Chapter 13 Ensuring Integrity and Availability

What Are Integrity and Availability? Integrity: soundness of network’s programs, data, services, devices, and connections Availability: how consistently and reliably file or system can be accessed by authorized personnel Need well-planned and well-configured network Data backups, redundant devices, protection from malicious intruders Phenomena compromising integrity and availability: Security breaches, natural disasters, malicious intruders, power flaws, human error Network+ Guide to Networks, 4e2http://

What Are Integrity and Availability? (continued) General guidelines for protecting network: Allow only network administrators to create or modify NOS and application system files Monitor network for unauthorized access or changes Record authorized system changes in a change management system Install redundant components Perform regular health checks Network+ Guide to Networks, 4e3http://

What Are Integrity and Availability? (continued) General guidelines for protecting network (continued): Check system performance, error logs, and system log book regularly Keep backups, boot disks, and emergency repair disks current and available Implement and enforce security and disaster recovery policies Network+ Guide to Networks, 4e4http://

Viruses Program that replicates itself with intent to infect more computers Through network connections or exchange of external storage devices Typically copied to storage device without user’s knowledge Trojan horse: program that disguises itself as something useful but actually harms system Not considered a virus Network+ Guide to Networks, 4e5http://

Types of Viruses Boot sector viruses: located in boot sector of computer’s hard disk When computer boots up, virus runs in place of computer’s normal system files Removal first requires rebooting from uninfected, write- protected disk with system files on it Macro viruses: take form of macro that may be executed as user works with a program Quick to emerge and spread Symptoms vary widely Network+ Guide to Networks, 4e6http://

Types of Viruses (continued) File-infected viruses: attach to executable files When infected executable file runs, virus copies itself to memory Can have devastating consequences Symptoms may include damaged program files, inexplicable file size increases, changed icons for programs, strange messages, inability to run a program Worms: programs that run independently and travel between computers and across networks Not technically viruses Can transport and hide viruses Network+ Guide to Networks, 4e7http://

Types of Viruses (continued) Trojan horse: program that claims to do something useful but instead harms system Network viruses: propagated via network protocols, commands, messaging programs, and data links Bots: program that runs automatically, without requiring a person to start or stop it Many bots spread through Internet Relay Chat (IRC) Used to damage/destroy data or system files, issue objectionable content, further propagate virus Network+ Guide to Networks, 4e8http://

Virus Characteristics Encryption: encrypted virus may thwart antivirus program’s attempts to detect it Stealth: stealth viruses disguise themselves as legitimate programs or replace part of legitimate program’s code with destructive code Polymorphism: polymorphic viruses change characteristics every time transferred Time-dependence: time-dependent viruses programmed to activate on particular date Network+ Guide to Networks, 4e9http://

Virus Protection: Antivirus Software Antivirus software should at least: Detect viruses through signature scanning Detect viruses through integrity checking Detect viruses by monitoring unexpected file changes or virus-like behaviors Receive regular updates and modifications from a centralized network console Consistently report only valid viruses Heuristic scanning techniques attempt to identify viruses by discovering “virus-like” behavior (may give “false positives”) Network+ Guide to Networks, 4e10http://

Antivirus Policies Provide rules for using antivirus software and policies for installing programs, sharing files, and using floppy disks Suggestions for antivirus policy guidelines: Every computer in organization equipped with virus detection and cleaning software Users should not be allowed to alter or disable antivirus software Users should know what to do in case virus detected Network+ Guide to Networks, 4e11http://

Antivirus Policies (continued) Suggestions for antivirus policy guidelines (continued): Antivirus team should be appointed to focus on maintaining antivirus measures Users should be prohibited from installing any unauthorized software on their systems Systemwide alerts should be issued to network users notifying them of serious virus threats and advising them how to prevent infection Network+ Guide to Networks, 4e12http://

Virus Hoaxes False alerts about dangerous, new virus that could cause serious damage to systems Generally an attempt to create panic Should not be passed on Can confirm hoaxes online Network+ Guide to Networks, 4e13http://

Fault Tolerance Capacity for system to continue performing despite unexpected hardware or software malfunction Failure: deviation from specified level of system performance for given period of time Fault: involves malfunction of system component Can result in a failure Varying degrees At highest level, system remains unaffected by even most drastic problems Network+ Guide to Networks, 4e14http://

Environment Must analyze physical environment in which devices operate e.g., excessive heat or moisture, break-ins, natural disasters Can purchase temperature and humidity monitors Trip alarms if specified limits exceeded Network+ Guide to Networks, 4e15http://

Power: Power Flaws Power flaws that can damage equipment: Surge: momentary increase in voltage due to lightning strikes, solar flares, or electrical problems Noise: fluctuation in voltage levels caused by other devices on network or electromagnetic interference Brownout: momentary decrease in voltage; also known as a sag Blackout: complete power loss Network+ Guide to Networks, 4e16http://

UPSs (Uninterruptible Power Supplies) Battery-operated power source directly attached to one or more devices and to power supply Prevents undesired features of outlet’s A/C power from harming device or interrupting services Standby UPS: provides continuous voltage to device Switch to battery when power loss detected Online UPS: uses power from wall outlet to continuously charge battery, while providing power to network device through battery Network+ Guide to Networks, 4e17http://

UPSs (continued) Factors to consider when deciding on a UPS: Amount of power needed Power measured in volt-amps Period of time to keep a device running Line conditioning Cost Network+ Guide to Networks, 4e18http://

Generators Network+ Guide to Networks, 4e19 Figure 13-2: UPSs and a generator in a network design

Topology and Connectivity Key to fault tolerance in network design is supplying multiple possible data paths If one connection fails, data can be rerouted On LANs, star topology and parallel backbone provide greatest fault tolerance On WANs, full mesh topology offers best fault tolerance SONET networks highly fault-tolerant Redundancy in network offers advantage of reducing risk of lost functionality and profits from network faults Network+ Guide to Networks, 4e20http://

Topology and Connectivity (continued) Network+ Guide to Networks, 4e21 Figure 13-3: VPNs linking multiple customers

Topology and Connectivity (continued) Automatic fail-over: use redundant components able to immediately assume duties of an identical component in event of failure or fault Can provide some level of fault tolerance by using hot swappable parts Leasing redundant T1s allows for load balancing Automatic distribution of traffic over multiple links or processors to optimize response Network+ Guide to Networks, 4e22http://

Topology and Connectivity (continued) Network+ Guide to Networks, 4e23 Figure 13-5: Fully redundant T1 connectivity

Servers Make servers more fault-tolerant by supplying them with redundant components NICs, processors, and hard disks If one item fails, entire system won’t fail Enable load balancing Network+ Guide to Networks, 4e24http://

Server Mirroring Mirroring: one device or component duplicates activities of another Server Mirroring: one server duplicates transactions and data storage of another Must be identical machines using identical components Requires high-speed link between servers Requires synchronization software Form of replication Servers can stand side by side or be positioned in different locations Network+ Guide to Networks, 4e25http://

Clustering Link multiple servers together to act as single server Share processing duties Appear as single server to users If one server fails, others automatically take over data transaction and storage responsibilities More cost-effective than mirroring To detect failures, clustered servers regularly poll each other Servers must be close together Network+ Guide to Networks, 4e26http://

Storage: RAID (Redundant Array of Independent (or Inexpensive) Disks) Collection of disks that provide fault tolerance for shared data and applications Disk array Collection of disks that work together in RAID configuration, often referred to as RAID drive Appear as single logical drive to system Hardware RAID: set of disks and separate disk controller Managed exclusively by RAID disk controller Software RAID: relies on software to implement and control RAID techniques Network+ Guide to Networks, 4e27http://

RAID Level 0―Disk Striping Simple implementation of RAID Not fault-tolerant Improves performance Network+ Guide to Networks, 4e28 Figure 13-6: RAID Level 0—disk striping

RAID Level 1—Disk Mirroring Data from one disk copied to another disk automatically as information written Dynamic backup If one drive fails, disk array controller automatically switches to disk that was mirroring it Requires two identical disks Usually relies on system software to perform mirroring Disk duplexing: similar to disk mirroring, but separate disk controller used for each disk Network+ Guide to Networks, 4e29http://

RAID Level 1—Disk Mirroring (continued) Network+ Guide to Networks, 4e30 Figure 13-7: RAID Level 1—disk mirroring

RAID Level 3—Disk Striping with Parity ECC Disk striping with special error correction code (ECC) Parity: mechanism used to verify integrity of data by making number of bits in a byte sum to either an odd or even number Even parity or odd parity Tracks integrity of data on disk Parity bit assigned to each data byte when written to disk When data read, data’s bits plus parity bit summed (parity should match) Network+ Guide to Networks, 4e31http://

RAID Level 3—Disk Striping with Parity ECC (continued) Network+ Guide to Networks, 4e32 Figure 13-8: RAID Level 3—disk striping with parity ECC

RAID Level 5—Disk Striping with Distributed Parity Data written in small blocks across several disks Parity error checking information distributed among disks Highly fault-tolerant Very popular Failed disk can be replaced with little interruption Hot spare: disk or partition that is part of array, but used only in case a RAID disks fails Cold spare: duplicate component that can be installed in case of failure Network+ Guide to Networks, 4e33http://

RAID Level 5—Disk Striping with Distributed Parity (continued) Network+ Guide to Networks, 4e34 Figure 13-9: RAID Level 5—disk striping with distributed parity

NAS (Network Attached Storage) Specialized storage device that provides centralized fault-tolerant data storage Maintains own interface to LAN Contains own file system optimized for saving and serving files Easily expanded without interrupting service Cannot communicate directly with network clients Network+ Guide to Networks, 4e35http://

NAS (continued) Network+ Guide to Networks, 4e36 Figure 13-10: Network attached storage on a LAN

SANs (Storage Area Networks) Network+ Guide to Networks, 4e37 Figure 13-11: A storage area network

Data Backup Copy of data or program files created for archiving or safekeeping No matter how reliable and fault-tolerant you believe your server’s hard disk (or disks) to be, still risk losing everything unless you make backups on separate media and store them off-site Many options exist for making backups Network+ Guide to Networks, 4e38http://

Backup Media and Methods To select appropriate solution, consider following questions: Sufficient storage capacity? Reliability? Data error checking techniques? System efficient enough to complete backup process before daily operations resume? Cost and capacity? Compatibility? Frequent manual intervention? Scalability? Network+ Guide to Networks, 4e39http://

Optical Media Capable of storing digitized data Uses laser to write and read data CD-ROMs and DVDs Requires proper disk drive to write data Writing data usually takes longer than saving data to another type of media Network+ Guide to Networks, 4e40http://

Tape Backups Relatively simple, capable of storing large amounts of data, at least partially automated On relatively small networks, standalone tape drives may be attached to each server On large networks, one large, centralized tape backup device may manage all subsystems’ backups Usually connected to computer other than file server Network+ Guide to Networks, 4e41http://

External Disk Drives Storage devices that can be attached temporarily to a computer via USB, PCMCIA, FireWire, or Compact- Flash port Removable disk drives For backing up large amounts of data, likely to use external disk drive with backup control features, high capacity, and fast read-write access Faster data transfer rates than optical media or tape backups Network+ Guide to Networks, 4e42http://

Network Backups Save data to another place on network Must back up data to different disk than where it was originally stored Most NOSs provide utilities for automating and managing network backups Online backup: saves data across Internet to another company’s storage array Strict security measures to protect data in transit Backup and restoration processes automated Network+ Guide to Networks, 4e43http://

Backup Strategy Strategy should address following questions: What data must be backed up? Rotation schedule? Time backups occur? Method of accuracy verification? Where and how long will backup media be stored? Who will take responsibility? How long will backups be saved? Where will documentation be stored? Network+ Guide to Networks, 4e44http://

Backup Strategy (continued) Archive bit: file attribute that can be checked or unchecked Indicates whether file must be archived Backup methods use archive bit in different ways Full backup: all data copied to storage media, regardless of whether data is new or changed Archive bits set to “off” for all files Incremental backup: copies only data that has changed since last full or incremental backup Unchecks archive bit for every file saved Differential backup: does not uncheck archive bits for files backed up Network+ Guide to Networks, 4e45http://

Backup Strategy (continued) Determine best possible backup rotation scheme Provide excellent data reliability without overtaxing network or requiring a lot of intervention Several standard backup rotation schemes Grandfather-father-son: Uses DAILY (son), weekly (father), and monthly (grandfather) backup sets Make sure backup activity recorded in backup log Establish regular schedule of verification Network+ Guide to Networks, 4e46http://

Backup Strategy (continued) Network+ Guide to Networks, 4e47 Figure 13-13: The “grandfather-father-son” backup rotation scheme

Disaster Recovery: Disaster Recovery Planning Disaster recovery: process of restoring critical functionality and data after enterprise-wide outage Disaster recovery plan accounts for worst-case scenarios Contact names and info for emergency coordinators Details on data and servers being backed up, backup frequency, backup location, how to recover Details on network topology, redundancy, and agreements with national service carriers Strategies for testing disaster recovery plan Plan for managing the crisis Network+ Guide to Networks, 4e48http://

Disaster Recovery Contingencies Several options for recovering from disaster Cold site: place where computers, devices, and connectivity necessary to rebuild network exist Not configured, updated, or connected Warm site: same as cold site, but some computers and devices appropriately configured, updated, or connected Hot site: computers, devices, and connectivity necessary to rebuild network are appropriately configured, updated, and connected to match network’s current state Network+ Guide to Networks, 4e49http://