![](/user_photo/2706_HbeT2.jpg)
Network Plus 2005 In Depth
.pdf![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF591x1.jpg)
562 Chapter 12 TROUBLESHOOTING NETWORK PROBLEMS
Network Monitor—A network monitoring program that comes with Windows Server 2003 (as well as with Windows NT and Windows 2000 Server).
ohmmeter—A device used to measure resistance in an electrical circuit.
optical time domain reflectometer—See OTDR.
OTDR (optical time domain reflectometer)—A performance testing device for use with fiber-optic networks. An OTDR works by issuing a light-based signal on a fiber-optic cable and measuring the way in which the signal bounces back (or reflects) to the OTDR. By measuring the length of time it takes the signal to return, an OTDR can determine the location of a fault.
promiscuous mode—The feature of a network adapter that allows it to pick up all frames that pass over the network—not just those destined for the node served by the card.
protocol analyzer—A software package or hardware-based tool that can capture and analyze data on a network. Protocol analyzers are more sophisticated than network monitoring tools, as they can typically interpret data up to Layer 7 of the OSI Model.
runt—A packet that is smaller than the medium’s minimum packet size. For instance, any Ethernet packet that is smaller than 64 bytes is considered a runt.
site selection—The process of determining optimal locations for access points on a wireless network.
spectrum analyzer—A tool that assesses the characteristics (for example, frequency, amplitude, and the effects of interference) of wireless signals.
supported services list—A document that lists every service and software package supported within an organization, plus the names of firstand second-level support contacts for those services or software packages.
TDR (time domain reflectometer)—A high-end instrument for testing the qualities of a cable. It works by issuing a signal on a cable and measuring the way in which the signal bounces back (or reflects) to the TDR. Many performance testers rely on TDRs.
time domain reflectometer—See TDR.
tone generator—A small electronic device that issues a signal on a wire pair. When used in conjunction with a tone locator, it can help locate the termination of a wire pair.
tone locator—A small electronic device that emits a tone when it detects electrical activity on a wire pair. When used in conjunction with a tone generator, it can help locate the termination of a wire pair.
voltmeter—A device used to measure voltage (or electrical pressure) on an electrical circuit.
![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF592x1.jpg)
REVIEW QUESTIONS |
Chapter 12 563 |
Review Questions
1._________________________ assign unique identifying numbers to each problem, in addition to identifying the caller, the nature of the problem, the time necessary to resolve it, and the nature of the resolution.
a.Call tracking systems
b.Jabbers
c.NETMONs
d.TDRs
2.A _________________________ is a software-based tool that continually monitors network traffic from a server or workstation attached to the network.
a.change management system
b.jabber
c.network monitor
d.call tracking system
3.A _________________________ is a record of how the network operates under normal conditions.
a.ghost
b.runt
c.fox and hound
d.baseline
4.Which of the following is a device that handles electrical signals improperly, usually affecting the rest of the network?
a.Runt
b.Ghost
c.Jabber
d.Giant
5.A _________________________ is a tool that can be used to assess the quality of a wireless signal.
a.runt
b.spectrum analyzer
c.jabber
d.protocol analyzer
![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF593x1.jpg)
564Chapter 12 TROUBLESHOOTING NETWORK PROBLEMS
6.True or false? The time frequency with which a problem occurs can reveal subtle network problems.
7.True or false? An excellent way to learn more about the causes of a problem is to recreate the symptoms.
8.True or false? Physical connectivity problems typically result in software application anomalies, the inability to use a single application, poor network performance, and software licensing errors.
9.True or false? Whether you are a one-person network support team or one of 100 network technicians, you should always record the symptoms and cause (or causes) of a problem and your solution.
10.True or false? Any Ethernet packet that is larger than 64 bytes is considered a runt.
11.A(n) _________________________ is a document that lists every service and software package supported within an organization, plus the names of firstand secondlevel support contacts for those services or software packages.
12.A(n) _________________________ is a process or program that provides support personnel with a centralized means of documenting changes to the network.
13.A(n) _________________________ cable is useful for quickly and easily verifying that a node’s NIC is transmitting and receiving signals properly.
14.A(n) _________________________ is a device that emits a tone when it detects electrical activity on a wire pair.
15.Resistance is measured in _________________________.
![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF594x1.jpg)
Chapter 13
Ensuring Integrity
and Availability
After reading this chapter and completing the exercises, you will be able to:
■Identify the characteristics of a network that keep data safe from loss or damage
■Protect an enterprise-wide network from viruses
■Explain networkand system-level fault-tolerance techniques
■Discuss issues related to network backup and recovery strategies
■Describe the components of a useful disaster recovery plan and the options for disaster contingencies
![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF595x1.jpg)
As networks take on more of the burden of transporting and storing a day’s work, you must pay increasing attention to the risks involved. You can never assume that data is safe on the network until you have taken explicit measures to protect the information. In this book,
you have learned about building scalable, reliable enterprise-wide networks as well as selecting the most appropriate hardware and network operating systems to operate your network. But all the best equipment and software cannot ensure that server hard drives will never fail or that a malicious employee won’t sabotage your network.
Methods for protecting data evolve quickly as networks change and new threats, such as computer viruses, are released. This chapter provides a broad overview of measures that you can take to ensure that your data remain safe. The far-reaching topic of network security is covered in the next chapter.
What Are Integrity and Availability?
NET+ |
Before learning how to ensure integrity and availability, you should fully understand what |
3.11these terms mean. Integrity refers to the soundness of a network’s programs, data, services, devices, and connections. To ensure a network’s integrity, you must protect it from anything that might render it unusable. Closely related to the concept of integrity is availability. Availability of a file or system refers to how consistently and reliably it can be accessed by authorized personnel. For example, a server that allows staff to log on and use its programs and data 99.99% of the time is considered to be highly available, whereas one that is functional only 98% of the time is less available. To ensure high availability, you need a well-planned and wellconfigured network, as well as data backups, redundant devices, and protection from malicious intruders who could potentially immobilize the network.
A number of phenomena may compromise both integrity and availability, including security breaches, natural disasters (such as tornadoes, floods, hurricanes, and ice storms), malicious intruders, power flaws, and human error. Every network administrator should consider these possibilities when designing a sound network. You can readily imagine the importance of integrity and availability of data in a hospital, for example, in which the network stores patient records and also provides quick medical reference material, video displays for surgical cameras, and perhaps even control of critical care monitors.
If you have ever supported computer users, you know that they sometimes unintentionally harm data, applications, software configurations, or even hardware. Networks may also be intentionally harmed by users unless network administrators take precautionary measures and pay regular, close attention to systems and networks so as to protect them. This section reminds you of commonsense approaches to data integrity and availability. Later in this chapter, you will learn about more specific or formal (and potentially more expensive) approaches to data protection.
![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF596x1.jpg)
WHAT ARE INTEGRITY AND AVAILABILITY? |
Chapter 13 567 |
NET+ |
Although you can’t predict every type of vulnerability, you can take measures to guard against |
3.11most damaging events. Following are some general guidelines for protecting your network:
Allow only network administrators to create or modify NOS and application system files.
Pay attention to the rights assigned to regular users (including the groups “users” or “everyone” and the user name “guest”). Bear in mind that the worst consequence of applying overly stringent file restrictions is an inconvenience to users. In contrast, the worst consequence of applying overly lenient file restrictions could be a failed network.
Monitor the network for unauthorized access or changes. You can install programs that routinely check whether and when the files you’ve specified (for example, server.exe on a NetWare server) have changed. Such monitoring programs are typically inexpensive and easy to customize. They may even enable the system to page or e-mail you when a system file changes.
Record authorized system changes in a change management system. You have learned about the importance of change management when troubleshooting networks. Routine changes should also be documented in a change management system. Recording system changes enables you and your colleagues to understand what’s happening to your network and protect it from harm. For example, suppose that the remote access service on a Linux server has stopped accepting connections. Before taking troubleshooting steps that may create more problems and further reduce the availability of the system, you could review the change management log. It might indicate that a colleague recently installed an update to the Linux NOS. With this information in hand, you could focus on the update as a likely source of the problem.
Install redundant components. The term redundancy refers to an implementation in which more than one component is installed and ready to use for storing, processing, or transporting data. Redundancy is intended to eliminate single points of failure. To maintain high availability, you should ensure that critical network elements, such as your connection to the Internet or your file server’s hard disk, are redundant. Some types of redundancy—for example, redundant sources of electrical power for a build- ing—require large investments, so your organization should weigh the risks of losing connectivity or data against the cost of adding duplicate components.
Perform regular health checks on the network. Prevention is the best weapon against network downtime. By establishing a baseline and regular network monitoring, you can anticipate problems before they affect availability or integrity. For example, if your network monitor alerts you to rapidly rising utilization on a critical network segment, you can analyze the network to discover where the problem lies and perhaps fix it before it takes down the segment.
Check system performance, error logs, and the system log book regularly. By keeping track of system errors and trends in performance, you have a better chance of correcting problems before they cause a hard disk failure and potentially damage your system files. By default, all NOSs keep error logs (on a Linux server, for example, a file
![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF597x1.jpg)
![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF598x1.jpg)
VIRUSES |
Chapter 13 569 |
NET+ |
sends you over the Internet, promising that the executable will install a great new game, when |
3.10in fact it erases data on your hard disk or mails spam to all the users in your e-mail program’s address book.
In this section, you will learn about the different viruses and other malicious programs that may infect your network, their methods of distribution, and, most important, protection against them. Viruses can infect computers running any type of operating system—Macintosh, NetWare, Windows, Linux, or UNIX—at any time. As a network administrator, you must take measures to guard against them.
Types of Viruses
Many thousands of viruses exist, although only a relatively small number cause the majority of virus-related damage. Viruses can be classified into different categories based on where they reside on a computer and how they propagate themselves. Often, creators of viruses apply slight variations to existing viruses to make their version undetectable by antivirus programs. The result is a host of related, albeit different, viruses. The makers of antivirus software must then update their programs to recognize the new variations, and the virus creators may again alter their viruses to render them undetectable. This cycle continues, ad infinitum. No matter what their variation, all viruses belong to one of the following categories:
Boot sector viruses—Boot sector viruses position their code in the boot sector of a computer’s hard disk so that when the computer boots up, the virus runs in place of the computer’s normal system files. Boot sector viruses are commonly spread from external storage devices to hard disks. This may happen, for example, if a floppy disk is left in the drive when a computer boots up and the computer is configured to boot first from a floppy disk when a floppy disk is present (rather than from the hard disk). Boot sector viruses vary in their destructiveness. Some merely display a screen advertising the virus’s presence when you boot the infected computer. Others do not advertise themselves, but stealthily destroy system files or make it impossible for the file system to access at least some of the computer’s files. Examples of boot sector viruses include “POLYBOOT-B” (also known as “WYX.B” or “WYX-B”), “Michelangelo,” and the “Stoned” virus, which was widespread in the early 1990s (in fact, it disabled U.S. military computers during the 1991 Persian Gulf War), and persists today in many variations. Until you disinfect a computer that harbors a boot sector virus, the virus propagates to every external disk to which that computer writes information. Removing a boot sector virus first requires rebooting the computer from an uninfected, write-protected disk with system files on it. Only after the computer is booted from a source other than the infected hard disk can you run software to remove the boot sector virus.
Macro viruses—Macro viruses take the form of a macro (such as the kind used in a word processing or spreadsheet program), which may be executed as the user works with a program. For example, you might send a WordPerfect document as an attachment to an e-mail message. If that document contains a macro virus, when the recipient opens the document, the macro runs, and all future documents created or
![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF599x1.jpg)
![](/html/2706/228/html_o94enJg6hD.YBAR/htmlconvd-VcRsDF600x1.jpg)