Section 13.1• Describe the role of SNMP in network management• Demonstrate how user and group accounts are used

Section 13.2• Demonstrate how log files can be used to resolve problems• Explain common backup strategies• List tasks to be performed to properly maintain computer systems

Section 13.3• Execute simple Windows and Linux script commands• Identify how script files can be used in a network environment• Explain the roles of the shell and the kernel in an operating system

Section 13.4• Identify common methods of securing network data• Create a network security plan

13.1pp. 370-375

Main Ideas

SNMP-compliant devices can store and communicate information about themselves. Individual users can be added to groups, and groups can be assigned to resource permissions to make access management easier.

Key Terms

Simple Network Management Protocol (SNMP)

Management Information Base (MIB)

username

account policies

permissions

Guide to Reading

The Basics of Managing Networks

13.1pp. 370-375

The Simple Network Management Protocol (SNMP) was designed to allow devices to store this information in a database called a Management Information Base (MIB).

This information can then be retrieved by special applications known as SNMP management applications.

Simple Network Management Protocol (SNMP) A protocol that allows a device on the network to store information about itself, then return that information when asked. SNMP-compliant devices are able to store information about themselves. (p. 370)

Management Information Base (MIB) A database in which information about an SNMP device, called an agent, is stored. (p. 370)

Managing Equipment and SNMP

The Basics of Managing Networks

13.1pp. 370-375

Managing People

Users are network resources that must be managed.

At the network level, user access to resources is carefully defined. For example, only certain individuals might be allowed to create files within a certain folder on the network. Anyone else attempting to create a file there gets an access denied message.

The Basics of Managing Networks

13.1pp. 370-375

An account must be created for a user before that user can log on to the network.

The user account also establishes the username and password.

username A logon name that identifies a specific user on the network. (p. 372)

Managing People

The Basics of Managing Networks

13.1pp. 370-375

After the user account is established, permissions can be assigned.

A network administrator may have an account policy that requires a secure, strong password.

Permissions can be set on a per-user basis. However, it is less time-consuming for an administrator to assign permissions to groups of users simultaneously.

account policy Acceptable user practices. (p. 373)

permissions Also called security settings. Permissions determine the resources to which a user has access. (p. 373)

Managing People

The Basics of Managing Networks

13.1pp. 370-375

Managing People

Groups are used to assign network access permission to many users at a time.

Most of the time, a group’s boundaries is a department.

For example, users in the Computer Aided Drafting (CAD) department could be formed into a CAD Users group.

The Basics of Managing Networks

13.1pp. 370-375

You Try It

• Activity 13A – Viewing Permissions Settings (p. 374)

The Basics of Managing Networks

13.2pp. 377-382

Main Ideas

Log files and auditing tools are used to monitor networks. Proper maintenance of systems includes caring for the physical well-being, as well as upgrading hardware and software. Data should be backed up regularly.

Key Terms

log file

auditing

replication

uninterruptible power supply (UPS)

Guide to Reading

Networking Monitoring & Maintenance

13.2pp. 377-382

When a system develops problems, log files often serve as the first source of diagnostic information.

A boot log file is created when a system boots.

A log file created by a firewall application can help identify the IP address of a hacker trying to access the system.

log file A simple text file that records information about the device, system, or application. (p. 377)

Basics of Network Monitoring

Networking Monitoring & Maintenance

13.2pp. 377-382

Network auditing can return information about the hardware and software on the network.

System audits are performed for several reasons, including: • verify software licenses are being used illegally• record what software is in use throughout the network• Inventory hardware on a network• prepare readiness reports prior to upgrading hardware or software

auditing The process of examining and verifying information. (p. 379)

Basics of Network Monitoring

Networking Monitoring & Maintenance

13.2pp. 377-382

Important maintenance software and hardware tasks:

• Keep virus definitions up-to-date. • Defragment the hard drive.• Check the case for dust and other debris once per month.• Ensure computers are plugged into a surge protector.• Servers and other essential systems should be connected to an uninterruptible power supply (UPS) device.

uninterruptible power supply (UPS) A large rechargeable battery that provides power to connected devices for a period of time if main electrical power goes out. (p. 381)

Scheduled Maintenance and Upgrades

Networking Monitoring & Maintenance

13.2pp. 377-382

Scheduled Maintenance and Upgrades

The rule is simple: If you cannot get along without it, back it up.

Networking Monitoring & Maintenance

13.2pp. 377-382

You Try It

• Activity 13B – Viewing Dr. Watson Log Files (p. 378)

Networking Monitoring & Maintenance

13.3pp. 384-388

Main Ideas

Script files are often used as part of the boot and logon processes to control which resources are available to the user. Linux commands are interpreted by a shell and passed to the Linux kernel for execution.

Key Terms

script

batch file

kernel

shell

alias

Guide to Reading

Basic Scripting

13.3pp. 384-388

Scripts to Manage

Logon scripts often work in conjunction with the domain controller to determine the group to which a user belongs.

Third-party scripting applications reduce the headache of creating scripts.

Basic Scripting

13.3pp. 384-388

Using Microsoft Active Directory, system administrators can assign individual users, or groups, a customized logon script. This allows a user to have network resources configured and available in whatever arrangement he or she needs.

Scripts are simple text files, often stored with a “.bat” extension. This extension identifies the files as a batch file.

batch file A file similar to a script—each line contains instructions that can be read and executed by the operating system. (p. 385)

Windows Scripts

Basic Scripting

13.3pp. 384-388

At the heart of the Linux OS is the Linux kernel. A shell is used as the interface from a human being to the kernel.

kernel The part of a program that is responsible for allocating resources and communicating directly with the hardware. (p. 387)

shell An interface from a human being to the kernel that provides commands that a user can execute on a processor. (p. 387)

Linux Scripts

Basic Scripting

13.3pp. 384-388

The shell provides commands that a user can execute. The shell then interprets the user-friendly command into a kernel-friendly command. The kernel then translates the command to something the processor understands.

Linux Scripts

Basic Scripting

13.3pp. 384-388

Commands in Linux often seem long and cryptic, especially to a Linux newbie, or beginner.

Fortunately, these commands can be aliased to something easier to remember.

alias A shortcut method for using or writing a command. (p. 388)

Linux Scripts

Basic Scripting

alias cdrom="mount /mnt/cdrom"alias ucdrom="umount /mnt/cdrom"

13.3pp. 384-388

Linux Scripts

Basic Scripting

Here is an example that would be a great addition to a logon script:

The first line creates (aliases) a new command, called “cdrom,” that executes the “mount /mnt/cdrom” command. The second line aliases the command “ucdrom” to unmount the drive.

13.3pp. 384-388

You Try It

• Activity 13C – Working with Windows Batch Commands

(p. 385)

Basic Scripting

13.4pp. 389-392

Main Ideas

Network security is a serious responsibility and must always be maintained. Access permissions permit access to the resource. Network security incorporates firewalls, proxies, encryption, and frequent review of security logs. Computer viruses are malicious programs.

Key Terms

password-protected shareaccess permissionNetwork Address Translation (NAT)boot-sector virusfile infector virus

Guide to Reading

Ensuring Network Security

13.4pp. 389-392

Planning for Network Security

Maintaining network security requires a balance between facilitating easy access to data by authorized users and restricting access to data by unauthorized users. The network administrator creates this balance.

Four major threats to the security of data on a network are:

• unauthorized access

• electronic tampering

• theft

• intentional or unintentional damage

Ensuring Network Security

13.4pp. 389-392

Assigning permissions and rights to network resources are at the heart of securing the network.

Two security models have evolved for keeping data and hardware resources safe:

• password-protected shares• access permissions

password-protected share A security method for keeping data and hardware resources safe in which a password is assigned to each shared resource. In most peer-to-peer networks it is the only type of security available. (p. 390)

access permission Access rights assigned to objects (such as files, folders, and printers) on a per-user basis. (p. 390)

Security Models

Ensuring Network Security

13.4pp. 389-392

Security Models

This table outlines the major permissions available on Windows networks.

Ensuring Network Security

13.4pp. 389-392

The network administrator can increase the level of security on a network by several means:

• firewalls• proxies• auditing• encrypting data

Proxy servers also protect the network using a feature called Network Address Translation (NAT).

Network Address Translation (NAT) A network method of shielding the internal IP addresses from the outside world by filtering outbound network traffic. (p. 392)

Security Enhancements

Ensuring Network Security

13.4pp. 389-392

There are two categories of viruses:

• boot-sector viruses

• file infector viruses

Here is a list of the more common file infectors:

• companion virus

• macro virus

• polymorphic virus

• stealth virus

boot-sector virus A virus that executes when the computer is booted. (p. 392)

file infector A virus that attaches itself to a file or program and activates any time the file is used. (p. 392)

Computer Viruses

Ensuring Network Security

Resources

For more resources on this chapter, go to the Introduction to Networks and Networking Web site at http://networking.glencoe.com.

Chapter 13