability to recover regularly
F. Document the procedures in restoration write steps in restoring from backup copies clearly
for other people to restore successfully
Chapter 11 Security, backup, support
11.3 User Training and Support (1/4)
Training for end-users include: basic concept about a network how to trouble-shoot simple problems how to log on the system from a workstation how to access network resources how to perform daily backup importance of keeping password secret importance of security importance of avoiding virus infection
Chapter 11 Security, backup, support
11.3 User Training and Support (2/4)
Modes of Training Orientation sessions
show users what they have and how to use it
Training sessions schedule some classroom traininginteraction
Job aids Quick reference cards, manuals, keyboard shortcuts
Chapter 11 Security, backup, support
11.3 User Training and Support (3/4)
A. Getting support Network administrators may get support from
help menu of NOSdocumentation from the vendors hotline of the vendorsforums and newsgroups on the InternetCD-ROM/Web sites of vendors
Users should be provided with Web pages for simple troubleshootingonline documentsphone numbers for technical support
Chapter 11 Security, backup, support
11.3 User Training and Support (4/4)
B. Types of support Out-sourced technical support services (TSS)
carrying out routine maintenance tasks• backing up files
• updating OS patches
• keeping the stocks solving emergency problems
• failure of server, router, switches, or NOS
Options: One or two technical staff may reside in the company
Chapter 11 Security, backup, support