Network+

Chapter 16 Network Maintenance

Confidential

Objectives

 Identify the characteristics of a network that keeps data safe from

loss or damage

 Protect an enterprise-wide network from viruses  Explain network- and system-level fault-tolerance techniques  Discuss issues related to network backup and recovery strategies  Describe the components of a useful disaster recovery plan and the
options for disaster contingencies

Confidential 2

What Are Integrity and Availability?

 Integrity: soundness of networks programs, data, services, devices,

and connections

 Availability: how consistently and reliably file or system can be

accessed by authorized personnel
 Need well-planned and well-configured network  Data backups, redundant devices, protection from malicious intruders

 Phenomena compromising integrity and availability:

 Security breaches, natural disasters, malicious intruders, power flaws, human error

Confidential 3

What Are Integrity and Availability? (continued)

 General guidelines for protecting network:
 Allow only network administrators to create or modify NOS and application system files  Monitor network for unauthorized access or changes  Record authorized system changes in a change management system  Install redundant components  Perform regular health checks

Confidential 4

What Are Integrity and Availability? (continued)

 General guidelines for protecting network (continued):
 Check system performance, error logs, and system log book regularly  Keep backups, boot disks, and emergency repair disks current and available  Implement and enforce security and disaster recovery policies

Confidential 5

Viruses

 Program that replicates itself with intent to infect more computers

 Through network connections or exchange of external storage devices  Typically copied to storage device without users knowledge

 Trojan horse: program that disguises itself as something useful but

actually harms system
 Not considered a virus

Confidential 6

Types of Viruses

 Boot sector viruses: located in boot sector of computers hard disk

 When computer boots up, virus runs in place of computers normal system files  Removal first requires rebooting from uninfected, write-protected disk with system files on it

 Macro viruses: take form of macro that may be executed as user

works with a program
 Quick to emerge and spread  Symptoms vary widely

Confidential 7

Types of Viruses (continued)

 File-infected viruses: attach to executable files

 When infected executable file runs, virus copies itself to memory  Can have devastating consequences  Symptoms may include damaged program files, inexplicable file size increases, changed icons for programs, strange messages, inability to run a program

 Worms: programs that run independently and travel between computers and across networks
 Not technically viruses  Can transport and hide viruses

Confidential 8

Types of Viruses (continued)

 Trojan horse: program that claims to do something useful but

instead harms system

 Network viruses: propagated via network protocols, commands,

messaging programs, and data links

 Bots: program that runs automatically, without requiring a person to

start or stop it
 Many bots spread through Internet Relay Chat (IRC)  Used to damage/destroy data or system files, issue objectionable content, further propagate virus

Confidential 9

Virus Characteristics

 Encryption: encrypted virus may thwart antivirus programs attempts

to detect it

 Stealth: stealth viruses disguise themselves as legitimate programs

or replace part of legitimate programs code with destructive code

 Polymorphism: polymorphic viruses change characteristics every

time transferred

 Time-dependence: time-dependent viruses programmed to activate

on particular date

Confidential 10

Virus Protection: Antivirus Software

 Antivirus software should at least:

 Detect viruses through signature scanning  Detect viruses through integrity checking  Detect viruses by monitoring unexpected file changes or virus-like behaviors  Receive regular updates and modifications from a centralized network console  Consistently report only valid viruses
 Heuristic scanning techniques attempt to identify viruses by discovering virus-like behavior (may give false positives)

Confidential 11

Antivirus Policies

 Provide rules for using antivirus software and policies for installing
programs, sharing files, and using floppy disks

 Suggestions for antivirus policy guidelines:

 Every computer in organization equipped with virus detection and cleaning software  Users should not be allowed to alter or disable antivirus software  Users should know what to do in case virus detected

Confidential 12

Antivirus Policies (continued)

 Suggestions for antivirus policy guidelines (continued):

 Antivirus team should be appointed to focus on maintaining antivirus measures  Users should be prohibited from installing any unauthorized software on their systems  Systemwide alerts should be issued to network users notifying them of serious virus threats and advising them how to prevent infection

Confidential 13

Virus Hoaxes

 False alerts about dangerous, new virus that could cause serious
damage to systems
 Generally an attempt to create panic  Should not be passed on  Can confirm hoaxes online

Confidential 14

Fault Tolerance

 Capacity for system to continue performing despite unexpected

hardware or software malfunction

 Failure: deviation from specified level of system performance for

given period of time

 Fault: involves malfunction of system component

 Can result in a failure

 Varying degrees
 At highest level, system remains unaffected by even most drastic problems

Confidential 15

Environment

 Must analyze physical environment in which devices operate

 e.g., excessive heat or moisture, break-ins, natural disasters

 Can purchase temperature and humidity monitors

 Trip alarms if specified limits exceeded

Confidential 16

Power: Power Flaws

 Power flaws that can damage equipment:

 Surge: momentary increase in voltage due to lightning strikes, solar flares, or electrical problems  Noise: fluctuation in voltage levels caused by other devices on network or electromagnetic interference  Brownout: momentary decrease in voltage; also known as a sag  Blackout: complete power loss

Confidential 17

UPSs (Uninterruptible Power Supplies)

 Battery-operated power source directly attached to one or more

devices and to power supply
 Prevents undesired features of outlets A/C power from harming device or interrupting services  Standby UPS: provides continuous voltage to device
 Switch to battery when power loss detected

 Online UPS: uses power from wall outlet to continuously charge battery, while providing power to network device through battery

Confidential 18

UPSs (continued)

 Factors to consider when deciding on a UPS:

 Amount of power needed
 Power measured in volt-amps

 Period of time to keep a device running  Line conditioning  Cost

Confidential 19

Generators

Figure : UPSs and a generator in a network design

Confidential 20

Topology and Connectivity

 Key to fault tolerance in network design is supplying multiple possible data paths
 If one connection fails, data can be rerouted  On LANs, star topology and parallel backbone provide greatest fault tolerance  On WANs, full mesh topology offers best fault tolerance  SONET networks highly fault-tolerant

 Redundancy in network offers advantage of reducing risk of lost functionality and profits from network faults

Confidential 21

Topology and Connectivity (continued)

Figure : VPNs linking multiple customers

Confidential 22

Topology and Connectivity (continued)

 Automatic fail-over: use redundant components able to immediately

assume duties of an identical component in event of failure or fault

 Can provide some level of fault tolerance by using hot swappable

parts

 Leasing redundant T1s allows for load balancing

 Automatic distribution of traffic over multiple links or processors to optimize response

Confidential 23

Topology and Connectivity (continued)

Figure : Fully redundant T1 connectivity

Confidential 24

Servers

 Make servers more fault-tolerant by supplying them with redundant

components
 NICs, processors, and hard disks  If one item fails, entire system wont fail  Enable load balancing

Confidential 25

Server Mirroring

 Mirroring: one device or component duplicates activities of another  Server Mirroring: one server duplicates transactions and data storage of another
    Must be identical machines using identical components Requires high-speed link between servers Requires synchronization software Form of replication

 Servers can stand side by side or be positioned in different locations

Confidential 26

Clustering

 Link multiple servers together to act as single server

 Share processing duties  Appear as single server to users  If one server fails, others automatically take over data transaction and storage responsibilities  More cost-effective than mirroring  To detect failures, clustered servers regularly poll each other  Servers must be close together

Confidential 27

Storage: RAID (Redundant Array of Independent (or Inexpensive) Disks)

 Collection of disks that provide fault tolerance for shared data and applications
 Disk array  Collection of disks that work together in RAID configuration, often referred to as RAID drive
 Appear as single logical drive to system

 Hardware RAID: set of disks and separate disk controller

 Managed exclusively by RAID disk controller

 Software RAID: relies on software to implement and control RAID techniques

Confidential 28

RAID Level 0

Disk Striping

 Simple implementation of RAID

 Not fault-tolerant  Improves performance

Figure : RAID Level 0disk striping

Confidential 29

RAID Level 1Disk Mirroring

 Data from one disk copied to another disk automatically as

information written
 Dynamic backup  If one drive fails, disk array controller automatically switches to disk that was mirroring it  Requires two identical disks  Usually relies on system software to perform mirroring

 Disk duplexing: similar to disk mirroring, but separate disk controller

used for each disk

Confidential 30

RAID Level 1Disk Mirroring (continued)

Figure : RAID Level 1disk mirroring

Confidential 31

RAID Level 3Disk Striping with Parity ECC

 Disk striping with special error correction code (ECC)
 Parity: mechanism used to verify integrity of data by making number of bits in a byte sum to either an odd or even number
 Even parity or odd parity  Tracks integrity of data on disk  Parity bit assigned to each data byte when written to disk  When data read, datas bits plus parity bit summed (parity should match)

Confidential 32

RAID Level 3Disk Striping with Parity ECC (continued)

Figure : RAID Level 3disk striping with parity ECC

Confidential 33

RAID Level 5Disk Striping with Distributed Parity

 Data written in small blocks across several disks
 Parity error checking information distributed among disks  Highly fault-tolerant  Very popular  Failed disk can be replaced with little interruption

 Hot spare: disk or partition that is part of array, but used only in case
a RAID disks fails

 Cold spare: duplicate component that can be installed in case of

failure

Confidential 34

RAID Level 5Disk Striping with Distributed Parity (continued)

Figure : RAID Level 5disk striping with distributed parity

Confidential 35

NAS (Network Attached Storage)

 Specialized storage device that provides centralized fault-tolerant

data storage
 Maintains own interface to LAN  Contains own file system optimized for saving and serving files  Easily expanded without interrupting service  Cannot communicate directly with network clients

Confidential 36

NAS (continued)

Figure : Network attached storage on a LAN

Confidential 37

SANs (Storage Area Networks)

Figure : A storage area network

Confidential 38

Data Backup

 Copy of data or program files created for archiving or safekeeping

 No matter how reliable and fault-tolerant you believe your servers hard disk (or disks) to be, still risk losing everything unless you make backups on separate media and store them off-site

 Many options exist for making backups

Confidential 39

Backup Media and Methods

 To select appropriate solution, consider following questions:

        Sufficient storage capacity? Reliability? Data error checking techniques? System efficient enough to complete backup process before daily operations resume? Cost and capacity? Compatibility? Frequent manual intervention? Scalability?

Confidential 40

Optical Media

 Capable of storing digitized data

 Uses laser to write and read data  CD-ROMs and DVDs

 Requires proper disk drive to write data  Writing data usually takes longer than saving data to another type of
media

Confidential 41

Tape Backups

 Relatively simple, capable of storing large amounts of data, at least

partially automated

 On relatively small networks, standalone tape drives may be

attached to each server

 On large networks, one large, centralized tape backup device may

manage all subsystems backups
 Usually connected to computer other than file server

Confidential 42

External Disk Drives

 Storage devices that can be attached temporarily to a computer via

USB, PCMCIA, FireWire, or Compact-Flash port
 Removable disk drives

 For backing up large amounts of data, likely to use external disk

drive with backup control features, high capacity, and fast read-write access

 Faster data transfer rates than optical media or tape backups

Confidential 43

Network Backups

 Save data to another place on network

 Must back up data to different disk than where it was originally stored

 Most NOSs provide utilities for automating and managing network

backups

 Online backup: saves data across Internet to another companys

storage array
 Strict security measures to protect data in transit  Backup and restoration processes automated

Confidential 44

Backup Strategy

 Strategy should address following questions:

 What data must be backed up?  Rotation schedule?  Time backups occur?  Method of accuracy verification?  Where and how long will backup media be stored?  Who will take responsibility?  How long will backups be saved?  Where will documentation be stored?

Confidential 45

Backup Strategy (continued)

 Archive bit: file attribute that can be checked or unchecked

 Indicates whether file must be archived

 Backup methods use archive bit in different ways

 Full backup: all data copied to storage media, regardless of whether data is new or changed
 Archive bits set to off for all files

 Incremental backup: copies only data that has changed since last full or incremental backup
 Unchecks archive bit for every file saved

 Differential backup: does not uncheck archive bits for files backed up

Confidential 46

Backup Strategy (continued)

 Determine best possible backup rotation scheme

 Provide excellent data reliability without overtaxing network or requiring a lot of intervention  Several standard backup rotation schemes
 Grandfather-father-son: Uses DAILY (son), weekly (father), and monthly (grandfather) backup sets

 Make sure backup activity recorded in backup log  Establish regular schedule of verification

Confidential 47

Backup Strategy (continued)

Figure : The grandfather-father-son backup rotation scheme

Confidential 48

Disaster Recovery: Disaster Recovery Planning

 Disaster recovery: process of restoring critical functionality and data after enterprise-wide outage  Disaster recovery plan accounts for worst-case scenarios
 Contact names and info for emergency coordinators  Details on data and servers being backed up, backup frequency, backup location, how to recover  Details on network topology, redundancy, and agreements with national service carriers  Strategies for testing disaster recovery plan  Plan for managing the crisis

Confidential 49

Disaster Recovery Contingencies

 Several options for recovering from disaster

 Cold site: place where computers, devices, and connectivity necessary to rebuild network exist
 Not configured, updated, or connected

 Warm site: same as cold site, but some computers and devices appropriately configured, updated, or connected  Hot site: computers, devices, and connectivity necessary to rebuild network are appropriately configured, updated, and connected to match networks current state

Confidential 50

Summary

 Integrity refers to the soundness of your networks files, systems, and connections  Several basic measures can be employed to protect data and systems on a network  A virus is a program that replicates itself so as to infect more computers, either through network connections or through external storage devices passed among users  A good antivirus program should be able to detect viruses through signature scanning, integrity checking, and heuristic scanning

Confidential 51

Summary (continued)

 The goal of fault-tolerant systems is to prevent faults from

progressing to failures

 Fault tolerance is a systems capacity to continue performing despite

an unexpected hardware or software malfunction

 A UPS is a battery power source that prevents undesired features of

the power source from harming the device or interrupting its services

 For utmost fault tolerance in power supply, a generator is necessary

Confidential 52

Summary (continued)

 Critical servers often contain redundant NICs, processors, and/or

hard disks to provide better fault tolerance

 Server mirroring involves utilizing a second, identical server to

duplicate the transactions and data storage of one server

 Clustering links multiple servers together to act as a single server  RAID is an important storage redundancy feature

Confidential 53

Summary (continued)

 Backups can be saved to optical media (such as CDs and DVDs),

tapes, external disk drives, or to another location on a network

 The aim of a good backup rotation scheme is to provide excellent

data reliability but not to overtax your network or require much intervention

 Disaster recovery is the process of restoring your critical

functionality and data after an enterprise-wide outage that affects more than a single system or a limited group of users

Confidential 54