UC 3: LO1 -LO2: Install and Configure Internet Infrastructure and Service

Network hardware:
 A great variety of networking devices exist—many more than can possibly be
covered here.
 Local requirements dictate the types of networks be formed using these devices.
Ethernet:
 Most network devices commonly-used are based upon the Ethernet protocol.
 Ethernet speeds have been slowly increasing over the last decade, from 10 megabits
per second (10 Mbps, 10 million bps) up to discussions of 10 gigabits per second (10
Gbps, 10 x 1000 Mbps) and beyond.
 Currently, most computer networks work very well with the 100 Mbps range of
products, but as data transfers within a local rea network increase, the higher
bandwidth and capacity of faster networks may be needed.
 Often the limiting factor is not the network speed but other bottlenecks (limits) in
the overall system, such as processing speed and hard drive access times. Ethernet
uses the concept of CSMA/CD (carrier sense multiple access with collision
detection).
 Carrier sense means that devices on the network listen first for no network activity
on the network.
 No activity indicates that no other device is sending information, since they all use a
common medium to transfer data (multiple access).
 But since just as in a momentarily quiet room two or more people may start to
speak at the same time, the collision detection mechanism is a method of dealing
with this.
 Wireless Ethernet: devices (based on the IEEE 802.11 standards) have recently
become more available.
 These include connection devices such as wireless access points (AP) and individual
peripherals, such as printers.
 Wireless networking devices connect the network by radio waves.
 Similar concepts to the wired Ethernet are used to ensure that transmissions don’t
conflict (collisions) and are regulated in some way.

1
Open Systems Interconnect–Reference Model (OSI-RM):
 The open systems interconnect—reference model forms the basis of networking
communications and is maintained by the International Standards Organization
(ISO).
 It is a model to aid in the development of communications standards, not a standard
itself.
 The different layers define functions that should be considered and implemented at
each level.
 When a device operates at a particular layer it means that the device components
make informed decisions based on information from that layer of the model.
 For example, a switch makes decisions at layer 2, data link layer, based on the media
access control (MAC) address of the destination network card.
 The MAC is a sub-layer of the data link layer. (Of course, all devices need access to
the layers below so that they can physically connect together.)
Table 1: OSI reference model layers and basic functions
Layer Basic functions
7 – Application Interface to user Programs
6 – Presentation Data compression, encryption
5 – Session Authentication
4 – Transport Logical connection of data stream
3 – Network Moving of data packets through connected networks
2 – Data Link Co-ordination of access to the medium
1 – Physical Physical signalling on the medium

2
Network devices
 Some of the more general types of network devices available are listed in Table 1 on
the next page.
Table 2: Examples of network devices available
Device Description
Network Often referred to as network interface cards (NICs), they may be installed in a
cards computer or peripheral device and interact with the network medium,
including both wired and wireless networks.
Switches Often switches are used interchangeably with hubs, but they have slightly
different characteristics. The differences will not usually show up as a
performance increase until used in a larger network with multiple servers. A
switch is a better performing device and is only slightly more expensive than
a hub.
Switches operate at layer 2 (data link layer) of the open systems
interconnect—reference model and can make a decision on the destination of
a data packet that they receive. In this way, a switch may send data out to a
port based on the destination media access control (MAC) address that is
included in every frame. In fact, simultaneous data transfer between
computers is possible, which increases overall network capacity.
Hubs A hub creates the basic framework for most local area networks used in
business and home environments. They connect the servers, workstations
and other network devices together.
Hubs are also called multi-port repeaters. Hubs work at the OSI open systems
interconnect—reference model Physical (layer 1).
Routers Routers are used to interconnect two or more LANs. The LANs may
communicate through the router or the router may act as a gateway to
connect to the Internet.
Routers operate at Layer 3 (Network layer) of the open systems interconnect
—reference model and make decisions based on the network addresses
which are included in the data packet. In most networks, the network
address will be based on IP addresses but may also include IPX address
information to work with Novell Netware networks.

3
Device Description
Access These devices act as a hub in a wireless network and as a connection
points between the wired and wireless network segments in a combined network.
In some configurations, the access point will act as a switch and/or router
and prevent unnecessary data packets from travelling between the wired and
wireless sections of the network. In other configurations, two or more access
points may only act as a repeater (or relay) and connect segments of a wired
LAN, perhaps between buildings or across roads where wired access would
be difficult or expensive to connect.
Broadband These devices connect between a LAN (or single computer) and a permanent
modem/ broadband Internet connection such as ADSL or Cable. Modem versions tend
routers to have USB connections that must connect directly to a computer. Router
versions have an RJ-45 LAN connection and/or a wireless antenna that may
connect to a computer or hub to share Internet access between many
computers.
Printers Many printers are available to connect directly to an Ethernet network.
These include printer with an inbuilt NIC. Examples are of network-ready
printers are: Brother HL-5170DN, Canon IP4000R and Hewlett Packard
DJ6840.
Scanners Some scanners are network-ready and provide access from the network.
Many of these are included in Multi-Function Centres with printer, copying
and fax capabilities as well. Examples are: Brother MFC-620CN, Canon NSA-
01 and Hewlett Packard Photosmart 2710.
Storage These devices offer additional file storage capabilities to a network. They act
as a file server and the storage can be controlled over the network. Examples
of Network Attached Storage devices are: D-Link DSM-624H, Iomega NAS
100d/160G and Linksys EFG250

4
Ways of Minimising Disruption
 Reputation—yours and your client’s; will they want you for future projects?
 System reliability—until fully tested doubts will linger as to the stability of the
system.
 In a technical field such as this client communications is important.
 Ultimately, the clients use the computers and devices you are working on.
 These clients will determine if you continue working with them.
 To minimise disruption, a close rapport of information exchange is required that
sets the scene to handle disputes and technical glitches that may arise.
 You also need to plan to avoid disruption in the first place. When planning an
installation or modification to a network, you need to:
 schedule work outside normal business hours
 inform people when your work may disrupt their work
 have backup and ‘back out’ plans in place to repair problems sooner
 have an installation plan approved by your client in advance (and avoid the
need for problem and conflict resolution later).
 For work in business hours, a temporary set up can allow business to continue while
work is done.
 This may include reconfiguring devices to use alternative resources, or to allow
different protocols to be used, such as by changing gateway settings and routes for
Internet connection and changing log in scripts.
 The configuration of any temporary set-up should be fully documented as it can also
be part of a disaster recovery plan.
Installation procedures:
 Internal hardware: Many main system boards come with a network adapter built-in;
opening the system unit of a computer workstation in order to add networking
hardware is rarely necessary.
 You may otherwise need to add a network card to a system when:
 None is built-in to the main system board
 Replacing or overriding a failed built-in network card
 An additional network card is needed for routing purposes
 Upgrading the network card for one with faster processing.

5
  Regardless of the reasons for installing an internal network card, typical precautions
must be taken.
 Remember that if the computer is a server of files, printer or other resources on the
network then many people are potentially affected by the outage.
 Typical steps to follow when installing a network card, explained in detail to follow,
are to:
 Inform users who will be affected
 Isolate the system unit by disconnecting the power supply and exterior cables
 Open the case and take anti-static precautions
 Identify the location to install card and possibly remove old card
 Follow manufacturer’s directions
 Replace case and cables
 Reconnect the power
 Install the software drivers, following manufacturer’s instructions.
Informing Users
 Depending on the system to be opened this may be a single user or a group or
everyone.
 The only time you do not have to worry about this step is when the system is not
working at all and by working on it, you will restore functionality.
 If it will take a long time then you still need to keep people informed of the progress.
 You can judge the necessity of the progress reports by the number of people asking
you when it will be fixed or even just ‘How’s it going?’
Isolating and Disconnecting the Unit
 You must first isolate the unit for your own safety and that of the equipment and
data stored.
 Most system units only deal with low voltages within the case (except for the power
supply itself) and safety switches on the mains supply (residual current devices,
RCDs) reduce the chances of electrocution.
 The disadvantage of such systems is that the safety switches cover many power
points.
 This means that if a safety switch trips, many devices and even larger numbers of
users will be affected by the loss of mains power.

6
  Disconnection from the supply reduces the possibility of causing such a power
failure.
 Removing or adding components to a live system may cause damage to the main
board (and potentially larger problems, causing file system damage and data loss,
even application and operating system problems, over a network).
 You need to disconnect exterior cables as a further safety practice.
 Access to the system unit will be simpler if you can lift the case to a normal work
height and into better lighting than found under most tables.
 Disconnected cables must then be left out of the way to prevent accidents.
Opening the case and taking anti-static precautions
 With the system unit in a well-lit, stable work area, you can remove the case.
(Remember to put the case parts out of the way to prevent accidents.)
At a minimum, you need to use an Notes on static
anti-static wrist strap in a correct Static discharge can damage sensitive components
manner to avoid causing damage to in the computer system. They may not fail
the system while working on it. The immediately but the life of components exposed
anti-static device works by connecting to static discharge is often reduced.
you to the computer and parts to It is not sufficient to merely touch the case. This is
reduce the voltage difference to zero. a fallacy. As soon as you are no longer touching
Wear the wrist-strap on your non- the case, static starts to build up a voltage
dominant wrist (the left wrist for difference between you and the system unit. You
right-handed people). The lead would need to consciously keep continuous
between the wrist-strap and the contact with the case. Less than 25 volts is needed
alligator clip (or similar) should to damage sensitive components in computer
connect to an unpainted surface of the systems while it takes over 1000 volts before you
computer case containing the main- feel any shock from static electricity.
board.
 Keep all hardware in its anti-static packaging until ready for installation and keep
the anti-static packaging in contact with an unpainted section of the computer case
while removing the component from packaging.
 Hardware components removed from the system should be placed in anti-static
packaging while the packaging is in contact with the case, in preparation for storage
and transport.

7
  The additional use of an anti-static (static dissipative) mat will enhance your anti-
static working environment.
 At client sites this displays your concern for the equipment under your care.
 Web links to handling techniques are listed in the Resources section of this Learning
Pack.

Figure 1: PCI network interface card on anti-static bag with wrist-strap

Identify location to install card (possibly removing an old card)
 PCI is the peripheral component interconnect standard (the abbreviation is always
used), which specifies a computer bus for attaching peripheral devices to a
computer motherboard.
 These devices can take the form of integrated circuits fitted onto the motherboard
itself (called planar devices in the PCI specification); or expansion cards that fit in
sockets.
 New network cards will insert into a spare PCI slot of the main system board.
 The PCI slots can be identified as white connectors approximately 8 cm long by 1 cm
wide towards the back of the system board.
 You should also identify possible obstructions to the installation of the network
interface card (NIC) and a clear path for the easy connection of the network patch
cable with all the other cables connected.
 This may include removing a screwed-in cover plate or a fixed panel that has been
pre-perforated.
 The pre-perforated panel needs to be removed by repeated small movements back
and forth until eventually it snaps off.
 Beware of the sharp edges of the case while doing this, particularly when the piece
comes away.

8
 Figure 2: PCI slot on main system board
Follow manufacturer’s directions
 Manufacturer’s directions usually include instructions for the correct insertion of
the NIC. Some manufacturers specify which PCI slot to use, which may require the
rearrangement of other cards.
 The visibility within a system case is often low, particularly with other cards
adjacent to the small NICs available.
 It is important to be sure that the network card is properly seated into the PCI slot.
 You should be able to see that most of the card’s gold edge connectors have gone
into the slot and what is left showing is even along the top edge.

Figure 3: Firmly seated PCI card

Reassembly and connection
 Reassembly and connection reverses the removal procedure. Remember to
disconnect your antistatic wrist-strap from the system as well.
 Re-locate the system unit and reconnect the exterior cables.
 When the power is turned on the unit should start up as normal. Be aware of any
beeps or warning messages that may be generated as the system performs its self-
check.

9
Installing software drivers
 The Microsoft Windows operating system should automatically detect the hardware
during start-up and a wizard will begin to install drivers necessary for the network
card.
 This may require a re-boot in order to activate the network card successfully. For
UNIX or Linux systems, modules may have to be enabled or even a re-compilation of
the system kernel.
External hardware
 Many devices already come with a network interface installed, such as hubs,
printers and storage devices.
 You may also choose to install a network interface adapter to an external port, such
as USB (Version 2.0) or FireWire (also known as i.Link or IEEE 1394).
 The choice of device will have already been made by this time, so the physical
installation is relatively straightforward.
 Similarly, the location of the external device and provision of power and suitable
network connections should have been arranged.
Patch and crossover cables
 Most networking hardware will interconnect using standard patch cables.
 Stranded unshielded twisted pair (UTP) cable is used for flexibility, with an RJ-45
modular connector plug on each end.
 The four pairs of conductors are arranged identically in each plug, as shown in
Figure 4 on the next page.
 When you need to directly connect a pair of like (similar) devices, a crossover cable
must be used.
 These cables are also made from stranded UTP cable for flexibility with an RJ-45
modular connector plug on each end, while the four pairs of conductors are
arranged to swap (cross over) the ‘transmit’ and ‘receive’ pairs in just one of the
plugs, as shown in Figure 5 on the next page.
 Table 3 on the next page shows the types of direct connections possible and the
types of cables used.

10
 Figure 4: Patch cable showing both Figure 5: Crossover cable with
ends identical swapped pairs (green swaps with
orange)
Table 3: Direct connections table
Network ** * These direct connections should not normally
occur when connecting hardware to a network.
storage .
Network ** **
** These direct connections will probably
printer never happen.

Wall Patch Patch ***

plate cable cable *** A patch cable may be for
testing as a loop back.
Patch * * Fixed ***
panel cabling
Hub or Patch Patch Crosso Patch Patch
switch cable cable ver cable cable
cable * between
an uplink
and a
normal
port
Compute Crossove Crossover Patch * Patch Crossove
r (NIC) r cable cable cable cable r cable
Device Network Network Wall Patch Hub or Compute
storage printer plate panel switch r (NIC)

11
How does it look?
Figures 6-10 to follow show
how the various connections
will appear when you connect
the devices to form a network.
Note the plastic lug of the RJ-
45 connector needs to be
squeezed in order to remove Figure 6: Computer using active
the plug as it locks the network card
connector in place. Cables with
broken lugs need to be
repaired or replaced.

Figure 7: Double wall plate with Figure 8: Patch panel showing spare
shuttered sockets and patch cable positions
connected

Figure 9: Hub with patch cable Figure 10: Hub with uplink port in
use Note: The uplink port and the 1X
port cannot both be used at the
same time.

12
  In Australia, for patch cables, the colour of the wire’s insulation (in Table 4) and
their interconnection follow the adopted standard is TIA/EIA T568A.
Table 4: Patch cable colours
Conductor Colour
pairs
1/2 White with orange stripe/solid orange
3/6 White with green stripe/solid green
4/5 White with blue stripe/solid blue
7/8 White with brown stripe/solid brown
 The connections you produce would resemble those on pages following, shown for:
 Normal connections with infrastructure (fixed wiring)
 Normal connections without infrastructure (no fixed wiring)
 Connecting two devices directly
 Connecting multiple hubs directly.

Figure 11: Diagram of the network connections used when fixed wiring infrastructure and
a wiring cabinet is available

13
 Figure 12: Diagram of the network connections used when there is no fixed wiring
infrastructure available

Figure 13: Diagram of the network connections used when connecting two like devices
directly

Figure 14: Diagram showing how two or more hubs may be interconnected either within
or outside a wiring cabinet

14
 Note: Many hubs and switches now come with auto negotiation of the ports as
either medium dependent interface-crossover (MDI-X, normal) or MDI (uplink), this
makes it much more fool-proof to interconnect devices. MDI is an Ethernet port
connection that allows network hubs or switches to connect to other hubs or
switches without a null-modem, or crossover cable. However with the increased
ease of interconnection, more care needs to be taken to ensure that you keep a
hierarchical structure to minimise the number of hubs between any two devices on
a LAN to four.
Configuration
 Once new hardware is connected, the equipment is then integrated into the existing
network or a new network begins.
 Integration includes the naming and addressing schemes for the protocols used on
the network, which may be specified by the organisation.
 Many new network devices such as routers or switches include a small web-server
that allows you to log in to the device and change settings using a web browser.
 In this way devices can be configured using any operating system with a web
browser.
 When making changes you must keep track of the IP address of the device, if you
change it to suit the network you are working on, you will not be able to connect
using the IP address in the browser address bar.
 Factory defaults are usually in place for username and password, so at a minimum
the password needs to be changed to prevent unwanted access.
 There is often a button to reset factory defaults if the password is lost or forgotten.
 Unfortunately, this also wipes any configuration changes, so documenting the
settings, including any changes made over time, is essential.
 The reset switch also requires the device to be physically secured, to prevent
tampering.

15
 Table 5 outlines the basic configurations added network hardware.
Table 5: Configurations for added hardware
Added network Basic configuration required
hardware
Workstation or Name; IP Address; Join domain or active directory; Add extra
NIC protocols such as Internetwork Packet Exchange (IPX) if needed
Hub Usually no configuration needed
Switch Usually no configuration needed. Switches learn about their part of
the network as they are used.
Router Name; Configuration needs to be made to have correct routes and
interface addresses assigned. IP Addresses (Note two or more for a
router). Some routers will discover the adjacent route from adjacent
routers if these protocols are active.
Printer Configuration program needs to be installed on a workstation to
allow configuration to be carried out. Drivers installed on the server
if present and possibly on each workstation. Name; Share name; IP
address; Add to domain or active directory
Network storage Configuration program needs to be installed on a workstation to
allow configuration to be carried out. Share often controlled by the
server transparently to the users. Mapping drive letters by modifying
login scripts. Name; Share name; IP Address.
 If any settings were modified at the start of the installation phase then these need to
be reconfigured to their original settings, or to new settings if they are affected by
the changes you have made.
Setting the IP address
 Each workstation, server or other network peripheral device on a network needs its
own unique identification number in the form of an Internet protocol (IP) address.
 In IP version 4 (used here), known as dotted decimal notation, has a 4-byte binary
string that is normally written as four decimal numbers each separated by a period
or dot, for example:203.14.151.67.
 The two choices for setting IP addresses are called static and dynamic.
 Static IP addresses are changed manually so the address remains the same for a
computer until specifically changed.

16
  A dynamic host control protocol (DHCP) server allocates dynamic IP addresses, and
while they tend to remain the same, they may change without notice.
 Static IP addresses are manually configured and tend to be used in small networks where
changes will not happen very often and a DHCP server is not present on the network.
Static IP addresses are also used for routers, gateways, servers and other network
resources on any network.
Dynamic IP addresses must be used in Note on figures next page
conjunction with a DHCP server and
Dialog boxes in Figures 15–19 to follow,
tend to be used on larger networks for
used to illustrate setting an IP address
IP address allocation to workstations.
and computer name, are from Windows
The DHCP server allocates an IP
XP Home edition. Windows XP
address automatically to a client device
Professional differs slightly in detail.
when the client requests one.
 Many ADSL routers now incorporate a DHCP server so smaller networks are using
dynamic IP addressing. The DHCP server also allocates the configuration details for
accessing the Internet through the router, making re-configuration and Internet access
easy.
 To set the IP address as either static or dynamic as per
organisational policy and standards you must:
 Login with an administrator level account.
 Select Start then select the My Network Places option.
 In Network Tasks on the left select View network
connections if they are not currently shown. Figure 15: Local
 In the right panel under the LAN or High-Speed Internet section Area Connection
right-click the Local Area Connection and select Properties from Properties
the pop-up menu to display the following dialog.
 You may need to scroll down the Protocols & Clients list to view
the Internet Protocol (TCP/IP) item. Select this & click on the
Properties button.

 For dynamic IP addressing select both the Obtain an IP address Figure 16: Setting for dynamic IP
automatically and Obtain DNS server address automatically, as addressing.
in Figure16

17
 For Static IP addresses you need to set all of the information
except an Alternate DNS server in order to access the
Internet, as in Figure 17.

Figure 17: Setting for static IP

addressing (substitute values for your
own network and Internet service
provider)

 When the name is displayed as required you press the OK

button.
 If you are using Windows XP Professional and you are joining
a domain here then you will be prompted for the username
and password of a domain administrator level account to join
the domain. Figure 18: System Properties showing
 This will be followed by a short delay as authentication and Computer Name tab details (Note:
entry to the Active Directory is made. When successful, a Windows XP Professional will also
welcome message is displayed. mention joining a domain near the
Change button)

 To change the computer’s name to conform to organisational

policy and standards you must:
 Login with an administrator level account.
 Select Start then right-click on the My Computer option.
 From the pop-up menu select Properties.
 Click on the Computer Name tab of the dialog. You
should have a dialog like that in Figure 18.
 Click on the Change button to show the Computer Name Figure 19: Changing the computer’s
Changes dialog in Figure 19. name (Note: Windows XP Professional
will have a section to join a Domain
under the Workgroup entry fields)

18
Setting the computer name
 You need to set the computer name of all the computers in your network.
 This allows you to organise how the network interacts with various devices and also
allows shares to be re-shared from a central source such as a server.
 Testing the hardware and configuration
 Now that everything is in place as planned, you must undertake a systematic (if not
complete) test of the network system.
 You must confirm that the network functions as designed.
 Can users login? Note that the questions start
 Can users reach the server to store and with ‘Can users…’ You might be
retrieve files? able to do these things while
 Can users run applications that need logged on as an administrator,
access to the server? but the test is ‘regular users’,
 Can users print to all of the printers they probably with more restrictive
should have access to? accounts.
 Can users reach the Internet?
 You should have a checklist available with the functions you will test and the
expected outcomes of the test.
 Leave room for comments, which allows you to log the actual results, problems and
solutions.
 It is impractical to test every login account and every function on every workstation.
 You need to access all combinations of user groups and functionality with at least
one network function from each workstation.
 This ensures that all devices are physically connected to the network and that group
based policies and scripts are working.
 This only leaves doubt about a few possible non-standard (often undocumented)
modifications that exist in an existing network system.
 These will be highlighted by help desk calls and allow them to be integrated into the
standard system or documented properly as exceptions if they are really necessary.
 Table 6 on the next page has a sample checklist. Note the testing is planned to cover
all the workstations and both the sales and admin groups. Access to the H: drive,
Internet and both printers is confirmed from each group.

19
 Table 6: Sample checklist
Computer Login as Access Access Print Print Tested Test Test
H: Internet colour laser by date OK
WS001 Testsales Test Test
WS002 Testsales Test
WS003 Testsales Test
WS004 Testadmin Test Test
WS005 Testadmin Test
WS006 Testadmin Test

The ping command

 The ‘ping’ command helps confirm the basic connectivity of a network device. Ping
stands for packet Internet grouper (or groper or gopher).
 An echo request packet is sent out to the IP address; the receiving system identifies
it and sends back an acknowledgement.
 This round trip ensures that there is an active network path between the two
devices.
The ping command is easily
run from the Run menu
(Start->Run…) type in the
command ping –t
192.168.0.101 which causes
the system to continue (-t)
trying to send an echo packet Figure 20: Running the ping command
to the IP address used until Figure 21 shows the screen for a successful
you stop it using the Ctrl-C response from a ping command. Note that
key combination. (Note in many firewalls can be set to reject ping and
UNIX/Linux systems the –t is other packets.
unnecessary as this is the
default behaviour.)

20
Figure 21: Successful response from the ping command; an unsuccessful response will
show the words ‘Request timed out’

21
Summary
In this reading you have briefly considered the Ethernet protocol, the ISO reference model
and some of the broad range of network devices Ethernet supports, before some general
notes on ways of minimising disruption to clients when installing and configuring
hardware devices.
A look at safe and professional installation procedures covered those involved for internal
and external hardware. Basic device configurations were outlined for setting IP address
and computer names, before testing was discussed, with the use of the ping command to
test the connectivity of network devices.
Remember that no installation should be done without first checking with the people who
may be affected; have plans for configuration and testing, and contingency plans in the
event of failure. Care also needs to be taken to keep things safe during the installation since
business may be continuing while you are working.
Check your progress
Have a look at the next section — Practice. If you have trouble, review these Readings or
perhaps take a look at some of the listed Resources.
When you feel ready, try the Self check section at the end of this topic. This will help you
decide if you are now able to complete the task and attempt assessment.

22
Install configure and test servers and software: Before you start an installation
Before you begin installing server hardware or software you need a plan. Some
installations have evolved into a simple task, based on user-friendly menus—they may not
require any real technical knowledge; but what about the existing IT and network
environment? It may be very tempting to get in and start installing without an approved
plan because you think you’ll save time. Yet an installation can interfere with or even stop
other network hardware, services or applications from working, and your working without
a plan is tantamount to working blind.
Installation plans and the schedules ensure that disruptions to business operations are
kept to a minimum and that issues of installation requirements, interoperability and
compatibility are all addressed.
Before commencing installation of server hardware or software you should:
 Review the user requirements
 Review the installation plan
 Review and confirm the existing IT environment
 Confirm the availability of required resources and materials
 Review technical tasks (for installation and configuration)
 Review the testing tasks
 Review deployment task
 Confirm scheduling and communications
 Review all contingency plans.
All these items are considered in detail to follow.
Review user requirements
The user requirements (also known as user or client specifications) state what an
organisation, person or user requires from the installation; they define what the outcomes
of an installation will be, in functional terms. For example, a user requirement may be:
The organisation needs a method of sharing data and information between all staff
using organisation-owned infrastructure.
The solution may be to install a central file server and user workstations. The developed
installation plan would be based on this.
Reviewing user requirements allows you to see what is expected as an outcome, and this is
the measure by which the success of the installation will then be judged. There is no point
in following an installation plan, only to find that client requirements are not delivered. You

23
must have a clear understanding of user requirements to properly review the objectives of
the installation plan and the tasks defined within it.
Reviewing the installation plan
A well developed installation plan will include detailed tasks that cover installation,
configuration and testing.
As an IT professional you may be contracted to implement only certain tasks within an
installation plan developed by others. In this case, reviewing the plan will help you
understand your role and responsibilities and the roles and responsibilities of others
involved, as well as the task sequence in which your activity occurs.
For example, if you are contracted to undertake the ‘install server’ task in a network
installation plan for a large firm, you would need to know that beginning your task is
dependent on activities to install network switches and cabling having been completed.
In some cases your activity, as described in the plan, may need to be developed. There may
be no specific details given on how to ‘install server’—so you would need to develop an
installation plan for your task that fits into the overall installation plan.
Review and confirm the existing IT environment
The affect of the proposed installation on the existing IT environment must be considered
and documented. Issues to investigate include the system and installation requirements for
the proposed software and hardware, and interoperability and compatibility between
existing and proposed software and hardware.
Tasks in the plan should address changes to the existing IT environment, and include
specific installation and configuration details for all software and hardware, existing and
proposed.
It is also important to confirm that details in the plan of the existing IT environment are in
fact correct. This is especially important if you did not develop the plan, or if some time has
elapsed since the plan was developed. If you simply assume all is as documented, and it
isn’t, you may run into installation problems or severely disrupt business operations.
This part of a review may involve visual inspections of the network and devices, alongside
checks of current configurations and settings. A wide range of tools come with operating
systems or are available from third-party vendors to help with this. Knowing how network
devices and software connect and interact will also help ensure installation and
configuration tasks are appropriately defined and implemented.

24
Confirm resources and material
Resources and materials needed should be set out in the installation plan, along with
names and details of those responsible for organising or providing resources.
You should confirm that all resources are available when required. For example, you may
need to install 50 XP workstations that will connect to a new server. The installation
requires you and four technical support staff to be on site to install the computers. You
should therefore confirm that the support people are in fact available to perform this task
before you start, since fewer hands will cause delays. Once again, you cannot simply
assume availability, just because it is set out in the installation plan.
Review tasks
Tasks define what you are required to do and how to do it. You will need to draw upon
your IT knowledge and skills to review individual tasks and confirm they are technically
correct and properly sequenced. Generally, the order of tasks for an installation will be as
set out in Table 1.
Table 1: The general order of installation tasks
Tasks Hardware Software
Installation Physically installing the Loading the
hardware and powering it up application or
program on the
appropriate device
Configuration Setting how the hardware Setting how the
will operate, such as what software will operate
services a server will provide (user access, database
(file and print, network locations, connection,
services and so on) etc)
Testing Activity carried out to ensure that the installed and
configured hardware or software operates as
expected
Deployment Activity undertaken to make the installed hardware
and/or software available for use within the
production environment.

25
You need to review tasks to ensure that they are ordered correctly and that you are aware
of any dependencies between tasks. For example you may need to perform a data backup
before starting a configuration task.
You should also confirm that tasks are technically accurate. You may want to research and
practice tasks that are new to you. For example, if you have no experience of installing an
additional hard disk in a Linux server, you might obtain vendor instructions to install and
configure the disk and perform the task on a test computer, away from the client’s IT
environment.
By reviewing the tasks in an installation plan you make yourself familiar with what you
need to do, before you do it. You will be able to undertake the tasks with confidence and
without wondering what comes next.
Scheduling and communication
A part of knowing what to do and when to do it is the need to confirm the start and end
date and duration of tasks and activities (the schedule). You also need to confirm schedules
to confirm resource availability.
Scheduling is usually approved by organisational management, an appropriately
authorised person or end user groups, and broadly overseeing it can be the responsibility
of a project manager.
All parties involved in an installation need to be informed of the schedule and of any impact
on normal business operations must be clearly communicated. For example, the users of a
corporate database may require five working days notice before any work on the database
can start.
Some of the most fundamental parts of communication can sometimes be overlooked—
always confirm your installation plan, and the schedule for it, are approved before you
begin.
Reviewing contingency plans
Contingency plans help reduce the impact of a failed installation on business operations.
You need to be well aware of any contingency tasks or plans prior to starting an
installation. If something goes wrong you need to know what to do and how to recover. You
may need to test your contingency plan prior to commencing an installation.
Contingencies may include data backups before commencing installation, backup or
duplicate hardware or systems, pilot testing, and carrying out work after hours.

26
Installing server hardware and software
Installation means to place computer hardware or software in place, ready for use. Once
you have reviewed the installation plan, confirmed the scheduling and are familiar with the
task, you can start. To follow are some specific considerations for server hardware and
software installation.
Server hardware considerations
Server hardware is the computer equipment that will run specific software to provide
services or applications. The type of hardware, as determined in your installation plan,
depends upon the service to be provided.
For example, a server needs to have an operating system installed for it to operate and
provide services. Operating system software needs minimum hardware specifications, as
recommended by the hardware manufacturer, to run successfully. New or existing
hardware needs to be able to satisfy the minimum system requirements. Table 2 below is
an example of the minimum requirements for two operating systems.
Table 2: Minimum requirements for two operating systems—as an example
Windows 2003 standard Red Hat Linux V9
edition server
 PC with CPU of 133  Pentium Class CPU. For text
megahertz or higher mode: 200 MHz or better. For
processor clock speed graphical mode: 400 MHz
 128 megabytes (MB) of Pentium II or better
RAM or higher (max  Hard Disk Space: minimum of
4GB) 475MB for basic install, a Server
 2 gigabytes (GB) of requires a minimum of 850MB, a
available hard disk space personal desktop requires 1.7GB,
 Super VGA (800 x 600) a workstation requires 2.1GB and
or higher-resolution if you install everything then
video adapter and 5.0GB
monitor  Memory for text mode is 64MB,
 CD-ROM or DVD drive minimum for graphical mode is
 Keyboard and mouse or 128MB, Recommended for
compatible pointing graphical mode is 192MB
device  Other hardware components may

27
 be required to use other parts of
the operating system.
To install server hardware you will need to follow the installation plan along with any
vendor or manufacturer’s instructions. Generally you will need to:
 Unpack new hardware and/or assemble server hardware
 Site or mount the server hardware
 Power on server hardware
 Run hardware diagnostics.
Unpack new hardware and/or assemble server hardware
Server class hardware is generally manufactured to a higher standard than ordinary
personal computer hardware. The server hardware may be supplied by a vendor already
assembled to your specifications and requirements, or you may need to assemble a server
from components supplied by various vendors. Components can include those for storage
(hard disks, optical disk, tape drives and the like) memory, central processing units (CPUs),
network adaptors, power supplies and uninterruptible power supplies (UPS). You should
check that the server hardware supplied matches the requirements as stated in the
installation plan.
Site or mount the server hardware
The assembled server hardware needs to be placed in an appropriate location. Usually this
will be in an environmentally controlled room or equipment cabinet. Some vendors
manufacture their server hardware to slide in and out of special racks like draws in a
cupboard and share a single keyboard, mouse and monitor between multiple servers via a
switchbox.
Power on server hardware
This is where you connect the mains power and turn on the hardware. At this point, look
for any signs of hardware not operating as expected. Burning smells, smoke, severe
vibrations and noises are immediate indicators of hardware problems where the power
should be immediately turned off and the vendor contacted for advice.
Run hardware diagnostics (burn-in)
With server hardware successfully connected to mains power and turned on, any
diagnostic utilities or software recommended by the vendor or manufacturer should be run
to check correct operation. Third-party utilities or tools may be used for this. The process is
known as ‘burn in’ where hardware is operated to its maximum specifications by

28
diagnostic or ‘burn in’ utilities for a period of time to find any faults or failings before the
hardware is placed into normal operation.
The server is now ready for software installation.
Server software considerations
Server software refers to both the server operating system and any additional application
software running on the server. The server operating system must be installed prior to any
application software. Once again an installation plan should address these tasks.
Operating system installation
The server operating system is the software that will operate the server hardware to
provide network and services to users. The various methods of installing operating system
software on to server hardware depend on the software being used. Generally, methods
used are:
 Local manual installation
 Local automated (or scripted) installation
 Remote installation
 Image installation.
Local manual installation
Local manual installation requires using installation media such as CDs, DVDs or a central
network repository that stores the installation files. The software is installed by physically
accessing the server hardware to run the operating system installation. Generally, you
follow the installation prompts and instructions using the local keyboard mouse and
monitor.
Local automated (or scripted) installation
Local automated (or scripted) installation involves manipulating the installation process so
that it becomes a simple process of either running a single command, or clicking an install
button. This requires knowledge of the operating system and is usually done by using batch
files or script programs to set installation options that usually require user interaction or
selection. If you have multiple servers to install, this will ensure consistency and identical
installations. The person installing on-site does not require in-depth knowledge of
operating systems to perform the installation.
Remote installation
Remote installation is when the operating system software is installed by remote access
from another computer on the network. This also means that your server hardware does

29
not require a local keyboard, mouse and monitor and you do not need to physically attend
to perform the installation. The Mac OSX Server – Remote Installation option is an example
of this. (For applications software: using either the server operating system features or
third-party remote control software, the server is accessed from a remote location and the
application or other software installed, again without physically visiting the server. This
method may also use application packaging and delivery technology.)
Image installation
Image installation uses hard disk imaging to install the operating system on to the server
hardware. It may be performed locally or remotely and ensures consistent and identical
installations. Installation by disk imaging is much quicker than other methods. However,
the initial image creation may be time-consuming as a manual installation on server
hardware is usually required to create the initial disk image for installation on other
servers.
Once the server operating system is installed it must be configured.
Application software installation
Application or other software is installed on the server only after the server operating
system is configured and tested. Other software and can be installed by manual, automated
and remote installation (as described above). :
Configuring server hardware and software
Configuring server hardware and software means setting up the way the hardware and
software operates to suit the IT environment and organisational or user requirements.
Generally, server hardware is configured before the server operating system is installed, or
afterwards if hardware components in an operating server are being changed or added.
Software may be configured when installed, as part of the installation process, or
afterwards, if a default installation has been performed.
Some specific considerations for configuring server hardware and software configuration
follow.
Server hardware configuration
Server hardware configurations will depend on what components make up the server.
Configurations you may need to consider include those for:
 Storage
 Boot sequences
 Specific devices

30
  Redundant components.
Storage
Options like the hardware redundant array of independent disks (RAID), the system which
uses multiple hard drives to share or replicate data among the drives, are configured
independently of operating systems. You may need to configure RAID options and logical
volumes. You may be using remote storage with special adapter cards that may need
configuration.
Boot sequences
A boot sequence is the set of operations the computer performs when it is switched on
which load an operating system. Usually you have the option to select boot orders such as
network, CD, which hard disk and so forth. The Intel WFM (Wired for Management) options
may need to be set.
Specific device configurations
Things like the addresses for small computer system interface (SCSI), which is a standard
interface and command set for transferring data between devices on both internal and
external computer buses, may need to be set on old SCSI devices. Generally bus, port,
interrupt request (IRQ) and other settings are usually automatically determined for you
with current server hardware. There may be external devices (for example tape drives)
that require hardware configuring to connect to the main server hardware.
Redundant components
Hardware such as that for standby power supplies or network adaptors may need
configuration.
You may need to consult the hardware manufacturer or vendor for information and
configuration instructions.
Server software configuration
Configurations for server software depend on the purpose or function of the server.
Generally, a server may be configured for one or more of the following roles:
 An application server which runs specific software applications for end users, such
as a server that runs a central Oracle Database that is accessed by users across an
organisation.
 A storage server which provides a central storage place for data that can be
accessed by computer users around a network.

31
  A network services server which provides specific services, such as print, user
authentication and authorisations, dynamic host configuration protocol (DHCP), and
domain name system (DNS) are some examples of the services that can be provided.
Configuration for each of the above roles will be different and will depend on the client’s IT
environment.
Server items to be configured
Generally the following items will need to be configured on a server:
 Network setting, which includes network protocol to be used, network addressing,
server name and network adaptor settings.
 Services, which include enabling and configuring specific services to run on the
server, such as setting the server to run dynamic host configuration protocol
(DHCP), and domain name system (DNS) services for an organisation.
 Authentication, which involves setting how users of the server will be identified.
This may involve setting up local user accounts with passwords on the server or
setting the server to authenticate users via some other mechanism.
 Authorisation, which is setting up which authenticated users are permitted to
access and use the server, such as allocating user permission to access data storage
or server applications or programs.
 Environment setting and policies, which are settings for the server to operate as
required or settings dictated by organisational policy. Having data backup schedules
for the server is an example of environment setting. Policy settings are used to
enforce organisational policies and may include disabling certain functions or
enforcing a particular setting on end user computers, such as stopping a non-
administrative user from login on the server console, or forcing users to change
their password after 30 days.
All server operating systems have the above configuration options, while the processes to
set them will vary. Generally, configurations will be carried out using a graphical user
interface (GUI) configuration program that is provided as part of the server operating
system.
Testing server hardware and software
Once a server has been installed and configured you need to ensure it will operate as
expected and will meet client requirements. Basic hardware testing should have been done

32
on installation. You now need to test the combination of server hardware and server
software before the server is made available for use.
The test environment
To avoid disruption it is best to install and configure a server in an environment not
connected to the production network, and which is, ideally, a replica of the working
environment. A replica test environment allows testing of system integration and
compatibility with existing systems.
Unfortunately, fully replicated test environments are not often available, in which case the
new server must be first tested in isolation and then completely tested in the production
environment in a manner that causes the least disruption. It is important that your
installation plan addresses the issue of testing, taking into account the existing client IT
environment.
The testing process
With the server is in place, the following tests can be conducted in order.
1 System test—which checks the technical operation of the server and includes network
communications, operating services and schedules, system performance (disk I/O,
memory, CPU) application and program availability, authentication and authorisation,
manual procedures, backup and recovery procedures. The entire system needs to be
tested. Test strategies that work the system to its capacity are used. These strategies
must ensure that all problems that the server may have, are found before it is placed
into production.
2 Integration test, to check that the server works with all applications, systems, servers
and network resources in the client’s IT environment.
3 User acceptance test, which is a functional test performed by the users to ensure that
the new system works and functions as expected and that it satisfies their needs. User
acceptance testing involves the clients using the operating system and performing
normal work activities for a period of time, to see if any problems occur. They also
determine if performance requirements, as defined in the user requirement
statements, are met. Performance requirements must be subjected to a specific set of
tests that will decide if the server and software are acceptable. If the server passes all
of these tests, it is considered to be acceptable by the users.

33
 The test plan
A plan for the above tests should be a part of the installation plan, with a time line, a list of
resources required and the roles and responsibilities of those involved set out. The test
plan should:
 list the function or service to be tested, and within each function or service, list
items to be tested in sequence
 list the procedure to test each item and the expected results of the test procedure
 provide for documenting actual test results with comments (as shown in the
example in Table 3).
Table 3: Simple test plan extract, as an example
Functio Item Procedure Expected Actual result Comment
n result
Printing Install On client computer Network
network login as user1. Printer
printer Select Start installed on
from server select Printers and local computer
on to Faxes with test page
Windows select add printer successfully
XP client browse to \\server\ printed.
computer ptr-1
install printer
print test page
Printing Application On client computer Selected
printing login as user2. document
using server Access local MS Word printed
print application on client
services computer.
print a document
to \\server\prt-1
It is important that you know what the expected results of a test should be. If the actual
results do not match those expected, the test for the selected function and item has failed.
This failure is known as a defect or deficiency that will need to be rectified. Defects or
deficiencies can be rated in terms of severity or importance and this can help you create a

34
priority list of defects to rectify. Once you have rectified a deficiency or defect you need to
redo the failed test to confirm the test is passed.
After testing
A new server should be free of defects or deficiencies before it is put into production.
Results of the testing process should be documented, and documentation then reviewed
and analysed to confirm that all required testing is complete and that all defects and
deficiencies are resolved.
In some cases that documentation (along with other information) may need to be
presented to confirm the results of the user acceptance tests, so to authorise the next step
of deployment or placing the server into production. Clients can also decide to deploy or
implement the server with minor defects or deficiencies, if that a plan exists to rectify them,
especially if there is a need to implement the server quickly.:
Deployment and implementation
Deploying of implementing the server means making it available for use in a working
environment. How you deploy the new server will depend on the existing IT environment
and whether the server is a completely new installation or a replacement or addition for an
existing server. You may need to test your deployment methods in conjunction with your
server testing.
To follow are some considerations for deployment. The method you use may affect how
you undertake server testing prior to deployment.
New servers
Deploying new servers is generally a simple process because you are implementing all new
services. The server is usually connected to the production network and existing client
computers connect and use the new server, depending on its configured role.
There may be a need to install client software or reconfigure client computers to enable use
of the new server. This type of activity should have been included in the installation plan
and testing of client software and client connections would be done before deployment.
For example, if you deploy a new dynamic host configuration protocol (DHCP) server in a
network where client computers have static Internet protocol (IP) addresses, you need to
reconfigure client computers to dynamic IP addressing. You could use the following
options:
 connect the new server to the production network, then
 visit each client computer to manually reconfigure or

35
  employ remote access technology (like Altiris, RDP) to reconfigure each computer,
or
 create an executable configuration file that is sent to the computer and the user
executes.
In the above example, connecting the server to the network was the easy part of the
deployment.
Replacement or upgraded servers
Replacing servers requires some careful planning to ensure minimal disruption to existing
services. The following strategies can be used:
 parallel implementation
 abrupt implementation
 phased implementation
 pilot implementation.
Parallel implementation
Parallel implementation takes place where the old server and software run alongside the
new server and software. This is done for a period of time to ensure any problems not
detected in the prior testing phase are resolved. The old server and software are then
terminated either abruptly or phased out.
This method allows the organisation to keep functioning as normal, and it also allows much
more time for the users to become familiar with the new software. The disadvantage is that
it is costly and time consuming for the users to run both operating systems and
applications simultaneously. (To counter that disadvantage, a small group or section may
pilot the proposed changes, as below.)
Abrupt implementation
Abrupt implementation is when the old server and software are completely removed and
the new server and software put in place immediately. It requires no transition costs and is
very fast, yet there is the risk of costly data loss if the new system fails, or if existing data is
not correctly transferred to the new server. Operations can be seriously disrupted if this
happens, or if the users have not been adequately trained (with abrupt implementation
users are under a lot of pressure to learn the system before the change over).
Phased implementation
Phased implementation is used with larger applications that can be broken down and
installed separately at different times. An example of a phased implementation could be a

36
server providing an accounting application, with the accounts receivable, accounts payable,
general ledger and payroll modules all installed separately in phases with the new
operating system. If something does not work it may be only the (general ledger) that has
problems or, since the (general ledger) has just been installed, it can be quickly identified
as the cause of other problems.
Pilot implementation
Pilot implementation is where the new server and software are installed and used by one
department in the organisation, to be tested. Once this pilot site is working as expected,
other departments convert, using one of the above mentioned deployment methods.
It is wise to have a phased implementation process. This may include the following steps:
 Backing up important data in case there is a problem during installation
 Selecting a sample area to use the new server and software first. Document any
problems and considerations that arise from this ‘pilot site’.
 Break up the installation into smaller, more manageable units.
 Plan the installation timetable to cover different sections.
 Alert staff to the planned installation and training.
Regardless of implementation method, deployment should be addressed in the installation
plan and not run as an ad hoc process at the end of an installation.
Post installation review
Once the installation of the server is complete there remains one more task—reviewing the
installation process to ensure the client requirements are met. This requires a review of the
completed installation, by reflecting on the installation plan and its execution, discussing
any issues arising from the installation, and confirming that the installation delivered the
user requirements. It is at this point that the installation may be signed-off as completed.:
Summary
In this reading you’ve considered the importance of having a well developed installation
plan, which is also used after installation to judge effectiveness and to check that user
requirements have been met.
You looked at preparatory work including the need to review user requirements and the
installation plan before an installation begins (including review and survey of the existing
IT environment). Considerations and issues related to the installation of hardware and
software and its configuration were outlined. The process of testing was then discussed,
followed by a summary of methods of deployment and implementation.

37
Check your progress

Now you should try and do the Practice activities in this topic. If you’ve already tried them,
have another go and see if you can improve your responses.
When you feel ready, try the ‘Check your understanding’ activity in the Preview section of
this topic. This will help you decide if you’re ready for assessment.

38
Develop an advanced Software installation plan: The planning process
Planning is the first step and foundation of any project. Planning requires thinking about
what you need to achieve. Having clear goals or outcomes is a starting point to knowing
exactly what must be done. You can then decide a sequence of activities to meet those
goals, and assign resources and timelines to each task and to the project as a whole.
Planning is the key to a successful installation. Installing a new file server, upgrading old
network hubs, or installing software on a network, all need an installation plan. While the
details and activities are different in each case, the steps in developing a plan are the same.
Smart installation plans, most importantly, help avoid disrupting business. Without good
planning you may need to reinstall components due to missing information or have
unforseen compatibly issues. While formulating a plan may take time, it will also save you
time, not to mention money, reputation, goodwill and even lost sleep, in the long run.
What does an installation plan contain?
Documenting the installation plan, in simple format or as a spreadsheet or produced by
project management software (depending on the complexity and scale of the installation),
is the means by which the plan can be approved and authorised. The plan also serves as
reference for everyone involved, including users who will be affected.
An installation plan should address:
 The objective, goal or desired outcomes.
 Tasks and dependencies.
 Time and duration of tasks or activity (timelines).
 Roles and responsibilities.
 Required resources.
 Contingency plans or tasks.
To have a plan with all these elements you need information about installation
requirements and technical information about each task. The elements of the plan overlap
(for instance assigning responsibilities will go hand in hand with working out the schedule
and sequence of tasks). The various parts of a plan are discussed in detail below.
Defining the objective
Interpreting client requirements
The objective for an IT installation comes from the client. Often this will be stated in terms
of their business needs and it is your job to determine the technology required. In other
cases, the client might provide more specific documents to outline their installation needs.

39
An example of a client requirement expressed in business needs may be: ‘The organisation
needs a method of sharing data and information between all staff using organisation-
owned computers.’ The solution to which might be a central file server.
Understanding the existing IT environment
To make any recommendation so to meet the client’s requirements you need to first
understand the business, its processes and what makes up the existing IT environment;
computers, servers, network switches and infrastructure, software and programs. You
need to also understand how it all connects and functions together (known as
interoperability).
For the file server above, for instance, you may need to ensure network switches are
compatible with existing switches. You will also need to know where the file server can be
installed, and if current equipment can be used. Knowing the existing environment will also
help determine staffing needs, and if specialist help is needed (such as to install new
cabling).
An organisation’s IT security policy may also have set steps to ensure data stored is secure
and backed-up at all times and you’ll need to take account of this in making sure that any
installation protects the access to and validity of data. Any future need to increase or
decrease the capacity of the installed system will also affect requirements, as will a broad
range of possible circumstances, including the physical environment (and physical security
of equipment and cabling).
Once the objective is defined from client requirements, it must be expressed in a clear
statement of precisely what is to be achieved. For example: ‘Install a File Server’ is an
objective, but too general—it does not fully state the outcome. A better example would be:
‘Install a File Server to provide 100 users file storage of 20 GB per user, along with print
services’. The objective is quantified and measurable and it will therefore be easy to judge
that it is done successfully.
Tasks—breakdown of tasks and sequences
The nature of the tasks needed, depends on the objective, as defined above. Tasks to install
network software will be different from those to install a file server, for instance. You will
need to use your knowledge of computer systems to the actual tasks required.
Single tasks help break down the overall installation into smaller individual jobs. Beginning
one task may be dependent on another task being done—the associated tasks or conditions
are called ‘dependencies’. A configuring task, for instance could not start until the

40
installation task is completed. Usually tasks are carried out in sequence (one after the other
in a set order), but in some circumstances may need to be performed concurrently (more
than one task at a time).
Task sequences
Generally, the sequence of tasks for an installation will be:
 Procurement of resources
 Installation
 Configuring
 Testing and evaluation
 Implementation into the production environment
 Contingency plans
 Post implementation review.
Tasks can be simplified or broken down into a number of sub tasks. For example the task
‘procure server equipment’ can be broken down into the clearly defined sub tasks of:
 Obtain quote from preferred supplier for a HP Compaq DL360 Server (duration one
day).
 Submit quote to Finance department for approval and the raising of a purchase
order (duration four days).
 Send purchase order to supplier with delivery instructions (duration four weeks for
delivery).
 Accept delivery of server, check contents of package for correct items and advise
finance department that purchase order has been filled (duration two hours).
Each sub task clearly states what is to be done and the time to complete it. This time will be
an estimate based on your experience or based on tasks in similar installation projects.
Setting timelines and schedules
Once the nature and sequence of all the tasks is decided, and you have determined the
duration of each task, a schedule can be determined.
In the above example, assuming a week is five working days it will take five weeks and two
hours to complete the ‘Procure Server Equipment’ task.
To create schedule you take into account the sequence or order of your tasks (noting
whether they are sequential or concurrent), and people’s availability to do those tasks, to
determine the overall time required to complete the installation. This is important
information for both you and the client and it will help you track and report on progress.

41
Business operations may constrain your installation plans. For example, if the business
cannot do without its computer network between 9 am to 10 pm each weekday, the only
down time available may be the weekend. This will determine both the timeline and
resources required.
The deadline for an installation might also be stated as part of the objective; for example
‘Install a File Server to provide 100 users file storage of 20 GB per user along with print
services by July 1 2007.’
Defining roles and responsibilities
With tasks and resources clearly defined (in a planned sequence and to a schedule), the
installation plan should also clearly state who will do what task and who will make sure
that resources are available when needed.
This level of planning ensures:
 that tasks are completed according to a schedule and people know their
responsibilities (avoiding the ‘I thought you were going to…’ phenomena)
 that tasks can be costed against the hours that individuals are allotted to do them
 that hierarchies of responsibility are created, if needed, such as having a more
expert person supervise the work of others
 that task and timelines reflect the actual availability (or capacity in hours) of staff
 that contingency plans are in place in case staff become unavailable.
This part of the installation plan usually also includes an outline of communications and
reporting to ensure all stakeholders are kept up to date.
Allocating resources
Resources to complete an installation include people to do the work (as above), tools,
equipment and finance. The installation plan must clearly state what resources are needed.
You will have worked out exactly what those resources are by dividing general activities
into individual tasks and costing the time required to do them plus materials and
equipment.
The costs you work out will also be determined by organisational constraints. A major
constraint may be the budget—what can the organisation afford? There may be a number
of options given how much money is available in the budget.
An organisation may also have policies for purchasing (such as where to buy equipment)
and staff procurement (such as bringing contractors in).

42
Staffing can affect both resources and timelines—for example two people may be able to
install computer cables in less time than one.
If a new computer system or software is installed, the users of the new system may need
training or instruction. You need to ask yourself if that training or instruction can take
place before, during or after the installation.
Contingency plans
Even the best-made plans can fail. Unforseen events or circumstances may thwart a
successful installation.
Contingency plans for the whole installation and for parts of the process can limit the affect
of failure on business operations. They may be plans for staff, in case of sickness, plans for
other suppliers in the event of non-delivery, or implementation plans to ensure that
business operations are not disrupted in the event of failure while installing, configuring or
testing.
For example the objective may be to install a new network database. Should the installation
fail, the business may be left with no database or corrupt records in a new version. Any
business would find it difficult to operate without its database. The contingency plans may
include:
 having the business work from back-ups of the old database in the event of failure
—having backed-up to another networked computer and testing that version to
ensure data validity and access
 doing the installation on the weekend and allowing for time before start of business
on Monday to fix any problems
 having a technical support person from the database vendor on call for technical
support via phone during the installation.

43
Notes on installing network software
All software applications have minimum system requirements for the server or PC
processor, amount of RAM, and available hard disk space. Network software will also have
requirements related to bandwidth, protocol and the network file system. You need to
verify these are met prior to installation.
You need also to ensure the organisation has licenses for software to be installed, and that
all terms and conditions of the license are adhered to, such as the number of clients that
can use the software. You should record any serial numbers or product keys required
during the installation.
Installation methods
Knowing the various methods used to install network software will help you develop the
required tasks in the installation plan. The method used will depend on the existing
network environment and resources, including the budget.
Manual and automated installation
Manual installation requires CDs, DVDs or a central network repository to store installation
files. Software is installed by IT staff or by users themselves running the installation
program on their computer. While this suits small, single-site networks, it will not suit large
networks because of security issues, the time needed in each case, the staff required,
disruption to users, lack of control and potential configuration inconsistency.
Automated installation requires manipulating the installation process so that it becomes a
simple process of either running a single command or clicking an install button. It is done
by using batch files or script programs to set installation options that would otherwise
need user interaction or selection. While more efficient, it requires installation scripts.
Although simpler, because users and installation staff need not interact with the install
process, the script may need to be manually executed at the computer to start it.
Remote deployment
The term ‘deployment’ refers to the distribution of software to end users. Remote
deployment usually involves ‘packaging’ the software. The software is first manually
installed on a test computer and configured as required. The resulting changes (new files,
folders, changed files and registry entries) made by the installation and configuration of the
software are recorded and become the packaged software. This package can then be
delivered and written to other computers on the network.

44
Other remote deployment methods use hard disk imaging to create disk images of a
computer with the installed software. This disk image may be deployed to other computers
creating a standard environment and reducing the time required to install software.
In these ways, networked computers can have software delivered, installed and remotely
configured (if needs be) from a central location without user intervention or technical staff
visiting target computers.
Remote deployment and management can be a part of a network operating system, for
example Microsoft Remote Installation Server (RIS) and System Management Server (SMS).
Third party software such as ZenWorks (for windows and Linux), Alteris and Symantec
Ghost provide remote desktop management, imaging and software deployment.
Terminal server installation
Terminal server installation involves installing and configuring the software on a special
server known as a terminal server. The software thus installed is then available to
networked computers and appears to run as if locally installed, though it is running on the
terminal server and is presented to the user’s computer via a terminal session. The user’s
computer may need to have terminal services client software installed or in some cases
users can access the terminal server via a web connection.
With this method, software can be accessed by hardware below the normal software
requirement specifications, but it requires a dedicated server powerful enough to run the
software in a terminal service environment. The number of concurrent connections to the
server may also be limited and license costs expensive. Terminal services may be available
as part of the network operating system or as a third-party product, such Citrix or
Tarantella.
You need to test new software prior to organisation-wide installation. Your installation
plan should include testing in a test environment to ensure user requirements are met.
Functional testing will confirm the software will perform as expected. The installation plan
should also include testing of deployment methods to ensure the software will be installed
across the network as expected.
Always back-up existing network software installations prior to implementing upgrades
and test that you can restore the backup. Prior testing of the upgrade software in a test
environment and backup of current software should form part of your installation plan
tasks and contingencies.

45
Notes on installing network hardware
Hardware, of course, cannot be installed remotely. Someone must physically connect it—
while once installed, computer and network hardware can usually be remotely configured.
Network hardware
In planning an installation you need to identify existing hardware. Computer hardware
broadly categorised into network infrastructure is as follows.
 Switches providing connection ports for devices to connect to the network.
 Routers providing the correct data paths and IP addressing between devices
connected to the network.
 Connectivity devices and media providing the physical path for a data signal to
travel along. It includes all physical cabling like UTP and optical fibre and also
devices that convert a data signal to travel along different media, such as wireless
transceivers.
 Storage provides a location on the network where data can be stored. This includes
hard disks, magnetic tape and optical storage devices that are attached to the
network but not directly attached to specific computers.
 Servers provide the network services such as domain name system (DNS) and
dynamic host configuration protocol (DHCP), or applications for users such as email.
 Workstations and terminals provide the user interface.
Installation planning
When developing an installation plan you need to apply what you know about network
hardware. You also need to be able to find appropriate information and people with the
required skills for the installation. Your installation plan will indicate who has
responsibility for what part of the installation.
When planning a hardware installation, consider the points in Table 1 on the next page.

Table 1: Hardware installation notes

Area Details to consider
Requirements Network devices and hardware have minium
specifications requirement specifications (similar to software). These
are available from equipment suppliers and will include

46
 specifications for operating conditions (such as
voltages, temperature and humidity) and installation
requirements such as rack mounting and connection
requirements.
Interoperability If adding network hardware, conduct a thorough
review and investigation of the existing network. You
need to consider any interoperability issues between
old and new equipment. The equipment suppliers
should be a useful resource for this.
Scaling Consider if the installation needs to be ‘scalable’. Do you
need to expand or contract the network capacity over
time? Will the hardware you use cater for this easily?
Tests Always test your hardware before installing to a live or
production network. Set up a test environment for your
hardware installation and hardware configuration.
Warranty Consider purchasing hardware warranty and support,
and make this part of your installation and maintenance
contingency in your installation plan. The equipment
vendor may have installation knowledge and
experience that you can use.
Business Plan your hardware installation so that it has the least
operations impact on any business operations.
Roll back Have a roll back strategy when installing or replacing
network hardware. Don’t immediately remove the old
hardware you are replacing—you may need to go back
to it if problems arise.

47
Summary
The planning of your installation is important to minimise the disruption to the client and
ensure a successful outcome for all concerned.
You will need to work closely with your client to ensure you meet their requirements.
Making sure you provide all the mandatory information that is required in an advance
installation plan will ensure you have taken all the necessary steps to give your installation
the best chance of success.
Developing a good installation plan is usually the most difficult part of any project. If it’s
done well, implementing the plan should be a simple task.

48
Install and test network software: Before you start the Install
Installing network software should hold no surprises or unexpected consequences.
Planning is the most important part of installing network software. In this process,
software prerequisites, system requirements, compatibility, installation requirements and
configuration should have been looked at and tested to see how these fit into the existing
network environment. The planning process should include the planning for software
testing and evaluation.
Following this, if the software appears appropriate for the organisation, an installation plan
should have been develop. This plan addresses how the software would be installed in the
network. It would also cover configuration and testing.
In all cases there is no substitute for reading the product manuals to find out what you
need to do. This should have been done in the planning process to develop the installation
process
The installation
Once the planning is complete, the actual task of installation can be very boring. You often
just load the CD-ROM, answer a few questions and off it goes. The supplier may try to make
the activity a bit more interesting by showing you a progress bar or by giving you screens
of advertisements that tell you all the great features of the product.
However, there are a few issues that are important and will impact on the planning and
implementation of the installation process. For the home user the installation process is
normally from a CD to a single computer. In a business environment there may be several
decisions to be made especially if the software being installed or upgraded is an operating
system and there are many users.
How software will be installed in a network will depend upon:
 Software installation requirements. Does the software need to be installed in a
certain way?
 Software configuration requirements. Is the software configured globally or are
settings required for each individual user or installation.
 Network environment, including the types of hardware, number of users, network
connections, bandwidth, and so on.
 Resources available for software installation. What people, skills, tools and budget
are available to install the software?

49
  Organisational requirements and constraints. Are there deadline dates to have the
software installed? Can any disruptions to business operations be allowed?
Manual installation methods
This method requires using installation media like CDs or a central network repository that
stores the software installation files. The software is installed by visiting each computer
and running the software installation program on that computer.
This may be done by IT technical staff visiting each computer or by the users. This process
may be suitable for small single site networks. There are disadvantages for large networks
because of:
 security issues
 the amount of time per installation
 the number of people required for the installation
 disruption to users
 lack of control and configuration consistency during the installation.
 ongoing maintenance issues (may require more visits)
Automated installation methods
This process involves manipulating the installation process so that it becomes a simple
process of either running a single command or clicking an install button. This is usually
done by using batch files or script programs to set installation options that usually require
user interaction or selection.
This method is more efficient than manual installation but does require the development of
installation scripts. Although simpler because users and installation staff are not required
to interact with the install process, the script may need to be manually executed at the
computer to start the installation.
Remote deployment methods
The term ‘deployment’ refers to the distribution of software to the end users. Deployment
is often referred to as a ‘roll out’ which gives the impression of a mechanical production
line. The production line analogy becomes appropriate when you are installing the same
software over again and again.
This method usually involves ‘packaging’ the software. This means manually installing the
software on a test computer. This installed software is then manually configured as
required. Then the complete configuration (new files, folders, changed files, registry

50
entries, etc) is re-packaged for deployment. This package can then be delivered and
unpacked into other computers on the network that require the software to be installed.
This method may use hard disk imaging or cloning technologies to create disk images of a
computer with the installed software. This disk image may be deployed to other
computers creating a standard environment and reducing the time required to install
software.
For remote deployment this method will employ remote control of other computers on the
network from a central location. This means that the computers connected to the network
can have the software delivered, installed and remotely configured if need be, without user
intervention or technical staff physically visiting the target computers.
Remote Deployment and management can be a part of a network operating system: for
example Microsoft Remote Installation Server (RIS) and System Management Server (SMS).
Third party software such as Novell ZenWorks (used for windows, Linux and Netware),
Altris, Prism and Norton Ghost provide remote desktop management, imaging and
software deployment.
Terminal services methods
This method of software installation involves installing and configuring the software on a
special server known as a Terminal Server. The installed software on the server is then
made available for use by users at their networked computer. The software is not installed
on the user’s computer but appears to run as if it were locally installed. But in fact, the
software is running on the terminal server and is presented to the user’s computer via a
terminal session. Note that the software needs to be installed in only one location – the
terminal server. For this to work the user’s computer may need to have terminal services
client software installed or in some cases may simply access the terminal server via a web
connection.
This type of software deployment overcomes problems of user’s hardware having to meet
the requirements of all software that is used. The user’s terminals can be relatively
inexpensive, and need not meet the hardware requirements (RAM, CPU speed, storage
requirements) of the server software applications.
Drawbacks of this scheme include:
 the need for a dedicated server powerful enough to run the required software in a
terminal service environment,
 Limitations in the number of concurrent connections to the server, and

51
  expensive license costs.
Terminal services may be available as part of the network operating system or as a third
party product like Citrix or Tarantella.
Software configuration
Often installing the software is only part of the set-up process. Once the software files have
been installed you may need to configure the software for your operating environment or
to select other options. The amount of configuration will vary and again you should refer to
the manuals that accompany the software.
Configuration options can include:
 Specifying other servers or other resources that the software needs to use. For
example, many web-based products will need to know the IP address or name of the
server that's running the Web service.
 If the software uses a DBMS then there may be scripts that have to be run to set up
and configure the database tables and to load initial data.
 Links to databases. Business intelligence products may need to be able to access
data that is stored in existing database tables. You will need to configure the servers
and databases so they can be used.
 User information may need to be configured so that appropriate access and security
can be set
 Network-based servers may need to be told about IP addresses, port numbers and
locations of other components or share names, especially if default settings have not
been used
 Other parameters such as time outs, or number of processes to start, location of
files, and so on.
When packaging software or using remote deployment, configurations are usually part of
the package. For terminal services, configurations are set at the terminal server. Other
installation methods may require configuration to be set at the installed computer.
In any case, the installation plan and process should address how software configuration
will be managed for the installation.

52
Testing the installed software
The software evaluation process and the installation planning process should have
included a process for testing the installed software. Software is usually evaluated before it
is installed in a working network. Testing in the evaluation process is essential to
determine if the software meets the organisational and business requirements. This type
of testing may include estimating, testing and reviewing things like:
 Disruption to business operations during installation
 Time, resources and budget required for complete installation
 Technical performance of installed software in a network environment
 Functional test as per requirement statement
 Security testing and backup
 Ongoing maintenance procedures
Evaluation testing is usually conducted by installing software on an isolated network that
replicates the production network as best as possible. This ensures that there is not
possibility of disrupting the working network. The installation of the software will test and
confirm installation requirements and what installation method works best. Technical
testing is then conducted looking at things like transaction speeds, response times,
interoperability with existing software and operating systems, impact on network
bandwidth and so on. Functional testing is also conducted. This looks at the software
features, user interfaces, how the users actually use the software and how it will fit into
existing business processes.
Thorough testing will highlight software deficiencies. These deficiencies may be referred
to the software vendor who may be able to provide solutions or rectifications. Any solution
or rectification should be tested to confirm it does what it claims to do.
The results from evaluation testing are used to determine if the software meets the
business requirements. If it does a pilot or test installation should be undertaken.
A pilot or test installation is undertaken to ensure that the installation methods work as
expected (proof of concept) and that the installed software will work as expected in the
production network. A pilot installation involves selecting a small section of the working
network where you will install the software. This may be a couple of couple of computers
for a small network up to an entire department for a large organisation. This installation
will test your installation methods as planned in the working network.

53
Once the pilot installation is complete, testing using specific criteria should be conducted
before rolling out of the software for the rest of the organisation. The test criteria are
based upon the organisational requirements for the installation. The main criteria will be
things like disruption to the network during the installation, time required for installation,
resources required for the installation. The functional and technical tests results are
compared to that expected and determined by the evaluation testing.
Following the pilot installation testing and reviewing, any necessary changes should be
made to installation plan before moving forward with the software deployment on the
entire network. Once this is done software can be rolled out across the entire network.
With the software installed, final testing can occur. This is usually termed ‘acceptance
testing’ and is performed by both technical staff and the users of the software. The purpose
of this testing is to ensure that the installed software performs as expected by the user –
that is, the user accepts the software installation is complete with no problems.
Documentation
Documentation is the most import thing to be done following the installation of software
on a network. This makes our job as network and system administrators much easier and
not so taxing on the memory.
The documentation for the installation should contain:
 Software description including serial and licensing details and media storage
location along with any maintenance agreements or contracts.
 Inventory of install locations (number of computers and location)
 Detailed method for the installation including how the deployment package was
created, and how to perform the installation. Of course, the deployment packages
used should be kept in a secure location specified in these instructions.
 Software configuration details. This may include screen shots of configuration
options.
 Change management history for changes in configuration or installation locations,
or methods.
 Detailed instructions for any required preventative or scheduled maintenance.
This documentation remains in the organisation and is used as a reference should there be
a need for any configuration changes or installation of the software on new or additional
computers.

54
Summary
It’s tempting to just rush in and install software if we are short of time or under pressure to
get things done. However without a proper plan and knowledge of software installation
methods, installation may take longer and have adverse effects upon business operations.
The practical installation of network software involves an initial test or pilot installation
with testing and review of the process and outcomes. This will reduce potential problems
with network software roll out across an organisation.
Documenting the installation process is required to maintain the network software. This
becomes a reference for any future installation or configuration changes.

55
Evaluate network security status
Network Security
What is network security? Before we can evaluate the status of network security we need
to understand what network security is.
Security refers to the measures taken to protect certain things or elements of information.
There are three main elements.
Confidentiality
This means keeping information secret and safe. It means controlling access to information
so that only the people with authorisation will access the information. No one else should
have access to the information.
With Network Security this means keeping all information stored in a network
environment confidential and safe. This means keeping unauthorised people off the
network and preventing them from browsing around and accessing thing they have no
authority to access.
Integrity
This refers to the correctness of information. It means making sure that the information is
kept as it should be and not altered or changed by unauthorised people. It also means
protecting the information from changes or corruption by other things like system or
program failures or external events.
With Network Security this means keeping all information stored in a network
environment as it should be. Information includes user generated data, programs,
computer services and processes (email, DNS, etc). This means protecting information from
unauthorised changes and deletion by people, network devices or external influences.
Availability
This refers to the ability to access and use information. It means making sure that the
information can be accessed whenever it’s required. If information is not available it is
useless.
With Network Security this means keeping all information stored in a network
environment ready and accessible to those who need it when they need it. Information
includes user-generated data, programs, computer services and processes (email, word
processing application, etc).

56
Evaluating Network Security Status
Knowing what network security refers to means we now know what to look for when
assessing a network. We need to look at what measures are in place to ensure that the
confidentiality, integrity and availability of network data, applications, services and
processes are maintained to the organisation’s requirements.
Threats
Threats are actions or events that could occur to compromise an organisations network
security. The threat will compromise confidentiality, integrity and/or availability of
network information.
People or organisations that have possible access to the network may present threats.
Threats may be presented by people or organisations that have some reason for
compromising network security and have the knowledge and resources to pose a threat.
Some examples of threats could be hackers gaining access to confidential files, or a
disgruntled employee deleting corporate data, or virus infections corrupting data. Joy
riders also pose a threat. They have no particular reason for gaining access except for the
challenge and a bit of fun or perhaps prestige within their peer group.
Threats may also arise through circumstance. For example using second hand or old
hardware may pose a threat to network security.
Vulnerability
This refers to potential ways or avenues that could be used to compromise network
security. For a network to be vulnerable it must be accessed in some way. For example,
Internet connection, user workstations, wireless access via user laptops are all means of
accessing the network. All these access points use various systems such as firewall,
computer operating systems, transmission protocols to authenticate and authorise
network access. Various methods can be used to gain unauthorised access if vulnerabilities
exist in the systems.
Operating system bugs, shortcomings in the authentication mechanism, and no security
checks for people entering the workplace are examples of vulnerabilities.
Countermeasures
Countermeasures are used to reduce the level of vulnerability in the organisation. They can
be physical devices, software, policies and procedures. Examples of countermeasures
include firewalls, antivirus software and security guards checking employee IDs as they

57
enter the building. In most cases, countermeasures are implemented at network access
points or where the vulnerability exists.
Impact
Impact means what will happen to the organisation if a threat actually happened. The
consequence of a threat occurring is usually measured in financial terms because the result
may be loss of business productivity, stolen equipment replacements and repairs, costs for
investigation and expert contractors. Other consequences may be damage to reputation,
loss of business or time and resource related.
Assessing impact can be an involved process and a topic in its self. However, in brief terms,
assessment is usually done by identifying systems or resources in the organisation. Then
by analysing usage patterns, business processes and work flow the importance of a system
can be determined. Finally, with user and management questionnaires, analysis of usage,
business processes and workflow, the consequence of the system or resource being
unavailable or compromised can be determined in financial and other terms.
Likelihood
Likelihood refers to the probability of an event occurring. Whether an event is likely to
occur depends upon a number of factors such as degree of technical difficulty and
knowledge required to cause the event, potential gain to the perpetrators and opportunity.
Countermeasures reduce the likelihood of occurrence. For example procedures ensuring
that operating systems have the latest security patches installed will reduce the likelihood
of hackers compromising the system.
Risk
Risk refers to the potential or possibility for some form of loss. With network security this
means loss of confidentiality, integrity and/or availability of information or services. Risk is
determined directly by threats and vulnerabilities. For there to be a risk, a threat AND
some vulnerability must exist.
For example virus infection may compromise the integrity of information on a network.
The vulnerability or ways virus infection can occur may include the using of CDs or disks
from outside the organisation on local network computers. In this case a risk exists. If a
countermeasure or mitigation strategy such as using diskless workstations was employed,
users could not use external media. This means that there is no vulnerability and therefore
no risk.

58
However, another vulnerability associated with virus threats may be the network’s
Internet connection. So the risk of virus infection via the Internet may exist depending
upon firewall and antivirus countermeasures employed.
Looking for Threats and Vulnerabilities
Evaluating the status of network security can be a daunting task if we don’t take a
methodical approach. We need to understand what makes up the network – the hardware
and software. Knowing this helps us break things down into smaller manageable parts.
Once we identify the individual systems and components (for example email service, web
services, internet access, applications, etc) we can then start to look at the security status of
these one by one.
To work out threats and vulnerabilities, we need to examine:
 access to the system – including physical, electronic via authentication processes,
via local workstations, Internet, remote access server
 authorization mechanisms – including operating system or application permission
or access control methods, organisational processes and procedures to manage user
access
 who has access and what can they do - this includes file access permissions for users
and access to services and this can be examined using auditing features built in to
operating systems and applications
 known vulnerabilities for example operating system or application defects/bugs,
hardware firmware
 potential vulnerabilities and confirmed by testing
 any countermeasures in place.
For any breech of security, there must be some form of access so it is important to consider
all possible means of access (physical and electronic). While hackers are usually associated
with external 'criminals', network security is more often jeopardised from within an
organisation.
Look for vulnerabilities in the following areas of the individual network components.
Network design and components
Vulnerabilities associated with hardware and network design include exploitation of
topologies, switches, routers, firewalls, servers, computers and operating systems to
breach network security. Threats associated with hardware and network design
vulnerabilities include:

59
  interception of wireless transmissions by hackers
 networks that use public or external transmission systems; for example leased lines
are vulnerable to eavesdropping
 networks segments being exposed to sniffing
 physical access to hardware
 private network addresses accessed and read when routers and other devices are
not properly configured
 dial-in servers or remote access used by off-site staff not being secure or monitored
regularly.
 improper use of default security options – after operating systems or applications
are installed, default security options are offered automatically; these default
prompts are well known by crackers and, if they are not changed by the network
administrator, will allow easy access to the system
 network operating system software having holes in its security, allowing hackers to
gain unauthorised access
Network operation and usage
We need to examine how the network or system is used and also any policies and
procedures that relate to this. Threats from people exploiting vulnerabilities in the way
networks or systems are used may include:
 Intruders or hackers gaining user passwords through manipulation or monitoring.
Surprisingly, many people write their passwords down on sticky notes and leave them
stuck on the side of their monitor or under their keyboard. It is easy for an observant
person to find these notes, or even to unobtrusively watch passwords being typed in
 Social engineering—This practice involves manipulating social relationships in order to
gain information, specifically, passwords. For example, the intruder may pose as a
network administrator who asks for your password in order to investigate some
problems with the network
 incorrect configuration of user IDs and groups and their associated file or login access
 network administrators not noticing security gaps in the operating system or
application configuration
 lack of a security policy, leading to users not knowing or understanding security
requirements
 dishonest or disgruntled employees abusing their access rights

60
 an ’unused’ computer being left logged on to the network, thereby providing access to
an unauthorised user
 users or administrators choosing easy-to-guess passwords
 computer rooms being left unlocked, allowing unauthorised physical access
 back up tapes or floppy disks containing confidential information being discarded in
public waste bins
 administrators failing to delete system accounts of employees who have left the
organisation.
Communications and connections
The security of network operating systems and application software is dependent on its
configuration. Some of the vulnerabilities in this area regarding communications and
connections include:
 IP addresses easily falsified and requiring little authentication
 flaws or gaps in network software allowing IP spoofing to occur.
 viruses – which can be contracted from the Internet or external email, or transferred
from one computer to another through internal network and emails.
 incorrectly configured firewalls not preventing unauthorised access
 authorised users transferring files using Telnet or FTP over the Internet, with user ID
and password transmitted in plain text, which can easily be accessed and used
inappropriately
 hackers obtaining personal or user ID information entered into online forms or
newsgroup registrations
 access inadvertently allowed into chat session or email software while users remain
logged in to Internet chat sessions or Internet-based email.
 denial-of-service attacks. These are usually deluges of messages sent to a third party
using PCs on your network as ’drones’, resulting in the targeted system becoming
disabled
 Clear text sniffing—Some protocols do not use encrypted passwords as they travel
between the client and the server. A cracker with a sniffer can detect these types of
passwords, thus gaining easy access to the information
 Encrypted sniffing—protocols may use encrypted passwords; hackers may carry out a
Dictionary attack. These are programs that will attempt to decrypt the password by
trying every word contained in English and foreign language dictionaries, as well as

61
 other famous names, fictional characters and other common passwords.
Brute-force attacks are similar to Dictionary attacks. The difference is that Brute-force
attack intruders will use encrypted sniffing to try to crack passwords that use all
possible combinations of characters. These characters include not only letters, but
other characters as well.
 Replay attacks—By reprogramming their client software, a cracker may not need to
decrypt the password; the encrypted password can be used ’as is’ to log into systems
Third Party Tools
How long do you think it would take an administrator to manually check the configuration
of every network device for possible security vulnerabilities?
Administrators are human and humans are not well suited to looking at long detailed log
files and configuration listings. There is a good chance something will be missed.
Fortunately, there are a number of tools available that can accurately do this work for the
administrator.
Network security tools evaluate the security of a network by
 Performing scans of security configuration for specific devices and operating
systems – for example account policies and security policy settings for windows
operating systems. These tools generally need administrative access to the devices
and compare results to expected best practice settings reporting the differences.
These types of tools can also audit file systems by listing security setting and
permissions as applied to the files system and services.
 Network traffic scans and probes that test for available network connections. This
tests for network addresses, protocols and gathers transmission and connection
information about the network. It may draw topology diagrams with device and
host information.
 Penetration testing. These tools will attempt to gain access to the network by
performing a series of attacks on the network using methods that exploit known
vulnerabilities. These types of tests can be performed from outside the network (for
example via the Internet) or from inside the network to test internal security.

62
In all cases these tools use known vulnerabilities and methods to test network security and
as such need regular updating as new vulnerabilities are discovered. These tools should be
used out of normal business operation hours as they can impact on network performance.
Links to these types of tools and sources for are available at the end of this reading.
Evaluate Findings
Once we have completed the task of looking for risks and checking configurations, we need
to compile our findings and determine if any improvements or changes are needed.
We need to record the findings for each of the systems or network components we
reviewed. In summary, these were the things listed in the 'Looking for Threats and
Vulnerabilities' section above.
Using a table can help you evaluate your findings. Once you have listed your findings you
need to consider what issues or concerns result from your findings. These concerns may
become threats and risks. From the concerns and issues consider what you can do to
remove the issue or concern.
Take a look at the sample Risk Evaluation table on the next page. Note: You can also
download this table as a separate document from the Reading section of this online
learning pack.

Table: Sample Risk Evaluation table.

63
 Concerns or Issues Recommended
System or Results and findings Action
Network
Component
Identify the Physical (Example: Anyone can (Example: Lock the
network environment walk in and access the computer room and
system or (List here your computer and console. only authorised
component findings about the They could copy or people have keys)
physical security of delete information and
(Example: the system) damage the hardware)
Finance (Example: insecure
database computer room)
server,
windows
2000)
Access (Example: Password (Example: Change
configurations complexity is low. system
(This includes Passwords could be requirements for
authentication easily cracked) longer and complex
systems, electronic passwords)
access to the system,
operating system
configurations for
access)
(Example: Password
length is set to 4
characters)

64
 Concerns or Issues Recommended
System or Results and findings Action
Network
Component
Authorised users (Example: Default (Example: Do not
and access levels permission is to read all use default
(List of authorised files. Secure permissions.
user and what they information cannot be Develop required
can do and access on changed or deleted by permissions for
the system) unauthorised people each group of users
(Example: Default but anyone logged in and implement)
permission set on all can see it)
files for everyone
accessing the server)
Process or (Example: Anyone can (Example: Set
procedural gain access when password protected
assessment authorised user is away screensavers to
(List any failings in from desk) activate after 5
procedures or work minutes and
practices. This educate user about
includes the way the the need for
system or network is security)
used.)
(Example: Users are
leaving logged in
computers
unattended)

65
 Concerns or Issues Recommended
System or Results and findings Action
Network
Component
Vulnerability test (Example: results of (Example: Apply
results code may leave server vendor supplied
(List test results from open to remote control security patch to
specific tests or test by unauthorised server)
utilities like people)
penetration tests,
network scans, etc)
(for example
operating system
’buffer overflow may
cause arbitrary code
to execute)
Existing (Example: Antivirus (Example: Update
Countermeasures software is 3 months the antivirus
(List existing specific out of date. The server software and
countermeasures for is vulnerable to the develop procedures
the system and any latest virus) to ensure regular
failings of these) update)
(Example: Anti Virus
software)

66
Using tables like the one above will give us a picture of the security status of the
components and the network as a whole. As network or system administrators we make
technical recommendation on these finding to improve or correct any network security
deficiencies. However it is up to organisation management to approve any
recommendation.
Information on threats, vulnerabilities, impact or consequence along with
recommendations (including implementation costs) addressing the risks must be provided
in a meaningful way for organisational management to make sound decisions regarding
network security.
Quantifying Risk
We know that risk is the result of threats and vulnerabilities, but how do we measure the
risk?
One useful way is to scale risks based on impact and likelihood. Using this method
organisational management can identify the most likely and most damaging risks.
Consider table on the following page. Risk is calculated by multiplication of impact and
likelihood. Risk is now scaled between 0=no risk and 25= extreme risk. (Note: You can also
download this table as a separate document from the Reading section of this online
learning pack)

67
Threat Vulnerabil Imp Like Risk Comments Possible
ity act liho Fact Countermeasures
0-5 od or and Mitigation
0-5 0- Strategy
25
Confident Access to 5 0 0 Records kept on None require as long
iality of informatio database server as server remains
client n from on separate isolated
records outside network
(Example: organisatio segment not
credit n via accessible via
card internet internet
numbers This risk does
may be not exist because
gained by there is no
unauthori vulnerability
sed Access via 5 2 10 Unauthorised Increase building
people internal person may gain access security by
workstatio access to the introducing security
ns building and guards and key card
computers in the access
closed segment Employee education
Covert employee on security issues
activity may Implement auditing
occur. on sensitive resource
accesses
Access via 5 1 5 Procedure Audit procedures and
failed checks in place perform spot checks
process Copies of Locked document
and shredded destruction bins.
procedures printouts may be
possible

68
In the above example both impact and likelihood are equally weighted. If an organisation is
only concerned with impact, then likelihood may use a smaller scale or not be used at all to
calculate the risk factor.
It is a management decision to accept the risk with consequences and potential cost to the
organisation. The alternative is to implement countermeasures or mitigation strategies to
reduce the impact or likelihood. These measures usually come at a cost and management
need to decide if they wish to spend potentially lots of money to prevent something that is
unlikely to occur.

Prepare Report
As mentioned, your risk assessment findings must be presented using clear documentation.
The report presented to management regarding the status of network security should
include:
 Your summary of concerns and recommendation in plain English
 Summary of findings should include your main concerns, possible consequences and
current network security compliance with existing organisation policy and
standards
 Recommendations need to include implementation costs, resources required, time
required, potential impact on continuing business or systems access.
 A risk summary table including impact and likelihood (weighted if required)
 Your methods of evaluation and investigation of network security status.
 Any other relevant supporting documentation.
As an IT professional, management will be relying on your skills and judgement in
presenting a clear picture of the current network security status. Key points to remember
here is that management want to know if the organisation is exposed to potential risk, what
is really at risk and how much it will cost in financial terms, time and material to mitigate
the risk.
As IT professionals, some times we may not look at the big picture and think in technical
terms. What you present must be understood by non technical people so that they can
make valid and justifiable business decisions using your information.

69
Summary
There is a lot of hype about network security and with it comes the potential to spend big
dollars in securing a network. We now know how to assess and evaluate the status of
network security by identifying real and valid threats. Without vulnerabilities to the threat
there is no risk to network security.
We have learnt that there must be some form of access to the network for security
breeches to occur. Evaluating network security means looking at the individual
components that make up the network, investigating how they are accessed specifically
looking for vulnerabilities in confidentiality, integrity and availability. Third party security
evaluation tools are a most useful resource when used in conjunction with our other
findings to formulate recommendations.
Most importantly, our findings need to be interpreted and presented in a meaningful way
with recommendations that are easily understood. Management make decisions on
acceptable risk not administrators.

70
Manage user accounts
User Access
You’ve probably heard someone say that the most secure system is the one that has no
users! It is probably also one of the most useless systems. We do want our users to access
the system; it’s just that we want them to have the appropriate access.
The control of user access can take many forms and apply at several levels. Once a
computer is physically accessed, the user usually logs on to gain access to applications.
These applications will access data in files and folders.
We can simplify the process down to 3 things.
 Physical access
 Authentication
 Authorisation
Physical access
The first layer of management and security is the physical access to the computer. To
prevent unauthorised access, a company may make use of:
 locks on the front doors
 locks on each floor
 locks on offices, etc
 security guards
 cameras
 keys on computer systems.
Only those who have permission and keys will be able to access a computer in the
company’s premises. The Internet, however, presents issues concerning access to
corporate information or systems because physical restrictions cannot be imposed.
Authentication
Authentication is the process of verifying the identity of people who are attempting to
access the network or system. Typically, a user identifies themself to the system, then is
required to provide a second piece of information to prove their identity. This information
is only known by the user or can only be produced by the user.
The most common method used to authenticate users is the Username and Password
method. Using this method a user identifies itself with a username. They are then prompted
for a password. The combination of name and password are then compared by the system

71
to its data on configured users and if the combination matches the system’s data
information the user is granted access.
Other authentication methods include:
 Username with static passwords—the password stays the same untill changed by
the user at some time
 Usernames with dynamic passwords—the password is constantly changed by a
password generator synchronised with the user and system.
 Other challenge response systems—this may involve PINs, questions to the user
requiring various answers or actions
 Certificate Based—this requires the user to have an electronic certificate or token.
This may also need to be digitally signed by a trusted authority. Kerberos is an
example.
 Physical devices—these include the use of smartcards and biometrics. Generally the
entire authentication process occurs on the local workstation, thus eliminating the
need for a special server.
Whatever method is used is determined by the organisational policy and security
requirements.
Identity Management
In large organisations there may be thousands of users for a network. These users could be
employees, contractors, partners, vendors and customers. Being able to identify and
manage each of these users is most important because each user has different
requirements and levels of access.
This information is managed using either the Network Operating System, Directory
Services or specialised Identity Management Software. Essentially, all of these use a central
repository or database that contains all the user information and credentials. This presents
a single location for all applications and services to use when authenticating users as
required.
Authorisation
Once a user has been authenticated (that is their identity validated) they are granted access
to the network or system. For the user to then access data or an application or execute
some task or command they need be authorised to do so. The authorisation process
determines what the user can do on the network. In other words it enforces the
organisation policy as applicable to the user.

72
The Network and System administrators are responsible for the technical configuration of
network operating systems, directory services and applications. Part of the configuration
includes security settings that authorise user access. The administrators use an
organisational policy to determine these settings.
User Account Configuration
Network and System Administrators are responsible for configuring user accounts.
Network operating systems and applications have many security options and setting
relating to user access. How does an administrator determine the configuration and setting
for user accounts?
Organisation policies and procedures provide the guidelines for administrators.
User Account Settings
The organisation’s policies should make statements as to the degree of user control that is
required. Network procedures should contain details as to how these policies may be
implemented. For example, the policy may state that user passwords should not be less
than six characters. The procedures will then describe how the administrator should
configure the operating system to ensure that all passwords are at least six characters.
The administrator should review the policies to ensure that the procedures produce the
desired outcomes. The procedures should describe in detail how to make use of the
operating system facilities to configure user accounts in accordance with the security
requirements.
The actual way you set these parameters will vary with each operating environment,
however, here are some basic parameters covered by most operating systems to consider
when setting up user account options:
 Password requirements—whether a password is required, minimum length,
complexity, needs to be changed at intervals, etc
 Account lock out settings—disabling accounts that have made a number of bad
logon attempts
 Access hours—the standard days and time that users will be permitted to access
the network
 Account expiry dates—date when account will be disabled
 Logon restrictions—accounts can only be used at specified locations or
workstations.

73
  Home directory information—a home directory is a folder that usually has the
name of the user and the user has full permissions over.
 Logon scripts—these perform specific tasks or run specific programs when the
user logs on
Configuring User Access
Once user account settings have been determined how do we know who should have
accounts and what access should be set?
Reflect: Configure user access
Before you read through the next section, think about who needs to be consulted in setting
up user access.
User Authorizations
Once again, organisational policy and procedures provide the necessary information for the
administrators. There should be procedures in place that inform the appropriate people
that a person requires a new user account or changes to an existing account or a deletion of
accounts. The notification procedure should cover circumstances such as new employees
joining the organisation, employees changing positions in the organisation and employees
leaving the organisation. These notifications must come from authorised people in the
organisation (managers, etc) as stated in the policy and procedures.
Notifications also need to specify what information, data, resources etc the account is
permitted to access. The request for access must be authorised by an appropriate person in
the organisation (usually department managers). The access permissions for users should
be carefully planned and determined in writing by appropriate people who have the
authority to allocate the access. Procedures should address:
 which managers can authorise a new user
 standards for user id and passwords
 groups that users can belong to and authority required for each group
 basic accesses that all users are allowed
 authorisation requirements to access sensitive data
 application accesses
 ability to install additional software
 email and Internet accesses
 special accesses that may be required.
User authorisation (access control)

74
Take a look on the net for examples or tutorials about Configuring user authorisation. You
may want to try Microsoft (www.microsoft.com) or Linux (www.linux.org). You could also
search for tutorials using Google (www.google.com) and searching for the phrase’ ’account
creation procedure’.
Use of Groups
The most common way of administering access permissions is to create groups and put
user accounts into appropriate groups. The group is then permitted or denied access as
required. Using groups is an efficient way of managing authorisation because you only need
to set access permission to a group and not individual accounts.
For example, a company may have thousands of users, but analysis of what those users
want to do may show that there are twenty or more different combinations of access
permissions required. By assigning users to groups and then allocating permissions to the
group, the security administration is greatly simplified.
Once we have users allocated to groups we can explore other levels of controlling access.
Allocating permissions to folders and files is a major security provision of network
operating systems and one that is important to set up correctly. Can we go lower and look
at the content of a specific file and restrict access there?
The restriction of file access is most applicable in controlling access to database files.
For example, imagine a Payroll system using a database in which the data is stored in
tables. These tables have columns and rows of data. Let us think about two groups of user,
the payroll department staff and the manager of a department. The payroll group are likely
to be allowed full access to all the data although in a very large organisation there may be
segregation of access.
But what about a department manager? This person may be allowed to see salary details
for the staff that work in the department only.
In the table containing salary details there may be a row for every employee in the
organisation. This means that we only want to show this manager the rows that relate to
the one department. This would be secured with a filter that only displays staff in the
department being examined.
Furthermore there may be information about an employee that even their manager may
not be able to see, such as medical or financial information. This information may be
restricted by controlling the columns returned in a report or query.

75
This type of security is really part of the application control rather than the network but it
is still an important part of the overall security of the system and needs to be addressed by
the organisational procedures.
Permissions and Rights
Permissions generally refer to file and directory access. The user account or group can be
set with the following type of permissions:
 No access at all to files and directories
 Read only.
 Modify where the contents of files and directories may be accesses but changed or
added to but not deleted
 Full Control or Supervisory where files and directories can be view modified and
deleted.
Rights (or privileges) generally refer to the restriction on user accounts or group in
performing some task or activity. For example a user account or group may be assigned
administrator or supervisor rights meaning that the user can perform administration tasks
like create, modify or delete user accounts. Care must be taken with rights to ensure
security is not compromised.
Managing User Accounts
Once user accounts are configured we still need to manage the accounts as required by
organisational policy. For example user accounts for contractors are active only for as long
as the contractor are physically on site. This means that accounts need to be enabled and
disabled. This activity should be addressed by procedures.
Note also that many networks on different OS’s allow’ ’guest’ and’ ’temporary’ accounts.
These are usually set up for either read-only or short-term access to people who would not
normally have access to the system. Great care must be taken in configuring or using these
accounts firstly because they can allow anonymous and uncontrolled use of a system and
secondly guest passwords can sometimes be guessed easily and provide a doorway for
hackers/crackers.
Administrators need to review procedures to ensure that they remain current and address
any changes to the organisation and the network.
Administrators need to be aware of user activities and practices when accessing the
network. Organisational policy and procedures should address how users should access the
network. In time users may develop shortcuts and practices that knowingly or

76
unknowingly are in breach of policy and may compromise network security. For example a
user may log on to the network on one workstation. Then to allow access for a colleague
who has forgotten their password the users logs in on another workstation for the
colleague. The result is two concurrently network connections for one user account but for
two different people who have different user access requirements.
To manage user accounts appropriately administrators should
 Regularly review organisational policies and procedures to be aware of
requirements and address any organisational or network changes
 Conduct regular checks to ensure the change management procedures are working
for new, changed and deleted users
 Review and investigate current work practices regarding user network access
 Conduct information and training sessions for network users to reinforce
appropriate practices and organisational policy
 Conduct regular audits of network access—verifying current users and deleting
expired accounts
Managing user accounts can be a complex and tedious task but we can things easier by
ensuring appropriate policy and procedures are in place.

Policies and procedures

Many larger organisations post the policies that govern their user authorisation processes
on their intranets. Try searching intranet sites for larger companies—particularly IT based
organisations. You may need to look under’ ’Publications’ or’ ’Policies’. Also try a Google
search for the term’ ’user authorisation policy’ (use’ ’authorization’ for US companies).
Summary
How user accounts are managed is principally determined by organisational policy.
Administrators need to use policies and procedures to determine how to configure
accounts and how to set appropriate access permissions to application and data.
Once accounts are established, again policies and procedures will clearly define how the
accounts will be managed with regard to changes, disabling and

77