Bài giảng Network+ Certification - Chapter 16, Network Maintenance

Chapter 16, Network Maintenance |1| Chapter Overview A. Backups B. Antivirus Policies C. Patches and Updates Chapter 16, Lesson 1 Backups |2| 1. What Is a Backup? A. Backups are copies of data that you make on a regular basis. 1. If a storage device fails or is damaged and the data stored there is lost, you can restore it from a backup in a timely manner. B. Even if you have other storage technologies in place that provide fault tolerance, such as mirrored disks or a redundant array of independent disks (RAID), you still need a backup solution. C. Networks both complicate and simplify the process of making regular backups. 1. The process is more complicated because you have data stored on multiple devices that must be protected. 2. The process is simpler because you can use the network to access those devices. D. A network backup strategy specifies what data you back up, how often you back it up, and what medium you use to store the backups. E. The backup hardware, software, and administrative policies you will use depend on 1. How much data you have to back up 2. How much time you have to back it up 3. How much protection you want to provide 2. Backup Hardware |3| A. Selecting a backup drive 1. You can use any type of storage device for backups. 2. Try to automate as much of the backup process as possible. 3. Select a device that can store all of your data without frequent media changes. a. You do not need a drive that can hold all of the data stored on all of your network’s computers. b. Be selective about which data you want to back up. (1) Determine how much data needs to be protected before you decide on the capacity of your backup device. 4. Consider the speed at which the drive writes data to the medium. 2 Outline, Chapter 16 Network+ Certification, Second Edition 5. Backup jobs typically run during periods when the network is not otherwise in use so that all of the data on the network is available for backup. a. The amount of time that you have to perform your backups is sometimes called the backup window. 6. The backup device that you choose should depend in part on a. The amount of data you must protect b. The amount of time that you have to back it up c. Examples (1) If you have 10 GB of data to back up and your company closes down from 5:00 P.M. until 9:00 A.M., you have a 16-hour backup window—plenty of time to copy your data, using a medium-speed backup device. (2) If your company operates three shifts and only leaves you one hour, from 7:00 A.M. to 8:00 A.M., to back up 100 GB of data, you must use a much faster device or several devices. |4| 7. Cost is always a factor in selecting a hardware product. a. Faster drives are generally more expensive. b. A low-end backup drive can cost $100 to $200, which is suitable for backing up a home computer where speed is not a major factor. c. When you move up to the drives that have the speed and capacity that make them suitable for network backups, the prices increase exponentially. d. High-end backup drives can have prices that run into five figures. e. When you evaluate backup devices, be aware of the product’s media costs as well. f. Backup devices nearly always use a removable medium, such as a tape or disk cartridge, which you must buy along with the drive. g. At first, some products might seem to be economical because the drive is inexpensive, but in the long run they might not be because the media are so expensive. h. One of the most common methods of evaluating various backup devices is to determine the cost per megabyte of the storage that a device provides. (1) Divide the price of the medium by the number of megabytes it can store, and use this figure to compare the relative cost of various devices. |5| B. Selecting a drive interface 1. Backup devices can use any of the standard computer interfaces: a. IDE b. Universal serial bus (USB) c. SCSI d. Some backup drives connect to the computer’s parallel port, although this type of connection is just a form of SCSI that uses a different port. 2. The most common interface used in high-end network backup solutions is SCSI. Outline, Chapter 16 3 Network+ Certification, Second Edition a. SCSI devices operate more independently than IDE devices. (1) This means that the backup process, which often entails reading from one device while writing to another on the same interface, is more efficient. b. SCSI devices can (1) Maintain a queue of commands that they have received from the host adapter (2) Execute the commands sequentially and independently c. Most SCSI devices are available as internal or external units. 3. When multiple IDE devices share a channel, only one operates at a time. a. Each drive must receive, execute, and complete a command before the other drive can receive its next command. 4. Magnetic tape drives require a consistent stream of data to write to the tape with maximum effectiveness. a. If there are constant interruptions in the data stream, which can happen with the IDE interface, the tape drive must repeatedly stop and start the tape. (1) Reduces the tape drive’s speed and its overall storage capacity b. A SCSI drive can often operate continuously without pausing to wait for the other devices on the channel. 5. SCSI backup devices are always more expensive than a comparable IDE alternative, because a. The drive requires additional electronics b. The SCSI host adapter must be installed in the computer c. External units have their own power supplies, which also adds to the cost |6,7| C. Magnetic tape drives 1. Most common hardware device used to back up data 2. Unlike hard disk, removable disk, and CD-ROM drives, tape drives are not random access devices. a. You cannot simply move the drive heads to a particular file on a backup tape without spooling through all of the files before it. b. The drive unwinds the tape from a spool and pulls it across the heads until it reaches the point in the tape where the data you want is located. c. You cannot mount a tape drive in a computer’s file system, assign it a drive letter, and copy files to it, as you can with a hard disk drive. 3. A special software program is required to address the drive and send the data you select to it for storage. 4. Magnetic tape drives are well suited for backups. a. Advantages (1) Fast (2) Hold a lot of data (3) Media cost per megabyte is low, often less than one-half cent per megabyte 4 Outline, Chapter 16 Network+ Certification, Second Edition b. Tape drives are useless for anything other than backups. 5. There are many different types of magnetic tape drives that differ greatly in speed, capacity, and price. a. At the low end are quarter-inch cartridge (QIC) drives, which can cost as little as $200. (1) A single QIC tape cartridge holds 150 MB to 20 GB. b. At the high end are digital linear tape (DLT) and linear tape-open (LTO) drives, which can cost several thousand dollars and store as much as 100 GB on a single tape. 6. Drive compression a. The capacities of magnetic tape drives are generally specified with two figures, such as 40 GB to 80 GB. (1) These numbers refer to the capacity of a tape without compression and with compression. b. Most tape drives have hardware-based data compression capabilities built into them, but the additional capacity that you achieve when using compression is based on the type of data you are storing. c. The capacity figures assume an average compression ratio of 2:1. d. Some types of files, such as image files using uncompressed BMP or TIF formats, can compress at much higher ratios, as high as 8:1. e. Files that are already compressed, such as GIF or JPG image files or ZIP archives, cannot be compressed further and are stored at a 1:1 compression ratio. |9| D. CD-ROM drives 1. Writable CD-ROM drives, such as compact disc-recordables (CD-Rs) and compact disc rewritables (CD-RWs), can be used as backup devices. 2. Advantages a. The low cost of the media makes CDs an economical solution, even if the disks can be used only once, as is the case with CD-Rs. b. Many computers already have CD-ROM drives installed for other purposes, which eliminates the need to buy a dedicated backup drive. 3. Disadvantages a. By backup device standards, the capacity of a CD is low—about 650 MB. b. For network backups, CD-ROMs are usually inadequate. (1) Most networks need to back up many gigabytes worth of data, which would require many disk changes. (2) Network backup software products usually do not recognize CD-R and CD-RW drives. |10| E. Cartridge drives 1. Removable cartridge drives, such as Iomega’s Zip and Jaz drives, can be used for backups. a. Zip cartridges hold only 100 MB or 250 MB, which makes them less practical than CDs for backups. b. Jaz drives are available in 1-GB and 2-GB versions, which is sufficient for a backup device. Outline, Chapter 16 5 Network+ Certification, Second Edition 2. Cartridge drives mount into a computer’s file system. a. You can assign a drive letter to a cartridge drive and copy files to it, just as you can assign a drive letter and copy files to a hard drive. 3. Disadvantage: the cost of the media is extremely high, making cartridge drives impractical for network backups. a. A 2-GB Jaz cartridge can cost $125 or more, which is more than 6 cents per megabyte—far more than virtually any other storage device. |11,12| F. Autochangers 1. An autochanger is a unit that contains one or more drives and a robotic mechanism that swaps the media in and out of the drives. a. Also called jukeboxes or tape libraries b. Some autochangers are small devices with a single drive and an array that holds four or five tapes. c. Others are enormous devices with as many as four drives and an array of 100 tapes or more. 2. When a backup job fills one tape (or other storage medium), the mechanism extracts it from the drive and inserts another, and the job continues. 3. The autochanger also remembers which tapes are available and can load the appropriate tape to perform a restore job. a. This memory mechanism is commonly called an index. 4. If you buy a large enough autochanger, you can create a long-term backup strategy that allows backups to run completely unattended for weeks at a time. 5. Autochanger prices can be astonishingly high, reaching as much as six figures in some cases. 3. Backup Software A. Backup software products 1. Storage devices used as backup solutions are not treated like the other storage subsystems in a computer. a. A specialized software product is required to package the data that you want to back up and send to the drive. 2. Operating systems frequently include a backup program that you can use with your drive. a. These programs usually provide only basic functionality and lack features that are useful in a network environment. |13| B. Target selection and filtering 1. The most basic function of a backup software program is to let you select what you want to back up, sometimes called the target. 2. A good backup program enables you to select targets by selecting a. Entire computers b. Specific drives on those computers c. Specific directories on the drives d. Specific files in specific directories 6 Outline, Chapter 16 Network+ Certification, Second Edition |14| 3. Most backup programs provide a directory tree display that you can use to select the targets for a backup job. 4. In most cases, it is not necessary to back up all of the data on a computer’s drives. a. If a hard drive is completely erased or destroyed, you have to reinstall the operating system before you can restore files from a backup tape, so it is not worthwhile to back up all of the operating system files each time you run a backup. b. The same is true for applications, since you can reinstall an application from the original distribution media. (1) In this case, you might want to back up only your data files and the configuration settings for that application. c. As they run, most operating systems create temporary files, which you do not need to back up. d. Carefully selecting backup targets can mean the difference between fitting an entire backup job on one tape or staying late after work to insert a second tape into the drive. 5. Individually selecting the files, directories, and drives that you want to back up can be quite tedious, so many backup programs provide other ways to specify targets. a. Filters enable the software to evaluate each file and directory on a drive and decide whether to back it up. b. A good backup program provides a variety of filters that enable you to select targets based on file and directory names, extensions, sizes, dates, and attributes. c. You can use filters to limit your backups to only the files that have changed recently, using either date or attribute filters. d. The most common type of filter used by backup programs is the one for the archive attribute. (1) Enables the software to back up only the files that have changed since the last backup (2) This filter is the basis for incremental and differential backups. |15| C. Full backups 1. A full backup copies the entire contents of a computer’s drives to tape or another medium. a. You can perform a full backup every day, but this practice can be wasteful, both in terms of time and tape. b. When you perform a full backup every day, most of the files you are writing to the tape are exactly the same as they were the previous day. c. The only files that change on a regular basis are (1) Data files (2) The files that store configuration data (3) Special resources such as the Windows Registry and directory service databases Outline, Chapter 16 7 Network+ Certification, Second Edition d. To save tape and shorten the backup time, many network administrators perform full backups only once a week, or even less often. D. Incremental and differential backups 1. Between full backups, administrators perform special types of filtered jobs, called incremental and differential backups, that back up only the files that have recently been modified. a. An incremental backup is a job that backs up only the files changed since the last backup job of any kind. b. A differential backup is a job that backs up only the files that have changed since the last full backup. |16| 2. The backup software filters the files for backups by using a special file attribute called the archive bit, which is on every file on the computer. a. File attributes are 1-bit flags, stored with each file on a drive, that perform various functions. b. The archive bit for a file is activated by any application that modifies that file. c. When the backup program scans the target drive during an incremental or differential job, it selects for backup only the files with active archive bits. 3. During a full backup, the software backs up the entire contents of a computer’s drives, and also resets (that is, removes) the archive bit on all of the files. a. Immediately after the job is completed, you have a complete copy of the drives on tape, and none of the files on the target drive have an active archive bit. 4. As work on the computer proceeds after the backup job is completed, files are modified, and the archive bits for the modified files are activated. 5. The next day, you can run an incremental or differential backup job, which filters out all files that do not have an active archive bit. a. All of the program files that make up the operating system and the applications are skipped, along with all data files that have not changed. b. Compared to a full backup, an incremental or differential backup job is usually much smaller, so it takes less time and less tape. 6. The difference between an incremental and a differential job lies in the behavior of the backup software when it either resets or does not reset the archive bits of the files it copies to tape. |17| 7. Incremental jobs a. Incremental jobs reset the archive bits on the files they back up. b. When you run an incremental job, you back up only the files that have changed since the last backup, whether it was a full backup or an incremental backup. (1) Advantage: uses the least amount of tape (2) Disadvantage: lengthens the restore process 8 Outline, Chapter 16 Network+ Certification, Second Edition c. If you restore an entire computer, you must first perform a restore from the last full backup tape, and then restore each incremental job performed since the last full backup. (1) For example, suppose that you run a full backup job on a computer every Monday evening and incremental jobs every evening from Tuesday through Friday. If the computer’s hard drive fails on a Friday morning, you must restore the previous Monday’s full backup, and then restore the incremental jobs from Tuesday, Wednesday, and Thursday, in that order. d. The order of the restore jobs is essential if you want the computer to have the latest version of every file. |18| 8. Differential jobs a. Differential jobs do not reset the archive bit on the files they back up. b. Every differential job backs up all of the files that have changed since the last full backup. (1) For example, if you perform a full backup on Monday evening, Tuesday evening’s differential job will back up all files changed on Tuesday; Wednesday evening’s differential job will back up all files changed on Tuesday and Wednesday; and Thursday evening’s differential backup will back up all files changed on Tuesday, Wednesday, and Thursday. c. Advantage: differential backups simplify the restore process. (1) To completely restore the computer that failed on a Friday morning, you only have to restore Monday’s full backup tape and the most recent differential backup, which was performed Thursday evening. (2) Because the Thursday tape includes all of the files modified on Tuesday, Wednesday, and Thursday, no other tapes are needed. (3) The archive bits for these changed files are not reset until the next full backup job is performed. d. Disadvantage: differential backups use more tape, because some of the same files are backed up each day. 9. Running incremental or differential jobs often allows you to automate your backup regimen without spending too much on hardware. a. For example, if your full backup job totals 50 GB, a 20-GB drive might be adequate. (1) You must manually insert two additional tapes during your full backup jobs once a week, but you should be able to run incremental or differential jobs the rest of the week using only one tape. (2) Allows the jobs to run unattended E. Drive manipulation 1. When you have selected what you want to back up, the next step is to specify where to send the selected data. 2. The backup software typically lets you Outline, Chapter 16 9 Network+ Certification, Second Edition a. Select a backup device (if you have more than one) b. Prepare to run the job by configuring the drive and the storage medium 3. For backup to a tape drive, the configuration process can include any of the following tasks: a. Formatting a tape b. Supplying a name for the tape you are creating c. Specifying whether you want to append the backed-up files to the tape or overwrite the tape d. Turning on the drive’s compression feature |19| F. Scheduling 1. All backup products let you create a backup job and execute it immediately, but the key to automating a backup routine is being able to schedule jobs to execute unattended. a. Scheduled jobs can run when the office is closed and the network is idle, so that (1) All resources are available for backup (2) User productivity is not compromised by a sudden surge of network traffic b. Not all of the backup programs supplied with operating systems or designed for stand-alone computers will support scheduling, but all network backup software products do. 2. Backup programs use various methods to automatically execute backup jobs. a. The Windows 2000 Backup program uses the operating system’s Task Scheduler application. b. Other programs supply their own program or service that runs continuously and triggers the jobs at the appropriate times. c. Some of the higher-end network backup products can use a directory service, such as the Microsoft Active Directory service or Novell Directory Services (NDS). (1) These programs modify the directory schema (the code that specifies the types of objects that can exist in the directory) to create an object representing a queue of jobs waiting to be executed. 3. You specify whether you want to execute the job once or repeatedly at a specified time each day, week, or month, using an interface such as the Windows 2000 Backup program’s Schedule Job dialog box. 4. After creating a logical sequence of backup jobs that execute by themselves at regular intervals, you only need to change the tape in the drive each day. a. If you have an autochanger, you can eliminate this part of the job and create a backup job sequence that can run unattended for weeks or months. |21| G. Logging and cataloging 10 Outline, Chapter 16 Network+ Certification, Second Edition 1. When a backup job runs, the software accesses the specified targets and feeds the data to the backup drive in the appropriate manner. a. It is important for the data to arrive at the storage device in a consistent manner and at the proper rate of speed. 2. Most backup software products can maintain a log of the backup process as it occurs. a. You can often specify a level of detail for the log, such as whether it should contain a complete list of every file backed up or just record the major events that occur during the job. b. Periodically checking the log is an essential part of administering a network backup program. c. The log tells you (1) When selected files are skipped for any reason (2) When errors occur on either the backup drive or one of the computers involved in the backup process d. Some software products can generate alerts when errors occur, notifying you by sending a status message to a network management console, by sending you an e-mail message, or by other methods. 3. Backup software programs also catalog the files they back up, which facilitates the process of restoring files later. a. The catalog is a list of every file that the software has backed up during each job. b. To restore files from the backup medium, you browse through the catalog and select the files, directories, or drives that you want to restore. 4. Different backup software products store the catalog in different ways. a. For example, the Windows 2000 Backup program stores the catalog for each tape on the tape itself. (1) Disadvantage: you have to insert a tape into the drive to read the catalog and browse the files on that tape. b. More elaborate network backup software programs maintain a database of the catalogs for all of the backup tapes on the computer where the backup device is installed. (1) This database lets you browse through the catalogs for all of your tapes and select any version of any file or directory for restoration. c. In some cases, you can view the contents of the database in several different ways, such as (1) By the computer, drive, and directory where the files were originally located (2) By the backup job (3) By the tape or other media name d. The database feature can use a lot of the computer’s disk space and processor cycles, but it greatly enhances the usability of the software, particularly in a network environment. |22| H. Media rotation Outline, Chapter 16 11 Network+ Certification, Second Edition 1. Using new tapes for every backup job and storing them all permanently can become extremely expensive. a. It is more common to reuse backup tapes. b. To reuse tapes properly, you must carefully plan your media rotation scheme, so that you do not inadvertently reuse a tape you will need later. 2. One of the most common media rotation schemes is called Grandfather- Father-Son, which refers to backup jobs that run monthly, weekly, and daily. a. The Grandfather-Father-Son scheme requires you to maintain (1) One set of tapes for your daily jobs, which you reuse every week (2) A set of weekly tapes, which you reuse every month (3) A set of monthly tapes, which you reuse every year 3. There are other schemes that vary in complexity and utility, depending on the software product. 4. When the software program implements the rotation scheme, it a. Provides a basic schedule for the jobs b. Tells you what name to write on each tape as you use it c. Tells you which tape to insert for each job 5. You maintain a perpetual record of your data while using the minimum number of tapes without fear of overwriting a tape you need. |23| I. Restoring 1. Restoring data from your backups is the sole reason for making them in the first place. 2. You must perform periodic test restores from your backup tapes or other media to ensure that you can recover any lost data. a. Even if all your jobs are completed successfully and your log files show that all of your data has been backed up, there is no better test of a backup system than an actual restore. 3. Although making regular backups protects you from losing an entire hard drive, most of the jobs you perform will be restoring only one or a few files that a user has deleted. a. If a user needs to have one file restored and you have to insert tape after tape into the drive to locate it, everyone’s time is wasted. b. A backup program with a database that lets you search for a specific file makes your job much easier and lets you restore any file in minutes. |24| 4. Restore jobs are similar to backup jobs, in that you typically select the files or directories that you want to restore. a. You specify whether you want to restore the files to their original locations or to another location. b. If you restore the files to a different location, you can usually configure the software to place all of the restored files into one directory or re-create the directory structure that the files were backed up from. 12 Outline, Chapter 16 Network+ Certification, Second Edition J. Disaster recovery 1. Backup software products, like any applications, must run on an operating system. 2. If the drive in the computer hosting the backup drive fails, you first might need to reinstall the entire operating system and the backup software product before you can restore the complete backup of the computer. a. Can be time-consuming 3. Many backup software products provide a disaster recovery feature that lets you create a boot disk that loads just enough of the operating system and the backup application to perform a restore. a. A restore from a full backup will then provide all of the software needed to restart the computer in the normal manner. |25| K. Network backup functions 1. Choose a backup software product that is designed for network use. 2. A network backup software product differs from an application designed for stand-alone systems in that the network product can back up other computers on the network. a. This means you can use one backup drive to protect your entire network. b. Many stand-alone backup products can access drives on networked computers that you have mapped to a drive letter, but a fully functional network backup product can also back up important operating system features on other computers, such as the Windows Registry and directory service databases. c. You might have to install a software component on the target computer and on the computer where the backup drive is located. 3. Network backup products often have optional add-on components that allow you to perform specialized backup tasks, such as backing up live databases or computers running other operating systems. a. If you have database or e-mail servers that run around the clock, you might not be able to fully back them up using a standard software product because the database files are locked open. b. To back up a database of this type, you must do one of the following: (1) Close it by shutting it down. (2) Use a specialized piece of software that creates temporary database files (called delta files) that the server can use while the database itself is closed for the duration of the backup process. Chapter 16, Lesson 2 Antivirus Policies |26| 1. What Is a Virus? A. A software routine that is deliberately designed to attach itself to another piece of software on a computer, perform some Outline, Chapter 16 13 Network+ Certification, Second Edition preprogrammed activity, and spread to the other computers on a network 1. The worst types of viruses are engineered to irretrievably destroy all or part of the data stored on the computer by wiping out hard drives. 2. Potentially damaging programs such as viruses, Trojan horses, and worms can find their way onto a network through file downloads, e- mails, or removable disks. 3. However, there are many viruses with effects that are not so catastrophic. (a) Some viruses can cause intermittent problems on the computer, such as system lockups or specific feature failures, whereas others do nothing but display a message programmed by its author. B. There are many antivirus software products intended for stand-alone systems, but network administrators often use products that centralize the virus-scanning process so that every file transmitted over the network is checked. 1. Antivirus software products must be continually updated to cope with the constantly evolving techniques used by the creators of viruses. C. Like biological viruses, computer viruses are designed to replicate themselves by infecting other pieces of software. 1. A virus on an infected removable disk can migrate to the computer’s hard drive and infect the code on the hard drive. 2. In some cases, viruses are designed to remain dormant until the computer’s clock registers a particular date and time. |27| D. When a virus-infected computer is connected to a network, you have the functional equivalent of one sick child sharing a room with a group of healthy children. When one gets sick, the others are likely to get sick also. 1. Files transferred from the infected computer to the other systems on the network can spread the infection. 2. Depending on the design of the virus, the effect can range from a nuisance to a catastrophe. 3. Once the network is infected, it can be very difficult to completely remove the virus. 4. If you miss one infected file on one computer, the virus can reassert itself and start spreading all over again. E. Viruses can attach themselves to various parts of a computer’s software, and they are often classified by the area of the disk they reside in. |28| F. Virus types 1. Boot sector viruses a. Can come from a removable disk or an executable file b. Infect your computer by inhabiting the master boot record (MBR) of your hard drive 14 Outline, Chapter 16 Network+ Certification, Second Edition (1) Because the MBR executes whenever you start the computer, the virus is always loaded into memory and is therefore very dangerous. c. To remove a boot sector virus, you must either delete and re-create the MBR (which causes the data on the disk to be lost) or use an antivirus program. (1) By contrast, you can remove other types of viruses that infect files by deleting the infected file. 2. Executable file viruses a. Attach themselves to .exe or .com files or, less often, to other types of application modules, such as .dll and .bin files b. Load into memory when you run the infected program, and then can spread to other software that you execute c. You can receive executable file viruses in e-mail attachments and downloads, but they can infect your computer only if you run the infected program. 3. Polymorphic viruses a. Can reside in both the MBR and executable files b. Are designed to change their signatures periodically to fool virus- scanning routines that search for the code associated with particular viruses c. Modify themselves and use encryption to hide most of their code d. Are a direct result of the ongoing competition between the people who design viruses and those who design the tools to protect against them 4. Stealth viruses a. Many virus-scanning products function by detecting changes in the sizes of files stored on a computer’s hard drive. (1) Normal viruses add code to executable files, so the files grow in size by a small amount. (2) This is why installing an updated version of an application can sometimes trigger false positive results from a virus scanner. b. Stealth viruses attach themselves to executable files in the normal way, but they disguise their appearance by subtracting the same number of bytes from the infected file’s directory entry that their code added to the file. (1) The file appears not to have changed in size, even though virus code has been added to it. 5. Macro viruses a. A recent innovation that can infect data files b. In the past, viruses infected executable files only, but now data file viruses attach themselves to documents and spread themselves using the application’s macro capability. (1) Microsoft Word documents in particular were the original targets for this type of virus. (2) When a user opens an infected document file, the macro code executes, enabling the virus to enter into memory and spread Outline, Chapter 16 15 Network+ Certification, Second Edition to the template file (NORMAL.DOT) that Word uses for all open documents. (3) Once in the template file, the virus is read into memory whenever the application is launched, and it spreads to all of the documents the user loads afterward. c. Macro viruses do not usually cause severe damage, but because many businesses frequently exchange document files using e-mail and other methods, they spread very rapidly and are difficult to eradicate. d. Applications with macro capabilities now usually have a switch that lets you disable any macro code found in a document. (1) If you do not use macros, you can protect yourself from virus infections by using this feature. 6. Worms a. Not really a virus (1) Although worms are programs that can replicate themselves, they do not infect other files. b. Worms are separate programs that can insinuate themselves into a computer in various ways. (1) Example: inserting an entry in the Run Registry key that causes the worms to execute whenever the computer starts c. Once in memory, worms can create copies of themselves on the same computer or replicate to other computers over a network connection. 7. Trojan horses a. Not a virus, because they do not replicate or infect other files b. Masquerade as innocuous programs, so the user does not suspect that they are running c. Once loaded into memory, Trojan horses can perform any number of tasks that can be dangerous to the computer or to the network. (1) Some Trojan horses are essentially remote control server programs that open up a “back door” into the computer where they are running. (2) A user elsewhere on the network or on the Internet can run the client half of the program and access the remote computer through the back door. (3) Other types of Trojan horses can gather information on the remote system, such as passwords or data files, and transmit it to a host program running on another computer. |29| 2. Preventing Virus Infections A. To protect your network against virus infections, you should implement policies that prescribe both the behavior of your users and the configuration of their computers. 1. All users should be wary of removable disks from outside sources, and particularly of files attached to e-mail messages. a. One of the most common techniques for disseminating viruses is code that causes the victim’s computer to send an e-mail message with an infected attachment to all of the people in the user’s address book. 16 Outline, Chapter 16 Network+ Certification, Second Edition (1) Because the recipients recognize the name of the sender, they often open the e-mail and launch the attachment without thinking, thus infecting their own computers and beginning the same e-mail generation process. 2. Antivirus software products can protect individual computers from infection by viruses and other malicious programs. a. A typical antivirus program consists of a scanner that examines the computer’s MBR when the computer starts and checks each file as the computer accesses it. b. A full-featured program also checks e-mail attachments and Internet downloads by intercepting the files as they arrive from the e-mail or Internet server and by scanning them for viruses before passing them to the client application. 3. A virus scanner works by examining files and searching for specific code signatures that are peculiar to certain viruses. a. The scanner has a library of virus definitions that it uses to identify viruses. b. To keep your computers fully protected, you must update the virus signatures for your program on a regular basis. c. Some antivirus programs have a feature that automatically connects to the Internet and downloads the latest signatures when they become available. d. The product you select should update its virus signatures at least once a month. e. Check the software manufacturer’s policies for virus signature updates. (1) Some products include perpetual updates in the price of the software, but others include updates for a limited time before you must purchase a subscription. 4. All network computers, both servers and workstations, should run an antivirus program to protect the entire network. 5. Antivirus programs designed for use on networks do not provide greater protection against viruses, but they simplify the process of implementing the protection. a. The centralized management and monitoring capabilities in network- enabled antivirus products typically allow you to create policies for the computers on the network that force them to run the virus- scanning mechanisms you specify. b. Network antivirus products also simplify the process of deploying virus signature updates to all of the computers on the network. Chapter 16, Lesson 3 Patches and Updates 1. Introduction A. Another important part of the network administrator’s job is to keep the software running on the network computers up to date. Outline, Chapter 16 17 Network+ Certification, Second Edition B. All manufacturers of operating systems and applications periodically release patches or updates that correct problems with the software, enhance or modify existing features, or add new capabilities. 1. In most cases, the process of updating a computer involves downloading an update program from the manufacturer’s Web site and running it on the computer. C. Keeping your network software updated is not simply a matter of blindly downloading and installing every patch you can find. 1. The process includes researching the various updates that the manufacturers release, determining if they apply to your environment, and, in some cases, testing them before deployment. |30| 2. Major Updates A. Even a computer with a relatively simple configuration can have many different software components that are regularly updated. 1. The operating system is the chief element you should keep up to date, but you should also update applications and device drivers periodically. B. Years ago, manufacturers of operating systems would release many different software patches, each addressing a specific issue. 1. This caused problems for both users and developers because a. Users sometimes had to download and apply a dozen or more patches to keep their software current b. It was difficult for developers to know exactly how a particular installation was configured 2. If there are 10 patches available for a particular operating system version, people trying to support the product will have a difficult time keeping up with whether all of the patches have been applied and in what order. C. Now, operating system manufacturers release groups of updates in a single package. 1. This practice was pioneered by Microsoft with its Service Pack releases for Microsoft Windows NT. 2. Each Service Pack release for a product contains a collection of patches and updates, all of which are applied by one installation program. 3. Because the various patches have all been tested together, the operating system environment is consistent. 4. Now all Microsoft products are updated using Service Packs, and most other operating system and application manufacturers have followed suit (although they might use different names for their releases). a. When Microsoft releases multiple Service Packs for a product, each subsequent release is cumulative, meaning that it contains all of the updates from the previous Service Packs. b. This way, a user does not have to apply multiple Service Packs to bring a newly installed computer up to date. 5. Service Pack releases can be extremely large. a. Windows NT 4.0 Service Packs are now more than 30 MB, and the full version of Windows 2000 Service Pack 2 is over 100 MB. 18 Outline, Chapter 16 Network+ Certification, Second Edition b. Microsoft also makes Service Packs available on CD-ROM for a nominal fee. c. Downloadable versions of Microsoft’s Service Packs are a single compressed executable file that contains a large number of operating system components. 6. To install the Service Pack, you run the file, and then the program expands the components and installs them in the proper locations. a. The CD-ROM version of a Service Pack is the now-typical self- starting CD-ROM with a menu of options, one of which is installing the update. b. To deploy a Service Pack on a network, you might need to travel to every computer to install the Service Pack. c. You might be able to e-mail the Service Pack file to your users with instructions on how to install it. d. There are also network management software products that can automate the process of installing Service Packs and other updates on all of the computers on the network. D. It is a good idea to check an operating system update before you install it, either by running it yourself in a lab environment or by monitoring Web sites and trade publications for news on problems with the latest release. 1. You should also familiarize yourself with the release notes for the update, which list all of the specific changes that have been made to the operating system. |31| 3. Patches A. Between the releases of Service Packs or other major software updates, manufacturers may also make individual patches available. B. A patch is usually a small fix that is designed to address a highly specific problem. C. Be sure to carefully read about any patches that become available to determine whether you need to install them. 1. In some cases, manufacturers recommend that you install a patch only under certain conditions, such as when you are using a particular combination of components or when you are experiencing a specific error. a. If your environment does not qualify, do not assume that you should install the patch anyway, just to keep your software current. D. Read all of the documentation accompanying the release and carefully follow the manufacturer’s instructions. 4. Driver Updates A. Device drivers are regularly updated. B. When you deploy driver updates, you should be even more careful than you are when you deploy operating system updates. Outline, Chapter 16 19 Network+ Certification, Second Edition 1. If your hardware devices are functioning properly, there is probably no reason to update their device drivers with every new release that comes out. 2. Many network administrators are overzealous in this respect and start to assume that the latest release is automatically the greatest. a. This is often not the case. 3. Unless you have a specific reason for applying a device driver update (for example, if you are experiencing the specific problem the update is documented to address), you are generally better off leaving your installations alone. |32| 5. Software Upgrades A. In addition to patches and updates, software manufacturers typically release periodic upgrades. 1. An update is usually a relatively minor release that addresses specific issues or provides modest enhancements. 2. An upgrade is a major release that provides new features and capabilities. 3. In most cases, patches and updates are free, but you must buy an upgrade. B. Deciding whether to upgrade your software can be difficult. 1. In a network environment, a major software upgrade, whether of an operating system or an application, can be a complex and expensive undertaking. 2. In addition to buying the software itself, you might need to do any or all of the following: a. Upgrade the hardware in your computers (by adding memory, for example). b. Pay people to install the new software on all of the computers. c. Retrain your users to bring them up to speed on the new version. 3. The cumulative cost of the upgrade process can be enormous. 4. If you do not need new features, it might not be worth upgrading. a. However, it is also important to make sure that your software is not too out of date. b. If you stay with an older version of a software product because it does everything you want it to and because all of your users are familiar with it, you might eventually get to the point where (1) The manufacturer no longer supports the product (2) The cost of upgrading is much higher than it would have been earlier |33| Chapter Summary A. Backups 1. Magnetic tape is the most popular storage medium for backups because it is fast, inexpensive, and holds a lot of data. 20 Outline, Chapter 16 Network+ Certification, Second Edition 2. Backup software enables you to select the data you want to back up and sends it to the tape drive or other device you use for your backups. 3. There are three types of backups: full backups, incremental backups, and differential backups. a. Full backups copy all of the data on a computer. b. Incremental backups copy only the files that have changed since the last backup of any kind. c. Differential backups copy only the files that have changed since the last full backup. 4. A good backup software program allows you to schedule jobs to execute at any time. 5. Network backup software enables you to back up data from computers anywhere on the network and might also provide optional features such as live database backups. |34| B. Antivirus policies 1. Viruses are dangerous programs that can damage the data on a computer and spread to the other computers on a network. 2. To protect your network against viruses, you must run antivirus software on every computer. C. Patches and updates 1. Obtaining, evaluating, and deploying software patches and updates is an important part of the network administrator’s job. 2. Software upgrades are major undertakings that can be extremely expensive and time-consuming.