Network+ Guide to Networks, Fourth Edition Chapter 13 Ensuring Integrity and Availability

Network+ Guide to Networks, Fourth Edition

Chapter 13

Ensuring Integrity and Availability

Network+ Guide to Networks, 4e 2

What Are Integrity and Availability?

• Integrity: soundness of network’s programs, data, services, devices, and connections

• Availability: how consistently and reliably file or system can be accessed by authorized personnel– Need well-planned and well-configured network– Data backups, redundant devices, protection from

malicious intruders

• Phenomena compromising integrity and availability: – Security breaches, natural disasters, malicious

intruders, power flaws, human error


Viruses

• Program that replicates itself with intent to infect more computers– Through network connections or exchange of

external storage devices– Typically copied to storage device without user’s

knowledge

• Trojan horse: program that disguises itself as something useful but actually harms system– Not considered a virus


Types of Viruses

• Boot sector viruses: located in boot sector of computer’s hard disk– When computer boots up, virus runs in place of

computer’s normal system files– Removal first requires rebooting from uninfected,

write-protected disk with system files on it

• Macro viruses: take form of macro that may be executed as user works with a program– Quick to emerge and spread– Symptoms vary widely


Types of Viruses (continued)

• File-infected viruses: attach to executable files– When infected executable file runs, virus copies itself

to memory– Can have devastating consequences– Symptoms may include damaged program files,

inexplicable file size increases, changed icons for programs, strange messages, inability to run a program

• Worms: programs that run independently and travel between computers and across networks– Not technically viruses– Can transport and hide viruses


Types of Viruses (continued)

• Trojan horse: program that claims to do something useful but instead harms system

• Network viruses: propagated via network protocols, commands, messaging programs, and data links

• Bots: program that runs automatically, without requiring a person to start or stop it– Many bots spread through Internet Relay Chat (IRC)– Used to damage/destroy data or system files, issue

objectionable content, further propagate virus


Virus Characteristics

• Encryption: encrypted virus may thwart antivirus program’s attempts to detect it

• Stealth: stealth viruses disguise themselves as legitimate programs or replace part of legitimate program’s code with destructive code

• Polymorphism: polymorphic viruses change characteristics every time transferred

• Time-dependence: time-dependent viruses programmed to activate on particular date


Virus Protection: Antivirus Software

• Antivirus software should at least:– Detect viruses through signature scanning– Detect viruses through integrity checking– Detect viruses by monitoring unexpected file

changes or virus-like behaviors– Receive regular updates and modifications from a

centralized network console– Consistently report only valid viruses

• Heuristic scanning techniques attempt to identify viruses by discovering “virus-like” behavior (may give “false positives”)


Antivirus Policies

• Provide rules for using antivirus software and policies for installing programs, sharing files, and using floppy disks

• Suggestions for antivirus policy guidelines:– Every computer in organization equipped with virus

detection and cleaning software – Users should not be allowed to alter or disable

antivirus software– Users should know what to do in case virus detected


Fault Tolerance

• Capacity for system to continue performing despite unexpected hardware or software malfunction

• Failure: deviation from specified level of system performance for given period of time

• Fault: involves malfunction of system component– Can result in a failure

• Varying degrees– At highest level, system remains unaffected by even

most drastic problems


Power: Power Flaws

• Power flaws that can damage equipment:– Surge: momentary increase in voltage due to

lightning strikes, solar flares, or electrical problems– Noise: fluctuation in voltage levels caused by other

devices on network or electromagnetic interference– Brownout: momentary decrease in voltage; also

known as a sag– Blackout: complete power loss


UPSs (Uninterruptible Power Supplies)

• Battery-operated power source directly attached to one or more devices and to power supply – Prevents undesired features of outlet’s A/C power

from harming device or interrupting services– Standby UPS: provides continuous voltage to device

• Switch to battery when power loss detected

– Online UPS: uses power from wall outlet to continuously charge battery, while providing power to network device through battery


Servers

• Make servers more fault-tolerant by supplying them with redundant components– NICs, processors, and hard disks– If one item fails, entire system won’t fail– Enable load balancing


Server Mirroring

• Mirroring: one device or component duplicates activities of another

• Server Mirroring: one server duplicates transactions and data storage of another– Must be identical machines using identical

components– Requires high-speed link between servers– Requires synchronization software– Form of replication

• Servers can stand side by side or be positioned in different locations


Clustering

• Link multiple servers together to act as single server– Share processing duties – Appear as single server to users– If one server fails, others automatically take over

data transaction and storage responsibilities– More cost-effective than mirroring– To detect failures, clustered servers regularly poll

each other– Servers must be close together


Storage: RAID (Redundant Array of Independent (or Inexpensive) Disks)

• Collection of disks that provide fault tolerance for shared data and applications– Disk array– Collection of disks that work together in RAID

configuration, often referred to as RAID drive• Appear as single logical drive to system

• Hardware RAID: set of disks and separate disk controller– Managed exclusively by RAID disk controller

• Software RAID: relies on software to implement and control RAID techniques


RAID Level 0―Disk Striping

• Simple implementation of RAID– Not fault-tolerant– Improves performance

Figure 13-6: RAID Level 0—disk striping


RAID Level 1—Disk Mirroring

• Data from one disk copied to another disk automatically as information written– Dynamic backup– If one drive fails, disk array controller automatically

switches to disk that was mirroring it– Requires two identical disks– Usually relies on system software to perform

mirroring

• Disk duplexing: similar to disk mirroring, but separate disk controller used for each disk


RAID Level 1—Disk Mirroring (continued)

Figure 13-7: RAID Level 1—disk mirroring


RAID Level 5—Disk Striping with Distributed Parity

• Data written in small blocks across several disks – Parity error checking information distributed among

disks– Highly fault-tolerant– Very popular– Failed disk can be replaced with little interruption

• Hot spare: disk or partition that is part of array, but used only in case a RAID disks fails

• Cold spare: duplicate component that can be installed in case of failure


RAID Level 5—Disk Striping with Distributed Parity (continued)

Figure 13-9: RAID Level 5—disk striping with distributed parity


NAS (Network Attached Storage)

• Specialized storage device that provides centralized fault-tolerant data storage– Maintains own interface to LAN– Contains own file system optimized for saving and

serving files– Easily expanded without interrupting service– Cannot communicate directly with network clients


NAS (continued)

Figure 13-10: Network attached storage on a LAN


SANs (Storage Area Networks)

Figure 13-11: A storage area network


Data Backup

• Copy of data or program files created for archiving or safekeeping– No matter how reliable and fault-tolerant you believe

your server’s hard disk (or disks) to be, still risk losing everything unless you make backups on separate media and store them off-site

• Many options exist for making backups


Optical Media

• Capable of storing digitized data – Uses laser to write and read data– CD-ROMs and DVDs

• Requires proper disk drive to write data

• Writing data usually takes longer than saving data to another type of media


External Disk Drives

• Storage devices that can be attached temporarily to a computer via USB, PCMCIA, FireWire, or Compact-Flash port– Removable disk drives

• For backing up large amounts of data, likely to use external disk drive with backup control features, high capacity, and fast read-write access

• Faster data transfer rates than optical media or tape backups


Backup Strategy (continued)

• Archive bit: file attribute that can be checked or unchecked – Indicates whether file must be archived

• Backup methods use archive bit in different ways– Full backup: all data copied to storage media,

regardless of whether data is new or changed• Archive bits set to “off” for all files

– Incremental backup: copies only data that has changed since last full or incremental backup

• Unchecks archive bit for every file saved– Differential backup: does not uncheck archive bits for

files backed up


Disaster Recovery: Disaster Recovery Planning

• Disaster recovery: process of restoring critical functionality and data after enterprise-wide outage

• Disaster recovery plan accounts for worst-case scenarios– Contact names and info for emergency coordinators– Details on data and servers being backed up,

backup frequency, backup location, how to recover– Details on network topology, redundancy, and

agreements with national service carriers– Strategies for testing disaster recovery plan– Plan for managing the crisis


Disaster Recovery Contingencies

• Several options for recovering from disaster– Cold site: place where computers, devices, and

connectivity necessary to rebuild network exist• Not configured, updated, or connected

– Warm site: same as cold site, but some computers and devices appropriately configured, updated, or connected

– Hot site: computers, devices, and connectivity necessary to rebuild network are appropriately configured, updated, and connected to match network’s current state

Documents

Network+ Guide to Networks, Fourth Edition Chapter 13 Ensuring Integrity and Availability