Chapter 12Chapter 12

Network Administration and Network Administration and SupportSupport

IntroductionIntroduction

• TopicsTopics– Network Management Tasks and Network Management Tasks and

ActivitiesActivities– Managing Access and AccountsManaging Access and Accounts– Managing Network PerformanceManaging Network Performance– Managing Network SecurityManaging Network Security– Protecting Data and SystemsProtecting Data and Systems

Network Management Tasks Network Management Tasks and Activitiesand Activities

• Managing user access to the network Managing user access to the network is a major challenge of network is a major challenge of network administrationadministration

• Access to resources and data must be Access to resources and data must be controlled but not overly restrictedcontrolled but not overly restricted

• Assigning users to groups will make Assigning users to groups will make the administration of user rights much the administration of user rights much easier easier

Managing Access and AccountsManaging Access and Accounts

• Setting up user accounts is less Setting up user accounts is less complicated than assigning access rightscomplicated than assigning access rights

• Every OS has procedures and/or an Every OS has procedures and/or an interface for setting up accountsinterface for setting up accounts

• It is better to add privileges than to take It is better to add privileges than to take them away from usersthem away from users

• Start with fairly restrictive account policiesStart with fairly restrictive account policies

User AccountsUser Accounts

• A user account holds information about A user account holds information about the specific user the specific user

• It can contain basic information such as It can contain basic information such as name, password, and the level of name, password, and the level of permission the user in grantedpermission the user in granted

• It can also contain much more specific It can also contain much more specific information such as the department the information such as the department the user works in, a home phone number, and user works in, a home phone number, and the days and hours the user is allowed to the days and hours the user is allowed to log on to specific workstations log on to specific workstations

Managing GroupsManaging Groups

• Groups are created to make the sharing of Groups are created to make the sharing of resources more manageable resources more manageable

• A group contains users that share a A group contains users that share a common need for access to a particular common need for access to a particular resourceresource

• Even though the connotations may differ Even though the connotations may differ with each operating system, all of these with each operating system, all of these terms still refer to the access that a user terms still refer to the access that a user or group account is granted or group account is granted

Administrator AccountAdministrator Account

• All operating systems have an All operating systems have an administrative accountadministrative account

• The administrative account should be used The administrative account should be used only for the purpose of administering the only for the purpose of administering the server server

• Granting users this type of access is a Granting users this type of access is a disaster waiting to happendisaster waiting to happen

• Most operating systems set up the Most operating systems set up the administrative account during installation administrative account during installation

Default AccountsDefault Accounts

• Windows has several accounts set up by Windows has several accounts set up by defaultdefault

• No matter which system is used, it is No matter which system is used, it is important to know what accounts are important to know what accounts are installed by default and what access each installed by default and what access each account has account has

• The purpose of the guest account is to The purpose of the guest account is to allow temporary access for a user that allow temporary access for a user that doesn’t have an account set up doesn’t have an account set up

The Guest AccountThe Guest Account

• The guest account has limited The guest account has limited access, but many times is disabled access, but many times is disabled to keep intruders from accessing to keep intruders from accessing the machinethe machine

PasswordsPasswords

• Allowing users to create simple passwords Allowing users to create simple passwords produces an unsecured environment produces an unsecured environment

• If the passwords are too difficult to If the passwords are too difficult to remember, users will probably write them remember, users will probably write them down and may even post themdown and may even post them

• A weak password might be very short or A weak password might be very short or only use alphanumeric characters or only use alphanumeric characters or contain information easily guessed by contain information easily guessed by someone profiling the usersomeone profiling the user

Strong PasswordsStrong Passwords

• Strong passwords can be derived Strong passwords can be derived from events or things the user knowsfrom events or things the user knows

• For example, the phrase "Going to For example, the phrase "Going to the Bahamas on June 6, 2006 with the Bahamas on June 6, 2006 with Jean” can be converted to gtB6606@J Jean” can be converted to gtB6606@J

• This creates a complex password that This creates a complex password that is easy for the user to remember is easy for the user to remember

Password PoliciesPassword Policies

• Password policies help protect the network Password policies help protect the network from hackers and define the from hackers and define the responsibilities of users who have been responsibilities of users who have been given access to company resources given access to company resources

• All users should read and sign security All users should read and sign security policies as part of their employment policies as part of their employment processprocess

• Many times it is necessary to restrict logon Many times it is necessary to restrict logon hours for maintenance purposes.hours for maintenance purposes.

Access to FilesAccess to Files

• Auditing is the process of keeping Auditing is the process of keeping track of who is logging in and track of who is logging in and accessing what filesaccessing what files

• Network administrators assign user Network administrators assign user access rights and set permissionsaccess rights and set permissions

• Limited group access overrides Limited group access overrides unlimited access in another group unlimited access in another group

Types of GroupsTypes of Groups

• Groups may be nestedGroups may be nested• Active Directory Services provides Active Directory Services provides

flexibility by allowing two types of groups: flexibility by allowing two types of groups: – Security groupsSecurity groups– Distribution groupsDistribution groups

• Both types of groups have what is called a Both types of groups have what is called a scope scope

• Scope determines where the group can be Scope determines where the group can be used in the network and who can be a used in the network and who can be a member member

Group ScopeGroup Scope

• The three group scopes available in a The three group scopes available in a Windows 2000 network are:Windows 2000 network are:– domain localdomain local– global global – universal universal

• The acronym GULP will help you The acronym GULP will help you remember how groups are placed remember how groups are placed into other groups.into other groups.

Permission AssignmentPermission Assignment

• For a user-based model, permissions are For a user-based model, permissions are assigned to each user accountassigned to each user account

• For group-based access control, For group-based access control, permissions are assigned to groupspermissions are assigned to groups

• For role-based access control, a role is For role-based access control, a role is associated with a job and permissions are associated with a job and permissions are assigned to these rolesassigned to these roles

• Rule-based access control is based on Rule-based access control is based on access control lists (ACLs) access control lists (ACLs)

Group PolicyGroup Policy

• After you create groups, group policy can After you create groups, group policy can be used for ease of administration in be used for ease of administration in managing the environment of users managing the environment of users

• The group policy object (GPO)The group policy object (GPO) is used to is used to apply group policy to users and computersapply group policy to users and computers

• A GPO is a virtual storage location for A GPO is a virtual storage location for group policy settings, which are stored in group policy settings, which are stored in the Group Policy container or template the Group Policy container or template

Managing Access and Managing Access and AccountsAccounts• Group policy allows you to set consistent Group policy allows you to set consistent

common security standardscommon security standards• Group policies are applied in a specific Group policies are applied in a specific

order or hierarchy order or hierarchy • By default, group policy is inherited and By default, group policy is inherited and

cumulative cumulative • Use the acronym LSDOU (local, site, Use the acronym LSDOU (local, site,

domain, organizational unit) to remember domain, organizational unit) to remember the order that a group policy is applied.the order that a group policy is applied.

Managing Network Managing Network PerformancePerformance• As your network changes, its As your network changes, its

performance must be monitored and performance must be monitored and improved improved

• A measure of normal activity is A measure of normal activity is known as a baseline known as a baseline

• Baselines must be updated on a Baselines must be updated on a regular basis, when the network has regular basis, when the network has changed, or new technology has changed, or new technology has been deployedbeen deployed

Monitoring ToolsMonitoring Tools

• After baselines are established, the After baselines are established, the network needs to be monitorednetwork needs to be monitored

• Many tools can be used to monitor Many tools can be used to monitor the performance on the network:the performance on the network:– Event ViewerEvent Viewer– Performance Console Performance Console – Network Monitor Network Monitor – Task ManagerTask Manager

The Event ViewerThe Event Viewer

• Allows auditing certain eventsAllows auditing certain events

• The Event Viewer maintains three log The Event Viewer maintains three log files:files:– One for system processesOne for system processes– One for security informationOne for security information– One for applications One for applications

The Task ManagerThe Task Manager

• Task Manager can be used to end Task Manager can be used to end processes or applications that get processes or applications that get hung up without having to reboot the hung up without having to reboot the machine machine

• It also gives you an instant view of It also gives you an instant view of CPU and memory usageCPU and memory usage

• It should be one of the first places to It should be one of the first places to check when something seems awry check when something seems awry

The Performance ConsoleThe Performance Console

• Performance console is used for tracking Performance console is used for tracking and viewing the utilization of operating and viewing the utilization of operating system resourcessystem resources

• The console consists of two snap-ins:The console consists of two snap-ins:– the System Monitor the System Monitor – the Performance Logs and Alerts the Performance Logs and Alerts

• This tool is used for properly monitoring This tool is used for properly monitoring the physical disks, memory, and processorthe physical disks, memory, and processor

The Network MonitorThe Network Monitor

• Network Monitor is a protocol analyzerNetwork Monitor is a protocol analyzer• It can be used to capture network It can be used to capture network

traffic and generate statistics for traffic and generate statistics for creating reportscreating reports

• Network Monitor is not installed by Network Monitor is not installed by default in Windows 2000default in Windows 2000

• It must be added as an optional It must be added as an optional Windows component Windows component

BottlenecksBottlenecks

• A bottleneck occurs when we try to A bottleneck occurs when we try to push too much data into a narrow push too much data into a narrow opening opening

• As a result, it jams up and has to waitAs a result, it jams up and has to wait

• Internet and network traffic Internet and network traffic commonly bottleneck due to not commonly bottleneck due to not having enough bandwidth having enough bandwidth

CPU UtilizationCPU Utilization

• When an application or program When an application or program starts, it will automatically cause the starts, it will automatically cause the CPU to spike to 100% CPU to spike to 100%

• When you are monitoring the When you are monitoring the processor, you should see the processor, you should see the utilization spike up and downutilization spike up and down

• However, if the usage goes to 100% However, if the usage goes to 100% and stays there, then there is an and stays there, then there is an issue issue

Managing BottlenecksManaging Bottlenecks

• If your system has a processor bottleneck, If your system has a processor bottleneck, you can either add more processors or you can either add more processors or upgrade to faster ones upgrade to faster ones

• One of the most common bottlenecks that One of the most common bottlenecks that Windows 2000 systems face is caused by Windows 2000 systems face is caused by limited physical memorylimited physical memory

• Windows servers are designed to page Windows servers are designed to page data out of memory into a paging file when data out of memory into a paging file when not in use or if the memory is needed for not in use or if the memory is needed for other dataother data

• More memory provides better performanceMore memory provides better performance

Disk Performance MonitorDisk Performance Monitor

• RAM bottlenecks create excessive RAM bottlenecks create excessive disk usage, as the system swaps disk usage, as the system swaps memory to the disk memory to the disk

• These bottlenecks can be monitored These bottlenecks can be monitored with the diskperf utility.with the diskperf utility.

• To use it type To use it type diskperf -ydiskperf -y at a at a command prompt and restart the command prompt and restart the machine machine

Server TestingServer Testing

• When a server is set up, you should allow When a server is set up, you should allow a burn-in perioda burn-in period

• During burn-in, the server is placed under During burn-in, the server is placed under a heavy stress level for long periods of a heavy stress level for long periods of time to see if any part of the system failstime to see if any part of the system fails

• Performance can also be improved Performance can also be improved through application tuning through application tuning

• Network segmentation may affect Network segmentation may affect performance performance

Improving PerformanceImproving Performance

• Main areas to be addressedMain areas to be addressed– network segmentationnetwork segmentation– application tuningapplication tuning– server performanceserver performance

Managing Network SecurityManaging Network Security

• A security policy is a set guideline A security policy is a set guideline used to create the company rules for used to create the company rules for providing a secure working providing a secure working environment environment

• Clear and detailed policies supported Clear and detailed policies supported by the organization's management by the organization's management are the goal of a security policyare the goal of a security policy

• The most crucial part of security The most crucial part of security policy is planning and assessmentpolicy is planning and assessment

Risk AssessmentRisk Assessment

• Begin by examining the network for Begin by examining the network for security risks (risk assessment)security risks (risk assessment)

• Risk is the potential of a threat to Risk is the potential of a threat to exploit a vulnerability found in an exploit a vulnerability found in an asset asset

• Risk assessment pertains to how Risk assessment pertains to how likely it is that certain threats will likely it is that certain threats will compromise the networkcompromise the network

Acceptable Use PoliciesAcceptable Use Policies

• pertain to what activities users may pertain to what activities users may perform on the networkperform on the network

• Every organization has the Every organization has the responsibility to conduct its business responsibility to conduct its business in a manner that complies with all in a manner that complies with all applicable laws and regulations applicable laws and regulations

• Failure to ensure compliance can Failure to ensure compliance can result in legal liabilities result in legal liabilities

Organizational Organizational ResponsibilitiesResponsibilities

• An organization may be negligent if it An organization may be negligent if it fails to take the necessary fails to take the necessary precautions to avoid a security threatprecautions to avoid a security threat

Data and Equipment Data and Equipment DisposalDisposal• Proper disposal of data and equipment Proper disposal of data and equipment

should be part of the security policy should be part of the security policy

• Outdated hardware and discarded paper Outdated hardware and discarded paper may often be used by attackers to obtain may often be used by attackers to obtain access to a network access to a network

• Have a policy in place that requires Have a policy in place that requires shredding of all documents and security shredding of all documents and security erasure of all types of storage media erasure of all types of storage media before they may be discarded. before they may be discarded.

Incident Response PolicyIncident Response Policy

• What defines a security breach and how to What defines a security breach and how to identify when one occurs identify when one occurs

• When dealing with security issues, two When dealing with security issues, two basic models are used:basic models are used:– Physical Model - addresses the risks Physical Model - addresses the risks

associated with hardware and designsassociated with hardware and designs– Data Model - deals with protocols and Data Model - deals with protocols and

softwaresoftware

User ResponsibilitiesUser Responsibilities

• Train users on:Train users on:– How to properly use the system How to properly use the system – Why they must follow policyWhy they must follow policy– The consequences for not complying The consequences for not complying

with these policies with these policies

Network Security Network Security ComponentsComponents

• The security components of a The security components of a network fall into the following three network fall into the following three areas: areas: – physical physical – datadata– systemsystem

Physical SecurityPhysical Security

• identifies threats to the hardware identifies threats to the hardware and buildings that store system dataand buildings that store system data

• Threats include unauthorized access Threats include unauthorized access as well as natural disastersas well as natural disasters

• As new physical security systems are As new physical security systems are deployed users must be trained on deployed users must be trained on how to use themhow to use them

Protecting Data and Protecting Data and SystemsSystems

• Backing up data is criticalBacking up data is critical

• Off-site copies of data allow recovery Off-site copies of data allow recovery in case an entire facility is destroyedin case an entire facility is destroyed

• If backup function is outsourced, be If backup function is outsourced, be sure the company is reputable and sure the company is reputable and the employees are bonded the employees are bonded

Backup StrategiesBackup Strategies

• Full backup Full backup

• Incremental backup Incremental backup

• Differential backup Differential backup

• Backup tapes should be tested Backup tapes should be tested regularly regularly

Protecting Data and Protecting Data and SystemsSystems• All network servers should be isolated in a All network servers should be isolated in a

locked location to prevent any kind of locked location to prevent any kind of unauthorized physical access unauthorized physical access

• Use anti-virus and intrusion detection Use anti-virus and intrusion detection software (IDS) to protect data integritysoftware (IDS) to protect data integrity

• IDS systems can catch attacks in progress IDS systems can catch attacks in progress within the network within the network

Business Continuity PlanBusiness Continuity Plan

• pertains to the measures taken in the case of a pertains to the measures taken in the case of a complete losscomplete loss

• includes a detailed analysis of business practices includes a detailed analysis of business practices and support requirementsand support requirements

• includes cost estimates for network access and includes cost estimates for network access and automatic failover of critical services to off-site automatic failover of critical services to off-site systemssystems

• Other considerations Other considerations – Facilities Facilities – Fault tolerance Fault tolerance – ClusteringClustering