Cont@ct |
A+ OS Guide Network+ Guide Books |
Network Implementation3.1 Describe the basic capabilities (i.e., client support, interoperability, authentication, file and print services, application support, and security) of the following server operating systems:UNIX/Linux Interoperability Open source software such as SAMBA is used to provide Windows users with Server Message Block (SMB) file sharing. Authentication Centralized login authentication File and Print Services Network File System (NFS) is a distributed file system that allows users to access files and directories located on remote computers and treat those files and directories as if they were local. LPR/LPD is the primary UNIX printing protocol used to submit jobs to the printer. The LPR component initiates commands such as "print waiting jobs," "receive job," and "send queue state," and the LPD component in the print server responds to them. Security With most Unix operating systems, the network services can be individually controlled to increase security. Netware Client Support NetWare 5 comes with Novell Client software for three client platforms: DOS and Windows 3.1x, Windows 95/98, and Windows NT. Interoperability You can set the Novell Clients for Windows 95/98 and Windows NT to work with one of three network protocol options: IP only, IP and IPX, or IPX only. Authentication Centralized login authentication File and Print Services File Services NetWare offers two choices of mutually compatible file services: Novell Storage Services (NSS) and the traditional NetWare File System. Both kinds of file services let you store, organize, manage, access, and retrieve data on the network. NSS gathers all unpartitioned free space that exists on all the hard drives connected to your server, together with any unused space in NetWare volumes, and places it into a storage pool. You create NSS volumes from this storage pool during server installation or later through NWCONFIG. Novell Distributed Print Services (NDPS) is the default and preferred print system in NetWare. NDPS supports IP-based as well as IPX-based printing> Security Novell has support for a public key infrastructure built into NetWare 5 using a public certificate, developed by RSA Security. Windows 2000 Client Support Windows 3.x, Windows 95, Windows 98, and Windows NT Workstation 4.0. Interoperability Windows 2000 Server supports UNIX, Novell NetWare, Windows NT Server 4.0, and Macintosh. Authentication Successful user authentication in a Windows 2000 computing environment consists of two separate processes: interactive logon, which confirms the user's identification to either a domain account or a local computer, and network authentication, which confirms the user's identification to any network service that the user attempts to access. Types of authentication that Windows 2000 supports are:
File and Print Services You can add and maintain printers in Windows 2000 using the print administration wizard, and you can add file shares using Active Directory management tools. Windows 2000 also offers Distributed File Services, which let you combine files on more than one server into a single share. Security User-level security protects shared network resources by requiring that a security provider authenticate a user’s request to access resources. The domain controller , grants access to the shared resource by verifying that the user name and password are the same as those on the user account list stored on the network security provider. Because the security provider maintains a network-wide list of user accounts and passwords, each client computer does not have to store a list of accounts. Share-level security protects shared network resources on the computer with individually assigned passwords. For example, you can assign a password to a folder or a locally attached printer. If other users want to access it, they need to type in the appropriate password. If you do not assign a password to a shared resource, every user with access to the network can access that resource. See also Encrypting File System AppleShare Client Support TCP/IP file sharing with Macintosh clients using Network File System (NFS), and File Transfer Apple File Protocol 3.0. Interoperability Windows Server Message Block (SMB) file sharing. File and Print Services
Application Support
Mac OS X Server Client Support TCP/IP file sharing with Macintosh clients using Network File System (NFS), and File Transfer Apple File Protocol 3.0. Interoperability Mac OS X Server uses the Open Source SAMBA to provide Windows users with Server Message Block (SMB) file sharing. Network File System (NFS) lets you make folders available to UNIX and Linux users. Authentication Kerberos support for centralized login authentication. File and Print Services
Application Support
Security
3.2 Describe the basic capabilities, (i.e., client connectivity, local security mechanisms, and authentication) of the following client operating systems:See 3.1 above 3.3 Describe the main characteristics of VLANs.A Virtual LAN is a group of devices on one or more LANs that are configured using management software so that they can communicate as if they were attached to the same LAN segment, when in fact they are located on a number of different segments. Because VLANs are based on logical instead of physical connections, they are more flexible. For a computer to communicate with devices on different LAN segments other than the segment it is located on, requires the use of a router. And as networks expand, more routers are needed to separate users into broadcast and collision domains, and provide connectivity to other LANs. Since routers add latency, this can result in the delay of data transfer over the network. Switches are used in VLANs to create the same division of the network into separate broadcast domains, but without the latency problems of a router. Advantages to using VLANs: Switched networks increase performance, by reducing the size of collision domains. Users can be grouped into logical networks which will increase performance by limiting broadcast traffic to users performing similar functions or within individual workgroups. Less traffic needs to be routed, causing the latency added by routers to be reduced. VLANs provide an easier way to modify logical groups in changing environments. VLANs make large networks more manageable by allowing centralized configuration of devices located in different physically locations. Software configurations can be made across machines with the consolidation of a department’s resources into a single subnet. IP addresses, subnet masks, and local network protocols will be more consistent across the entire VLAN. VLANs provide independence from the physical topology of the network by allowing physically diverse workgroups to be logically connected within a single broadcast domain. A switched network delivers frames only to the intended recipients, and broadcast frames only to other members of the VLAN. This allows the network administrator to segment users requiring access to sensitive information into separate VLANs from the rest of the general user community regardless of physical location, thus enhancing security. 3.4 Describe the main characteristics of network-attached storage.RAID Redundant Array of Inexpensive (or Independent) Disks. A RAID array is a collection of drives which collectively act as a single storage system, which can tolerate the failure of a drive without losing data, and which can operate independently of each other. Level 0 referred to as striping, is not redundant. Data is split across drives, resulting in higher data throughput. Since no redundant information is stored, performance is very good, but the failure of any disk in the array results in all data loss. Level 1 referred to as mirroring with 2 hard drives. It provides redundancy by duplicating all data from one drive on another drive. Performance is better than a single drive, but if either drive fails, no data is lost. This is a good entry-level redundant system, since only two drives are required. Level 2, which uses Hamming error correction codes, is intended for use with drives which do not have built-in error detection. All SCSI drives support built-in error detection, so this level is not needed if using SCSI drives. Level 3 stripes data at a byte level across several drives, with parity stored on one drive. It is otherwise similar to level 4. Byte-level striping requires hardware support for efficient use. Level 4 stripes data at a block level across several drives, with parity stored on one drive. The parity information allows recovery from the failure of any single drive. Performance is very good for reads. Writes, however, require that parity data be updated each time. This slows small random writes, in particular, though large writes or sequential writes are fairly fast. Level 5 striping with distributed parity. Similar to level 4, but distributes parity among the drives. No single disk is devoted to parity. This can speed small writes in multiprocessing systems. Because parity data must be distributed on each drive during reads, the performance for reads tends to be considerably lower than a level 4 array. 3.5 Explain when to implement fault tolerance and disaster recovery.Fault tolerance is the ability of a system to continue functioning when part of the system fails. Normally, fault tolerance is used in describing disk subsystems, but it can also apply to other parts of the system or the entire system. Fully fault-tolerant systems use redundant disk controllers and power supplies as well as fault-tolerant disk subsystems. You can also use an uninterruptible power supply (UPS) to safeguard against local power failure. Although the data is always available in a fault-tolerant system, you still need to make backups that are stored offsite to protect the data against disasters such as a fire. 3.6 Given a remote connectivity scenario, select the appropriate communication approach, protocol, and settings to apply.IPDetermine whether the remote access server will use DHCP or a static IP address pool to obtain addresses for dial-up clients. If you use a static IP address pool, determine whether the pool will be ranges of addresses that are a subset of addresses from the IP network to which the server is attached or a separate subnet. If the static IP address pool address ranges represent a different subnet, ensure that routes to the address ranges exist in the routers of your intranet so that traffic to connected remote access clients is forwarded to the remote access server.IPXInternetwork Packet Exchange (IPX) is the traditional Novell communications protocol that sends data packets to requested destinations (such as workstations or servers). An IPX network address is a hexadecimal number, one to eight digits (1 to FFFFFFFE), that identifies a specific network cable segment. IPX network segments can process more than one frame type. Each frame type that is used on the network is treated as a logical network segment and requires its own IPX address—even though each frame type is using the same network board and physical cable segment. PPPPoint-to-Point Protocol, is a set of industry-standard framing and authentication protocols that enable remote access solutions to function in a multivendor network. It is recommended that you use PPP because of its flexibility and its role as an industry standard as well as for future flexibility with client and server hardware and software. PPP support enables computers to dial in to remote networks through any server that complies with the PPP standard. PPP also enables remote access clients to use any combination of IPX, TCP/IP, NetBEUI, and AppleTalk. Remote access clients running Windows NT and Windows 2000, Windows 98, and Windows 95 can use any combination of TCP/IP, IPX, and NetBEUI and programs written to the Windows Sockets, NetBIOS, or IPX interface. Microsoft remote access clients do not support the use of the AppleTalk protocol over a remote access connection. PPP standards are defined in Requests for Comments (RFCs), which are published by the Internet Engineering Task Force and other working groups. PPP connection sequence When you connect to a remote computer, PPP negotiation accomplishes the following:
AuthenticationMicrosoft dial-up networking clients typically use MS-CHAP authentication. Non-Microsoft dial-up networking clients use CHAP, SPAP, and PAP authentication. CHAP Challenge Handshake Authentication Protocol is a challenge-response authentication protocol that uses the industry-standard Message Digest 5 (MD5) hashing scheme to encrypt the response. CHAP is used by various vendors of network access servers and clients. MS-CHAP Microsoft Challenge Handshake Authentication Protocol. MS-CHAP is a nonreversible, encrypted password authentication protocol. The challenge handshake process works as follows:
PAP Password Authentication Protocol uses plaintext passwords and is the least sophisticated authentication protocol. It is typically negotiated if the remote access client and remote access server cannot negotiate a more secure form of validation. SPAP Shiva Password Authentication Protocol is a reversible encryption mechanism employed by Shiva. This form of authentication is more secure than plaintext but less secure than CHAP or MS-CHAP. 3.7 Identify the purpose and benefits of using a firewall/proxy.FirewallA firewall is used to prevent unauthorized access to or from a network. They are frequently used to prevent unauthorized users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Firewall techniques:
ProxyIs a server that sits between a client application, such as a web browser, and a real server.When a client program makes a request, the proxy server responds by translating the request and passing it to the Internet. When a computer on the Internet responds, the proxy server passes that response back to the client program on the computer that made the request. The proxy server computer has two network interfaces: one connected to the LAN and one connected to the Internet. The primary security features of Proxy Server are:
3.8 Given a scenario, predict the effects of a particular security implementation on network performance.EncryptionWindows 2000 The Encrypting File System (EFS) provides the core file encryption technology used to store encrypted files on NTFS file system volumes. Once you encrypt a file or folder, you work with the encrypted file or folder just as you do with any other files and folders. Encryption is transparent to the user that encrypted the file. This means that you do not have to decrypt the encrypted file before you can use it. You can open and change the file as you normally do. However, an intruder who tries to access your encrypted files or folders will be prevented from doing so. An intruder receives an access denied message if the intruder tries to open, copy, move, or rename your encrypted file or folder. You encrypt or decrypt a folder or file by setting the encryption property for folders and files just as you set any other attribute such as read-only, compressed, or hidden. If you encrypt a folder, all files and subfolders created in the encrypted folder are automatically encrypted. It is recommended that you encrypt at the folder level. You can also encrypt or decrypt a file or folder using the command-line function cipher. For more information about the cipher command, type cipher /? at a command prompt. Main points about EFS Only files and folders on NTFS volumes can be encrypted. You cannot encrypt files or folders that are compressed. First you must uncompress the file or folder, then you can encrypt it. On a compressed volume, uncompress folders you want to encrypt. You cannot share encrypted files. Encrypted files can become decrypted if you copy or move the file to a volume that is not an NTFS volume. Use cutting and pasting to move files into an encrypted folder. If you use a drag-and-drop operation to move the files, they will not automatically be encrypted in the new folder. System files cannot be encrypted. Encrypting a folder or file does not protect against deletion. Anyone with delete permission can delete encrypted folders or files. 3.9 Given a network installation scenario, select the appropriate NIC and configuration settings.full/half duplexHalf duplex refers to the transmission of data in just one direction at a time. Full duplex refers to the transmission of data in two directions simultaneously. Most NICs contain a setting that lets you select between half-duplex and full-duplex modes. SpeedsMake sure the NIC is the right speed for the network, if it is 100Base-TX then use a NIC capable of 100 Mbps. Quiz for Network Implementation
|
||||||||||||
© 2001 - 2002 studynotes.net You are encouraged to print and download portions of material from the different areas of the Site solely for your own non-commercial use. |