Network Administration and Support

1
Chapter 12

• Network Administration and Support

2
Introduction

• Topics
• Network Management Tasks and Activities
• Managing Access and Accounts
• Managing Network Performance
• Managing Network Security
• Protecting Data and Systems

3
Network Management Tasks and Activities

• Managing user access to the network is a major
  challenge of network administration
• Access to resources and data must be controlled
  but not overly restricted
• Assigning users to groups will make the
  administration of user rights much easier

4
Managing Access and Accounts

• Setting up user accounts is less complicated than
  assigning access rights
• Every OS has procedures and/or an interface for
  setting up accounts
• It is better to add privileges than to take them
  away from users
• Start with fairly restrictive account policies

5
User Accounts

• A user account holds information about the
  specific user
• It can contain basic information such as name,
  password, and the level of permission the user in
  granted
• It can also contain much more specific
  information such as the department the user works
  in, a home phone number, and the days and hours
  the user is allowed to log on to specific
  workstations

6
Managing Groups

• Groups are created to make the sharing of
  resources more manageable
• A group contains users that share a common need
  for access to a particular resource
• Even though the connotations may differ with each
  operating system, all of these terms still refer
  to the access that a user or group account is
  granted

7
Administrator Account

• All operating systems have an administrative
  account
• The administrative account should be used only
  for the purpose of administering the server
• Granting users this type of access is a disaster
  waiting to happen
• Most operating systems set up the administrative
  account during installation

8
Default Accounts

• Windows has several accounts set up by default
• No matter which system is used, it is important
  to know what accounts are installed by default
  and what access each account has
• The purpose of the guest account is to allow
  temporary access for a user that doesnt have an
  account set up

9
The Guest Account

• The guest account has limited access, but many
  times is disabled to keep intruders from
  accessing the machine

10
Passwords

• Allowing users to create simple passwords
  produces an unsecured environment
• If the passwords are too difficult to remember,
  users will probably write them down and may even
  post them
• A weak password might be very short or only use
  alphanumeric characters or contain information
  easily guessed by someone profiling the user

11
Strong Passwords

• Strong passwords can be derived from events or
  things the user knows
• For example, the phrase "Going to the Bahamas on
  June 6, 2006 with Jean can be converted to
  gtB6606_at_J
• This creates a complex password that is easy for
  the user to remember

12
Password Policies

• Password policies help protect the network from
  hackers and define the responsibilities of users
  who have been given access to company resources
• All users should read and sign security policies
  as part of their employment process
• Many times it is necessary to restrict logon
  hours for maintenance purposes.

13
Access to Files

• Auditing is the process of keeping track of who
  is logging in and accessing what files
• Network administrators assign user access rights
  and set permissions
• Limited group access overrides unlimited access
  in another group

14
Types of Groups

• Groups may be nested
• Active Directory Services provides flexibility by
  allowing two types of groups
• Security groups
• Distribution groups
• Both types of groups have what is called a scope
• Scope determines where the group can be used in
  the network and who can be a member

15
Group Scope

• The three group scopes available in a Windows
  2000 network are
• domain local
• global
• universal
• The acronym GULP will help you remember how
  groups are placed into other groups.

16
Permission Assignment

• For a user-based model, permissions are assigned
  to each user account
• For group-based access control, permissions are
  assigned to groups
• For role-based access control, a role is
  associated with a job and permissions are
  assigned to these roles
• Rule-based access control is based on access
  control lists (ACLs)

17
Group Policy

• After you create groups, group policy can be used
  for ease of administration in managing the
  environment of users
• The group policy object (GPO) is used to apply
  group policy to users and computers
• A GPO is a virtual storage location for group
  policy settings, which are stored in the Group
  Policy container or template

18
Managing Access and Accounts

• Group policy allows you to set consistent common
  security standards
• Group policies are applied in a specific order or
  hierarchy
• By default, group policy is inherited and
  cumulative
• Use the acronym LSDOU (local, site, domain,
  organizational unit) to remember the order that a
  group policy is applied.

19
Managing Network Performance

• As your network changes, its performance must be
  monitored and improved
• A measure of normal activity is known as a
  baseline
• Baselines must be updated on a regular basis,
  when the network has changed, or new technology
  has been deployed

20
Monitoring Tools

• After baselines are established, the network
  needs to be monitored
• Many tools can be used to monitor the performance
  on the network
• Event Viewer
• Performance Console
• Network Monitor
• Task Manager

21
The Event Viewer

• Allows auditing certain events
• The Event Viewer maintains three log files
• One for system processes
• One for security information
• One for applications

22
The Task Manager

• Task Manager can be used to end processes or
  applications that get hung up without having to
  reboot the machine
• It also gives you an instant view of CPU and
  memory usage
• It should be one of the first places to check
  when something seems awry

23
The Performance Console

• Performance console is used for tracking and
  viewing the utilization of operating system
  resources
• The console consists of two snap-ins
• the System Monitor
• the Performance Logs and Alerts
• This tool is used for properly monitoring the
  physical disks, memory, and processor

24
The Network Monitor

• Network Monitor is a protocol analyzer
• It can be used to capture network traffic and
  generate statistics for creating reports
• Network Monitor is not installed by default in
  Windows 2000
• It must be added as an optional Windows component
  

25
Bottlenecks

• A bottleneck occurs when we try to push too much
  data into a narrow opening
• As a result, it jams up and has to wait
• Internet and network traffic commonly bottleneck
  due to not having enough bandwidth

26
CPU Utilization

• When an application or program starts, it will
  automatically cause the CPU to spike to 100
• When you are monitoring the processor, you should
  see the utilization spike up and down
• However, if the usage goes to 100 and stays
  there, then there is an issue

27
Managing Bottlenecks

• If your system has a processor bottleneck, you
  can either add more processors or upgrade to
  faster ones
• One of the most common bottlenecks that Windows
  2000 systems face is caused by limited physical
  memory
• Windows servers are designed to page data out of
  memory into a paging file when not in use or if
  the memory is needed for other data
• More memory provides better performance

28
Disk Performance Monitor

• RAM bottlenecks create excessive disk usage, as
  the system swaps memory to the disk
• These bottlenecks can be monitored with the
  diskperf utility.
• To use it type diskperf -y at a command prompt
  and restart the machine

29
Server Testing

• When a server is set up, you should allow a
  burn-in period
• During burn-in, the server is placed under a
  heavy stress level for long periods of time to
  see if any part of the system fails
• Performance can also be improved through
  application tuning
• Network segmentation may affect performance

30
Improving Performance

• Main areas to be addressed
• network segmentation
• application tuning
• server performance

31
Managing Network Security

• A security policy is a set guideline used to
  create the company rules for providing a secure
  working environment
• Clear and detailed policies supported by the
  organization's management are the goal of a
  security policy
• The most crucial part of security policy is
  planning and assessment

32
Risk Assessment

• Begin by examining the network for security risks
  (risk assessment)
• Risk is the potential of a threat to exploit a
  vulnerability found in an asset
• Risk assessment pertains to how likely it is that
  certain threats will compromise the network

33
Acceptable Use Policies

• pertain to what activities users may perform on
  the network
• Every organization has the responsibility to
  conduct its business in a manner that complies
  with all applicable laws and regulations
• Failure to ensure compliance can result in legal
  liabilities

34
Organizational Responsibilities

• An organization may be negligent if it fails to
  take the necessary precautions to avoid a
  security threat

35
Data and Equipment Disposal

• Proper disposal of data and equipment should be
  part of the security policy
• Outdated hardware and discarded paper may often
  be used by attackers to obtain access to a
  network
• Have a policy in place that requires shredding of
  all documents and security erasure of all types
  of storage media before they may be discarded.

36
Incident Response Policy

• What defines a security breach and how to
  identify when one occurs
• When dealing with security issues, two basic
  models are used
• Physical Model - addresses the risks associated
  with hardware and designs
• Data Model - deals with protocols and software

37
User Responsibilities

• Train users on
• How to properly use the system
• Why they must follow policy
• The consequences for not complying with these
  policies

38
Network Security Components

• The security components of a network fall into
  the following three areas
• physical
• data
• system

39
Physical Security

• identifies threats to the hardware and buildings
  that store system data
• Threats include unauthorized access as well as
  natural disasters
• As new physical security systems are deployed
  users must be trained on how to use them

40
Protecting Data and Systems

• Backing up data is critical
• Off-site copies of data allow recovery in case an
  entire facility is destroyed
• If backup function is outsourced, be sure the
  company is reputable and the employees are bonded
  

41
Backup Strategies

• Full backup
• Incremental backup
• Differential backup
• Backup tapes should be tested regularly

42
Protecting Data and Systems

• All network servers should be isolated in a
  locked location to prevent any kind of
  unauthorized physical access
• Use anti-virus and intrusion detection software
  (IDS) to protect data integrity
• IDS systems can catch attacks in progress within
  the network

43
Business Continuity Plan

• pertains to the measures taken in the case of a
  complete loss
• includes a detailed analysis of business
  practices and support requirements
• includes cost estimates for network access and
  automatic failover of critical services to
  off-site systems
• Other considerations
• Facilities
• Fault tolerance
• Clustering