Section 13.1 • Describe the role of SNMP in network management • Demonstrate how user and group accounts are used • Section 13.2 • Demonstrate how log files can be used to resolve problems • Explain common backup strategies • List tasks to be performed to properly maintain computer systems
Section 13.3 • Execute simple Windows and Linux script commands • Identify how script files can be used in a network environment • Explain the roles of the shell and the kernel in an operating system • Section 13.4 • Identify common methods of securing network data • Create a network security plan
pp. 370-375 The Basics of Managing Networks 13.1 Guide to Reading Main Ideas SNMP-compliant devices can store and communicate information about themselves. Individual users can be added to groups, and groups can be assigned to resource permissions to make access management easier. Key Terms Simple Network Management Protocol (SNMP) Management Information Base (MIB) username account policies permissions
pp. 370-375 The Basics of Managing Networks 13.1 Managing Equipment and SNMP The Simple Network Management Protocol (SNMP) was designed to allow devices to store this information in a database called a Management Information Base (MIB). This information can then be retrieved by special applications known as SNMP management applications. Simple Network Management Protocol (SNMP) A protocol that allows a device on the network to store information about itself, then return that information when asked. SNMP-compliant devices are able to store information about themselves. (p. 370) Management Information Base (MIB) A database in which information about an SNMP device, called an agent, is stored. (p. 370)
pp. 370-375 The Basics of Managing Networks 13.1 Managing People Users are network resources that must be managed. At the network level, user access to resources is carefully defined. For example, only certain individuals might be allowed to create files within a certain folder on the network. Anyone else attempting to create a file there gets an access denied message.
pp. 370-375 The Basics of Managing Networks 13.1 Managing People An account must be created for a user before that user can log on to the network. The user account also establishes the username and password. username A logon name that identifies a specific user on the network. (p. 372)
pp. 370-375 The Basics of Managing Networks 13.1 Managing People After the user account is established, permissions can be assigned. A network administrator may have an account policy that requires a secure, strong password. Permissions can be set on a per-user basis. However, it is less time-consuming for an administrator to assign permissions to groups of users simultaneously. account policy Acceptable user practices. (p. 373) permissions Also called security settings. Permissions determine the resources to which a user has access. (p. 373)
pp. 370-375 The Basics of Managing Networks 13.1 Managing People Groups are used to assign network access permission to many users at a time. Most of the time, a group’s boundaries is a department. For example, users in the Computer Aided Drafting (CAD) department could be formed into a CAD Users group.
pp. 370-375 The Basics of Managing Networks 13.1 You Try It • Activity 13A – Viewing Permissions Settings (p. 374)
pp. 377-382 Networking Monitoring & Maintenance 13.2 Guide to Reading Main Ideas Log files and auditing tools are used to monitor networks. Proper maintenance of systems includes caring for the physical well-being, as well as upgrading hardware and software. Data should be backed up regularly. Key Terms log file auditing replication uninterruptible power supply (UPS)
pp. 377-382 Networking Monitoring & Maintenance 13.2 Basics of Network Monitoring When a system develops problems, log files often serve as the first source of diagnostic information. A boot log file is created when a system boots. A log file created by a firewall application can help identify the IP address of a hacker trying to access the system. log file A simple text file that records information about the device, system, or application. (p. 377)
pp. 377-382 Networking Monitoring & Maintenance 13.2 Basics of Network Monitoring • Network auditing can return information about the hardware and software on the network. • System audits are performed for several reasons, including: • verify software licenses are being used illegally • record what software is in use throughout the network • Inventory hardware on a network • prepare readiness reports prior to upgrading hardware or software auditing The process of examining and verifying information. (p. 379)
pp. 377-382 Networking Monitoring & Maintenance 13.2 Scheduled Maintenance and Upgrades • Important maintenance software and hardware tasks: • Keep virus definitions up-to-date. • Defragment the hard drive. • Check the case for dust and other debris once per month. • Ensure computers are plugged into a surge protector. • Servers and other essential systems should be connected to an uninterruptible power supply (UPS) device. uninterruptible power supply (UPS) A large rechargeable battery that provides power to connected devices for a period of time if main electrical power goes out. (p. 381)
pp. 377-382 Networking Monitoring & Maintenance 13.2 Scheduled Maintenance and Upgrades The rule is simple: If you cannot get along without it, back it up.
pp. 377-382 Networking Monitoring & Maintenance 13.2 You Try It • Activity 13B – Viewing Dr. Watson Log Files (p. 378)
pp. 384-388 Basic Scripting 13.3 Guide to Reading Main Ideas Script files are often used as part of the boot and logon processes to control which resources are available to the user. Linux commands are interpreted by a shell and passed to the Linux kernel for execution. Key Terms script batch file kernel shell alias
pp. 384-388 Basic Scripting 13.3 Scripts to Manage Logon scripts often work in conjunction with the domain controller to determine the group to which a user belongs. Third-party scripting applications reduce the headache of creating scripts.
pp. 384-388 Basic Scripting 13.3 Windows Scripts Using Microsoft Active Directory, system administrators can assign individual users, or groups, a customized logon script. This allows a user to have network resources configured and available in whatever arrangement he or she needs. Scripts are simple text files, often stored with a “.bat” extension. This extension identifies the files as a batch file. batch file A file similar to a script—each line contains instructions that can be read and executed by the operating system. (p. 385)
pp. 384-388 Basic Scripting 13.3 Linux Scripts At the heart of the Linux OS is the Linux kernel. A shell is used as the interface from a human being to the kernel. kernel The part of a program that is responsible for allocating resources and communicating directly with the hardware. (p. 387) shell An interface from a human being to the kernel that provides commands that a user can execute on a processor. (p. 387)
pp. 384-388 Basic Scripting 13.3 Linux Scripts The shell provides commands that a user can execute. The shell then interprets the user-friendly command into a kernel-friendly command. The kernel then translates the command to something the processor understands.
pp. 384-388 Basic Scripting 13.3 Linux Scripts Commands in Linux often seem long and cryptic, especially to a Linux newbie, or beginner. Fortunately, these commands can be aliasedto something easier to remember. alias A shortcut method for using or writing a command. (p. 388)
pp. 384-388 Basic Scripting 13.3 Linux Scripts Here is an example that would be a great addition to a logon script: The first line creates (aliases) a new command, called “cdrom,” that executes the “mount /mnt/cdrom” command. The second line aliases the command “ucdrom” to unmount the drive. alias cdrom="mount /mnt/cdrom" alias ucdrom="umount /mnt/cdrom"
pp. 384-388 Basic Scripting 13.3 You Try It • Activity 13C – Working with Windows Batch Commands (p. 385)
pp. 389-392 Ensuring Network Security 13.4 Guide to Reading Main Ideas Network security is a serious responsibility and must always be maintained. Access permissions permit access to the resource. Network security incorporates firewalls, proxies, encryption, and frequent review of security logs. Computer viruses are malicious programs. Key Terms password-protected share access permission Network Address Translation (NAT) boot-sector virus file infector virus
pp. 389-392 Ensuring Network Security 13.4 Planning for Network Security • Maintaining network security requires a balance between facilitating easy access to data by authorized users and restricting access to data by unauthorized users. The network administrator creates this balance. • Four major threats to the security of data on a network are: • unauthorized access • electronic tampering • theft • intentional or unintentional damage
pp. 389-392 Ensuring Network Security 13.4 Security Models • Assigning permissions and rights to network resources are at the heart of securing the network. • Two security models have evolved for keeping data and hardware resources safe: • password-protected shares • access permissions password-protected share A security method for keeping data and hardware resources safe in which a password is assigned to each shared resource. In most peer-to-peer networks it is the only type of security available. (p. 390) access permission Access rights assigned to objects (such as files, folders, and printers) on a per-user basis. (p. 390)
pp. 389-392 Ensuring Network Security 13.4 Security Models This table outlines the major permissions available on Windows networks.
pp. 389-392 Ensuring Network Security 13.4 Security Enhancements • The network administrator can increase the level of security on a network by several means: • firewalls • proxies • auditing • encrypting data • Proxy servers also protect the network using a feature called Network Address Translation (NAT). Network Address Translation (NAT) A network method of shielding the internal IP addresses from the outside world by filtering outbound network traffic. (p. 392)
pp. 389-392 Ensuring Network Security 13.4 Computer Viruses • There are two categories of viruses: • boot-sector viruses • file infector viruses • Here is a list of the more common file infectors: • companion virus • macro virus • polymorphic virus • stealth virus boot-sector virus A virus that executes when the computer is booted. (p. 392) file infector A virus that attaches itself to a file or program and activates any time the file is used. (p. 392)
Chapter 13 Resources For more resources on this chapter, go to the Introduction to Networks and Networking Web site at http://networking.glencoe.com.