Site hosted by Angelfire.com: Build your free website today!

Lectures

Principles
Home

Essentials
Home

    Network Administration


    Network administration includes several interrelated areas. For example, it includes:
      User Accounts
      Group Accounts
      User Rights
      Resource Permissions
      Security
      Data protection

    Accounts
    A user account is a collection of information known about an individual user, includies:

      an account name,
      associated password and
      a set of rights to perform specific actions
    A group account is a named collection of user accounts.
    Usually created to organize people or resources.

    Rights and Permissions

      Rights deal with User functionality.
      Permissions deal with resourcesaccess.
      Can be granted to individual user accounts or to groups.
      Are cumulative, in NT the widest-reaching permission normally has priority.

    Account Management

      Users should be able to access everything that they need but nothing else.
    Using an account called "Administrator", is not considered good practice.
      Create a new account with administrator privileges then disable the administrator account.

    Use the 'User Manager for Domains' (UM Utility) to change user passwords.

    Password Issues

      Can the users change them?
      How many characters should they be?
      Should failed logon result in an account lockout.?
      When should users be forced to change them?
      Length?
      Strong?

    NT Account Security

      NT passwords are case sensitive.
      Logon days and hours can be restricted.
      Certain actions, such as logons, and object access, can be audited .

    Group Accounts

      Groups can be local or global
      Local Groups exist exclusively in the local domain.
      Global Groups can access resources across domains.

    Managing Group Accounts

      Rights and users can be assigned to groups.
      Global groups can include individual users.
      Local groups can include individual users and global groups.

    Trust Relationships

      Construct used to facilitate cross domain resource allocation.
      An arrangement in which one domain permits members of another domain to access its resources.
      One way relationship.

    Disabling and Deleting User Accounts

      A disabled account retains its rights and permissions in an inactive manner.
      A deleted account' rights and permissions are gone.

    For a new user, you can copy or rename an existing account.

    Maintaining Network Performance

      Parameters that require monitoring include
        Server data read and written
        Queued commands.
        On Ethernet, the number of collisions per second.
        Security errors.
        Connections maintained to other devices.
        Network performance.
        System Management
        Hard Drive Performance
        Bytes read from and written to the server.
        Space available.
        Memory Use
        Hard Page Faults

    Maintain a Network History

      Establish a performance baseline
      Tension between too much and too little data

    Managing Network Security
    Three elements.

      One, keeping data safe
      including being able to replace data if its lost.
      Two, maintaining data integrity
      Three, mainting appropriate data access

    Threat identification. Questions include:

      What am I trying to protect?
      Whom or what do I need to protect data from?
      How likely is it that this threat will manifest itself?
      What is the cost of breached security?

    Security Models

      Two basic security models
        Share oriented security
      The security information is attached to the object itself.
        User oriented security

    Every object has an Access Control List (ACL) attached which represents Access Control Entries (ACE) that determine which accounts can access the object.

    NT security is user orientated.

    Tape Backup

      Backups are the most obvious form of data security and tape backups are a favorite method of creating them.

    Five types of backups.

      Full (All files.)
      Incremental (All files changed since last full or incremental backup)
      Differential (All files changed since last full backup.)
      Copy (Selected files with resetting archive bit.)
      Daily (All files changed that day.)
    Uninterruptible Power Supply (UPS)
      A UPS has a built in battery, power conditioning and surge protection
      Devices, such as laser printers, can overload a UPS.
      An overload UPS may shut down without a power surge.

    Fault Tolerance

      Defined as the ability to continue to function after a failure.

    Disk Mirroring

      Disk mirroring involves setting up a second disk drive on the same controller.
      The second drive contains the same information as the original.
      If a second controller is installed along with the second drive, it is called disk duplexing.
      Represent degrees of fault tolerance.

    Disk Striping with Parity

      In this fault tolerant configuration, a disk array (minimum three physical drives) is treated as a single logical drive.
      Also known as RAID Level 5.
      Creates the highest level of fault tolerance.