Concepts:Chapter 14Chapter 14 begins a list of three tasks that a system administrator typically performs.
The first bullet has to do with installing or improving a system. The second has to do with ongoing needs of the system. The third may actually be the responsibility of your organization's security division, but as the administrator of a system you will at least be required to participate in the development of security policies for it, and you may be required to develop them on your own. The author continues on page 531 with some very high level concepts. He begins by stating that equipment acquisition and deployment must be in done in the context of a strategic plan. Maybe. In some organizations, the strategic plan is very general, such as "we will be the best information technology department in the world". In that example, the plan does not include measures or time frames, so we cannot be sure we are on track to to attain its elusive goal. If the more specific, more localized plan you operate under says something like "we will improve our service time by 25% this quarter by using the new scheduling system", then you have a plan that supports the system you are trying to acquire, you have a time frame to attain it in, and you presumably have a measure for service time already that you will continue to use. The next high level topic the author hits is part of accounting. The author defines a capital expense as money you pay for something that is expected to last beyond the current fiscal (business) year. He defines an operating expense as money paid for something that lasts only for current fiscal year, or for a portion of that year. The author further states that capital resources that benefit multiple divisions of a company, and those which serve multiple functions for such divisions can be called infrastructure resources. The text lists four characteristics of such resources:
Examples of infrastructure resources would include data and communication wiring, network servers, and network and directory software. You should consider the bullets at the top of page 532 when planning for infrastructure expenditures:
The text discusses standardizing services and equipment for the cost savings it will provide. There will be a higher cost to offering a menu of services than there will be to offering only one or two types. Offering a variety of services and equipment to your user population leads to more kinds of maintenance, varying equipment costs, different infrastructure requirements, and a varying budget from year to year. On page 534, the text moves on to acquisitions. People acquire new hardware, software, and systems for many reasons, not just the three on that page. The better point is that making an acquisition should be done for good business reasons. Creating a business case for a system change is required in most organizations, and having that business case approved does not necessarily end the process. Adding new systems or components for them is more complex than just buying a new printer or a new computer. Often, a bidding process must be followed which can begin with a request for proposal (RFP). See the list of five steps on page 534:
On page 535, the text begins to elaborate on the steps listed above. You should note the sections on preparing an RFP and on evaluating responses to an RFP. Components of an RFP:
The text continues with a discussion about the evaluation process. Proposals must be rated as acceptable or not. Acceptable proposals must be scored. High scoring proposals must be validated: the claims of the bidder must be examined for accuracy and probability of success. On page 538, the text begins a section on evaluating performance. When a system is installed, it is recommended to begin benchmarking its performance. You will want to know whether it meets the goals set for the system at the outset, whether performance increases or decreases over time, and what effect work load and environmental variables have on it. Some well known, frequently used applications have established benchmark scores, as noted on page 539. These scores on systems with known configurations and technical ratings can be compared to score on your systems to view your systems in a known context. The text also discusses using monitoring software to measure the performance of your system over time. Some tools are built in to some versions of Windows, notably the server versions. On page 542, the text changes topics to discuss security concerns for system administrators. The text explains that security can mean protecting all of the resources in which a company has invested, including hardware, software, facilities, and staff. The text presents an overview of several area of concern.
In computer security, auditing is tracking the actions of users and processes on a network. The text explains that an OS may include the ability to track the actions of any user or process, but the feature is usually turned off due to the size and number of the log files that are generated. It requires judgment on the part of a good administrator to decide how and when to enable auditing controls. The text spends a page on virus protection, and lists some classic virus types that concern system and network administrators. His discussion is brief, so I will add a few notes from ITS 305 about two types of infecting software. (ITS 305 is a class for next term.)
The text tells us that we must protect the network as well as individual devices on it from virus attacks, and we must make sure that we are using the most up to date versions of protection that we can obtain. Recently updated and automated protection are phrases to make part of your plan. The text continues the topic of updating protection with a discussion of updates to applications and operating systems. A balance must be reached between allowing constant automated updates and examining each update before we allow our users to have it. In a complex environment, typically one that contains legacy applications, it is often necessary to determine that a security update or patch will not cause a problem for our users. This should be a regular process done by staff who are familiar with the products we use and familiar with examining updates for trouble. A managed environment will prevent users from having the most recent protection, but it will also be less vulnerable to attacks that depend on users having administrative rights to their devices. The text moves on to a brief discussion of firewalls. The author's discussion is a bit longer here. Firewalls can be implemented as network firewalls (hardware or software) or host-based firewalls (software). Their purposes are similar, but a network firewall must handle much more traffic. Since they are meant to protect a large number of devices, a network firewall is typically placed at a traffic choke point, a part of the network through which most of your packets will pass. A good place to put a firewall is between the main switch for a network and the router that provides access to the Internet. It should be monitoring traffic flowing into and out of our network. The text reminds us that firewalls may be stateless or stateful. The difference is that stateful firewalls will not allow traffic between devices unless a proper communication session has been established between them. This prevents attacks that begin with an uninvited transmission. There are several common actions that
a firewall may take based on the rules set by an administrator.
Simple firewalls may have fewer options:
Most firewalls will follow rules based on the properties of received packets, such are where the traffic is from, where it is going, and what protocol is being used. Firewalls may also be application aware, which means they can make decisions about packets based on the application they are trying to access on the receiving device. The author finishes the chapter with a discussion of physical aspects of a work site that affect health and safety as well as effective use of equipment. He lists most of his concerns in the bullets at the bottom of page 551:
|