Network+ Guide To Networks 5 Edition: Ensuring Integrity and Availability
Network+ Guide To Networks 5 Edition: Ensuring Integrity and Availability
Objectives
Identify the characteristics of a network that keep data safe from loss or damage Protect an enterprise-wide network from viruses Explain network- and system-level fault-tolerance techniques Discuss issues related to network backup and recovery strategies Describe the components of a useful disaster recovery plan and the options for disaster contingencies
Availability
How consistently, reliably a file or system can be accessed
By authorized personnel
Intentional
Administrators must take precautionary measures to protect network
Cannot predict every vulnerability Follow general guidelines for protecting network
Malware
Malware
Program or code
Designed to intrude upon or harm system and resources
Types of Malware
Boot sector viruses
Infects the boot sector of hard disks or floppies Runs when the computer is started
Macro Virus
Infects Microsoft Office files
File-infector virus
Infects executable files
Worm
Runs independently, not attached to a file Spreads through attachments to email, instant messages, or other file transfer
Types of Malware
Trojan horse
Claims to be something desirable, but hides something harmful
Network Virus
Propagates through network protocols, like FTP
Bot
Makes your computer a zombie--remotely controlled by a criminal, through IRC or some other network channel A group of those computers form a botnet, controlled by a botmaster (link Ch 14a)
Network+ Guide to Networks, 5th Edition 11
Malware Characteristics
Making malware harder to detect and eliminate
Encryption
Used by viruses, worms, Trojan horses Thwart antivirus programs attempts to detect it
Stealth
Malware hides itself to prevent detection Disguise themselves as legitimate programs, code
Polymorphism
Change characteristics every time they transfer to new system Use complicated algorithms, incorporate nonsensical commands
Malware Protection
Not just installing any virus-scanning program or anti-malware software Requires:
Choosing appropriate anti-malware program Monitoring network Continually updating anti-malware program Educating users
Anti-Malware Software
Malware leaves evidence
Some detectable only by anti-malware software User viewable symptoms
Unexplained file size increases Significant, unexplained system performance decline Unusual error messages Significant, unexpected system memory loss Periodic, unexpected rebooting Display quality fluctuations
Anti-Malware Policies
Dependent upon environments needs Decide whether to install anti-malware software on
Every desktop Servers
Hoaxes
False alert email about:
Dangerous, new virus Other malware causing workstation damage
Ignore
No realistic basis Attempt to create panic Do not pass on
Verification
Use reliable Web page listing virus hoaxes
Fault Tolerance
Fault Tolerance
Capacity for system to continue performing
Despite unexpected hardware, software malfunction
Failure
Deviation from specified system performance level
Given time period
Fault
Malfunction of one system component Can result in failure
Environment
Protect devices from:
Excessive heat, moisture
Purchase temperature, humidity monitors
Power
Blackout
Complete power loss
Brownout
Temporary dimming of lights
Causes
Forces of nature Utility company maintenance, construction
Solution
Alternate power sources
Power Flaws
Not tolerated by networks Types:
Surge
Momentary increase in voltage
Noise
Fluctuation in voltage levels
Brownout
Momentary voltage decrease
Blackout
Complete power loss
Variances
Power aberrations rectified Time providing power Number of supported devices Price
UPSs (contd.)
Online UPS
Devices are always powered by the battery A/C power continuously charges battery No momentary service loss risk Handles noise, surges, sags
Before power reaches attached device
Generators
Powered by diesel, liquid propane, gas, natural gas, or steam Do not provide surge protection Provide electricity free from noise Used in highly available environments Generator choice
Calculate organizations crucial electrical demands
Determine generators optimal size
LAN: star topology and parallel backbone WAN: full-mesh or partial-mesh topology SONET technology
Relies on dual, fiber-optic ring
Better solution
Partner with ISP Establishing secure VPNs Outsources the network redundancy and design
Use hot swappable devices Desired for switches or routers supporting critical links Adds to device cost Does not address all faults occurring on connection
Faults might affect connecting links
Load Balancing
Uses all redundant paths to move data faster That way the fault tolerance is not just wasted money when nothing fails
Servers
Critical servers
Contain redundant components
Provide fault tolerance, load balancing
Server Mirroring
Mirroring
Fault-tolerance technique One device, component duplicates another's activities
Server mirroring
One server continually duplicates another's transactions, data storage Uses identical servers, components High-speed link between servers Synchronization software Form of replication
Dynamic copying of data from one location to another
Disadvantages
Time delay for mirrored server to assume functionality Toll on network as data copied between sites
Clustering
Links multiple servers together
Act as single server
Clustering (contd.)
Many advantages over mirroring
Each clustered server
Performs data processing Always ready to take over
Storage
Data storage: also has issues of availability and fault tolerance
Different methods are available for making sure shared data and applications are never lost or irretrievable
RAID (contd.)
Hardware RAID
Set of disks, separate disk controller RAID array managed exclusively by RAID disk controller
Attached to server through servers controller interface
Software RAID
Software implements, controls RAID techniques
Any hard disk type
Less expensive (no controller, disk array) Performance rivals hardware RAID
RAID (contd.)
RAID Level 0 - Disk Striping
Simple RAID implementation Data written in 64-KB blocks equally across all disks Not fault-tolerant Does not provide true redundancy Best RAID performance (in this chapter)
Uses multiple disk controllers
RAID (contd.)
RAID (contd.)
RAID Level 1- Disk Mirroring
Disk mirroring provides redundancy
Data from one disk copied automatically to another disk
Advantages
Simplicity, automatic and complete data redundancy
Disadvantages
Cost of two disks CPU usage because software does the mirroring
RAID (contd.)
Disk duplexing
Similar to disk mirroring Data continually copied from one disk to another Separate disk controller used for each disk
Provides added fault tolerance
RAID (contd.)
RAID (contd.)
RAID Level 3 - Disk Striping with Parity ECC
ECC (error correction code)
Algorithm to detect, correct errors Known as parity error correction code
Parity
Mechanism to verify data integrity
Number of bits in byte sum to odd, even number
Disadvantage
Parity information appears on single disk
RAID (contd.)
RAID Level 5 - Disk Striping with Distributed Parity
Most popular data storage technique Data written in small blocks across several disks Parity error checking information distributed among disks Advantages over RAID level 3
Writes data more rapidly Uses several disks for parity information Disk replacement causes little interruption Controlling software regenerates failed file parts
RAID (contd.)
RAID (contd.)
RAID Level 5 - Disk Striping with Distributed Parity
Hot spare (failover component)
Array disk, partition used only when one RAID disk fails See link Ch 14i
NAS (contd.)
Advantages
NAS device contains own file system
Optimized for saving, serving files Reads, writes fast
Easily expandable
No service interruption
Disadvantage
No direct communication with network clients
Use
Enterprises requiring fault tolerance, fast data access
NAS (contd.)
SANs (contd.)
Advantages
Fault tolerant Fast
Special transmission method Special protocols, like Fibre Channel Despite the name, Fibre Channel can run over both copper and fiber media (link Ch 14k, 14l)
SANs (contd.)
Drawbacks
High cost
Small SAN: $100,000 Large SAN: several million dollars
Use
Environments with huge data quantities requiring quick availability
Data Backup
Data Backup
Backup
Copies of data or program files
Created for archiving, safekeeping
Without backup
You risk losing everything
Optical Media
Media storing digitized data Uses laser to write data, read data Examples
CDs, DVDs
Backup requirements
Recordable CD or DVD drive, software utility
Recordable DVD
4.7 GB on one single-layered side Double-layered, two-sided DVD
Store up to 17 GB of data
Tape Backups
Copying data to magnetic tape Relatively simple Stores very large data amounts Requirements
Tape drive connected to network Management software Backup media
Large network
One large, centralized tape backup device
Manages all subsystems backups
Simple to use
Save, share data
Temporary drive appears like any other drive Large data capacity
Backup control features, higher storage capacity, faster read-write access
Example: Iomega REV drive
Network Backups
Save data to another place on network
Different server, another WAN location SAN, NAS storage device
Online backup
Saves data across Internet
To another companys storage array
Implement strict security measures Automated backup, restoration processes Online back up provider evaluation
Test speed, accuracy, security, recovery
Symform
A cooperative service--your data is stored on other members' servers $5 a month, no data storage limit Ch 14n
Backup Strategy
Goal
Perform reliable backups providing maximum data protection
Backup Methods
Full backup
All data copied Uncheck archive bits Uses the most tape and time Easiest restoration (play one tape)
Incremental backup
Copy data changed since last full or incremental backup Uncheck archive bits Uses the least tape and time Most complex recovery--must play many tapes
Backup Methods
Differential backup
Copy only data changed since last backup All data marked for subsequent backup Does not uncheck archive bits Uses less tape and time than a Full Backup, but more than an Incremental Backup Data recovery requires two tapes
Grandfather-Father-Son
Uses backup sets
Daily (son) Weekly (father) Monthly (grandfather)
Grandfather-Father-Son (contd.)
Three backup types performed each month:
Daily incremental (every Monday through Thursday) Weekly full (every Friday) Monthly full (last day of the month)
Disaster Recovery
Disaster Recovery
Disaster recovery
Restoring critical functionality, data
After enterprise-wide outage Affecting more than single system, limited group
Warm site
Components necessary to rebuild network exist
Some appropriately configured, updated, and connected
Hot site
Components necessary to rebuild network exist
All are appropriately configured, updated, and connected Match networks current state
Link Ch 14o