1/28/2010 Network Plus Malware and Ensuring Availability.
-
Upload
albert-ryan -
Category
Documents
-
view
220 -
download
0
Transcript of 1/28/2010 Network Plus Malware and Ensuring Availability.
![Page 1: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/1.jpg)
1/28/20101/28/2010
Network Plus
Malware and Ensuring Availability
![Page 2: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/2.jpg)
Malware
• Program or code– Designed to intrude upon or harm system and
resources• Examples: viruses, Trojan horses, worms, bots• Virus
– Replicating program intent to infect more computers• Through network connections, exchange of external
storage devices
4
![Page 3: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/3.jpg)
Network+ Guide to Networks, 5th Edition 5
Types of Malware
• Categories based on location and propagation– Boot sector viruses– Macro Virus– File-infector virus– Worm– Trojan horse– Network Virus– Bot
![Page 4: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/4.jpg)
Malware Characteristics
– Encryption• Used by viruses, worms, Trojan horses• Thwart antivirus program’s attempts to detect it
– Stealth• Malware hides itself to prevent detection• Disguise themselves as legitimate programs, code
– Polymorphism• Change characteristics every time they transfer to new
system
– Time dependence• Programmed to activate on particular date• Can remain dormant, harmless until date arrives
6
![Page 5: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/5.jpg)
8
Malware Protection
• Install virus-scanning program or anti-malware software– Spyware vs Virus– Security Essentials from Microsoft
• Requires:– Choosing appropriate anti-malware program– Monitoring network– Continually updating anti-malware program– Educating users
• ZeroDay attack– First attacks made by virus or malware– Best defense is security policy and user training
![Page 6: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/6.jpg)
Malware Symptoms
• Malware leaves evidence– Some detectable only by anti-malware software– User viewable symptoms
• Unexplained file size increases• Significant, unexplained system performance decline• Unusual error messages• Significant, unexpected system memory loss• Periodic, unexpected rebooting• Display quality fluctuations
• Malware often discovered after damage done
Network+ Guide to Networks, 5th Edition 9
![Page 7: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/7.jpg)
Network+ Guide to Networks, 5th Edition 10
Malware Detection
• Minimal anti-malware functions– Detect malware through signature scanning
• Comparing file’s content with known malware signatures
– Detect malware through integrity checking• Comparing current file characteristics against archived
version
• Server Based• Client Based
![Page 8: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/8.jpg)
Network+ Guide to Networks, 5th Edition 14
Fault Tolerance
• Environment– Temperature– Protect from break-ins and natural disasters
• Power– UPS
• Redundancy– Virtual Machine Clusters
![Page 9: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/9.jpg)
Network+ Guide to Networks, 5th Edition 16
Power
• Blackout– Complete power loss
• Brownout– Temporary dimming of lights
• Causes– Forces of nature– Utility company maintenance, construction
• Solution– Alternate power sources
![Page 10: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/10.jpg)
Network+ Guide to Networks, 5th Edition 17
Power Flaws
• Not tolerated by networks• Types:
– Surge• Momentary increase in voltage
– Noise• Fluctuation in voltage levels
– Brownout• Momentary voltage decrease
– Blackout• Complete power loss
![Page 11: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/11.jpg)
Network+ Guide to Networks, 5th Edition 18
UPSs (Uninterruptible Power Supplies)
• Battery-operated power source• Directly attached to one or more devices• Attached to a power supply• Prevents
– Harm to device, service interruption
![Page 12: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/12.jpg)
Network+ Guide to Networks, 5th Edition 19
UPSs (cont’d.)
• Standby UPS (offline UPS)– Continuous voltage– Switch instantaneously to battery upon power loss– Restores power– Problems
• Time to detect power loss• Does not provide continuous power
![Page 13: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/13.jpg)
Network+ Guide to Networks, 5th Edition 20
UPSs (cont’d.)
• Online UPS– A/C power continuously charges battery– No momentary service loss risk– Handles noise, surges, sags
• Before power reaches attached device– More expensive than standby UPSs
• Number of factors to consider when choosing
![Page 14: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/14.jpg)
Network+ Guide to Networks, 5th Edition 22
Topology and Connectivity
• Before designing data links– Assess network’s needs
• Fault tolerance in network design– Supply multiple paths data
• Travel from any one point to another– LAN: star topology and parallel backbone
• Multiple network adapters• Mesh topology in switches -- STP
– SONET technology• Relies on dual, fiber-optic ring
![Page 15: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/15.jpg)
Network+ Guide to Networks, 5th Edition 25
Topology and Connectivity (cont’d.)
• Failover capable or hot swappable components– Desired for switches or routers supporting critical links
• Load balancing– Automatic traffic distribution to optimize response
• Over multiple links or processors
• Virtualization– Provides for failover and load balancing by allowing virtual
machines to be moved between hosts based on loads.– In event of host failure, virtual machine may be migrated to
another host
![Page 16: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/16.jpg)
Network+ Guide to Networks, 5th Edition 26
Topology and Connectivity (cont’d.)
Figure 14-5 Fully redundant T1 connectivity
![Page 17: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/17.jpg)
Network+ Guide to Networks, 5th Edition 29
Clustering
• Referred to as High Availability solution• Links multiple servers together
– Act as single server• Clustered servers share processing duties
– Appear as single server to users• Failure of one server
– Others take over• Used with virtualization
![Page 18: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/18.jpg)
Network+ Guide to Networks, 5th Edition 31
RAID (Redundant Array of Independent [or Inexpensive] Disks)
• Collection of disks– Provide shared data, application fault tolerance
• Disk array (drive)– Group of hard disks
• RAID drive (RAID array)– Collection of disks working in a RAID configuration– Single logical drive
![Page 19: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/19.jpg)
Network+ Guide to Networks, 5th Edition 32
RAID (cont’d.)
• Hardware RAID– Set of disks, separate disk controller– RAID array managed exclusively by RAID disk
controller• Attached to server through server’s controller interface
• Software RAID– Software implements, controls RAID techniques
• Any hard disk type– Less expensive (no controller, disk array)– Performance rivals hardware RAID
![Page 20: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/20.jpg)
Network+ Guide to Networks, 5th Edition 33
RAID (cont’d.)
• RAID Level 0 - Disk Striping– Simple RAID implementation– Data written in 64-KB blocks equally across all disks– Not fault-tolerant– Does not provide true redundancy– Best RAID performance (in this chapter)
• Uses multiple disk controllers
![Page 21: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/21.jpg)
Network+ Guide to Networks, 5th Edition 34
RAID (cont’d.)
Figure 14-6 RAID level 0 - disk striping
![Page 22: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/22.jpg)
Network+ Guide to Networks, 5th Edition 35
RAID (cont’d.)
• RAID Level 1- Disk Mirroring– Disk mirroring provides redundancy
• Data from one disk copied automatically to another disk– Dynamic data backup
• Data continually saved to multiple locations– Advantages
• Simplicity, automatic and complete data redundancy– Disadvantages
• Cost of two controllers, software for mirroring
![Page 23: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/23.jpg)
Network+ Guide to Networks, 5th Edition 36
RAID (cont’d.)
Figure 14-7 RAID level 1 - disk mirroring
![Page 24: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/24.jpg)
RAID (cont’d.)
• RAID Level 5 - Disk Striping with Distributed Parity– Most popular data storage technique– Data written in small blocks across several disks– Parity error checking information distributed among
disks
Network+ Guide to Networks, 5th Edition 37
![Page 25: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/25.jpg)
Network+ Guide to Networks, 5th Edition 38
RAID (cont’d.)
Figure 14-9 RAID level 5 - disk striping with distributed parity
![Page 26: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/26.jpg)
39
RAID 10
• Combines Raid 0 and Raid 1
![Page 27: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/27.jpg)
Network+ Guide to Networks, 5th Edition 40
NAS (Network Attached Storage)
• Specialized storage device, storage device group– Provides centralized fault-tolerant data storage
• Difference from RAID– Maintains own interface to LAN
• Allows for clustering– Shared by virtual machines
![Page 28: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/28.jpg)
Network+ Guide to Networks, 5th Edition 42
NAS (cont’d.)
Figure 14-10 Network attached storage on a LAN
![Page 29: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/29.jpg)
Network+ Guide to Networks, 5th Edition 43
SANs (Storage Area Networks)
• Distinct networks of storage devices• Often use Fiber• Communicate directly
– With each other, other networks• Multiple storage devices
– Connected to multiple, identical servers
![Page 30: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/30.jpg)
Network+ Guide to Networks, 5th Edition 44
Figure 14-11 A storage area network
![Page 31: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/31.jpg)
Network+ Guide to Networks, 5th Edition 45
Data Backup
• Backup– Copies of data or program files
• Created for archiving, safekeeping– Store off site
• Many backup options available– Performed by different software and hardware– Use different storage media types
• Tape, Optical, External Disk, Network
• Can be controlled by NOS utilities, third-party software
![Page 32: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/32.jpg)
Backup Strategy
• Backup methods use archive bit– Full backup
• All data copied• Uncheck archive bits
– Incremental backup• Copy data changed since last full, incremental backup• Uncheck archive bits
– Differential backup• Copy only data changed since last backup• All data marked for subsequent backup• Does not uncheck archive bits
Network+ Guide to Networks, 5th Edition 52
![Page 33: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/33.jpg)
Network+ Guide to Networks, 5th Edition 53
Backup Strategy (cont’d.)
• Grandfather-Father-Son– Uses backup sets
• Daily (son)• Weekly (father)• Monthly (grandfather)
![Page 34: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/34.jpg)
Network+ Guide to Networks, 5th Edition 56
Disaster Recovery Contingencies• Cold site
– Components necessary to rebuild network exist• Not appropriately configured, updated, or connected
• Warm site– Components necessary to rebuild network exist
• Some appropriately configured, updated, and connected
• Hot site– Components necessary to rebuild network exist
• All are appropriately configured, updated, and connected
• Match network’s current state
![Page 35: 1/28/2010 Network Plus Malware and Ensuring Availability.](https://reader036.fdocuments.us/reader036/viewer/2022062309/5697bfbd1a28abf838ca2373/html5/thumbnails/35.jpg)
Network+ Guide to Networks, 5th EditionNetwork+ Guide to Networks, 5th Edition
The End