Network Guide to Networks, Fourth Edition

1
Network Guide to Networks, Fourth Edition

• Chapter 13
• Ensuring Integrity and Availability

2
Objectives

• Identify the characteristics of a network that
  keeps data safe from loss or damage
• Protect an enterprise-wide network from viruses
• Explain network- and system-level fault-tolerance
  techniques
• Discuss issues related to network backup and
  recovery strategies
• Describe the components of a useful disaster
  recovery plan and the options for disaster
  contingencies

3
What Are Integrity and Availability?

• Integrity soundness of networks programs, data,
  services, devices, and connections
• Availability how consistently and reliably file
  or system can be accessed by authorized personnel
• Need well-planned and well-configured network
• Data backups, redundant devices, protection from
  malicious intruders
• Phenomena compromising integrity and
  availability
• Security breaches, natural disasters, malicious
  intruders, power flaws, human error

4
What Are Integrity and Availability? (continued)

• General guidelines for protecting network
• Allow only network administrators to create or
  modify NOS and application system files
• Monitor network for unauthorized access or
  changes
• Record authorized system changes in a change
  management system
• Install redundant components
• Perform regular health checks

5
What Are Integrity and Availability? (continued)

• General guidelines for protecting network
  (continued)
• Check system performance, error logs, and system
  log book regularly
• Keep backups, boot disks, and emergency repair
  disks current and available
• Implement and enforce security and disaster
  recovery policies

6
Viruses

• Program that replicates itself with intent to
  infect more computers
• Through network connections or exchange of
  external storage devices
• Typically copied to storage device without users
  knowledge
• Trojan horse program that disguises itself as
  something useful but actually harms system
• Not considered a virus

7
Types of Viruses

• Boot sector viruses located in boot sector of
  computers hard disk
• When computer boots up, virus runs in place of
  computers normal system files
• Removal first requires rebooting from uninfected,
  write-protected disk with system files on it
• Macro viruses take form of macro that may be
  executed as user works with a program
• Quick to emerge and spread
• Symptoms vary widely

8
Types of Viruses (continued)

• File-infected viruses attach to executable files
• When infected executable file runs, virus copies
  itself to memory
• Can have devastating consequences
• Symptoms may include damaged program files,
  inexplicable file size increases, changed icons
  for programs, strange messages, inability to run
  a program
• Worms programs that run independently and travel
  between computers and across networks
• Not technically viruses
• Can transport and hide viruses

9
Types of Viruses (continued)

• Trojan horse program that claims to do something
  useful but instead harms system
• Network viruses propagated via network
  protocols, commands, messaging programs, and data
  links
• Bots program that runs automatically, without
  requiring a person to start or stop it
• Many bots spread through Internet Relay Chat
  (IRC)
• Used to damage/destroy data or system files,
  issue objectionable content, further propagate
  virus

10
Virus Characteristics

• Encryption encrypted virus may thwart antivirus
  programs attempts to detect it
• Stealth stealth viruses disguise themselves as
  legitimate programs or replace part of legitimate
  programs code with destructive code
• Polymorphism polymorphic viruses change
  characteristics every time transferred
• Time-dependence time-dependent viruses
  programmed to activate on particular date

11
Virus Protection Antivirus Software

• Antivirus software should at least
• Detect viruses through signature scanning
• Detect viruses through integrity checking
• Detect viruses by monitoring unexpected file
  changes or virus-like behaviors
• Receive regular updates and modifications from a
  centralized network console
• Consistently report only valid viruses
• Heuristic scanning techniques attempt to identify
  viruses by discovering virus-like behavior (may
  give false positives)

12
Antivirus Policies

• Provide rules for using antivirus software and
  policies for installing programs, sharing files,
  and using floppy disks
• Suggestions for antivirus policy guidelines
• Every computer in organization equipped with
  virus detection and cleaning software
• Users should not be allowed to alter or disable
  antivirus software
• Users should know what to do in case virus
  detected

13
Antivirus Policies (continued)

• Suggestions for antivirus policy guidelines
  (continued)
• Antivirus team should be appointed to focus on
  maintaining antivirus measures
• Users should be prohibited from installing any
  unauthorized software on their systems
• Systemwide alerts should be issued to network
  users notifying them of serious virus threats and
  advising them how to prevent infection

14
Virus Hoaxes

• False alerts about dangerous, new virus that
  could cause serious damage to systems
• Generally an attempt to create panic
• Should not be passed on
• Can confirm hoaxes online

15
Fault Tolerance

• Capacity for system to continue performing
  despite unexpected hardware or software
  malfunction
• Failure deviation from specified level of system
  performance for given period of time
• Fault involves malfunction of system component
• Can result in a failure
• Varying degrees
• At highest level, system remains unaffected by
  even most drastic problems

16
Environment

• Must analyze physical environment in which
  devices operate
• e.g., excessive heat or moisture, break-ins,
  natural disasters
• Can purchase temperature and humidity monitors
• Trip alarms if specified limits exceeded

17
Power Power Flaws

• Power flaws that can damage equipment
• Surge momentary increase in voltage due to
  lightning strikes, solar flares, or electrical
  problems
• Noise fluctuation in voltage levels caused by
  other devices on network or electromagnetic
  interference
• Brownout momentary decrease in voltage also
  known as a sag
• Blackout complete power loss

18
UPSs (Uninterruptible Power Supplies)

• Battery-operated power source directly attached
  to one or more devices and to power supply
• Prevents undesired features of outlets A/C power
  from harming device or interrupting services
• Standby UPS provides continuous voltage to
  device
• Switch to battery when power loss detected
• Online UPS uses power from wall outlet to
  continuously charge battery, while providing
  power to network device through battery

19
UPSs (continued)

• Factors to consider when deciding on a UPS
• Amount of power needed
• Power measured in volt-amps
• Period of time to keep a device running
• Line conditioning
• Cost

20
Generators
Figure 13-2 UPSs and a generator in a network
design
21
Topology and Connectivity

• Key to fault tolerance in network design is
  supplying multiple possible data paths
• If one connection fails, data can be rerouted
• On LANs, star topology and parallel backbone
  provide greatest fault tolerance
• On WANs, full mesh topology offers best fault
  tolerance
• SONET networks highly fault-tolerant
• Redundancy in network offers advantage of
  reducing risk of lost functionality and profits
  from network faults

22
Topology and Connectivity (continued)
Figure 13-3 VPNs linking multiple customers
23
Topology and Connectivity (continued)

• Automatic fail-over use redundant components
  able to immediately assume duties of an identical
  component in event of failure or fault
• Can provide some level of fault tolerance by
  using hot swappable parts
• Leasing redundant T1s allows for load balancing
• Automatic distribution of traffic over multiple
  links or processors to optimize response

24
Topology and Connectivity (continued)
Figure 13-5 Fully redundant T1 connectivity
25
Servers

• Make servers more fault-tolerant by supplying
  them with redundant components
• NICs, processors, and hard disks
• If one item fails, entire system wont fail
• Enable load balancing

26
Server Mirroring

• Mirroring one device or component duplicates
  activities of another
• Server Mirroring one server duplicates
  transactions and data storage of another
• Must be identical machines using identical
  components
• Requires high-speed link between servers
• Requires synchronization software
• Form of replication
• Servers can stand side by side or be positioned
  in different locations

27
Clustering

• Link multiple servers together to act as single
  server
• Share processing duties
• Appear as single server to users
• If one server fails, others automatically take
  over data transaction and storage
  responsibilities
• More cost-effective than mirroring
• To detect failures, clustered servers regularly
  poll each other
• Servers must be close together

28
Storage RAID (Redundant Array of Independent (or
Inexpensive) Disks)

• Collection of disks that provide fault tolerance
  for shared data and applications
• Disk array
• Collection of disks that work together in RAID
  configuration, often referred to as RAID drive
• Appear as single logical drive to system
• Hardware RAID set of disks and separate disk
  controller
• Managed exclusively by RAID disk controller
• Software RAID relies on software to implement
  and control RAID techniques

29
RAID Level 0?Disk Striping

• Simple implementation of RAID
• Not fault-tolerant
• Improves performance

Figure 13-6 RAID Level 0disk striping
30
RAID Level 1Disk Mirroring

• Data from one disk copied to another disk
  automatically as information written
• Dynamic backup
• If one drive fails, disk array controller
  automatically switches to disk that was mirroring
  it
• Requires two identical disks
• Usually relies on system software to perform
  mirroring
• Disk duplexing similar to disk mirroring, but
  separate disk controller used for each disk

31
RAID Level 1Disk Mirroring (continued)
Figure 13-7 RAID Level 1disk mirroring
32
RAID Level 3Disk Striping with Parity ECC

• Disk striping with special error correction code
  (ECC)
• Parity mechanism used to verify integrity of
  data by making number of bits in a byte sum to
  either an odd or even number
• Even parity or odd parity
• Tracks integrity of data on disk
• Parity bit assigned to each data byte when
  written to disk
• When data read, datas bits plus parity bit
  summed (parity should match)

33
RAID Level 3Disk Striping with Parity ECC
(continued)
Figure 13-8 RAID Level 3disk striping with
parity ECC
34
RAID Level 5Disk Striping with Distributed
Parity

• Data written in small blocks across several disks
  
• Parity error checking information distributed
  among disks
• Highly fault-tolerant
• Very popular
• Failed disk can be replaced with little
  interruption
• Hot spare disk or partition that is part of
  array, but used only in case a RAID disks fails
• Cold spare duplicate component that can be
  installed in case of failure

35
RAID Level 5Disk Striping with Distributed
Parity (continued)
Figure 13-9 RAID Level 5disk striping with
distributed parity
36
NAS (Network Attached Storage)

• Specialized storage device that provides
  centralized fault-tolerant data storage
• Maintains own interface to LAN
• Contains own file system optimized for saving and
  serving files
• Easily expanded without interrupting service
• Cannot communicate directly with network clients

37
NAS (continued)
Figure 13-10 Network attached storage on a LAN
38
SANs (Storage Area Networks)
Figure 13-11 A storage area network
39
Data Backup

• Copy of data or program files created for
  archiving or safekeeping
• No matter how reliable and fault-tolerant you
  believe your servers hard disk (or disks) to be,
  still risk losing everything unless you make
  backups on separate media and store them off-site
• Many options exist for making backups

40
Backup Media and Methods

• To select appropriate solution, consider
  following questions
• Sufficient storage capacity?
• Reliability?
• Data error checking techniques?
• System efficient enough to complete backup
  process before daily operations resume?
• Cost and capacity?
• Compatibility?
• Frequent manual intervention?
• Scalability?

41
Optical Media

• Capable of storing digitized data
• Uses laser to write and read data
• CD-ROMs and DVDs
• Requires proper disk drive to write data
• Writing data usually takes longer than saving
  data to another type of media

42
Tape Backups

• Relatively simple, capable of storing large
  amounts of data, at least partially automated
• On relatively small networks, standalone tape
  drives may be attached to each server
• On large networks, one large, centralized tape
  backup device may manage all subsystems backups
• Usually connected to computer other than file
  server

43
External Disk Drives

• Storage devices that can be attached temporarily
  to a computer via USB, PCMCIA, FireWire, or
  Compact-Flash port
• Removable disk drives
• For backing up large amounts of data, likely to
  use external disk drive with backup control
  features, high capacity, and fast read-write
  access
• Faster data transfer rates than optical media or
  tape backups

44
Network Backups

• Save data to another place on network
• Must back up data to different disk than where it
  was originally stored
• Most NOSs provide utilities for automating and
  managing network backups
• Online backup saves data across Internet to
  another companys storage array
• Strict security measures to protect data in
  transit
• Backup and restoration processes automated

45
Backup Strategy

• Strategy should address following questions
• What data must be backed up?
• Rotation schedule?
• Time backups occur?
• Method of accuracy verification?
• Where and how long will backup media be stored?
• Who will take responsibility?
• How long will backups be saved?
• Where will documentation be stored?

46
Backup Strategy (continued)

• Archive bit file attribute that can be checked
  or unchecked
• Indicates whether file must be archived
• Backup methods use archive bit in different ways
• Full backup all data copied to storage media,
  regardless of whether data is new or changed
• Archive bits set to off for all files
• Incremental backup copies only data that has
  changed since last full or incremental backup
• Unchecks archive bit for every file saved
• Differential backup does not uncheck archive
  bits for files backed up

47
Backup Strategy (continued)

• Determine best possible backup rotation scheme
• Provide excellent data reliability without
  overtaxing network or requiring a lot of
  intervention
• Several standard backup rotation schemes
• Grandfather-father-son Uses DAILY (son), weekly
  (father), and monthly (grandfather) backup sets
• Make sure backup activity recorded in backup log
• Establish regular schedule of verification

48
Backup Strategy (continued)
Figure 13-13 The grandfather-father-son backup
rotation scheme
49
Disaster Recovery Disaster Recovery Planning

• Disaster recovery process of restoring critical
  functionality and data after enterprise-wide
  outage
• Disaster recovery plan accounts for worst-case
  scenarios
• Contact names and info for emergency coordinators
• Details on data and servers being backed up,
  backup frequency, backup location, how to recover
• Details on network topology, redundancy, and
  agreements with national service carriers
• Strategies for testing disaster recovery plan
• Plan for managing the crisis

50
Disaster Recovery Contingencies

• Several options for recovering from disaster
• Cold site place where computers, devices, and
  connectivity necessary to rebuild network exist
• Not configured, updated, or connected
• Warm site same as cold site, but some computers
  and devices appropriately configured, updated, or
  connected
• Hot site computers, devices, and connectivity
  necessary to rebuild network are appropriately
  configured, updated, and connected to match
  networks current state

51
Summary

• Integrity refers to the soundness of your
  networks files, systems, and connections
• Several basic measures can be employed to protect
  data and systems on a network
• A virus is a program that replicates itself so as
  to infect more computers, either through network
  connections or through external storage devices
  passed among users
• A good antivirus program should be able to detect
  viruses through signature scanning, integrity
  checking, and heuristic scanning

52
Summary (continued)

• The goal of fault-tolerant systems is to prevent
  faults from progressing to failures
• Fault tolerance is a systems capacity to
  continue performing despite an unexpected
  hardware or software malfunction
• A UPS is a battery power source that prevents
  undesired features of the power source from
  harming the device or interrupting its services
• For utmost fault tolerance in power supply, a
  generator is necessary

53
Summary (continued)

• Critical servers often contain redundant NICs,
  processors, and/or hard disks to provide better
  fault tolerance
• Server mirroring involves utilizing a second,
  identical server to duplicate the transactions
  and data storage of one server
• Clustering links multiple servers together to act
  as a single server
• RAID is an important storage redundancy feature

54
Summary (continued)

• Backups can be saved to optical media (such as
  CDs and DVDs), tapes, external disk drives, or to
  another location on a network
• The aim of a good backup rotation scheme is to
  provide excellent data reliability but not to
  overtax your network or require much intervention
• Disaster recovery is the process of restoring
  your critical functionality and data after an
  enterprise-wide outage that affects more than a
  single system or a limited group of users