Embed Size (px)
Citation preview
COMP2122 COMP2122 Network Network
Operating SystemsOperating Systems
Richard HensonRichard Henson
November 2010November 2010
Week 9 – Managing Week 9 – Managing Network/Domain Users Network/Domain Users
with Active Directorywith Active Directory ObjectivesObjectives
– Explain what is meant by the term “secure” file Explain what is meant by the term “secure” file system, and give examplessystem, and give examples
– Apply secure file system & active directory Apply secure file system & active directory principles to controlling access for network usersprinciples to controlling access for network users
– Apply principles of permissions to groups of usersApply principles of permissions to groups of users– Explain administrative roles of active directoryExplain administrative roles of active directory– Explain the organisational dilemma of the network Explain the organisational dilemma of the network
managermanager
Partitions and Partitions and “Disk Administrator”“Disk Administrator”
Create, activate and delete partitions Create, activate and delete partitions (logical areas on disk for storing data)(logical areas on disk for storing data)
Format partitionsFormat partitions Create, format and delete volume and Create, format and delete volume and
stripe sets of partitionsstripe sets of partitions Create, regenerate, and delete:Create, regenerate, and delete:
– mirror/duplexmirror/duplex sets (RAID 1 – two disks) sets (RAID 1 – two disks)– stripe sets with paritystripe sets with parity (RAID 5 – (RAID 5 –
minimum of three disks)minimum of three disks)
Disk Mirroring (& duplexing)Disk Mirroring (& duplexing)
Provides all the software to create and Provides all the software to create and maintain an exact copy of data on one disk maintain an exact copy of data on one disk onto another diskonto another disk
Windows interface allows users to easily Windows interface allows users to easily manage the processmanage the process
If mirror is broken, disk needs to be replaced If mirror is broken, disk needs to be replaced asap to retain fault toleranceasap to retain fault tolerance– software can quickly re-establish the mirror once a software can quickly re-establish the mirror once a
replacement disk has been added replacement disk has been added
Creating and Maintaining Creating and Maintaining Stripe Sets (with parity)Stripe Sets (with parity)
The network server(s) should provide The network server(s) should provide software to:software to:– link data on different partitions together to create link data on different partitions together to create
“stripe sets”“stripe sets”– add parity data to each partition, so if one partition add parity data to each partition, so if one partition
is corrupted, then remaining partitions can re-is corrupted, then remaining partitions can re-create all the lost datacreate all the lost data
– support RAID-5, the most sophisticated form of support RAID-5, the most sophisticated form of striping with paritystriping with parity
Secure File SystemsSecure File Systems General principle that the only way to make data General principle that the only way to make data
completely secure is to put it on a computer that completely secure is to put it on a computer that is completely secure from the outside worldis completely secure from the outside world
That data can then only be accessed via network That data can then only be accessed via network to users with appropriate security rightsto users with appropriate security rights
Earlier Microsoft file systems are not secure:Earlier Microsoft file systems are not secure:» FAT16: used with DOS and earlier versions of WindowsFAT16: used with DOS and earlier versions of Windows
» FAT32: used with Windows 98/MeFAT32: used with Windows 98/Me
Examples of secure file systems:Examples of secure file systems:» NTFS: Windows NT/2000/XP/2003NTFS: Windows NT/2000/XP/2003
» the many breeds of Unixthe many breeds of Unix
» Novell NetwareNovell Netware
File and Directory File and Directory PermissionsPermissions
Range depends on the NOS, Range depends on the NOS, but some are standard:but some are standard:– no accessno access– read onlyread only– read and executeread and execute– read & writeread & write– change permissionschange permissions– full controlfull control
File and Directory File and Directory PermissionsPermissions
Many options, if many users!Many options, if many users! Can take a long time to allocateCan take a long time to allocate Efficient solution as with privileges:Efficient solution as with privileges:
– grant required permissions to a groupgrant required permissions to a group– make users a member of that groupmake users a member of that group
If one or two users have individual If one or two users have individual requirements:requirements:– set as user permissionsset as user permissions
Inherited PermissionsInherited Permissions By default:By default:
– users and groups have the same access to users and groups have the same access to files within a directory as they would to the files within a directory as they would to the directory itselfdirectory itself
– any sub-directories created within a any sub-directories created within a directory also have that accessdirectory also have that access
Changing permissions:Changing permissions:– directory, sub-directory, and file settings directory, sub-directory, and file settings
can all be changedcan all be changed– either for individual users, or for groupseither for individual users, or for groups
SharesShares A method of allowing Windows 2000 domain A method of allowing Windows 2000 domain
users to access to a directory and any sub-users to access to a directory and any sub-directories on a serverdirectories on a server
Access to a share can be controlled at group Access to a share can be controlled at group and user leveland user level
Share access is “additive” to existing Share access is “additive” to existing file/directory accessfile/directory access
Can be used with FAT partitionsCan be used with FAT partitions Provide some security for physically secure Provide some security for physically secure
FAT partitionsFAT partitions For batch files and command prompt For batch files and command prompt
operation, shares can use UNC pathnamesoperation, shares can use UNC pathnames
SharesShares File/Directory access options fewer than File/Directory access options fewer than
with file system securitywith file system security– No AccessNo Access– ReadRead– WriteWrite– ChangeChange– Full ControlFull Control
By default, everyone has full control!!!By default, everyone has full control!!! Permissions usually need to be imposed..Permissions usually need to be imposed..
User/Group Permissions User/Group Permissions and Trusted Domainsand Trusted Domains
Possible for permissions to be applied Possible for permissions to be applied beyond the local domainbeyond the local domain– so users on one network can gain access to files on so users on one network can gain access to files on
another networkanother network
– authentication controlled between servers on authentication controlled between servers on the local and trusted domainsthe local and trusted domains
Normally achieved through “adding” Normally achieved through “adding” groups from a trusted domaingroups from a trusted domain
Not the same as remote logonNot the same as remote logon– needs username/password authorisationneeds username/password authorisation
User RightsUser Rights Users MUST NOT have access to Users MUST NOT have access to
sensitive parts of the system (e.g. sensitive parts of the system (e.g. network servers, local system software) network servers, local system software) – all NOSs can enforce thisall NOSs can enforce this
Users SHOULD:Users SHOULD:– have access to basic software toolshave access to basic software tools– NOT be denied on the grounds that the NOT be denied on the grounds that the
software could be misused…software could be misused…» c.f. no-one is allowed to drive a car because some c.f. no-one is allowed to drive a car because some
drivers cause accidents!drivers cause accidents!
Users and AdministratorsUsers and Administrators Two fundamental types of role, as far as Two fundamental types of role, as far as
access to a network is concerned:access to a network is concerned:
– usersusers» look after their own data arealook after their own data area» have access to services, depending on privilege have access to services, depending on privilege
levellevel» no access or read only access to the system itselfno access or read only access to the system itself
– administratorsadministrators» have full access to all aspects of the systemhave full access to all aspects of the system
““Intermediate” UsersIntermediate” Users
Some types of users need greater Some types of users need greater access to aspects of the network, access to aspects of the network, to perform particular tasks:to perform particular tasks:– manage services (e.g. printing)manage services (e.g. printing)
– manage particular files and manage particular files and directories (e.g. dept matters)directories (e.g. dept matters)
– manage cluster housekeeping (e.g. manage cluster housekeeping (e.g. backups of server data)backups of server data)
Creating a UserCreating a User Requires:Requires:
– the production of a username/passwordthe production of a username/password– saving of username/password in an authentication saving of username/password in an authentication
databasedatabase» e.g. Windows “SAM”e.g. Windows “SAM”» provides a unique ID for each userprovides a unique ID for each user
– allocation of that user to one or more existing allocation of that user to one or more existing groups of usersgroups of users
For individual usersFor individual users– manual proceduremanual procedure
For a large number of new usersFor a large number of new users– should be automatedshould be automated
Creating a UserCreating a User Only administrators can set up and Only administrators can set up and
manage user accountsmanage user accounts Should use a standard system for Should use a standard system for
usernamesusernames– e.g. first three-six letters of surname followed by e.g. first three-six letters of surname followed by
one or more initialsone or more initials– each username must be unique!each username must be unique!
Other set up needs:Other set up needs:– a home directory for the usera home directory for the user
Can be automated :Can be automated :– username becomes home directory nameusername becomes home directory name
PasswordsPasswords Typical network enforceable recommendations:Typical network enforceable recommendations:
– at least 8 letters longat least 8 letters long– include uppercase, lowercase letters & numbersinclude uppercase, lowercase letters & numbers– changed regularlychanged regularly
Other recommendations (depend on user)Other recommendations (depend on user)– nothing that could be easily associated with that user nothing that could be easily associated with that user
(e.g. name of a pet) (e.g. name of a pet) – not given to anyone elsenot given to anyone else– not written downnot written down
The system should easily allow an administrator The system should easily allow an administrator to change a password in the event of the user to change a password in the event of the user forgetting itforgetting it
Making Sure Users cannot get Making Sure Users cannot get the Administrator Password!the Administrator Password! File security assumes that only the File security assumes that only the
network manager can log on as network manager can log on as administratoradministrator– but if a user can guess the password…but if a user can guess the password…
Strategies:Strategies:– rename the administrator account to something rename the administrator account to something
more obscuremore obscure– only give administrator password to one other only give administrator password to one other
personperson– change administrator password regularlychange administrator password regularly
““Home Directory”Home Directory” A place on a hard disk somewhere A place on a hard disk somewhere
on one of the servers for each user on one of the servers for each user to store their own datato store their own data
Each home directory should be Each home directory should be accessible only to that user:accessible only to that user:– system administrators should have system administrators should have
access?access?
– only for purposes of administration?only for purposes of administration?
User Accounts DatabaseUser Accounts Database
Essential for authenticating usersEssential for authenticating users– each username represents the user-IDeach username represents the user-ID
For fault tolerance:For fault tolerance:– stored on more than one serverstored on more than one server– reserve database should be regularly reserve database should be regularly
“synchronised”“synchronised”
For securityFor security– data should be stored in an encrypted formdata should be stored in an encrypted form
Roaming ProfilesRoaming Profiles It is useful for network users to be able to It is useful for network users to be able to
“carry their settings around with them”“carry their settings around with them”– i.e. no matter which client they log onto, i.e. no matter which client they log onto,
they still have same unique desktop and they still have same unique desktop and application settingsapplication settings
This means that these settings must also This means that these settings must also be stored in the home area…be stored in the home area…– loaded into local memory during loginloaded into local memory during login
Mandatory ProfilesMandatory Profiles For infrequent and “drop in” users, For infrequent and “drop in” users,
it may not be necessary for user it may not be necessary for user settings to be stored, or even a settings to be stored, or even a home area allocatedhome area allocated
Advantages:Advantages:– user data does not need to be user data does not need to be
accessed during logonaccessed during logon– reduces bandwidth on the networkreduces bandwidth on the network– decreases user login timedecreases user login time
What does a Home What does a Home Directory Contain?Directory Contain?
Logon data (hidden)Logon data (hidden)– to give the user the desktop deemed appropriate to give the user the desktop deemed appropriate
for them by network administratorsfor them by network administrators
Application settingsApplication settings– to save configurations of applications used by that to save configurations of applications used by that
useruser
User desktop settingsUser desktop settings Folder(s) for user dataFolder(s) for user data
GroupsGroups Giving specific privileges to individual Giving specific privileges to individual
users is VERY time consuming…users is VERY time consuming…– Also reduces flexibility in user managementAlso reduces flexibility in user management
GROUP = set of rights/privileges to either GROUP = set of rights/privileges to either a single machine (local) or all machines a single machine (local) or all machines (domain)(domain)– essential component of network essential component of network
management!management! Individual users can become part of a Individual users can become part of a
Group:Group:– then assume rights/privileges of that groupthen assume rights/privileges of that group
GroupsGroups When creating local users or domain users When creating local users or domain users
with a set of agreed privileges:with a set of agreed privileges:– Think carefully!Think carefully!– set up a group (group name) with appropriate rights set up a group (group name) with appropriate rights
for some usersfor some users– system will allocate a group ID (GUID)system will allocate a group ID (GUID)– add users who are likely to need such rightsadd users who are likely to need such rights
Repeat, the setting up of groups and allocation Repeat, the setting up of groups and allocation of users until all users have been catered forof users until all users have been catered for– unlikely that any user will be unique in their unlikely that any user will be unique in their
needs…needs…
Managing User ProfilesManaging User Profiles Once they get the hang of it, users Once they get the hang of it, users
save all sorts of rubbish to their home save all sorts of rubbish to their home directoriesdirectories
May well include lots of downloaded May well include lots of downloaded web pages and imagesweb pages and images
Problem!Problem!– 10000 users10000 users– each user takes 100 Mb of space...each user takes 100 Mb of space...– total disk space required is 1000 Gbytes!total disk space required is 1000 Gbytes!
User “Quotas”User “Quotas”
Refers to the size of each user’s home Refers to the size of each user’s home directory on the network serversdirectory on the network servers
Can be allocated through group policy Can be allocated through group policy via “groups”via “groups”– different groups will have different needs…different groups will have different needs…– large quotas can be counterproductivelarge quotas can be counterproductive
» ““home directory” is loaded into local memory home directory” is loaded into local memory during network loginduring network login
Consequences of Consequences of Exceeding QuotasExceeding Quotas
If everyone exceeded their quota, the network If everyone exceeded their quota, the network would soon run out of server space!would soon run out of server space!
Strategies available to enforce quotas:Strategies available to enforce quotas:– send an email/pop up warning when over quotasend an email/pop up warning when over quota– cut off/reduce user rights when quota exceededcut off/reduce user rights when quota exceeded– offer advice for reducing size of home directory, offer advice for reducing size of home directory,
and reasons why this is advisableand reasons why this is advisable– combinations of the abovecombinations of the above
Removal of UsersRemoval of Users
If a user leaves the organisation, all traces on If a user leaves the organisation, all traces on the network should be removed asap!!the network should be removed asap!!– COULD have malign intentCOULD have malign intent– taking up space on network servers and backupstaking up space on network servers and backups– someone else WITHIN the organisation might someone else WITHIN the organisation might
guess their password and assume that persons guess their password and assume that persons network identitynetwork identity
Removal of Windows 2000 userID (primary Removal of Windows 2000 userID (primary key) cleans up all traces of that userkey) cleans up all traces of that user– other methods may only result in partial removalother methods may only result in partial removal
Active DirectoryActive Directory On pre-2000 NT systems:On pre-2000 NT systems:
– each domain controller had an independent each domain controller had an independent configurationconfiguration
– user database saved separately on each domain user database saved separately on each domain controllercontroller
– A nightmare to administer…A nightmare to administer… Initial purpose of AD was to provide a Initial purpose of AD was to provide a
centralised network database:centralised network database:– contains user, group, and system data in the contains user, group, and system data in the
whole domain as “global catalog”whole domain as “global catalog”– accessed and by managed by a “cluster” of accessed and by managed by a “cluster” of
domain controllersdomain controllers
Structure of Active DirectoryStructure of Active Directory With Active Directory, there is just one With Active Directory, there is just one
data store, known as data store, known as the directory the directory – stored as file NTFS.DITstored as file NTFS.DIT– distributed across thedistributed across the domain controllersdomain controllers– links to objects on each domain controllerlinks to objects on each domain controller– changes automatically replicated to all changes automatically replicated to all
domain controllersdomain controllers– stored stored objects; shared resources such as objects; shared resources such as
servers, files, printers, and the network servers, files, printers, and the network user and computer accountsuser and computer accounts
More About Active DirectoryMore About Active Directory
What is the “Global Catalog”What is the “Global Catalog”– another name for ntfs.ditanother name for ntfs.dit– holds information (object-oriented holds information (object-oriented
“properties”) on all objects from the domain“properties”) on all objects from the domain» includes a subset of each object's properties for includes a subset of each object's properties for
sharing with all trusted domainssharing with all trusted domains» this allows network users to search by selected this allows network users to search by selected
attributes to find an object easily, regardless of where attributes to find an object easily, regardless of where it is in the treeit is in the tree
Active Directory and Active Directory and User PolicyUser Policy
Group Policy allows network administrators to Group Policy allows network administrators to define and control the policies governing:define and control the policies governing:– groups of computersgroups of computers– groups of usersgroups of users
Active Directory Tree Administrators can set Active Directory Tree Administrators can set group policy within the tree for all its:group policy within the tree for all its:– sitessites– domainsdomains– organizational unitsorganizational units
Group policy therefore controls what all users Group policy therefore controls what all users can and cannot do…can and cannot do…
Network: Service to Self or Network: Service to Self or Service to Others?Service to Others?
Two responsibilities of the network Two responsibilities of the network manager:manager:– provide facilities and services that users needprovide facilities and services that users need– protect the network against abuse by naïve or protect the network against abuse by naïve or
malign usersmalign users General perception (of users!) that network General perception (of users!) that network
managers are more concerned with managers are more concerned with “protecting the network” to become more “protecting the network” to become more important than servicing the needs of usersimportant than servicing the needs of users
““Humanistic” Approach to Humanistic” Approach to Network ManagementNetwork Management
The Internet (and world wide web) are all The Internet (and world wide web) are all about “freedom” and enabling usersabout “freedom” and enabling users
Runs contrary to the “security-orientated” or Runs contrary to the “security-orientated” or “nanny-state” approach to network “nanny-state” approach to network managementmanagement
PersonalPersonal opinion: opinion:– the network is there for the benefit of the users…the network is there for the benefit of the users…– the network must be securethe network must be secure– very important to get the balance right…very important to get the balance right…
Approaches to networks “politics”Approaches to networks “politics” Network paid for by the organisationNetwork paid for by the organisation
– to fulfill business objectivesto fulfill business objectives In practice…In practice…
– management often have an ambivalent approach to aspects management often have an ambivalent approach to aspects of ITof IT
– leave some matters to network/IT managers that should be leave some matters to network/IT managers that should be of their concern…of their concern…
» latter can have a tendency to protect their own empire, rather than latter can have a tendency to protect their own empire, rather than looking at the wider picture…looking at the wider picture…
Opinion: network self-protection should not be a Opinion: network self-protection should not be a higher priority than providing users with the tools they higher priority than providing users with the tools they need to do their jobs creatively…need to do their jobs creatively…
NOT Getting the balance right…NOT Getting the balance right…
Worrying web page (BBC, 19/11/10):Worrying web page (BBC, 19/11/10):http://www.http://www.bbcbbc.co..co.ukuk/news/business-11793436/news/business-11793436
BBC’s own network users so frustrated about BBC’s own network users so frustrated about IT restrictions stopping them doing their jobs IT restrictions stopping them doing their jobs that many (typically 41% according to a that many (typically 41% according to a CISCO survey) ignore the rules!CISCO survey) ignore the rules!
Talking to Network Managers Talking to Network Managers (“voice of the users”)(“voice of the users”)
Most organisations set up a network strategy Most organisations set up a network strategy “user group” to let users have their say“user group” to let users have their say
Only effective if:Only effective if:– user group can influence policy-makinguser group can influence policy-making
This will only happen if senior management…This will only happen if senior management…– has representation on the grouphas representation on the group– representative is highly IT-literaterepresentative is highly IT-literate
Misperception: this group will Misperception: this group will look after the users...look after the users...
If network policy is developed solely by Network If network policy is developed solely by Network Managers and Senior Managers:Managers and Senior Managers:– senior managers generally not IT-literatesenior managers generally not IT-literate– ““service to self” model may:service to self” model may:
» save money… save money… » but may also compromise the needs of usersbut may also compromise the needs of users
– network managers seeking to maintain the system will network managers seeking to maintain the system will usually get their wayusually get their way
– Especially if it saves money…Especially if it saves money… Users need to make themselves heard! Users need to make themselves heard!
– otherwise, as in BBC, some will break the rules…otherwise, as in BBC, some will break the rules…
Educating the Users?Educating the Users? Part of the frustration of being a network Part of the frustration of being a network
manager is that (some) users do such stupid manager is that (some) users do such stupid thingsthings– ultimate solution: don’t let any user do anything!!ultimate solution: don’t let any user do anything!!
Perhaps users wouldn’t do such “stupid” things Perhaps users wouldn’t do such “stupid” things if they were educated about networks and how if they were educated about networks and how they work...they work...– suitable materials should be readily availablesuitable materials should be readily available
Possible compromise: two types of users:Possible compromise: two types of users:» novicenovice
» experiencedexperienced
– user status upgraded by passing a testuser status upgraded by passing a test
Thanks for listeningThanks for listening
