Network+ Guide to Networks,

Fourth Edition
Chapter 13
Ensuring Integrity and Availability
Network+ Guide to Networks, 4e 2
What Are Integrity and Availability?
Integrity: soundness of networks programs, data,
services, devices, and connections
Availability: how consistently and reliably file or
system can be accessed by authorized personnel
Need well-planned and well-configured network
Data backups, redundant devices, protection from
malicious intruders
Phenomena compromising integrity and availability:
Security breaches, natural disasters, malicious
intruders, power flaws, human error
Network+ Guide to Networks, 4e 3
Viruses
Program that replicates itself with intent to infect
more computers
Through network connections or exchange of
external storage devices
Typically copied to storage device without users
knowledge
Trojan horse: program that disguises itself as
something useful but actually harms system
Not considered a virus
Network+ Guide to Networks, 4e 4
Types of Viruses
Boot sector viruses: located in boot sector of
computers hard disk
When computer boots up, virus runs in place of
computers normal system files
Removal first requires rebooting from uninfected,
write-protected disk with system files on it
Macro viruses: take form of macro that may be
executed as user works with a program
Quick to emerge and spread
Symptoms vary widely
Network+ Guide to Networks, 4e 5
Types of Viruses (continued)
File-infected viruses: attach to executable files
When infected executable file runs, virus copies
itself to memory
Can have devastating consequences
Symptoms may include damaged program files,
inexplicable file size increases, changed icons for
programs, strange messages, inability to run a
program
Worms: programs that run independently and travel
between computers and across networks
Not technically viruses
Can transport and hide viruses
Network+ Guide to Networks, 4e 6
Types of Viruses (continued)
Trojan horse: program that claims to do something
useful but instead harms system
Network viruses: propagated via network protocols,
commands, messaging programs, and data links
Bots: program that runs automatically, without
requiring a person to start or stop it
Many bots spread through Internet Relay Chat (IRC)
Used to damage/destroy data or system files, issue
objectionable content, further propagate virus
Network+ Guide to Networks, 4e 7
Virus Characteristics
Encryption: encrypted virus may thwart antivirus
programs attempts to detect it
Stealth: stealth viruses disguise themselves as
legitimate programs or replace part of legitimate
programs code with destructive code
Polymorphism: polymorphic viruses change
characteristics every time transferred
Time-dependence: time-dependent viruses
programmed to activate on particular date
Network+ Guide to Networks, 4e 8
Virus Protection: Antivirus Software
Antivirus software should at least:
Detect viruses through signature scanning
Detect viruses through integrity checking
Detect viruses by monitoring unexpected file
changes or virus-like behaviors
Receive regular updates and modifications from a
centralized network console
Consistently report only valid viruses
Heuristic scanning techniques attempt to identify
viruses by discovering virus-like behavior (may give
false positives)
Network+ Guide to Networks, 4e 9
Antivirus Policies
Provide rules for using antivirus software and
policies for installing programs, sharing files, and
using floppy disks
Suggestions for antivirus policy guidelines:
Every computer in organization equipped with virus
detection and cleaning software
Users should not be allowed to alter or disable
antivirus software
Users should know what to do in case virus detected
Network+ Guide to Networks, 4e 10
Fault Tolerance
Capacity for system to continue performing despite
unexpected hardware or software malfunction
Failure: deviation from specified level of system
performance for given period of time
Fault: involves malfunction of system component
Can result in a failure
Varying degrees
At highest level, system remains unaffected by even
most drastic problems
Network+ Guide to Networks, 4e 11
Power: Power Flaws
Power flaws that can damage equipment:
Surge: momentary increase in voltage due to
lightning strikes, solar flares, or electrical problems
Noise: fluctuation in voltage levels caused by other
devices on network or electromagnetic interference
Brownout: momentary decrease in voltage; also
known as a sag
Blackout: complete power loss
Network+ Guide to Networks, 4e 12
UPSs (Uninterruptible Power Supplies)
Battery-operated power source directly attached to
one or more devices and to power supply
Prevents undesired features of outlets A/C power
from harming device or interrupting services
Standby UPS: provides continuous voltage to device
Switch to battery when power loss detected
Online UPS: uses power from wall outlet to
continuously charge battery, while providing power
to network device through battery
Network+ Guide to Networks, 4e 13
Servers
Make servers more fault-tolerant by supplying them
with redundant components
NICs, processors, and hard disks
If one item fails, entire system wont fail
Enable load balancing
Network+ Guide to Networks, 4e 14
Server Mirroring
Mirroring: one device or component duplicates
activities of another
Server Mirroring: one server duplicates
transactions and data storage of another
Must be identical machines using identical
components
Requires high-speed link between servers
Requires synchronization software
Form of replication
Servers can stand side by side or be positioned in
different locations
Network+ Guide to Networks, 4e 15
Clustering
Link multiple servers together to act as single
server
Share processing duties
Appear as single server to users
If one server fails, others automatically take over
data transaction and storage responsibilities
More cost-effective than mirroring
To detect failures, clustered servers regularly poll
each other
Servers must be close together
Network+ Guide to Networks, 4e 16
Storage: RAID (Redundant Array of
Independent (or Inexpensive) Disks)
Collection of disks that provide fault tolerance for
shared data and applications
Disk array
Collection of disks that work together in RAID
configuration, often referred to as RAID drive
Appear as single logical drive to system
Hardware RAID: set of disks and separate disk
controller
Managed exclusively by RAID disk controller
Software RAID: relies on software to implement
and control RAID techniques
Network+ Guide to Networks, 4e 17
RAID Level 0Disk Striping
Simple implementation of RAID
Not fault-tolerant
Improves performance
Figure 13-6: RAID Level 0disk striping
Network+ Guide to Networks, 4e 18
RAID Level 1Disk Mirroring
Data from one disk copied to another disk
automatically as information written
Dynamic backup
If one drive fails, disk array controller automatically
switches to disk that was mirroring it
Requires two identical disks
Usually relies on system software to perform
mirroring
Disk duplexing: similar to disk mirroring, but
separate disk controller used for each disk
Network+ Guide to Networks, 4e 19
RAID Level 1Disk Mirroring
(continued)
Figure 13-7: RAID Level 1disk mirroring
Network+ Guide to Networks, 4e 20
RAID Level 5Disk Striping with
Distributed Parity
Data written in small blocks across several disks
Parity error checking information distributed among
disks
Highly fault-tolerant
Very popular
Failed disk can be replaced with little interruption
Hot spare: disk or partition that is part of array, but
used only in case a RAID disks fails
Cold spare: duplicate component that can be
installed in case of failure
Network+ Guide to Networks, 4e 21
RAID Level 5Disk Striping with
Distributed Parity (continued)
Figure 13-9: RAID Level 5disk striping with distributed parity
Network+ Guide to Networks, 4e 22
NAS (Network Attached Storage)
Specialized storage device that provides
centralized fault-tolerant data storage
Maintains own interface to LAN
Contains own file system optimized for saving and
serving files
Easily expanded without interrupting service
Cannot communicate directly with network clients
Network+ Guide to Networks, 4e 23
NAS (continued)
Figure 13-10: Network attached storage on a LAN
Network+ Guide to Networks, 4e 24
SANs (Storage Area Networks)
Figure 13-11: A storage area network
Network+ Guide to Networks, 4e 25
Data Backup
Copy of data or program files created for archiving
or safekeeping
No matter how reliable and fault-tolerant you believe
your servers hard disk (or disks) to be, still risk
losing everything unless you make backups on
separate media and store them off-site
Many options exist for making backups
Network+ Guide to Networks, 4e 26
Optical Media
Capable of storing digitized data
Uses laser to write and read data
CD-ROMs and DVDs
Requires proper disk drive to write data
Writing data usually takes longer than saving data
to another type of media
Network+ Guide to Networks, 4e 27
External Disk Drives
Storage devices that can be attached temporarily
to a computer via USB, PCMCIA, FireWire, or
Compact-Flash port
Removable disk drives
For backing up large amounts of data, likely to use
external disk drive with backup control features,
high capacity, and fast read-write access
Faster data transfer rates than optical media or
tape backups
Network+ Guide to Networks, 4e 28
Backup Strategy (continued)
Archive bit: file attribute that can be checked or
unchecked
Indicates whether file must be archived
Backup methods use archive bit in different ways
Full backup: all data copied to storage media,
regardless of whether data is new or changed
Archive bits set to off for all files
Incremental backup: copies only data that has
changed since last full or incremental backup
Unchecks archive bit for every file saved
Differential backup: does not uncheck archive bits
for files backed up
Network+ Guide to Networks, 4e 29
Disaster Recovery:
Disaster Recovery Planning
Disaster recovery: process of restoring critical
functionality and data after enterprise-wide outage
Disaster recovery plan accounts for worst-case
scenarios
Contact names and info for emergency coordinators
Details on data and servers being backed up,
backup frequency, backup location, how to recover
Details on network topology, redundancy, and
agreements with national service carriers
Strategies for testing disaster recovery plan
Plan for managing the crisis
Network+ Guide to Networks, 4e 30
Disaster Recovery Contingencies
Several options for recovering from disaster
Cold site: place where computers, devices, and
connectivity necessary to rebuild network exist
Not configured, updated, or connected
Warm site: same as cold site, but some computers
and devices appropriately configured, updated, or
connected
Hot site: computers, devices, and connectivity
necessary to rebuild network are appropriately
configured, updated, and connected to match
networks current state