IN THE NAME OF ALMIGHTY ALLAH

1-Network Implementation
Identify the basic capabilities (For example: client support, interoperability,
authentication, file and print services, application support and security) of the following
server operating systems to access network resources:

> UNIX / Linux

The UNIX operating systems are built around the TCP/IP protocols, and while all have
certain similarities, they vary greatly in their capabilities. This is due to the variations in the
additional software included with the operating system and the commercial (or non-
commercial) nature of the various products. Some UNIX variants are commercial products
marketed by large software companies, such as Hewlett Packard, Sun Microsystems, and
IBM. Others are developed and maintained as part of the open source movement, in which
volunteer programmers work on the software in their spare time, usually communicating with
their colleagues over the Internet, and freely releasing their work to the public domain. There
are many different UNIX operating systems that you can download from the Internet free of
charge, such as FreeBSD, NetBSD, and various forms of Linux.

UNIX is primarily an application server platform, and is typically associated with Internet
services, such as Web, FTP, and e-mail servers. As with Windows, UNIX systems can
function as both servers and clients at the same time.

Interoperability

Open source software such as SAMBA is used to provide Windows users with Server
Message Block (SMB) file sharing.

Authentication

Centralized login authentication

File and Print Services

Network File System (NFS) is a distributed file system that allows users to access files and
directories located on remote computers and treat those files and directories as if they were
local.

LPR/LPD is the primary UNIX printing protocol used to submit jobs to the printer. The LPR
component initiates commands such as "print waiting jobs," "receive job," and "send queue
state," and the LPD component in the print server responds to them.

Security

With most Unix operating systems, the network services can be individually controlled to
increase security.

1
> MAC OS X Server

Client Support

TCP/IP file sharing with Macintosh clients using Network File System (NFS), and File
Transfer Apple File Protocol 3.0

Interoperability

Mac OS X Server uses the Open Source SAMBA to provide Windows users with Server
Message Block (SMB) file sharing. Network File System (NFS) lets you make folders
available to UNIX and Linux users.

File and Print Services

Mac OS X Server provides support for native Macintosh, Windows, UNIX, and Linux file
sharing. Protocols supported include:

• Apple file services (AFP 3.0) from any AppleShare client over TCP/IP
• Windows (SMB/CIFS) file sharing using Samba
• Network File System (NFS) for UNIX and Linux file access
• Internet (FTP)

Built-in print services can spool files to any PostScript-capable printer over TCP/IP,
AppleTalk, or USB. Macintosh customers can use the LPR support in Print Center or the
Desktop Printer utility to connect to a shared printer. Windows users can use their native
SMB/CIFS protocol to connect to a shared printer.

Print services for OS X Server

Macintosh and UNIX (LPR/LPD)

Windows (SMB/CIFS)

Security

• Multiple-user architecture and user-level access privileges.

• Secure Sockets Layer (SSL) support provides encrypted and authenticated
client/server communications.
• Secure Shell (SSH) provides encryption and authentication for secure remote
administration.
• Kerberos support for centralized login authentication.

2
> Netware

NetWare 5

Client Support

NetWare 5 comes with Novell Client software for three client platforms: DOS and Windows
3.1x, Windows 95/98, and Windows NT.

Interoperability

You can set the Novell Clients for Windows 95/98 and Windows NT to work with one of
three network protocol options: IP only, IP and IPX, or IPX only.

Authentication

Centralized login authentication

File and Print Services

File Services NetWare offers two choices of mutually compatible file services: Novell
Storage Services (NSS) and the traditional NetWare File System. Both kinds of file services
let you store, organize, manage, access, and retrieve data on the network.

NSS gathers all unpartitioned free space that exists on all the hard drives connected to your
server, together with any unused space in NetWare volumes, and places it into a storage pool.
You create NSS volumes from this storage pool during server installation or later through
NWCONFIG.

Novell Distributed Print Services (NDPS) is the default and preferred print system in
NetWare. NDPS supports IP-based as well as IPX-based printing.

Security

Novell has support for a public key infrastructure built into NetWare 5 using a public
certificate, developed by RSA Security.

> Windows

Windows 2000 Server:

Client Support

Windows 3.x, Windows 95, Windows 98, and Windows NT Workstation 4.0.

Interoperability

Windows 2000 Server supports UNIX, Novell NetWare, Windows NT Server 4.0, and
Macintosh.

3
Authentication

Successful user authentication in a Windows 2000 computing environment consists of two

separate processes: interactive logon, which confirms the user's identification to either a
domain account or a local computer, and network authentication, which confirms the user's
identification to any network service that the user attempts to access.

Types of authentication that Windows 2000 supports are:

Kerberos V5 is used with either a password or a smart card for interactive logon. It is also the
default method of network authentication for services.The Kerberos V5 protocol verifies both
the identity of the user and network services.

Secure Socket Layer/Transport Layer Security (SSL/TLS) authentication, is used when a user
attempts to access a secure Web server.

File and Print Services

You can add and maintain printers in Windows 2000 using the print administration wizard,
and you can add file shares using Active Directory management tools. Windows 2000 also
offers Distributed File Services, which let you combine files on more than one server into a
single share.

Security

User-level security protects shared network resources by requiring that a security provider
authenticate a user’s request to access resources. The domain controller , grants access to the
shared resource by verifying that the user name and password are the same as those on the
user account list stored on the network security provider. Because the security provider
maintains a network-wide list of user accounts and passwords, each client computer does not
have to store a list of accounts.

Share-level security protects shared network resources on the computer with individually
assigned passwords. For example, you can assign a password to a folder or a locally attached
printer. If other users want to access it, they need to type in the appropriate password. If you
do not assign a password to a shared resource, every user with access to the network can
access that resource.

> Appleshare IP (Internet Protocol)

Client Support

TCP/IP file sharing with Macintosh clients using Network File System (NFS), and File
Transfer Apple File Protocol 3.0.

Interoperability

Windows Server Message Block (SMB) file sharing.

4
File and Print Services

File Services:

• Apple Filing Protocol (AFP) over TCP/IP and AppleTalk

• Server Message Block (SMB) over TCP/IP
• File Transfer Protocol (FTP) over TCP/IP

Print Services:

• PAP (AppleTalk)
• LPR/LPD

Application Support

• HTTP
• Mail (SMTP, POP, IMAP and Authenticated Post Office Protocol APOP)
• Mac CGI

Identify the appropriate tool for a given wiring task (For example: wire crimper, media
tester / certifier, punch down tool or tone generator).

> Wire Crimper

A wire crimper is a tool that you use to attach media connectors to the ends of cables. For
instance, you use one type of wire crimper to attach RJ-45 connectors on Unshielded Twisted
Pair (UTP) cable, and you use a different type of wire crimper to attach Bayonet Neill
Concelman (BNCs) to coaxial cabling.

> Wire Map Testers

A wire map tester is a device that is similar in principle to the tone generator and locator,
except that it tests all the wire connections in a UTP cable at once. This device also consists
of two parts, which you connect to the opposite ends of a cable. The unit at one end transmits
signals over all the wires, which are detected by the unit at the other end. A wire map tester
can detect transposed wires, opens, and shorts, just as a tone generator and locator can, but it
does all the tests simultaneously and provides you with a simple readout telling you what's
wrong

> Multifunction Cable Testers

Multifunction cable testers are handheld devices, that perform a variety of tests on a cable
connection and compare the results to standard values that have been programmed into the
unit. The result is that these are devices that anyone can use. You simply connect the unit to
the cable, press a button, and the device comes up with a list of pass or fail ratings for the
individual tests.

5
Multifunction cable testers can test any of the following:

• Length The most common method for determining the length of a cable is called time
domain reflectometry (TDR), in which the tester transmits a signal over the cable and
measures how long it takes for the signal's reflection to return. Using the nominal
velocity of propagation (NVP) for the cable, which is the speed at which signals travel
through the cable (supplied by the manufacturer) you can compute the length of the
cable. This function also enables you to determine the location of a break in a cable.
• Attenuation By comparing the strength of a signal at the far end of a cable to its
strength when transmitted, the tester determines the cable's attenuation (measured in
decibels).
• Near end crosstalk (NEXT) Testing for near end crosstalk is a matter of transmitting
a signal over one of a cable's wires and then detecting the strength of the signal that
bleeds over into the other wires near the end of the cable where the transmitter is
located.
• Power sum NEXT (PSNEXT) This is a measurement of the crosstalk generated
when three of the four wire pairs are carrying signals at one time. This test is intended
for networks using technologies like Gigabit Ethernet, which transmit signals over
several wire pairs simultaneously.
• Equal level far end crosstalk (ELFEXT) This is a measurement of the crosstalk at
the opposite end of the cable from the transmitter, corrected to account for the amount
of attenuation in the connection.
• Power sum ELFEXT (PSELFEXT) This is a measurement of the crosstalk
generated at the far end of the cable by three signal-carrying wire pairs, corrected for
attenuation.
• Propagation delay This indicates the amount of time required for a signal to travel
from one end of a cable to the other.
• Delay skew This is the difference between the lowest and the highest propagation
delay measurements for the wires in a cable. Because the wire pairs inside a UTP
cable are twisted at different rates, their relative lengths can differ, and the delay skew
measurement quantifies that difference.
• Return loss This is a measurement of the accumulated signal reflection caused by
variations in the cable's impedance along its length. These impedance variations are
typically caused by untwisting too much of the wire pairs when making connections.

> Tone Generator

6
 One of the most basic ways to identify and
test a cable connection is to use a tone
generator and locator cable tester. The tone
generator is a device that you connect to a
cable at one end, and which transmits a
signal over the cable. The tone locator is a
separate device that has a probe capable of
detecting the generator's signal, either by
touching it to the conductor in the cable, or
simply by touching it to the insulation on the
outside of the cable. When the locator
detects the generator's signal, it emits an
audible tone. You can use this type of device
to test an entire cable, or to test the
individual wire connections inside a UTP cable.

Tone generators are most commonly used to identify the cable belonging to a particular
connection.

Example:

If you're performing an internal cable installation, and you forget to label one of your cables,
you can connect the tone generator at the wall plate end and touch the probe to each of the
cables at the patch panel end until you find the one that produces a tone.

You can also use a tone generator and locator to test the individual wire connections inside a
UTP cable.

1. Connect the generator to a single wire or connector contact using alligator clips
2. Then touch the locator to each wire or contact at the other end of the cable.

Using this method, you can test for any major wiring faults that affect internal UTP cable
installations.

Example:

• If you fail to detect a signal on the contact to which you have the generator connected
at the other end, you have an open circuit.
• If you detect a signal on the wrong contact, you have punched down the wires to the
wrong contacts.
• If you detect a signal on two or more wires, you have a short.

Tone generator and locator Pros:

• Simple to use
• Most inexpensive type of cable tester
• Useful for troubleshooting a single cable connection.

7
Tone generator and locator Cons:

• Testing each of the wires in a UTP cable individually is time consuming

• You also need two people to use the equipment, one at the generator end and one at
the locator end (unless you don't mind running back and forth from one end of your
cable connections to the other)

Identify the purpose, benefits and characteristics of using a firewall.

A firewall is used to prevent unauthorized access to or from a network. They are frequently
used to prevent unauthorized users from accessing private networks connected to the Internet,
especially intranets. All messages entering or leaving the intranet pass through the firewall,
which examines each message and blocks those that do not meet the specified security
criteria.

Firewall techniques:

• Packet filter looks at each packet entering or leaving the network and accepts or
rejects it based on user-defined rules.
• Application gateway applies security mechanisms to specific applications, such as
FTP and Telnet servers.
• Circuit-level gateway applies security mechanisms when a TCP or UDP connection is
established. Once the connection has been made, packets can flow between the hosts
without further checking.

Network layer firewalls

Network layer firewalls operate at a low level of the TCP/IP protocol stack as IP-packet
filters, not allowing packets to pass through the firewall unless they match the rules. The
firewall administrator may define the rules; or default built-in rules may apply.

Modern firewalls can filter traffic based on many packet attributes like:

• source IP address
• source port
• destination IP address or port
• destination service like WWW or FTP

They can also filter based on protocols, TTL values, netblock of originator, domain name of
the source, and many other attributes.

Application-layer firewalls

Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser
traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an
application. They block other packets without acknowledgement to the sender. Application
firewalls can prevent all unwanted outside traffic from reaching protected machines.

8
 Identify the purpose, benefits and characteristics of using a proxy service.

A proxy device that is running either on dedicated hardware or as software may act as a
firewall by responding to input packets in the manner of an application, whilst blocking other
packets.

The Proxy service sits between a client application, such as a web browser, and a real server.
When a client program makes a request, the proxy server responds by translating the request
and passing it to the Internet. When a computer on the Internet responds, the proxy server
passes that response back to the client program on the computer that made the request. The
proxy server computer has two network interfaces: one connected to the LAN and one
connected to the Internet.

The primary security features of Proxy Server are:

• It blocks inbound connections.

• LAN clients can initiate connections to Internet servers, but Internet clients cannot
initiate connections to LAN servers.
• It can restrict outbound connections.

2 Network Implementation

Given a connectivity scenario, determine the impact on network functionality of a

particular security implementation (For example: port blocking / filtering,
authentication and encryption).

> Port Blocking / Filtering

A network layer firewall works as a packet filter by deciding what packets will pass the
firewall according to rules defined by the administrator. Filtering rules can act on the basis of
source and destination address and on ports, in addition to whatever higher-level network
protocols the packet contains. Network layer firewalls tend to operate very fast, and
transparently to users.

Network layer firewalls generally fall into two sub-categories, stateful and stateless. Stateful
firewalls hold some information on the state of connections (for example: established or not,
initiation, handshaking, data or breaking down the connection) as part of their rules (e.g. only
hosts inside the firewall can establish connections on a certain port).

Stateless firewalls have packet-filtering capabilities but cannot make more complex decisions
on what stage communications between hosts have reached. Stateless firewalls therefore offer
less security. Stateless firewalls somewhat resemble a router in their ability to filter packets.

Any normal computer running an operating system which supports packet filtering and
routing can function as a network layer firewall. Appropriate operating systems for such a
configuration include Linux, Solaris, BSDs or Windows Server.

9
> Authentication

The process of identifying an individual, usually based on a username and password. In

security systems, authentication is distinct from authorization , which is the process of giving
individuals access to system objects based on their identity. Authentication merely ensures
that the individual is who he or she claims to be, but says nothing about the access rights of
the individual.

> Encryption

Encryption is part of a larger process of encoding and decoding messages to keep information
secure. This process, though commonly called encryption, is more correctly called
cryptography, is the use of mathematical transformations to protect data.

Cryptography is primarily a software-based solution and, in most cases, should not include
significant hardware costs. It is a key tool in protecting privacy as it allows only authorized
parties to view the data. Encryption is also used to ensure data integrity, as it protects data
from being modified or corrupted.

Identify the main characteristics of VLANs (Virtual Local Area Networks).

A Virtual LAN is a group of devices on one or more LANs that are configured using
management software so that they can communicate as if they were attached to the same
LAN segment, when in fact they are located on a number of different segments. Because
VLANs are based on logical instead of physical connections, they are more flexible.

For a computer to communicate with devices on different LAN segments other than the
segment it is located on, requires the use of a router. And as networks expand, more routers
are needed to separate users into broadcast and collision domains, and provide connectivity to
other LANs. Since routers add latency, this can result in the delay of data transfer over the
network.

Switches are used in VLANs to create the same division of the network into separate
broadcast domains, but without the latency problems of a router.

Advantages to using VLANs:

Switched networks increase performance, by reducing the size of collision domains. Users
can be grouped into logical networks which will increase performance by limiting broadcast
traffic to users performing similar functions or within individual workgroups. Less traffic
needs to be routed, causing the latency added by routers to be reduced.

VLANs provide an easier way to modify logical groups in changing environments. VLANs
make large networks more manageable by allowing centralized configuration of devices
located in physically different locations.

Software configurations can be made across machines with the consolidation of a

department’s resources into a single subnet. IP addresses, subnet masks, and local network
protocols will be more consistent across the entire VLAN.

10
VLANs provide independence from the physical topology of the network by allowing
physically diverse workgroups to be logically connected within a single broadcast domain.

A switched network delivers frames only to the intended recipients, and broadcast frames
only to other members of the VLAN. This allows the network administrator to segment users
requiring access to sensitive information into separate VLANs from the rest of the general
user community regardless of physical location, thus enhancing security.

Identify the main characteristics and purpose of extranets and intranets.

> Extranets

An extranet is a private network that uses Internet protocols, network connectivity, to

securely share part of an organization's information or operations with suppliers, vendors,
partners, customers or other businesses. An extranet can be viewed as part of a company's
Intranet that is extended to users outside the company normally over the Internet.

An extranet requires security and privacy. These can include firewalls, server management,
the issuance and use of digital certificates or similar means of user authentication, encryption
of messages, and the use of virtual private networks (VPNs) that tunnel through the public
network.

Advantages

• Extranets can improve organization productivity by automating processes that were

previously done manually.
• Extranets allow organization or project information to be viewed at times convenient
for business partners, customers, employees, suppliers and other stake-holders.
• Information on an extranet can be updated, edited and changed instantly. All
authorised users therefore have immediate access to the most up-to-date information.

Disadvantages

• Extranets can be expensive to implement and maintain within an organisation

• Security of extranets can be a big concern when dealing with valuable information.
• Extranets can reduce personal contact (face-to-face meetings) with customers and
business partners. This could cause a lack of connections made between people and a
company

> Intranet

Intranets differ from "Extranets" in that the former is generally restricted to employees of the
organization while extranets can generally be accessed by customers, suppliers, or other
approved parties.

An intranet is a private computer network that uses Internet protocols, network connectivity,
to securely share part of an organization's information or operations with its employees.
Sometimes the term refers only to the most visible service, the internal website. The same
concepts and technologies of the Internet such as clients and servers running on the Internet

11
protocol suite are used to build an intranet. HTTP and other Internet protocols are commonly
used as well, especially FTP and e-mail.

Identify the purpose, benefits and characteristics of using antivirus software.

Antivirus software consists of computer programs that attempt to identify, thwart and
eliminate computer viruses and other malicious software.

Antivirus software typically uses two different techniques to accomplish this:

• Examining files to look for known viruses matching definitions in a virus dictionary
• Identifying suspicious behavior from any computer program which might indicate
infection. Such analysis may include data captures, port monitoring and other
methods.

Most commercial antivirus software uses both of these approaches, with an emphasis on the
virus dictionary approach.

Dictionary Approach: When the antivirus software looks at a file, it refers to a dictionary of
known viruses that the authors of the antivirus software have identified. If a piece of code in
the file matches any virus identified in the dictionary, then the antivirus software can take one
of the following actions:

• attempt to repair the file by removing the virus itself from the file
• quarantine the file
• delete the infected file.

Suspicious Behavior Approach: Unlike the dictionary approach, the suspicious behavior
approach therefore provides protection against brand-new viruses that do not yet exist in any
virus dictionaries. Most antivirus software are not using this approach much today.

Using this approach the antivirus software:

• Doesn't attempt to identify known viruses

• Monitors the behavior of all programs.
• If one program tries to write data to an executable program, the antivirus software can
flag this suspicious behavior
• alert a user and ask what to do.

Heuristic Analysis Approach:

• Antivirus software could try to emulate the beginning of the code of each new
executable that the system invokes before transferring control to that executable.
• If the program seems to use self-modifying code or otherwise appears as a virus, one
could assume that a virus has infected the executable. However, this method could
result in a lot of false positives.

12
 Identify the purpose and characteristics of fault tolerance:

Fault tolerance is the ability of a system to continue functioning when part of the system fails.
Normally, fault tolerance is used in describing disk subsystems, but it can also apply to other
parts of the system or the entire system. Fully fault-tolerant systems use redundant disk
controllers and power supplies as well as fault-tolerant disk subsystems. You can also use an
uninterruptible power supply (UPS) to safeguard against local power failure.

Although the data is always available in a fault-tolerant system, you still need to make
backups that are stored offsite to protect the data against disasters such as a fire.

> Network Redundancy

Service interruptions on a network are not always the result of a computer or drive failure.
Sometimes the network itself is to blame. For this reason, many larger internetworks are
designed with redundant components that enable traffic to reach a given destination in more
than one way. If a network cable is cut or broken, or if a router or switch fails, redundant
equipment enables data to take another path to its destination. There are several ways to
provide redundant paths. Typically, you have at least two routers or switches connected to
each network, so that the computers can use either one as a gateway to the other segments.

Example, you can build a network with two backbones. Each workstation can use either of
the routers on its local segment as a gateway. You can also use this arrangement to balance
the traffic on the two backbones by configuring half of the computers on each local area
network (LAN) to use one of the routers as its default gateway and the other half to use the
other router.

> Storage

A redundant array of independent disks (RAID) is an example of a fault-tolerant storage

device that uses data redundancy.

RAID

Redundant Array of Inexpensive (or Independent) Disks. A RAID array is a collection of

drives which collectively act as a single storage system, which can tolerate the failure of a
drive without losing data, and which can operate independently of each other.

Level 0 referred to as striping, is not redundant. Data is split across drives, resulting in higher
data throughput. Since no redundant information is stored, performance is very good, but the
failure of any disk in the array results in all data loss.

Level 1 referred to as mirroring with 2 hard drives. It provides redundancy by duplicating all
data from one drive on another drive. Performance is better than a single drive, but if either
drive fails, no data is lost. This is a good entry-level redundant system, since only two drives
are required.

Level 2, which uses Hamming error correction codes, is intended for use with drives which
do not have built-in error detection. All SCSI drives support built-in error detection, so this
level is not needed if using SCSI drives.

13
Level 3 stripes data at a byte level across several drives, with parity stored on one drive. It is
otherwise similar to level 4. Byte-level striping requires hardware support for efficient use.

Level 4 stripes data at a block level across several drives, with parity stored on one drive. The
parity information allows recovery from the failure of any single drive. Performance is very
good for reads. Writes, however, require that parity data be updated each time. This slows
small random writes, in particular, though large writes or sequential writes are fairly fast.

Level 5 striping with distributed parity. Similar to level 4, but distributes parity among the
drives. No single disk is devoted to parity. This can speed small writes in multiprocessing
systems. Because parity data must be distributed on each drive during reads, the performance
for reads tends to be considerably lower than a level 4 array.

Identify the purpose and characteristics of disaster recovery:

> Backup / restore

Offsite storage

A remote backup service, online backup service or managed backup service is a service that
provides users with an online system for backing up and storing computer files. Managed
backup providers are companies that have the software and server space for storing files.

Hot and cold spares

• A hot spare disk is running, ready to start working in the case of a failure.
• A cold spare disk is not running.

A hot spare is used as a failover mechanism to provide reliability in system configurations.

The hot spare is active and connected as part of a working system. When a key component
fails, the hot spare is switched into operation.

Examples of hot spares are components such as networked printers, and hard disks. The
equipment is powered on, or considered "hot", but not actively functioning in the system. In
the case of a disk drive, data is being mirrored so when the hot spare takes over, the system
continues to operate with minimal or no downtime.

Hot Spare Disk is a disk or group of disks used to automatically or manually, replace a
failing or failed disk in a RAID configuration. The hot spare disk reduces the mean time to
recovery (MTTR) for the RAID redundancy group, thus reducing the probability of a second
disk failure and the resultant data loss that would occur in any singly redundant RAID (e.g.,
RAID-1, RAID-5, RAID-10).

Hot, warm and cold sites

A backup site is a location where a business can easily relocate following a disaster, such as
fire, flood.

14
There are three types of backup sites, including cold sites, warm sites, and hot sites. The
differences between the types are determined by the costs and effort required to implement
each.

Hot Site is a duplicate of the original site of the business, with full computer systems as well
as near-complete backups of user data. Following a disaster, the hot site exists so that the
business can relocate with minimal losses to normal operations. Ideally, a hot site will be up
and running within a matter of hours. This type of backup site is the most expensive to
operate.

Warm Site is a location where the business can relocate to after the disaster that is already
stocked with computer hardware similar to that of the original site, but does not contain
backed up copies of data and information.

Cold Site is the most inexpensive type of backup site for a business to operate. It does not
include backed up copies of data and information from the its original location, nor does it
include hardware already set up. The lack of hardware contributes to the minimal startup
costs of the cold site, but requires additional time following the disaster to have the operation
running at a capacity close to that prior to the disaster.

15