which your company’s NOS is not installed, and that do not possess the appropriate configu- rations and data necessary to operate in your environment. The twenty-five client machines stored there might be in a similar state. In addition, you might have a router, a switch, and two access points at the cold site, but these might also require configuration to operate in your environment. Finally, the cold site would not necessarily have Internet connectivity, or at least not the same type as your network used. Supposing you followed good backup practices and stored your backup media at the cold site, you would then need to restore operating systems, applications, and data to your servers and clients, reconfigure your connectivity devices, and arrange with your ISP to have your connectivity restored to the cold site. Even for a small net- work, this process could take weeks. A warm site is a place where the computers, devices, and connectivity necessary to rebuild a network exist, with some appropriately configured, updated, or connected. For example, a ser- vice provider that specializes in disaster recovery might maintain for you a duplicate of each of your servers in its data center. You might arrange to have the service provider update those duplicate servers with your backed-up data on the first of each month, because updating the servers daily is much more expensive. In that case, if a disaster occurs in the middle of the month, you would still need to update your duplicate servers with your latest weekly or daily backups before they could stand in for the downed servers. Recovery from a warm site can take hours or days, compared to the weeks a cold site might require. Maintaining a warm site costs more than maintaining a cold site, but not as much as maintaining a hot site. A hot site is a place where the computers, devices, and connectivity necessary to rebuild a net- work exist, and all are appropriately configured, updated, and connected to match your net- work’s current state. For example, you might use server mirroring to maintain identical copies of your servers at two WAN locations. In a hot site contingency plan, both locations would also contain identical connectivity devices and configurations, and thus be able to stand in for the other at a moment’s notice. As you can imagine, hot sites are expensive and potentially time consuming to maintain. For organizations that cannot tolerate downtime, however, hot sites provide the best disaster recovery option. Chapter Summary ◆ Integrity refers to the soundness of your network’s files, systems, and connections. To ensure their integrity, you must protect them from anything that might render them unusable, such as corruption, tampering, natural disasters, and viruses. Availability of a file or system refers to how consistently and reliably it can be accessed by autho- rized personnel. ◆ Several basic measures can be employed to protect data and systems on a network: (1) Prevent anyone other than a network administrator from opening or changing the system files; (2) monitor the network for unauthorized access or changes; (3) record authorized system changes in a change management system; (4) use redun- dancy for critical servers, cabling, routers, hubs, gateways, NICs, hard disks, power 602 Chapter 13 ENSURING INTEGRITY AND AVAILABILITY NET+ 3.12 supplies, and other components; (5) perform regular health checks on the network; (6) monitor system performance, error logs, and the system log book regularly; (7) keep backups, boot disks, and emergency repair disks current and available; and (8) implement and enforce security and disaster recovery policies. ◆ A virus is a program that replicates itself so as to infect more computers, either through network connections or through external storage devices passed among users. Viruses may damage files or systems, or simply annoy users by flashing mes- sages or pictures on the screen or by causing the computer to beep. ◆ Any type of virus may have additional characteristics that make it harder to detect and eliminate. Such viruses may be encrypted, stealth, polymorphic, or time-dependent. ◆ A good antivirus program should be able to detect viruses through signature scan- ning, integrity checking, and heuristic scanning. It should also be compatible with your network environment, centrally manageable, easy to use (transparent to users), and not prone to false alarms. ◆ Antivirus software is merely one piece of the puzzle in protecting your network from viruses. An antivirus policy is another essential component. It should provide rules for using antivirus software and policies for installing programs, sharing files, and using floppy disks. ◆ A failure is a deviation from a specified level of system performance for a given period of time. A fault, on the other hand, is the malfunction of one component of a system. A fault can result in a failure. The goal of fault-tolerant systems is to prevent faults from progressing to failures. ◆ Fault tolerance is a system’s capacity to continue performing despite an unexpected hardware or software malfunction. It can be achieved in varying degrees. At the highest level of fault tolerance, a system is unaffected by even a drastic problem, such as a power failure. ◆ As you consider sophisticated fault-tolerance techniques for servers, routers, and WAN links, remember to address the environment in which your devices operate. Protecting your data also involves protecting your network from excessive heat or moisture, break-ins, and natural disasters. ◆ Networks cannot tolerate power loss or less than optimal power and may suffer downtime or reduced performance due to blackouts, brownouts (sags), surges, and line noise. ◆ A UPS is a battery power source directly attached to one or more devices and to a power supply, which prevents undesired features of the power source from harming the device or interrupting its services. UPSs vary in the type of power aberrations they can rectify, the length of time they can provide power, and the number of devices they can support. ◆ A standby UPS provides continuous voltage to a device by switching virtually instantaneously to the battery when it detects a loss of power from the wall outlet. Upon restoration of the power, the standby UPS switches the device to use A/C power again. Chapter 13 603 CHAPTER SUMMARY ◆ An online UPS uses the A/C power from the wall outlet to continuously charge its bat- tery, while providing power to a network device through its battery. In other words, a server connected to an online UPS always relies on the UPS battery for its electricity. ◆ For utmost fault tolerance in power supply, a generator is necessary. Generators can be powered by diesel, liquid propane gas, natural gas, or steam. They do not provide surge protection, but they do provide noise-free electricity. ◆ Network topologies such as a full mesh WAN or a star-based LAN with a parallel backbone offer the greatest fault tolerance. A SONET ring also offers high fault tol- erance, because of its dual-ring topology. ◆ When components are hot swappable, they have identical functions and can automatically assume the functions of their counterpart if it suffers a fault. They can be changed (or swapped) while a machine is still running (hot). Hot swappable components are some- times called hot spares. ◆ Critical servers often contain redundant NICs, processors, and/or hard disks to pro- vide better fault tolerance. These redundant components provide assurance that if one fails, the whole system won’t fail, and they enable load balancing. ◆ A fault-tolerance technique that involves utilizing a second, identical server to dupli- cate the transactions and data storage of one server is called server mirroring. Mir- roring can take place between servers that are either side by side or geographically distant. Mirroring requires not only a link between the servers, but also software running on both servers to enable the servers to continually synchronize their actions and to permit one to take over in case the other fails. ◆ Clustering is a fault-tolerance technique that links multiple servers together to act as a single server. In this configuration, clustered servers share processing duties and appear as a single server to users. If one server in the cluster fails, the other servers in the cluster automatically take over its data transaction and storage responsibilities. ◆ An important storage redundancy feature is a RAID (Redundant Array of Indepen- dent (or Inexpensive) Disks). All types of RAID use shared, multiple physical or logical hard disks to ensure data integrity and availability; some designs also increase storage capacity and improve performance. RAID is either hardware- or software- based. Software RAID can be implemented through operating system utilities. ◆ RAID Level 0 is a simple version of RAID in which data is written in 64-KB blocks equally across all of the disks in the array, a technique known as disk striping. Disk striping is not a fault-tolerant method, because if one disk fails, the data con- tained in it will be inaccessible. ◆ RAID Level 1 provides redundancy through a process called disk mirroring, in which data from one disk is automatically copied to another disk as the information is written. This option is considered a dynamic data backup. If one disk in the array fails, the disk array controller automatically switches to the disk that was mirroring the failed disk. 604 Chapter 13 ENSURING INTEGRITY AND AVAILABILITY ◆ RAID Level 3 involves disk striping with parity error correction code. Parity refers to the integrity of the data as expressed in the number of 1s contained in each group of correctly transmitted bits. In RAID Level 3, parity error checking takes place when the data is written across the disk array. ◆ RAID Level 5 is the most popular fault-tolerant data storage technique in use today. In RAID Level 5, data is written in small blocks across several disks; parity error checking information is also distributed among the disks. ◆ NAS (network attached storage) is a dedicated storage device attached to a client/server network. It uses its own file system but relies on a traditional network trans- mission method such as Ethernet to interact with the rest of the client/server network. ◆ A SAN (storage area network) is a distinct network of multiple storage devices and servers that provides fast, highly available, and highly fault-tolerant access to large quantities of data for a client/server network. A SAN uses a proprietary network transmission method (such as Fibre Channel) rather than Ethernet. ◆ A backup is a copy of data or program files created for archiving or safekeeping. If you do not back up your data, you risk losing everything through a hard disk fault, fire, flood, or malicious or accidental erasure or corruption. Backups should be stored on separate media (other than the backed-up server), and these media should be stored off-site. ◆ Backups can be saved to optical media (such as CDs and DVDs), tapes, external disk drives, or to another location on a network. Of these, tape backups remain pop- ular because of their reliability, storage capacity, and speed. Tape backups require a tape drive connected to the network, software to manage and perform backups, and backup media. ◆ A full backup copies all data on all servers to a storage medium, regardless of whether the data is new or changed. An incremental backup copies only data that has changed since the last full or incremental backup, and unchecks the archive bit for files it backs up. A differential backup copies only data that has changed since the last full or incremental backup, but does not uncheck the archive bit for files it backs up. ◆ The aim of a good backup rotation scheme is to provide excellent data reliability but not to overtax your network or require much intervention. The most popular backup rotation scheme is called “grandfather-father-son.” This scheme combines daily (son), weekly (father), and monthly (grandfather) backup sets. ◆ Disaster recovery is the process of restoring your critical functionality and data after an enterprise-wide outage that affects more than a single system or a limited group of users. It must account for the possible extremes, rather than relatively minor out- ages, failures, security breaches, or data corruption. In a disaster recovery plan, you should consider the worst-case scenarios, from a hurricane to a military or terrorist attack. Chapter 13 605 CHAPTER SUMMARY ◆ Every organization should have a disaster recovery team (with an appointed coordi- nator) and a disaster recovery plan. The plan should address not only computer sys- tems, but also power, telephony, and paper-based files. ◆ To prepare for recovery after a potential disaster, you can maintain (or a hire a ser- vice to maintain for you) a cold site, warm site, or hot site. A cold site contains the elements necessary to rebuild a network, but none are appropriately configured and connected. Therefore, restoring functionality from a cold site can take a long time. A warm site contains the elements necessary to rebuild a network, and only some of them are appropriately configured and connected. A hot site is a precise duplicate of the network’s elements, all properly configured and connected. This allows an orga- nization to regain network functionality almost immediately. Key Terms archive bit—A file attribute that can be checked (or set to “on”) or unchecked (or set to “off ”) to indicate whether the file needs to be archived. An operating system checks a file’s archive bit when it is created or changed. array—A group of hard disks. availability—How consistently and reliably a file, device, or connection can be accessed by authorized personnel. backup—A copy of data or program files created for archiving or safekeeping. backup rotation scheme—A plan for when and how often backups occur, and which backups are full, incremental, or differential. blackout—A complete power loss. boot sector virus—A virus that resides on the boot sector of a floppy disk and is transferred to the partition sector or the DOS boot sector on a hard disk. A boot sector virus can move from a floppy to a hard disk only if the floppy disk is left in the drive when the machine starts. bot—A program that runs automatically. Bots can spread viruses or other malicious code between users in a chat room by exploiting the IRC protocol. brownout—A momentary decrease in voltage, also known as a sag. An overtaxed electrical system may cause brownouts, recognizable as a dimming of the lights. CD-R (compact disc - recordable)—A type of compact disc that can be written to only once. It can store up to 650 MB of data. CD-RW (compact disc - rewriteable)—A type of compact disc that can be written to more than once. It can store up to 650 MB of data. clustering—A fault-tolerance technique that links multiple servers to act as a single server. In this configuration, clustered servers share processing duties and appear as a single server to users. If one server in the cluster fails, the other servers in the cluster automatically take over its data transaction and storage responsibilities. 606 Chapter 13 ENSURING INTEGRITY AND AVAILABILITY cold site—A place where the computers, devices, and connectivity necessary to rebuild a net- work exist, but they are not appropriately configured, updated, or connected to match the net- work’s current state. cold spare—A duplicate component that is not installed, but can be installed in case of a failure. compact disc, recordable—See CD-R. compact disc, rewriteable—See CD-RW. differential backup—A backup method in which only data that has changed since the last full or incremental backup is copied to a storage medium, and in which that same information is marked for subsequent backup, regardless of whether it has changed. In other words, a differ- ential backup does not uncheck the archive bits for files it backs up. disaster recovery—The process of restoring critical functionality and data to a network after an enterprise-wide outage that affects more than a single system or a limited group of users. disk duplexing—A storage fault-tolerance technique in which data is continually copied from one disk to another when it is saved, just as in disk mirroring. In duplexing, however, a sepa- rate disk controller is used for each different disk. disk mirroring—A RAID technique in which data from one disk is automatically copied to another disk as the information is written. disk striping—A simple implementation of RAID in which data is written in 64-KB blocks equally across all disks in the array. ECC (error correction code)—An algorithm used to detect and correct errors. In RAID Lev- els 3 and 5, for example, a type of ECC known as parity error checking is used. encrypted virus—A virus that is encrypted to prevent detection. error correction code—See ECC. external disk drive—A storage device that can be attached temporarily to a computer. fail-over—The capability for one component (such as a NIC or server) to assume another com- ponent’s responsibilities without manual intervention. failure—A deviation from a specified level of system performance for a given period of time. A failure occurs when something doesn’t work as promised or as planned. fault—The malfunction of one component of a system. A fault can result in a failure. Fibre Channel—A distinct network transmission method that relies on fiber-optic media and its own, proprietary protocol. Fibre Channel is capable of up to 2-Gbps throughput. file-infected virus—A virus that attaches itself to executable files. When the infected exe- cutable file runs, the virus copies itself to memory. Later, the virus attaches itself to other exe- cutable files. Chapter 13 607 KEY TERMS full backup—A backup in which all data on all servers is copied to a storage medium, regard- less of whether the data is new or changed. A full backup unchecks the archive bit on files it has backed up. grandfather-father-son—A backup rotation scheme that uses daily (son), weekly (father), and monthly (grandfather) backup sets. hardware RAID—A method of implementing RAID that relies on an externally attached set of disks and a RAID disk controller, which manages the RAID array. heuristic scanning—A type of virus scanning that attempts to identify viruses by discovering “virus-like” behavior. hot site—A place where the computers, devices, and connectivity necessary to rebuild a net- work exist, and all are appropriately configured, updated, and connected to match your net- work’s current state. hot spare—In the context of RAID, a disk or partition that is part of the array, but used only in case one of the RAID disks fails. More generally, “hot spare” is used as a synonym for a hot swappable component. hot swappable—A characteristic that enables identical components to be interchanged (or swapped) while a machine is still running (hot). After being installed, a hot swappable com- ponent automatically assumes the functions of its counterpart. incremental backup—A backup in which only data that has changed since the last full or incre- mental backup is copied to a storage medium. After backing up files, an incremental backup unchecks the archive bit for every file it has saved. integrity—The soundness of a network’s files, systems, and connections. To ensure integrity, you must protect your network from anything that might render it unusable, such as corrup- tion, tampering, natural disasters, and viruses. integrity checking—A method of comparing the current characteristics of files and disks against an archived version of these characteristics to discover any changes. The most common example of integrity checking involves a checksum. Internet Relay Chat—See IRC. IRC (Internet Relay Chat)—A protocol that enables users running special IRC client soft- ware to communicate instantly with other participants in a chat room on the Internet. load balancing—An automatic distribution of traffic over multiple links, hard disks, or proces- sors intended to optimize responses. macro virus—A virus that takes the form of an application (for example, a word-processing or spreadsheet) program macro, which may execute when the program is in use. mirroring—A fault-tolerance technique in which one component or device duplicates the activity of another. 608 Chapter 13 ENSURING INTEGRITY AND AVAILABILITY NAS (network attached storage)—A device or set of devices attached to a client/server net- work, dedicated to providing highly fault-tolerant access to large quantities of data. NAS depends on traditional network transmission methods such as Ethernet. network attached storage—See NAS. network virus—A virus that takes advantage of network protocols, commands, messaging pro- grams, and data links to propagate itself. Although all viruses could theoretically travel across network connections, network viruses are specially designed to attack network vulnerabilities. offline UPS—See standby UPS. online backup—A technique in which data is backed up to a central location over the Inter- net. online UPS—A power supply that uses the A/C power from the wall outlet to continuously charge its battery, while providing power to a network device through its battery. optical media—A type of media capable of storing digitized data, which uses a laser to write data to it and read data from it. parity—The mechanism used to verify the integrity of data by making the number of bits in a byte sum equal to either an odd or even number. parity error checking—The process of comparing the parity of data read from a disk with the type of parity used by the system. polymorphic virus—A type of virus that changes its characteristics (such as the arrangement of its bytes, size, and internal instructions) every time it is transferred to a new system, mak- ing it harder to identify. RAID (Redundant Array of Independent (or Inexpensive) Disks)—A server redundancy measure that uses shared, multiple physical or logical hard disks to ensure data integrity and availability. Some RAID designs also increase storage capacity and improve performance. See also disk mirroring and disk striping. RAID Level 0—An implementation of RAID in which data is written in 64-KB blocks equally across all disks in the array. RAID Level 1—An implementation of RAID that provides redundancy through disk mir- roring, in which data from one disk is automatically copied to another disk as the information is written. RAID Level 3—An implementation of RAID that uses disk striping for data and writes par- ity error correction code on a separate parity disk. RAID Level 5—The most popular fault-tolerant data storage technique in use today, RAID Level 5 writes data in small blocks across several disks. At the same time, it writes parity error checking information among several disks. Chapter 13 609 KEY TERMS recordable DVD—An optical storage medium that can hold up to 4.7 GB on one single-layered side. Both sides of the disc can be used, and each side can have up to two layers.Thus, in total, a dou- ble-layered, two-sided DVD can store up to 17 GB of data. Recordable DVDs come in several dif- ferent formats. redundancy—The use of more than one identical component, device, or connection for stor- ing, processing, or transporting data. Redundancy is the most common method of achieving fault tolerance. Redundant Array of Independent (or Inexpensive) Disks—See RAID. removable disk drive—See external disk drive. replication—A fault-tolerance technique that involves dynamic copying of data (for example, an NOS directory or an entire server’s hard disk) from one location to another. sag—See brownout. SAN (storage area network)—A distinct network of multiple storage devices and servers that provides fast, highly available, and highly fault-tolerant access to large quantities of data for a client/server network. A SAN uses a proprietary network transmission method (such as Fibre Channel) rather than a traditional network transmission method such as Ethernet. server mirroring—A fault-tolerance technique in which one server duplicates the transactions and data storage of another, identical server. Server mirroring requires a link between the servers and software running on both servers so that the servers can continually synchronize their actions and one can take over in case the other fails. signature scanning—The comparison of a file’s content with known virus signatures (unique identifying characteristics in the code) in a signature database to determine whether the file is a virus. software RAID—A method of implementing RAID that uses software to implement and con- trol RAID techniques over virtually any type of hard disk(s). RAID software may be a third- party package or utilities that come with an operating system NOS. standby UPS—A power supply that provides continuous voltage to a device by switching vir- tually instantaneously to the battery when it detects a loss of power from the wall outlet. Upon restoration of the power, the standby UPS switches the device to use A/C power again. stealth virus—A type of virus that hides itself to prevent detection. Typically, stealth viruses disguise themselves as legitimate programs or replace part of a legitimate program’s code with their destructive code. storage area network—See SAN. surge—A momentary increase in voltage due to distant lightning strikes or electrical problems. surge protector—A device that directs excess voltage away from equipment plugged into it and redirects it to a ground, thereby protecting the equipment from harm. 610 Chapter 13 ENSURING INTEGRITY AND AVAILABILITY tape backup—A relatively simple and economical backup method in which data is copied to magnetic tapes. time-dependent virus—A virus programmed to activate on a particular date. This type of virus, also known as a “time bomb,” can remain dormant and harmless until its activation date arrives. Trojan—See Trojan horse. Trojan horse—A program that disguises itself as something useful, but actually harms your system. uninterruptible power supply—See UPS. UPS (uninterruptible power supply)—A battery-operated power source directly attached to one or more devices and to a power supply (such as a wall outlet), which prevents undesired features of the power source from harming the device or interrupting its services. vault—A large tape storage library. virus—A program that replicates itself to infect more computers, either through network connec- tions or through floppy disks passed among users. Viruses may damage files or systems, or simply annoy users by flashing messages or pictures on the screen or by causing the keyboard to beep. virus hoax—A rumor, or false alert, about a dangerous, new virus that could supposedly cause serious damage to your workstation. volt-amp (VA)—A measure of electrical power. A volt-amp is the product of the voltage and current (measured in amps) of the electricity on a line. warm site—A place where the computers, devices, and connectivity necessary to rebuild a net- work exist, though only some are appropriately configured, updated, or connected to match the network’s current state. worm—An unwanted program that travels between computers and across networks. Although worms do not alter other programs as viruses do, they may carry viruses. Review Questions 1. _________________________ refers to the soundness of a network’s programs, data, services, devices, and connections. a. Availability b. Heuristic scanning c. Disk duplexing d. Integrity Chapter 13 611 REVIEW QUESTIONS [...]... associated with people are included in the following list: ◆ Intruders or attackers using social engineering or snooping to obtain user passwords ◆ An administrator incorrectly creating or configuring user IDs, groups, and their ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ ◆ associated rights on a file server, resulting in file and logon access vulnerabilities Network administrators overlooking security flaws in topology or hardware... Internet, potentially for the purpose of causing damage Users must also be careful about providing information while browsing the Web Some sites will capture that information to use when attempting to break into systems Bear in mind that hackers are creative and typically revel in devising new ways of breaking into systems As a result, new Internet-related security threats arise frequently By keeping... Symantec In addition to blocking traffic on its way into a LAN, packet-filtering firewalls can block traffic attempting to exit a LAN One reason for blocking outgoing traffic is to stop worms from spreading For example, if you are running a Web server, which in most cases only needs to respond to incoming requests and does not need to initiate outgoing requests, you could configure a packet-filtering firewall... You can begin your planning by asking questions related to physical security checks in your security audit Relevant questions include the following: ◆ Which rooms contain critical systems or data and must be secured? ◆ Through what means might intruders gain access to the facility, computer room, ◆ ◆ ◆ ◆ ◆ ◆ telecommunications room, wiring closet, or data storage areas (including doors, windows, adjacent... providing an entry point for an intruder Users or administrators choosing easy-to-guess passwords Authorized staff leaving computer room doors open or unlocked, allowing unauthorized individuals to enter Staff discarding disks or backup tapes in public waste containers Administrators neglecting to remove access and file rights for employees who have left the organization Users writing their passwords... 13 ENSURING INTEGRITY AND AVAILABILITY 2 The term _ refers to an implementation in which more than one component is installed and ready to use for storing, processing, or transporting data a disk mirroring b redundancy c hot swappable d load balancing 3 Which of the following terms implies a fluctuation in voltage levels caused by other devices on the network or electromagnetic interference?... thereby disabling it from carrying legitimate traffic You will learn about softwarerelated risks in the following section The following risks are inherent in network hardware and design: ◆ Transmissions can be intercepted (spread-spectrum wireless and fiber-based trans◆ ◆ ◆ ◆ ◆ missions are more difficult to intercept) Networks that use leased public lines, such as T1 or DSL connections to the Internet,... malfunctioning software Regularly upgrading software is essential to maintaining network security An Effective Security Policy As you have learned, network security breaches can be initiated from within an organization, and many take advantage of human errors This section describes how to minimize the risk of break-ins by communicating with and managing the users in your organization via a thoroughly... occurring, as described earlier in this chapter After risks are identified, the security coordinator should assign one person the responsibility for addressing that threat Security Policy Content After your risks are identified and responsibilities for managing them are assigned, the policy’s outline should be generated with those risks in mind Some subheadings for the policy might include the following:... vulnerable to eavesdropping at a building’s demarcation point (demarc), at a remote switching facility, or in a central office Network hubs broadcast traffic over the entire segment, thus making transmissions more widely vulnerable to sniffing (By contrast, switches provide logical point-topoint communications, which limit the availability of data transmissions to the sending and receiving nodes.) Unused . engineering, because it involves manipulating social relationships to gain access. This and other risks associated with people are included in the follow- ing list: ◆ Intruders or attackers using. social engineering or snooping to obtain user passwords ◆ An administrator incorrectly creating or configuring user IDs, groups, and their associated rights on a file server, resulting in file. browsing the Web. Some sites will capture that information to use when attempting to break into systems. Bear in mind that hackers are cre- ative and typically revel in devising new ways of breaking