computer networking Virus

8/10/2019 computer networking Virus

1/54

Network+ Guide to Networks,

Fourth Edition

Chapter 13Ensuring Integrity and Availability


2/54

Network+ Guide to Networks, 4e 2

Objectives

Identify the characteristics of a network that keeps

data safe from loss or damage

Protect an enterprise-wide network from viruses

Explain network- and system-level fault-tolerancetechniques

Discuss issues related to network backup and

recovery strategies

Describe the components of a useful disaster

recovery plan and the options for disaster

contingencies


3/54


What Are Integrity and Availability?

Integrity: soundness of networks programs, data,

services, devices, and connections

Availability: how consistently and reliably file or

system can be accessed by authorized personnel Need well-planned and well-configured network

Data backups, redundant devices, protection from

malicious intruders

Phenomena compromising integrity and availability:

Security breaches, natural disasters, malicious

intruders, power flaws, human error


4/54



(continued)

General guidelines for protecting network:

Allow only network administrators to create or modify

NOS and application system files

Monitor network for unauthorized access or changes Record authorized system changes in a change

management system

Install redundant components

Perform regular health checks


5/54



(continued)

General guidelines for protecting network

(continued):

Check system performance, error logs, and system

log book regularly Keep backups, boot disks, and emergency repair

disks current and available

Implement and enforce security and disaster

recovery policies


6/54


Viruses

Program that replicates itself with intent to infect

more computers

Through network connections or exchange of

external storage devices Typically copied to storage device without users

knowledge

Trojan horse: program that disguises itself as

something useful but actually harms system Not considered a virus


7/54


8/54


Types of Viruses (continued)

File-infected viruses: attach to executable files

When infected executable file runs, virus copiesitself to memory

Can have devastating consequences

Symptoms may include damaged program files,inexplicable file size increases, changed icons forprograms, strange messages, inability to run aprogram

Worms: programs that run independently and travelbetween computers and across networks

Not technically viruses

Can transport and hide viruses


9/54


Types of Viruses (continued)

Trojan horse: program that claims to do something

useful but instead harms system

Network viruses: propagated via network protocols,

commands, messaging programs, and data links Bots: program that runs automatically, without

requiring a person to start or stop it

Many bots spread through Internet Relay Chat (IRC)

Used to damage/destroy data or system files, issue

objectionable content, further propagate virus


10/54


Virus Characteristics

Encryption: encrypted virus may thwart antivirus

programs attempts to detect it

Stealth: stealth viruses disguise themselves as

legitimate programs or replace part of legitimateprograms code with destructive code

Polymorphism: polymorphic viruses change

characteristics every time transferred

Time-dependence: time-dependent virusesprogrammed to activate on particular date


11/54


Virus Protection: Antivirus Software

Antivirus software should at least:

Detect viruses through signature scanning

Detect viruses through integrity checking

Detect viruses by monitoring unexpected filechanges or virus-like behaviors

Receive regular updates and modifications from a

centralized network console

Consistently report only valid viruses Heuristic scanning techniques attempt to identify

viruses by discovering virus-like behavior (may give

false positives)


12/54


Antivirus Policies

Provide rules for using antivirus software and

policies for installing programs, sharing files, and

using floppy disks

Suggestions for antivirus policy guidelines: Every computer in organization equipped with virus

detection and cleaning software

Users should not be allowed to alter or disable

antivirus software Users should know what to do in case virus detected


13/54


Antivirus Policies (continued)

Suggestions for antivirus policy guidelines

(continued):

Antivirus team should be appointed to focus on

maintaining antivirus measures Users should be prohibited from installing any

unauthorized software on their systems

Systemwide alerts should be issued to network

users notifying them of serious virus threats andadvising them how to prevent infection


14/54


Virus Hoaxes

False alerts about dangerous, new virus that could

cause serious damage to systems

Generally an attempt to create panic

Should not be passed on Can confirm hoaxes online


15/54


Fault Tolerance

Capacity for system to continue performing despite

unexpected hardware or software malfunction

Failure: deviation from specified level of system

performance for given period of time Fault: involves malfunction of system component

Can result in a failure

Varying degrees

At highest level, system remains unaffected by even

most drastic problems


16/54


Environment

Must analyze physical environment in which

devices operate

e.g., excessive heat or moisture, break-ins, natural

disasters Can purchase temperature and humidity monitors

Trip alarms if specified limits exceeded


17/54


Power: Power Flaws

Power flaws that can damage equipment:

Surge: momentary increase in voltage due to

lightning strikes, solar flares, or electrical problems

Noise: fluctuation in voltage levels caused by otherdevices on network or electromagnetic interference

Brownout: momentary decrease in voltage; also

known as a sag

Blackout: complete power loss


18/54


UPSs (Uninterruptible Power Supplies)

Battery-operated power source directly attached to

one or more devices and to power supply

Prevents undesired features of outlets A/C power

from harming device or interrupting services Standby UPS: provides continuous voltage to device

Switch to battery when power loss detected

Online UPS: uses power from wall outlet to

continuously charge battery, while providing powerto network device through battery


19/54


UPSs (continued)

Factors to consider when deciding on a UPS:

Amount of power needed

Power measured in volt-amps

Period of time to keep a device running Line conditioning

Cost


20/54


Generators

Figure 13-2: UPSs and a generator in a network design


21/54


Topology and Connectivity

Key to fault tolerance in network design issupplying multiple possible data paths

If one connection fails, data can be rerouted

On LANs, star topology and parallel backboneprovide greatest fault tolerance

On WANs, full mesh topology offers best faulttolerance

SONET networks highly fault-tolerant

Redundancy in network offers advantage ofreducing risk of lost functionality and profits fromnetwork faults


22/54


Topology and Connectivity (continued)

Figure 13-3: VPNs linking multiple customers


23/54



Automatic fail-over: use redundant components

able to immediately assume duties of an identical

component in event of failure or fault

Can provide some level of fault tolerance by usinghot swappable parts

Leasing redundant T1s allows for load balancing

Automatic distribution of traffic over multiple links or

processors to optimize response


24/54



Figure 13-5: Fully redundant T1 connectivity


25/54


Servers

Make servers more fault-tolerant by supplying them

with redundant components

NICs, processors, and hard disks

If one item fails, entire system wont fail Enable load balancing


26/54


Server Mirroring

Mirroring: one device or component duplicatesactivities of another

Server Mirroring: one server duplicatestransactions and data storage of another

Must be identical machines using identicalcomponents

Requires high-speed link between servers

Requires synchronization software

Form of replication

Servers can stand side by side or be positioned indifferent locations


27/54


Clustering

Link multiple servers together to act as single

server

Share processing duties

Appear as single server to users If one server fails, others automatically take over

data transaction and storage responsibilities

More cost-effective than mirroring

To detect failures, clustered servers regularly polleach other

Servers must be close together


28/54


Storage: RAID (Redundant Array of

Independent (or Inexpensive) Disks)

Collection of disks that provide fault tolerance forshared data and applications

Disk array

Collection of disks that work together in RAIDconfiguration, often referred to as RAID drive

Appear as single logical drive to system

Hardware RAID: set of disks and separate diskcontroller

Managed exclusively by RAID disk controller

Software RAID: relies on software to implementand control RAID techniques


29/54


RAID Level 0Disk Striping

Simple implementation of RAID

Not fault-tolerant

Improves performance

Figure 13-6: RAID Level 0disk striping


30/54


RAID Level 1Disk Mirroring

Data from one disk copied to another disk

automatically as information written

Dynamic backup

If one drive fails, disk array controller automaticallyswitches to disk that was mirroring it

Requires two identical disks

Usually relies on system software to perform

mirroring Disk duplexing: similar to disk mirroring, but

separate disk controller used for each disk


31/54


RAID Level 1Disk Mirroring

(continued)

Figure 13-7: RAID Level 1disk mirroring


32/54


RAID Level 3Disk Striping with

Parity ECC

Disk striping with special error correction code

(ECC)

Parity: mechanism used to verify integrity of data by

making number of bits in a byte sum to either an oddor even number

Even parity or odd parity

Tracks integrity of data on disk

Parity bit assigned to each data byte when written todisk

When data read, datas bits plus parity bit summed

(parity should match)


33/54



Parity ECC (continued)

Figure 13-8: RAID Level 3disk striping with parity ECC


34/54



Distributed Parity

Data written in small blocks across several disks

Parity error checking information distributed among

disks

Highly fault-tolerant Very popular

Failed disk can be replaced with little interruption

Hot spare: disk or partition that is part of array, but

used only in case a RAID disks fails

Cold spare: duplicate component that can be

installed in case of failure


35/54



Distributed Parity (continued)

Figure 13-9: RAID Level 5disk striping with distributed parity


36/54


NAS (Network Attached Storage)

Specialized storage device that provides

centralized fault-tolerant data storage

Maintains own interface to LAN

Contains own file system optimized for saving andserving files

Easily expanded without interrupting service

Cannot communicate directly with network clients


37/54


NAS (continued)

Figure 13-10: Network attached storage on a LAN


38/54


SANs (Storage Area Networks)

Figure 13-11: A storage area network


39/54


Data Backup

Copy of data or program files created for archiving

or safekeeping

No matter how reliable and fault-tolerant you believe

your servers hard disk (or disks) to be, still risklosing everything unless you make backups on

separate media and store them off-site

Many options exist for making backups


40/54


Backup Media and Methods

To select appropriate solution, consider followingquestions:

Sufficient storage capacity?

Reliability?

Data error checking techniques?

System efficient enough to complete backup processbefore daily operations resume?

Cost and capacity?

Compatibility?

Frequent manual intervention?

Scalability?


41/54


Optical Media

Capable of storing digitized data

Uses laser to write and read data

CD-ROMs and DVDs

Requires proper disk drive to write data Writing data usually takes longer than saving data

to another type of media


42/54


Tape Backups

Relatively simple, capable of storing large amounts

of data, at least partially automated

On relatively small networks, standalone tape

drives may be attached to each server On large networks, one large, centralized tape

backup device may manage all subsystems

backups

Usually connected to computer other than file server


43/54


External Disk Drives

Storage devices that can be attached temporarily

to a computer via USB, PCMCIA, FireWire, or

Compact-Flash port

Removable disk drives For backing up large amounts of data, likely to use

external disk drive with backup control features,

high capacity, and fast read-write access

Faster data transfer rates than optical media ortape backups


44/54


Network Backups

Save data to another place on network

Must back up data to different disk than where it was

originally stored

Most NOSs provide utilities for automating andmanaging network backups

Online backup:saves data across Internet to

another companys storage array

Strict security measures to protect data in transit Backup and restoration processes automated


45/54


Backup Strategy

Strategy should address following questions:

What data must be backed up?

Rotation schedule?

Time backups occur? Method of accuracy verification?

Where and how long will backup media be stored?

Who will take responsibility?

How long will backups be saved?

Where will documentation be stored?


46/54


Backup Strategy (continued)

Archive bit: file attribute that can be checked orunchecked

Indicates whether file must be archived

Backup methods use archive bit in different ways

Full backup: all data copied to storage media,regardless of whether data is new or changed

Archive bits set to off for all files

Incremental backup: copies only data that has

changed since last full or incremental backup Unchecks archive bit for every file saved

Differential backup:does not uncheck archive bitsfor files backed up


47/54



Determine best possible backup rotation scheme

Provide excellent data reliability without overtaxing

network or requiring a lot of intervention

Several standard backup rotation schemes Grandfather-father-son: Uses DAILY (son), weekly

(father), and monthly (grandfather) backup sets

Make sure backup activity recorded in backup log

Establish regular schedule of verification


48/54



Figure 13-13: The grandfather-father-son backup rotation

scheme


49/54


Disaster Recovery:

Disaster Recovery Planning

Disaster recovery: process of restoring criticalfunctionality and data after enterprise-wide outage

Disaster recovery plan accounts for worst-casescenarios

Contact names and info for emergency coordinators

Details on data and servers being backed up,backup frequency, backup location, how to recover

Details on network topology, redundancy, and

agreements with national service carriers Strategies for testing disaster recovery plan

Plan for managing the crisis


50/54


Disaster Recovery Contingencies

Several options for recovering from disaster

Cold site: place where computers, devices, and

connectivity necessary to rebuild network exist

Not configured, updated, or connected Warm site: same as cold site, but some computers

and devices appropriately configured, updated, or

connected

Hot site: computers, devices, and connectivitynecessary to rebuild network are appropriately

configured, updated, and connected to match

networks current state


51/54


Summary

Integrity refers to the soundness of your networksfiles, systems, and connections

Several basic measures can be employed toprotect data and systems on a network

A virus is a program that replicates itself so as toinfect more computers, either through networkconnections or through external storage devicespassed among users

A good antivirus program should be able to detectviruses through signature scanning, integritychecking, and heuristic scanning


52/54


Summary (continued)

The goal of fault-tolerant systems is to prevent

faults from progressing to failures

Fault tolerance is a systems capacity to continue

performing despite an unexpected hardware orsoftware malfunction

A UPS is a battery power source that prevents

undesired features of the power source from

harming the device or interrupting its services For utmost fault tolerance in power supply, a

generator is necessary


53/54


Summary (continued)

Critical servers often contain redundant NICs,

processors, and/or hard disks to provide better fault

tolerance

Server mirroring involves utilizing a second,identical server to duplicate the transactions and

data storage of one server

Clustering links multiple servers together to act as

a single server RAID is an important storage redundancy feature


54/54

Summary (continued)

Backups can be saved to optical media (such as

CDs and DVDs), tapes, external disk drives, or to

another location on a network

The aim of a good backup rotation scheme is toprovide excellent data reliability but not to overtax

your network or require much intervention

Disaster recovery is the process of restoring your

critical functionality and data after an enterprise-wide outage that affects more than a single system

or a limited group of users

Date post:	02-Jun-2018
Category:	Documents
Upload:	faisal-sameon
View:	212 times
Download:	0 times

computer networking Virus

Documents