Network+ Guide to Networks 5th Edition

Chapter 14 Ensuring Integrity and Availability

Objectives
Identify the characteristics of a network that keep data safe from loss or damage Protect an enterprise-wide network from viruses Explain network- and system-level fault-tolerance techniques Discuss issues related to network backup and recovery strategies Describe the components of a useful disaster recovery plan and the options for disaster contingencies

What Are Integrity and Availability?

What Are Integrity and Availability?

Integrity
Networks programs, data, services, devices, connections soundness

Availability
How consistently, reliably a file or system can be accessed
By authorized personnel

Both are compromised by:

Security breaches, natural disasters, malicious intruders, power flaws, human error

What Are Integrity and Availability? (contd.)

User error
Unintentional
Harm data, applications, software configurations, hardware

Intentional
Administrators must take precautionary measures to protect network

Cannot predict every vulnerability Follow general guidelines for protecting network

General Guidelines for Protecting your Network

Allow only network administrators to change NOS and application system files Monitor the network for unauthorized access or changes Record authorized changes in a change management system Install redundant components Perform regular health checks
Network+ Guide to Networks, 5th Edition 6

General Guidelines for Protecting your Network

Check system performance, error logs, and system log book Keep backups, boot disks, and emergency repair disks current and available Implement and enforce security and disaster recovery policies

Network+ Guide to Networks, 5th Edition

Malware

Malware
Program or code
Designed to intrude upon or harm system and resources

Examples: viruses, Trojan horses, worms, bots Virus

Replicating program intent to infect more computers
Through network connections, exchange of external storage devices

Many destructive programs often called viruses

Do not meet strict criteria of virus Example: Trojan horse

Types of Malware
Boot sector viruses
Infects the boot sector of hard disks or floppies Runs when the computer is started

Macro Virus
Infects Microsoft Office files

File-infector virus
Infects executable files

Worm
Runs independently, not attached to a file Spreads through attachments to email, instant messages, or other file transfer

Types of Malware
Trojan horse
Claims to be something desirable, but hides something harmful

Network Virus
Propagates through network protocols, like FTP

Bot
Makes your computer a zombie--remotely controlled by a criminal, through IRC or some other network channel A group of those computers form a botnet, controlled by a botmaster (link Ch 14a)
Network+ Guide to Networks, 5th Edition 11

Malware Characteristics
Making malware harder to detect and eliminate
Encryption
Used by viruses, worms, Trojan horses Thwart antivirus programs attempts to detect it

Stealth
Malware hides itself to prevent detection Disguise themselves as legitimate programs, code

Polymorphism
Change characteristics every time they transfer to new system Use complicated algorithms, incorporate nonsensical commands

Malware Characteristics (contd.)

Time dependence
Programmed to activate on particular date Can remain dormant, harmless until date arrives Logic bombs: programs designed to start when certain conditions met

Malware can exhibit more than one of these characteristics

Malware Protection
Not just installing any virus-scanning program or anti-malware software Requires:
Choosing appropriate anti-malware program Monitoring network Continually updating anti-malware program Educating users

Anti-Malware Software
Malware leaves evidence
Some detectable only by anti-malware software User viewable symptoms
Unexplained file size increases Significant, unexplained system performance decline Unusual error messages Significant, unexpected system memory loss Periodic, unexpected rebooting Display quality fluctuations

Malware often discovered after damage done

Anti-Malware Software (contd.)

Minimal anti-malware functions
Detect malware through signature scanning
Comparing files content with known malware signatures

Detect malware through integrity checking

Comparing current file characteristics against archived version

Anti-Malware Software (contd.)

Minimal anti-malware functions (contd.)
Detect malware by monitoring unexpected file changes Receive regular updates and modifications Consistently report only valid instances of malware-not false positives
Heuristic scanning: identifying malware by discovering malware-like behavior, is prone to false positives

Anti-Malware Policies
Dependent upon environments needs Decide whether to install anti-malware software on
Every desktop Servers

Policies provide rules for:

Using anti-malware software Installing programs, sharing files, using external disks

Management should authorize and support policy Anti-malware policy guidelines

Protect network from damage, downtime

Common Anti-Malware Software

Free products
Microsoft Security Essentials (probably the most logical choice for home users) (link Ch 14d) Avira Clamwin (no realtime protection, link Ch 14e) AVG (link Ch 14f)

Commercial Products (for companies):

McAfee, Norton Antivirus, F-Secure, eTrust Students get a free copy of McAfee Enterprise to use at home
Network+ Guide to Networks, 5th Edition 19

Hoaxes
False alert email about:
Dangerous, new virus Other malware causing workstation damage

Ignore
No realistic basis Attempt to create panic Do not pass on

Verification
Use reliable Web page listing virus hoaxes

Watch for attached files

Fault Tolerance

Fault Tolerance
Capacity for system to continue performing
Despite unexpected hardware, software malfunction

Failure
Deviation from specified system performance level
Given time period

Fault
Malfunction of one system component Can result in failure

Fault-tolerant system goal

Prevent faults from progressing to failures

Levels of Fault Tolerance

How critical are the network services to the company? Highest level of fault tolerance
System remains unaffected by most drastic problem Power failure, flood, fire, etc.

Lower level of fault tolerance

System remains unaffected by more common problem Failure of a NIC or hard drive

Environment
Protect devices from:
Excessive heat, moisture
Purchase temperature, humidity monitors

Break-ins Natural disasters

Power
Blackout
Complete power loss

Brownout
Temporary dimming of lights

Causes
Forces of nature Utility company maintenance, construction

Solution
Alternate power sources

Power Flaws
Not tolerated by networks Types:
Surge
Momentary increase in voltage

Noise
Fluctuation in voltage levels

Brownout
Momentary voltage decrease

Blackout
Complete power loss

UPSs (Uninterruptible Power Supplies)

Battery-operated power source Directly attached to one or more devices Attached to a power supply Prevents
Harm to device, service interruption

Variances
Power aberrations rectified Time providing power Number of supported devices Price

UPSs (contd.)

Figure 14-1 Standby and online UPSs

Standby UPS (Offline UPS)

Switches quickly to battery upon power loss Problems
Time to detect power loss Does not provide continuous power

Online UPS
Devices are always powered by the battery A/C power continuously charges battery No momentary service loss risk Handles noise, surges, sags
Before power reaches attached device

More expensive than standby UPSs Cost depends on power capacity

Generators
Powered by diesel, liquid propane, gas, natural gas, or steam Do not provide surge protection Provide electricity free from noise Used in highly available environments Generator choice
Calculate organizations crucial electrical demands
Determine generators optimal size

Figure 14-2 UPSs and a generator in a network design

Topology and Connectivity

Before designing data links
Assess networks needs

Fault tolerance in network design

Supply multiple paths for data
Avoid single points of failure

LAN: star topology and parallel backbone WAN: full-mesh or partial-mesh topology SONET technology
Relies on dual, fiber-optic ring

Redundant Internet Connections

Supply duplicate connection
Use different service carriers Use two different routes
Critical data transactions must follow more than one possible path

Network redundancy advantages

Reduces network fault risk
Lost functionality Lost profits

Fault Tolerance at the WAN

Consider PayNTime, a company that needs to get data from two clients to print checks One solution: lease two T1s to each client
Expensive

Better solution
Partner with ISP Establishing secure VPNs Outsources the network redundancy and design

Figure 14-3 VPNs linking multiple customers

Failures in the Data Room

Many single points of failure
T1 connection could incur fault Firewall, router, CSU/DSU, multiplexer, or switch might suffer faults in power supplies, NICs, or circuit boards

Figure 14-4 Single T1 connectivity

Fault Tolerance in the Data Room

Solution
Redundant devices with automatic failover
Immediately assume identical component duties

Use hot swappable devices Desired for switches or routers supporting critical links Adds to device cost Does not address all faults occurring on connection
Faults might affect connecting links

Load Balancing
Uses all redundant paths to move data faster That way the fault tolerance is not just wasted money when nothing fails

Topology and Connectivity (contd.)

Figure 14-5 Fully redundant T1 connectivity

Servers
Critical servers
Contain redundant components
Provide fault tolerance, load balancing

Server Mirroring
Mirroring
Fault-tolerance technique One device, component duplicates another's activities

Server mirroring
One server continually duplicates another's transactions, data storage Uses identical servers, components High-speed link between servers Synchronization software Form of replication
Dynamic copying of data from one location to another

Server Mirroring (contd.)

Advantage
Flexibility in server location

Disadvantages
Time delay for mirrored server to assume functionality Toll on network as data copied between sites

Hardware and software costs

May be justifiable

Clustering
Links multiple servers together
Act as single server

Clustered servers share processing duties

Appear as single server to users

Failure of one server

Others take over

For large networks

More cost-effective than mirroring

Clustering (contd.)
Many advantages over mirroring
Each clustered server
Performs data processing Always ready to take over

Reduces ownership costs Improves performance

Google Server Cluster

Ch 14g

Storage
Data storage: also has issues of availability and fault tolerance
Different methods are available for making sure shared data and applications are never lost or irretrievable

RAID (Redundant Array of Independent [or Inexpensive] Disks)

Collection of disks
Provide shared data, application fault tolerance

Disk array (drive)

Group of hard disks

RAID drive (RAID array)

Collection of disks working in a RAID configuration Single logical drive

RAID (contd.)
Hardware RAID
Set of disks, separate disk controller RAID array managed exclusively by RAID disk controller
Attached to server through servers controller interface

Software RAID
Software implements, controls RAID techniques
Any hard disk type

Less expensive (no controller, disk array) Performance rivals hardware RAID

RAID (contd.)
RAID Level 0 - Disk Striping
Simple RAID implementation Data written in 64-KB blocks equally across all disks Not fault-tolerant Does not provide true redundancy Best RAID performance (in this chapter)
Uses multiple disk controllers

RAID (contd.)

Figure 14-6 RAID level 0 - disk striping

RAID (contd.)
RAID Level 1- Disk Mirroring
Disk mirroring provides redundancy
Data from one disk copied automatically to another disk

Advantages
Simplicity, automatic and complete data redundancy

Disadvantages
Cost of two disks CPU usage because software does the mirroring

RAID (contd.)
Disk duplexing
Similar to disk mirroring Data continually copied from one disk to another Separate disk controller used for each disk
Provides added fault tolerance

RAID (contd.)

Figure 14-7 RAID level 1 - disk mirroring

RAID (contd.)
RAID Level 3 - Disk Striping with Parity ECC
ECC (error correction code)
Algorithm to detect, correct errors Known as parity error correction code

Parity
Mechanism to verify data integrity
Number of bits in byte sum to odd, even number

Use either even parity, odd parity, not both

Table 14-1 The use of parity bits to achieve parity

RAID Level 3 - Disk Striping with Parity ECC (contd.)

Parity tracks data integrity
Not data type, protocol, transmission method, file size

Parity error checking

Process of comparing data parity

Figure 14-8 RAID level 3 - disk striping with parity ECC

RAID Level 3 - Disk Striping with Parity ECC (contd.)

Advantage
High data transfer rate

Disadvantage
Parity information appears on single disk

RAID (contd.)
RAID Level 5 - Disk Striping with Distributed Parity
Most popular data storage technique Data written in small blocks across several disks Parity error checking information distributed among disks Advantages over RAID level 3
Writes data more rapidly Uses several disks for parity information Disk replacement causes little interruption Controlling software regenerates failed file parts

RAID (contd.)

Figure 14-9 RAID level 5 - disk striping with distributed parity

RAID (contd.)
RAID Level 5 - Disk Striping with Distributed Parity
Hot spare (failover component)
Array disk, partition used only when one RAID disk fails See link Ch 14i

Cold spare (hot swappable component)

Duplicate component Not installed

NAS (Network Attached Storage)

Specialized storage device, storage device group
Provides centralized fault-tolerant data storage

Difference from RAID

Maintains own interface to LAN

NAS (contd.)
Advantages
NAS device contains own file system
Optimized for saving, serving files Reads, writes fast

Easily expandable
No service interruption

Disadvantage
No direct communication with network clients

Use
Enterprises requiring fault tolerance, fast data access

NAS (contd.)

Figure 14-10 Network attached storage on a LAN

SANs (Storage Area Networks)

Distinct networks of storage devices Communicate directly
With each other, other networks

Multiple storage devices

Connected to multiple, identical servers

SANs (contd.)
Advantages
Fault tolerant Fast
Special transmission method Special protocols, like Fibre Channel Despite the name, Fibre Channel can run over both copper and fiber media (link Ch 14k, 14l)

SAN can be installed in location separate from LAN served

Provides added fault tolerance

Highly scalable Faster, more efficient method of writing data

SANs (contd.)
Drawbacks
High cost
Small SAN: $100,000 Large SAN: several million dollars

More complex than NAS, RAID

Training, administration efforts required

Use
Environments with huge data quantities requiring quick availability

Figure 14-11 A storage area network

Data Backup

Data Backup
Backup
Copies of data or program files
Created for archiving, safekeeping

Store off site

Without backup
You risk losing everything

Many backup options available

Performed by different software and hardware Use different storage media types

Can be controlled by NOS utilities, third-party software

Backup Media and Methods

Selecting backup media, methods
Several approaches
Each has advantages and disadvantages

Ask questions to select appropriate solution

Optical Media
Media storing digitized data Uses laser to write data, read data Examples
CDs, DVDs

Backup requirements
Recordable CD or DVD drive, software utility

CD-R (compact disc-recordable)

Written to once, stores 650 MB data

CD-RW (compact disc-rewriteable)

Used more than once, stores 650 MB data

Optical Media (contd.)

CD backups
Simple to restore from
Standard format

Relatively low storage capacity

Recordable DVD
4.7 GB on one single-layered side Double-layered, two-sided DVD
Store up to 17 GB of data

Several different formats

Optical Media (contd.)

Disadvantage
Writing data takes longer than other media Requires more human intervention

Tape Backups
Copying data to magnetic tape Relatively simple Stores very large data amounts Requirements
Tape drive connected to network Management software Backup media

Tape Backups (contd.)

Figure 14-12 Tape backup media

Tape Backups (contd.)

Small network
Stand-alone tape drives attached to each server

Large network
One large, centralized tape backup device
Manages all subsystems backups

Extremely large environments

Robots retrieve, circulate tapes from vault
Tape storage library

External Disk Drives

Removable disk drives Attached temporarily to computer
USB, PCMCIA, FireWire, CompactFlash port

Simple to use
Save, share data

Temporary drive appears like any other drive Large data capacity
Backup control features, higher storage capacity, faster read-write access
Example: Iomega REV drive

Network Backups
Save data to another place on network
Different server, another WAN location SAN, NAS storage device

Online backup
Saves data across Internet
To another companys storage array

Implement strict security measures Automated backup, restoration processes Online back up provider evaluation
Test speed, accuracy, security, recovery

Online Backup Examples

Iron Mountain
Normal online backup on their servers Link Ch 14m

Symform
A cooperative service--your data is stored on other members' servers $5 a month, no data storage limit Ch 14n

Backup Strategy
Goal
Perform reliable backups providing maximum data protection

Documented in common area

Accessible by all IT staff

Address various questions Archive bit

File attribute
Checked to set on or off On indicates file must be archived

Backup Methods
Full backup
All data copied Uncheck archive bits Uses the most tape and time Easiest restoration (play one tape)

Incremental backup
Copy data changed since last full or incremental backup Uncheck archive bits Uses the least tape and time Most complex recovery--must play many tapes

Backup Methods
Differential backup
Copy only data changed since last backup All data marked for subsequent backup Does not uncheck archive bits Uses less tape and time than a Full Backup, but more than an Incremental Backup Data recovery requires two tapes

Backup Strategy (contd.)

Determine best backup rotation scheme
Plan specifying when and how often backups occur Goal
Provide excellent data reliability without overtaxing network, requiring intervention

Grandfather-Father-Son
Uses backup sets
Daily (son) Weekly (father) Monthly (grandfather)

Figure 14-13 The Grandfather-Father-Son backup rotation scheme

Grandfather-Father-Son (contd.)
Three backup types performed each month:
Daily incremental (every Monday through Thursday) Weekly full (every Friday) Monthly full (last day of the month)

Backup Strategy (contd.)

Ensure backup activity recorded in backup log
Backup date Tape identification Type of data backed up, Type of backup Files backed up Site where tape stored

Establish regular verification schedule

Disaster Recovery

Disaster Recovery
Disaster recovery
Restoring critical functionality, data
After enterprise-wide outage Affecting more than single system, limited group

Consider possible extremes

Hurricane, fire, etc. Not relatively minor outages, failures, security breaches, data corruption

Disaster Recovery Planning

Accounts for worst-case scenarios Identifies disaster recovery team Provides contingency plans
Restore and replace:
Computer systems Power Telephony systems Paper-based files

Contains various sections

Related to computer systems

Lessens critical data loss risk

Disaster Recovery Contingencies

Cold site
Components necessary to rebuild network exist
Not appropriately configured, updated, or connected

Warm site
Components necessary to rebuild network exist
Some appropriately configured, updated, and connected

Hot site
Components necessary to rebuild network exist
All are appropriately configured, updated, and connected Match networks current state

 Link Ch 14o