Guide to Operating Systems Security s1

Guide to Operating Systems Security 0-619-16040-3

Guide to Operating Systems Security Chapter 11 Solutions

Answers to the Chapter 11 Review Questions

1. You are consulting for a small company that has one server, containing one large disk of information. The company wants to establish some type of fault tolerance through implementing RAID and is willing to purchase extra disk drives, if necessary. Which of the following options make the most sense for this company? Answer: b. RAID level 1

2. A bank uses NetWare servers for databases housing information about customer accounts, including account activity. Which of the following do you recommend that the bank should use to ensure that database information remains synchronized even when there is a system crash? Answer: d. the Transaction Tracking System

3. Last night’s Windows Server 2003 backups were successful, but it is nearly noon today and you have detected that a hard drive is displaying multiple severe errors. You decide to make an unscheduled backup of today’s work before you take down the computer to fix the drive. When type of backup is most appropriate in this situation? Answer: d. daily

4. What are the advantages of using a tape rotation scheme? (Choose all that apply.) Answer: a. and c.

5. Your company is considering the use of clustering for servers used by the marketing department. The marketing vice president wants to use an arrangement in which all data is stored on a single tower of tape drives. Is this possible through clustering? Answer: a. It is possible by using the shared disk model of clustering.

6. Your NetWare 6.5 server seems to have intermittent problems with its connection to the network. It has a very new model NIC which you suspect is the cause of the problems. The NIC is not sending out excessive traffic; it just seems to have the connection problems. Which of the following might you do first? Answer: b. Check the NIC manufacturer’s Web site to see if there are any reported problems with this NIC and if there is a new driver.

7. You are planning to purchase a UPS for a Red Hat Linux server used in an accounting office. The office frequently experiences brown outs and power outages because there are electrical wiring problems in the building. What should you look for in the UPS that you purchase? (Choose all that apply.) Answer: b., c., and d.

8. Which of the following are functions provided by a NIC? (Choose all that apply.) Answer: a. and b.

9. Your client’s server has two disk drives connected to two separate controller cards. One disk drive is used as a backup and contains an exact image of the contents of the main drive. This is called ______. Answer: a. disk duplexing

10. Windows 2000 Server supports which of the following RAID levels? (Choose all that apply.) Answer: a. and c.

11. You have a new system programmer who is helping to set up a server on a UPS. He is connecting the CPU, monitor, laser printer, and a scanner to the UPS. What is your response? Answer: b. to unplug the laser printer and scanner and plug both of these into a regular electrical outlet.

12. Your organization has purchased a four-processor computer for you to use as a program development system. They have also purchased Windows XP Professional for you to install on the computer. The Windows XP Professional installation will not complete. What is the problem? Answer: d. Windows XP Professional does not support a four-processor computer.

13. What is the main benefit of disk striping? Answer: c. It can extend the life of a disk.

14. Which of the following are examples of options that can be configured with a UPS that is connected to a computer via a USB or serial connection? (Choose all that apply.) Answer: a. and b.

15. How many disks are needed to configure RAID level 5 in Windows Server 2003? Answer: c. three

16. Your customer service organization uses software RAID level 5 employing five disks. A power supply problem in the unit housing the disks has caused three of the disks to fail. What actions do you take in this situation? Answer: d. Replace the failed disks and perform a full restore from your backup tapes.

17. A NIC uses which of the following to encapsulate source and address information prior to sending a packet? (Choose all that apply.) Answer: c. and d.

18. You are setting up RAID level 5 on eight disks. What percentage of the disk space is needed for redundancy (rather than actual data storage)? Answer: a. One-eighth

19. Your company is considering using software RAID options in Windows Server 2003, but the IT director is concerned because he says the company cannot place boot and system files on the RAID drives if RAID level 5 is used. What solution do you recommend? Answer: c. Use hardware RAID, which does not have this limitation

20. You are using a combination of full backups on Friday nights and incremental backups Saturday through Thursday (including Sunday night). On Tuesday the series of disks you are backing up must be completely replaced because of damage caused by a virus that cannot be completely extricated. Which backup tapes will you need to use to completely restore your data? Answer: d. the Friday, Saturday, Sunday, and Monday night tapes

Hands-On Projects Tips and Solutions for Chapter 11 Project 11-1

In this project, students learn how to configure the Uninterruptible Power Supply service on Windows operating systems so that it is started and set to start automatically.

In Step 6, students should report whether or not the service is started. Project 11-2

In this project, students learn from where to set up communications with a UPS in Windows 2000/XP/2003. Note that on some systems such as some portables and desktop computers, the UPS tab may not be displayed and the system relies on an installation CD-ROM or PnP detection to configure communications.

In Step 3, students should notice that they can specify the UPS vendor in the Select manufacture box. Also, they should notice example manufacturers, such as American Power Conversion.

In Step 5, the On port box enables you to specify the COM or USB port.

In Step 7, the options that can be configured include: . How to send out notifications of a power failure . When to sound a critical alarm that the UPS is about out of power . The ability to run a program just before the UPS is out of power . Whether or not you want the computer and UPS to shut down just before the UPS is out of power Project 11-3

Students learn how to configure NetWare UPS communications in this project. It is not necessary to have a UPS attached to the computer for the project.

In Step 3, the message that verifies the load command should be: Loading Module AIOCOMX.NLM.

In Step 4, students should report that they are loading the UPS_AIO NLM so that it will shut down the operating system after nine minutes have passed continuously without external power and a warning message will be sent to users after seven minutes without power.

Project 11-4

In this project, students practice taking a normal backup of a disk drive in Windows 200/XP/2003 (or if they only have a CD-R, CD-RW, or Zip disk, they can take a backup of a few folders).

In Step 5, to backup only a portion of a drive, such as a folder, double-click the drive and then check only the folder.

In Step 11, the types of backups that students will see after they press the Advanced button are as follows: . Normal . Copy . Incremental . Differential . Daily

Also in Step 11, the types of options displayed in the Advanced Backup Options dialog box also include: . Back up data that is in Remote Storage . Verify data after backup . If possible, compress the backup data to save space . Automatically backup System Protected Files with the System State . Disable volume shadow copy

Consider using this assignment as an opportunity to have a discussion with your students about different backup techniques that are used in different organizations. You might also illustrate tape rotation techniques, such as the Tower of Hanoi. One possibility for an extra assignment is to have students visit a small company or firm and prepare a recommendation for regular backups. Project 11-5

In this project, students use the tar command to back up the /etc and the /usr/home directories. Students can practice using disk space on the computer or using a tape drive if one is available on the computer.

Project 11-6

Students practice starting a backup in NetWare in this project. Before they start, smsstart, TSA600, TSANDS, and sbcon should already be loaded. Also, students will need a remote computer running Windows 2000/XP that can log onto the NetWare server.

In Step 19, the Full backup type is selected by default. Project 11-7

In this project, students view the man (manual) documentation for the dump command in Mac OS X.

In Step 6, the circumstances that might require operator intervention include: . End of tape . End of dump . Tape write error . Tape open error . Disk read error

Solutions to the Case Project Assignments

Marian City Credit Union provides banking and financial services for city employees. The credit union has over 5000 customers. It offers customers checking and savings accounts, loans, telephone and Internet banking, and investment services. The credit union tracks client account information using software on three Windows 2003 servers, (1) a server that houses the software applications, (2) a server that has the main database for customer accounts, and (3) a server that contains a subset of the main database, along with a wide range of reports used by management, the controller, and the local and federal auditors.

Marian City Credit Union also has a NetWare 6.0 server used to process local loans and coordinate larger loans with a national credit union association that provides funding for home mortgages. The NetWare 6.0 server is also used to handle investment banking services. Internet banking is a rapidly growing service for the credit union and is handled by a Red Hat Linux 9.0 server. The credit union staff use Windows XP Professional on their desktops, with the exception of the small marketing group that uses Mac OS X.

Marion City Credit Union has just lost three of its four-person IT staff and hires you through Aspen IT Services to help them address specific disaster recovery concerns raised by both the management and the auditors.

Case Project 11-1: Deploying UPS Systems

Marion City Credit Union currently has two small offline UPS systems, one to protect the Windows Server 2003 database server and one to protect the NetWare 6.0 server. The auditors have recommended that the credit union protect all of the servers with UPS systems and that they upgrade the two aging offline UPSs. Before taking action on this recommendation, the credit union management asks you to prepare a report that: . Describes the types of UPS systems available . Recommends what types of UPS systems and features to use with the servers

Answer:

The auditors are right to recommend that these UPS systems be upgraded.

In their reports, students should describe online and offline UPS systems. An online UPS provides power from its batteries, so there is not even a slight interruption in power when the main power line goes down. An offline UPS does not switch to battery power unless there is a power problem, which means that a computer may still go down or experience wear on electrical parts because of main power problems. Besides these differences, students should note that UPS systems provide power conditioning and regulation to protect against power surges, sages, and dirty power. Some UPS systems come with serial or USB connections to communicate with the computer, such as to warn the computer that the main power has gone down.

All of the servers should be on one or multiple online UPS systems. If one UPS system is used, it is important to make sure that the UPS system can handle the entire load, if there is a power failure. Large UPS systems also may require more maintenance than smaller UPSs. Further, the credit union should strongly consider purchasing UPS systems that can communicate with the servers.

Case Project 11-2: Security through Hardware Redundancy

In addition to addressing the auditors' concerns about UPS systems, the credit union management wants to consider ways to ensure continuous operations of key servers. They ask you to prepare a short report that recommends hardware redundancy measures for the following servers: . Windows 2003 server used for software applications . Windows 2003 database server . NetWare 6.0 loan and investment banking server . Red Hat Linux 9.0 Internet banking server

Answer:

Hardware redundancy can be achieved through: . Using redundant components, such as extra NICs and power supplies in a computer. . Using SMP systems for redundant processors . Clustering computers . RAID

Sample redundancy recommendations that students might make include: . For the Windows 2003 server used for software applications: redundant NICs and a redundant power supply. The server might also be an SMP computer, if the need for redundancy and processing power warrant it. The server might also have RAID. . For the Windows 2003 database server: redundant NICs and a redundant power supply. For better performance and redundancy, the server might also be an SMP computer. This server ought to have some form of RAID. . For the NetWare 6.0 loan and investment banking server: redundant NICs and a redundant power supply. The need for SMP computing and RAID would depend on the assessment of how critical uptime is from moment to moment during business hours. . For the Red Hat Linux 9.0 Internet banking server: redundant NICs and a redundant power supply. If this is a busy server, SMP computing may be important. Also, because Internet banking is done around the clock, this server should have some form of RAID.

Case Project 11-3: Deploying RAID

The tellers at the credit union rely heavily on the Windows 2003 applications and database servers. Currently neither server has RAID installed. The auditors consider providing RAID to be a high priority. Create a report for the credit union management that describes the types of RAID available for Windows Server 2003 and that recommends which forms of RAID to use for these servers.

Answer:

Windows Server 2003 supports the following forms of RAID: . RAID level 0: This level is disk striping only, which can help extend the disk life and provide better performance. One advantage of this level of RAID is that data access is relatively fast. A disadvantage is that if one drive in the set fails, access to all drives and data fails. . RAID level 1: This level includes disk mirroring and disk duplexing. Read access is typically faster than write access. For each disk there is another backup disk that contains a mirror or shadow image of the data. . RAID level 5: This level combines disk striping, error correction, and checksum verification. Level 5 spreads error correction and checksum data over all of the disks, so there is no single point of failure. One disk can fail transparently, but failure of two disks at the same time generally means data will need to be restored after replacing the disks.

Students might recommend RAID levels 1 or 5 for either server. In part, the recommendations can be made on the number of disk drives used in the servers. If all information is on one drive, then disk mirroring/duplexing is a good choice. If there are multiple drives on the servers, then RAID level 5 is likely to be a better choice in terms of cost. Another factor is downtime. If a RAID level 1 drive fails, it is necessary to take down the server and bring it up activating the mirrored/duplexed drive. When a drive fails in RAID 5, this typically is transparent to users, so they can continue with their work.

Case Project 11-4: Solving a Problem for Marketing

One of the marketing staff was working on a new brochure when the disk drive in her Mac OS X system failed. The brochure is intended as the first step in a new marketing drive. The staff member did not have the brochure backed up and so has lost a week of work on the project, which will also delay the marketing drive. The credit union management asks you to submit recommendations about how to prevent this from happening in the future.

Answer:

The most basic preventative step is to provide users with CD-R/RW drives (or another backup medium) so that they can regularly back up important work. The next step would be to train the users about taking regular backups.

Students should also note that Mac OS X supports RAID levels 0 and 1. An option for the Mac OS X users in marketing is to provide them with RAID level 1 for disk mirroring. However, no matter what version of RAID is used, it is still important to take regular backups.

Case Project 11-5: A Backup Scheme for Windows Server 2003 and NetWare

Currently, normal backups are taken every third night on the Windows 2003 servers and on the NetWare server 6.0. There is one set of tapes used for each server, with both sets stored near the servers. The auditors recommend nightly backups for both servers. Before changing the backup scheme, the credit union management would like a report from you that addresses: . The types of backups available in Windows Server 2003 . The types of backups available in NetWare 6.0 . Your recommendations about how to change the backup procedures

Answer:

Taking backups every third night is certainly not adequate for a credit union and the auditors are right to ask for a revised approach.

The types of backups available in Windows Server 2003 are: . Normal: which backs up all data regardless of when it was last modified . Incremental: which backs up files that have been modified since the last backup (as indicated by the archive bit) and the archive bit is removed . Differential: same as the incremental backup, but the archive bit is not removed . Copy: backs up only the selected folder and files . Daily: backs up only files and folders that have changed that day and does not remove the archive bit

The types of backups available in NetWare are: . Full: which backs up all data regardless of when it was last modified . Incremental: which backs up files that have been modified since the last backup (as indicated by the archive bit) and the archive bit is removed . Differential: same as the incremental backup, but the archive bit is not removed

The recommendations for changing the backup procedures might include the following: On the Windows 2003 server, the credit union should perform backups at the end of each business day or every day. They might use a normal back up each Friday or Saturday night (depending on business hours) and a differential backup on all other nights. Further, a tape rotation scheme should be developed, such as the Tower of Hanoi, using at least two tape sets. The tape set not in use should be stored in an off-site vault. The recommendations are similar for the NetWare server. Backups should be performed at the end of each business day or each night. A full backup might be used on Friday or Saturday after business. Differential backups might be used on all other nights. Additionally, a tape rotation scheme should be used, with at least two tape sets. The tape set not in use should be securely stored off site.