Networks and System Administration – Notes – Tutorial Session

Define and provide the primary purpose of DHCP.

• A DHCP Server (Dynamic Host Configuration Protocol)

automatically gives network devices (computer, smart phone,
etc.) the configuration information required to communicate
on …a network.

• The DHCP server will assign a device an IP address, a subnet

mask and a default gateway.

• Some DHCP servers will also provide the network device with
further configuration information such as the address of a DNS
(Domain Name Server).

• When your computer or smart phone connects to a wireless

network, it has most likely received configuration from a DHCP
server.

Define authentication and its purpose?

Authentication - to verify a user's credentials and mark the user as

logged in or logged out.

Purpose – Is to group users by responsibilities and grant resource

permissions to authenticated members of a group.

What are the advantages of print sharing service?

• Printer does not take up space at each person's workstation.

• Not having the expense of buying multiple printers.

Discuss the methods enforced to implement Web server security.

• Patches and Updates

Many security threats are caused by vulnerabilities that are

widely published and well known. In many cases, when a new
vulnerability is discovered, the code to exploit it is posted on
Internet bulletin boards within hours of the first successful
attack. If you do not patch and update your server, you provide
opportunities for attackers and malicious code. Patching and
updating your server software is a critical first step towards
securing your Web server.

1
• Services

Services are prime vulnerability points for attackers who can

exploit the privileges and capabilities of a service to access the
local Web server or other downstream servers. If a service is not
necessary for your Web server's operation, do not run it on your
server. If the service is necessary, secure it and maintain it.
Consider monitoring any service to ensure availability. If your
service software is not secure, but you need the service, try to
find a secure alternative.

• Protocols

Avoid using protocols that are inherently insecure. If you cannot

avoid using these protocols, take the appropriate measures to
provide secure authentication and communication, for example,
by using IPSec policies. Examples of insecure, clear text
protocols are Telnet, Post Office Protocol (POP3), Simple Mail
Transfer Protocol (SMTP), and File Transfer Protocol (FTP).

• Accounts

Accounts grant authenticated access to your computer, and these

accounts must be audited. What is the purpose of the user
account? How much access does it have? Is it a common account
that can be targeted for attack? Is it a service account that can be
compromised and must therefore be contained? Configure
accounts with least privilege to help prevent elevation of
privilege. Remove any accounts that you do not need. Slow
down brute force and dictionary attacks with strong password
policies, and then audit and alert for logon failures.

• Files and Directories

Secure all files and directories with restricted NTFS permissions

that only allow access to necessary Windows services and user
accounts. Use Windows auditing to allow you to detect when
suspicious or unauthorized activity occurs.

• Shares

Remove all unnecessary file shares including the default

administration shares if they are not required. Secure any
remaining shares with restricted NTFS permissions.

2
 Ports
Services that run on the server listen to specific ports so that they
can respond to incoming requests. Audit the ports on your server
regularly to ensure that an insecure or unnecessary service is not
active on your Web server. If you detect an active port that was
not opened by an administrator, this is a sure sign of
unauthorized access and a security compromise.

• Registry

Many security-related settings are stored in the registry and as a

result, you must secure the registry. You can do this by applying
restricted Windows ACLs and by blocking remote registry
administration.

• Auditing and Logging

Auditing is one of your most important tools for identifying

intruders, attacks in progress, and evidence of attacks that have
occurred. Use a combination of Windows and IIS auditing
features to configure auditing on your Web server. Event and
system logs also help you to troubleshoot security problems.

• Sites and Virtual Directories

Sites and virtual directories are directly exposed to the Internet.

Even though secure firewall configuration and defensive ISAPI
filters such as URLScan (which ships with the IISLockdown
tool) can block requests for restricted configuration files or
program executables, a defense in depth strategy is
recommended. Relocate sites and virtual directories to non-
system partitions and use IIS Web permissions to further restrict
access.

• Script Mappings

Remove all unnecessary IIS script mappings for optional file

extensions to prevent an attacker from exploiting any bugs in the
ISAPI extensions that handle these types of files. Unused
extension mappings are often overlooked and represent a major
security vulnerability.

• ISAPI Filters

Attackers have been successful in exploiting vulnerabilities in

ISAPI filters. Remove unnecessary ISAPI filters from the Web

3
 server.

• IIS Metabase

The IIS metabase maintains IIS configuration settings. You must

be sure that the security related settings are appropriately
configured, and that access to the metabase file is restricted with
hardened NTFS permissions.

• Machine.config

The Machine.config file stores machine-level configuration

settings applied to .NET Framework applications including
ASP.NET Web applications. Modify the settings in
Machine.config to ensure that secure defaults are applied to any
ASP.NET application installed on the server.

• Code Access Security

Restrict code access security policy settings to ensure that code

downloaded from the Internet or Intranet has no permissions and
as a result will not be allowed to execute.
What is the principle of DNS?

• The Domain Name Service (DNS) is a fundamental component

of the Internet: it maps host names to IP addresses (and vice-
versa). DNS records are organized in zones; each zone matches
either a domain (or a sub-domain) or an IP address range (since
IP addresses are generally allocated in consecutive ranges). A
primary server is authoritative on the contents of a zone;
secondary servers, usually hosted on separate machines, provide
regularly refreshed copies of the primary zone.
What is the principle Mail Server?

• E-mail is instantaneous, cost effective and above all, personal, it

produces the immediate results in terms of increased productivity
from reduced turnaround time, and reduced cost. E-mail is one of
the easiest services to implement on your Intranet. The ideal
Mail System consists of Email servers & clients that support
standards. A clear understanding of popular acronyms of E-mail
will help the users in choosing the right Mail System.
What a system administrator should practices to minimize liabilities or
reduce risk in managing an Enterprise network?
• Understand current legal environment
• Stay current with laws and regulations

4
 • Watch for new issues that emerge

Explain TWO performance indicators that IT customer wants the

most. The points are being supported with brief explanation:
• Maximum throughput.
• Minimal system response time.

Highlight TWO issues when planning for a new network switch in a

medium size enterprise and suggest ONE solution to minimize each of
this issue.
• Capacity.
o Mapped Sales and Manpower growth requirements.
• Features.
o Understand technology trends.

List and explain the THREE pillars to archive exceptional network

and system design.
• Simplicity
A network design should be kept in a simple manner and able to
work efficiently and effectively. Using cost effective network
product can achieve an efficient network to support the services
required from the client.
• Scalability
It is a practice to plan a network design which can evolve by low
modification or increasing the bandwidth rather rips and replace with
new components when there is a demand to increase.
• Security
All network design must ensure confidentiality, integrity and
availability (CIA) services all time when a system is connected to
the network. This is an assurance and confidents to all the
participating users and systems in the network enterprise.
Define network management?
• Network Management- a process to maximize the reliability and
utilization of network components in order to optimize network
availability and responsiveness.

5
 Define security management?
• Security Management - a process designed to safeguard the
integrity, availability, and confidentiality of designated data and
programs against unauthorized access, modification, or
destruction.

Explain THREE benefits of extending Production Acceptance to the

Suppliers.
• Provide suppliers with opportunities to suggest
improvement.
• Networks with supplier to build greater business
relationship.
• Involve commitment from suppliers

Distinguish between Service Metric and Process Metric in Problem

Management Process environment. Provide ONE example of each
metric.
• Service – Measure the effectiveness of a service.
o Waiting time when calling a help desk.

• Process – Measure the efficiency of a process.

o Abandon rate of calls to the help desk.

Highlight TWO issues after implementing IT Services Integration and

suggest ONE solution to minimize each of this issue.
• Issue – Data cascading dependencies.
• Solution – Service Level Agreement.

• Issue – Incompatible data from other service.

• Solution – Redefine data structure.

Enterprise today is contemplating between to integrate or not to

integrate their IT services. Discuss this statement.
• Answers may vary but should cover around
segmentation of resources and synergetic
effects.

List FIVE processes to develop and maintain an effective information system

contingency plan.

1. Develop the contingency planning policy;

2. Conduct the business impact analysis (BIA);

6
3. Identify preventive controls;
4. Create contingency strategies;
5. Develop an information system contingency plan;
6. Ensure plan testing, training, and exercises; and
7. Ensure plan maintenance.

Information system contingency planning represents a broad scope of

activities designed to sustain and recover critical system services
following an emergency event. Identify FIVE contingency plans and
describes the purposes.

7
Compare and contrast between SMTP, POP3 and
IMAP. SMTP:

• SMTP provides a set of codes that simplify the communication

of email messages between servers. It's a kind of shorthand that

8
 allows a server to break up different parts of a message
into categories the other server can understand.

• Any email message has a sender, a recipient - or sometimes

multiple recipients - a message body, and usually a title
heading. From the perspective of users, when they write an
email message, they see the slick interface of their email
software, but once that message goes out on the Internet,
everything is turned into strings of text. This text is separated by
code words or numbers that identify the purpose of each
section. SMTP provides those codes, and email server software
is designed to understand what they mean.

• The other purpose of SMTP is to set up communication rules

between servers. For example, servers have a way of identifying
themselves and announcing what kind of communication they
are trying to perform.

• There are also ways to handle errors, including common things

like incorrect email addresses. In a typical SMTP transaction, a
server will identify itself, and announce the kind of operation it
is trying to perform.

• The other server will authorize the operation, and the message
will be sent. If the recipient address is wrong, or if there is some
other problem, the receiving server may reply with an error
message of some kind.

POP3:

• POP3, which is an abbreviation for Post Office Protocol 3,

is the third version of a widespread method of receiving
email.

• Much like the physical version of a post office clerk, POP3

receives and holds email for an individual until they pick it up.

9
 And, much as the post office does not make copies of the mail
it receives, in previous versions of POP3, when an individual
downloaded email from the server into their email program,
there were no more copies of the email on the server; POP
automatically deleted them.

• POP3 makes it easy for anyone to check their email from any
computer in the world, provided they have configured their
email program properly to work with the protocol.

• POP3 has become increasingly sophisticated so that some

administrators can configure the protocol to "store" email on the
server for a certain period of time, which would allow an
individual to download it as many times as they wished within
that given time frame.

• However, this method is not practical for the vast majority

of email recipients.

IMAP:

• As its name implies, IMAP allows you to access your email

messages wherever you are; much of the time, it is accessed via
the Internet. Basically, email messages are stored on servers.
Whenever you check your inbox, your email client contacts the
server to connect you with your messages.

• When you read an email message using IMAP, you aren't

actually downloading or storing it on your computer; instead,
you are reading it off of the server. As a result, it's possible to
check your email from several different devices without
missing a thing.

• POP works by contacting your email server and downloading all

10
 of your new messages from it. Once they are downloaded, they
disappear from the server.

• If you decide to check your email from a different device,

the messages that have been downloaded previously will not
be available to you.

• POP works fine for those who generally only check their email
messages from a single device; those who travel or need to
access their email from various devices are much better off
with IMAP-based email service.
List and briefly explain FIVE different strategies of QoS principles to
improve a network design.
• Always perform QoS in hardware rather than software when a
choice exists. Cisco IOS routers perform QoS in software. This
places additional demands on the CPU, depending on the
complexity and functionality of the policy. Cisco Catalyst
switches, on the other hand, perform QoS in dedicated hardware
Application-Specific Integrated Circuits (ASICs) and as such do
not tax their main CPUs to administer QoS policies
• Police unwanted traffic flows as close to their sources as
possible. There is little sense in forwarding unwanted traffic
only to police and drop it at a subsequent node. This is
especially the case when the unwanted traffic is the result of
Denial of Service (DoS) or worm attacks. Such attacks can
cause network outages by overwhelming network device
processors with traffic.

• Classify and mark applications as close to their sources as

technically and administratively feasible. This principle
promotes end-to-end Differentiated Services/Per-Hop
Behaviors. Sometimes endpoints can be trusted to set Class of

11
 Service (CoS) of Differentiated Services Code Point (DSCP)
markings correctly, but this is not always recommended as
users could easily abuse provisioned QoS policies if permitted
to mark their own traffic.

• Enable queuing policies at every node where the potential for

congestion exists, regardless of how rarely this in fact may
occur. This principle applies to campus edge and inters
switch links, where oversubscription ratios create the
potential for congestion. There is simply no other way to
guarantee service levels than by enabling queuing wherever a
potential speed mismatch exists.

• Protect the control plane and data plane by enabling control

plane policing (on platforms supporting this feature) as well as
data plane policing (scavenger class QoS) on campus network
switches to mitigate and constrain network attacks.

List the role of post office server.

• Post Office Server, is a method of receiving email.

• Much like the physical version of a post office clerk, Post

Office server receives and holds email for an individual until
they pick it up. And, much as the post office does not make
copies of the mail it receives.

• When an individual downloaded email from the server into their

email program, there were no more copies of the email on the
server; automatically deleted them.

• Post Office server makes it easy for anyone to check their email

12
 from any computer in the world, provided they have configured
their email program properly to work with the protocol.

• Post office server has become increasingly sophisticated so that

some administrators can configure the protocol to "store" email
on the server for a certain period of time, which would allow an
individual to download it as many times as they wished within
that given time frame.
What is Network Access Control (NAC) and how it functions in a
Mobile device?
Network Access Control (NAC) is a computer networking solution that
uses a set of protocols to define and implement a policy that describes
how to secure access to network nodes by devices when they initially
attempt to access the network. NAC might integrate the automatic
remediation process (fixing non-compliant nodes before allowing
access) into the network systems, allowing the network infrastructure
such as routers, switches and firewalls to work together with back office
servers and end user computing equipment to ensure the information
system is operating securely before interoperability is allowed. A basic
form of NAC is the 802.1X standard.
Using NAC in a mobile deployment involves challenges that are not
present in a wired LAN environment. When a user is denied access
because of a security concern, productive use of the device is lost, which
can impact the ability to complete a job or serve a customer. In addition,
automated remediation that takes only seconds on a wired connection
may take minutes over a slower wireless data connection, bogging down
the device. A mobile NAC solution gives system administrators greater
control over whether, when and how to remediate the security concern. A
lower-grade concern such as out-of-date antivirus signatures may result
in a simple warning to the user, while more serious issues may result in
quarantining the device. Policies may be set so that automated
remediation, such as pushing out and applying security patches and

13
updates, is withheld until the device is connected over a Wi-Fi or faster
connection, or after working hours. This allows administrators to most
appropriately balance the need for security against the goal of keeping
workers productive.

Paul had the desire to get into someone’s hotmail account that he knew
but had little technical knowledge. He only needed to get in there once
or twice and didn’t really care too much about them knowing that their
email had been broken into. He knew a little information already on that
person but nothing more than a name and an email address. Based on the
information that Paul has how he will manage to get into the target’s
email account?
Suggested Answer:
The first thing Paul did was go to the local college that provided free
internet access to anyone who could walk up to a console and hit enter
as to remain somewhat anonymous. Next he went to Hotmail and
clicked on “forgot your password?” (As a lot of times people will have
security questions that really do not serve them well.) and it asked for
some verification like city/town, zip code which he had already and if
not, it could have probably been easily Googled. After that step it asked
the security question “What is your pet’s name?” Oh simple. He went on
Google, pulled up the person’s phone number, went to a quiet payphone
and dialed them up. When they answered Paul said “Hi, I am a local
biology student doing a term paper on household pets and I just have a
couple questions. I am on the last part of the paper and I only have a few
more pieces of data to gather before I am finished. Can you help me?” A
couple of seconds of silence passed and she said “Sure, fire away” The
first question was how many pets do you own and what kind of pets are
they? She answered 3 dogs 2 cats immediately. Next Paul asked “What
are their names?” a few seconds passed and he continued with “My

14
paper has a chapter on the most popular animal names in it.” She
answered promptly and he asked the final question “and what are their
ages?” to reduce the likeliness of her remembering the question that he
asked that he was interested. After she answered that question, Paul
thanked her for her time and she shockingly said “Oh that was easy” as
if she was prepared to give out more information. Paul wasn’t
completely stupid and waited a couple of days to pass before attempting
the names then anxiously came home from work one day and attempted
the names. The first 2 didn’t work and as he was thinking oh crap, time
to come up with a Plan B, he typed in the 3rd name and success he was
at the reset password screen which also gave him a temporary password
to login.
Note: The candidate should provide the steps in logical manner by
applying the tool to conduct social engineering methods to obtain the
access to the hotmail account of the target.
Where and how does Social Engineering can be used ethically?
Social engineering will be ethically used:

• Social Engineering is the only conceivable method for testing

security policies and their effectiveness.
• While many security assessments test the physical and
electronically vulnerabilities, few vulnerability analyses study
the human vulnerabilities inherent in users.
• It must be noted that only qualified and trustworthy people
should perform these attacks.

The above attack was accomplished by people trained within the

Intelligence Community who were very familiar with computer security
measures and countermeasures.
Social Engineering is the term that hackers acquire information about
computer systems through non-technical means. Provide THREE
weaknesses’ that entails to social Engineering attacks.

15
Poor Security Awareness

Organizational information security plans will usually address basic

issues in computer security. These issues may include non-disclosure of
passwords, not giving out sensitive data unless the identity of a caller is
confirmed, etc. However, most plans do not include realistic procedures
for making employees aware of the security procedures. Many security
experts assume that the general population understands basic security
issues, such as the importance of a password. These issues are
considered to be common sense by computer and security personnel.
However, before there can be common sense, there must be common
knowledge.

There is very little common knowledge when it comes to computer

security- related issues. The dissemination of computer passwords is one
such issue. An extremely large percentage of users do not understand the
importance of a pass- word for authentication and access to a computer
system. They do not realize that their account can be accessed from
anywhere in the world, given the proper access point.

Users do not understand the lengths that people will go to to obtain the
information that they have access to on a daily basis. Many people do
not understand that throwing something in the garbage does not mean
that the information is destroyed. What is garbage to a user might be
extremely valuable to a hacker, and most people do not understand this
concept.

Human Weaknesses

People will give out information for many reasons. In most cases,
people just want to be helpful, because that is their job and/or nature.
People can also be intimidated to release information, either by being

16
made to believe that a superior wants the information or by just trying to
make an annoying person go away. Corporate spies and many hackers
understand that what is considered to be a positive personal attribute can
easily be exploited and used against the individual.

Untested Plans and Procedures

While organizations might understand their threats and vulnerabilities,

and attempt to address the vulnerabilities through proper operational
procedures, it is difficult to determine if the procedures are adequate
unless they are tested. A good example of an untested procedure is the
reliance upon internal identifiers. Many organizations establish an
internal identifier that is used to authenticate an employee to another
employee. For example many organizations rely upon the Social
Security Number to identify people. It takes very little effort for an
outside attacker to obtain a Social Security Number before attempting to
obtain the desired information.

A Social Engineering attack may be composed of several small attacks,

which might be inconsequential. Unfortunately, the sum of a Social
Engineering attack is greater than the sum of its parts. Small attacks will
probably go unnoticed, and may occur over several months.

While an organization might establish a procedure that requires an

authenticating mechanism, there must be procedures to protect
authenticating mechanisms. This is where a large number of security
plans fail. Many organizations may test a specific part of a security plan
or procedure; however the security plans and procedures must be tested
as a whole.

How a system administrator can manage to minimize liabilities or

17
reduce risk in managing a network?
• Understand current legal environment
• Stay current with laws and regulations
• Watch for new issues that emerge

Explain TWO performance indicators that IT customer wants the most.

The points are being supported with brief explanation:
• Maximum throughput.
• Minimal system response time.

If the information system is damaged or destroyed or the primary site is

unavailable, necessary hardware and software will need to be activated
or procured quickly and delivered to the alternate location. Briefly
explain THREE basic strategies that exist to prepare equipment
replacement.

Vendor Agreements.
As the contingency plan is being developed, SLAs with hardware,
software, and support vendors may be made for emergency
maintenance service. The SLA should specify how quickly the vendor
must respond after being notified. The agreement should also give the
organization priority status for the shipment of replacement equipment
over equipment being purchased for normal operations. SLAs should
further discuss what priority status the organization will receive in the
event of a catastrophic disaster involving multiple vendor clients. In
such cases, organizations with health- and safety-dependent processes
will often receive the highest priority for shipment. The details of these
negotiations should be documented in the SLA, which should be
maintained with the contingency plan.

Equipment Inventory.
Required equipment may be purchased in advance and stored at a
secure offsite location, such as an alternate site where recovery
operations will take place (warm or mobile site) or at another location
where they will be stored and then shipped to the alternate site. This
solution has certain drawbacks. An organization must commit financial
resources to purchase this equipment in advance, and the equipment
could become obsolete or unsuitable for use over time because system
technologies and requirements change.

Existing Compatible Equipment.

Equipment currently housed and used by the contracted hot site or by
another organization within the organization may be used. Agreements
made with hot sites and reciprocal internal sites stipulate that similar
and compatible equipment will be available for contingency use by the
organization.

18
Every recovery personnel should go for official training program to
establish the familiarization with the contingency plan. List FIVE
different purpose of the training.

Purpose of the plan;

• Cross-team coordination and communication;
• Reporting procedures;
• Security requirements;
• Team-specific processes (Activation and
Notification, Recovery, and Reconstitution Phases);
and
• Individual responsibilities (Activation and Notification,
Recovery, and Reconstitution Phases).

List FIVE processes to develop and maintain an effective information

system contingency plan.

1. Develop the contingency planning policy;

2. Conduct the business impact analysis (BIA);
3. Identify preventive controls;
4. Create contingency strategies;
5. Develop an information system contingency plan;
6. Ensure plan testing, training, and exercises; and
7. Ensure plan maintenance.

Diagrammatically explain the SMTP communication model.

Compare and contrast between POP3 and IMAP.

• As its name implies, IMAP allows you to access your email

19
 messages wherever you are; much of the time, it is accessed via
the Internet. Basically, email messages are stored on servers.
Whenever you check your inbox, your email client contacts the
server to connect you with your messages.

• When you read an email message using IMAP, you aren't

actually downloading or storing it on your computer; instead,
you are reading it off of the server. As a result, it's possible to
check your email from several different devices without missing
a thing.

• POP works by contacting your email server and downloading all

of your new messages from it. Once they are downloaded, they
disappear from the server.

• If you decide to check your email from a different device, the

messages that have been downloaded previously will not be
available to you.

• POP works fine for those who generally only check their email
messages from a single device; those who travel or need to
access their email from various devices are much better off with
IMAP-based email service.
Describe the features of SNMPv2 and discuss the limitation of SNMPv2
that leads to the development of SNMPv3.

Features of SNMPv2:

• SNMPv2 are focused on the SMI, Manager-to-manager

capability and protocol operations.
• The SNMPv2c combines the community-based approach of
SNMPv1 with the protocol operation of SNMPv2 and omits all
SNMPv2 security features.
• One notable deficiency in SNMP was the difficulty of
monitoring networks, as opposed to nodes on networks.
• A substantial functional enhancement to SNMP was achieved by
the definition of a set of standardized management objects
referred to as the Remote Network Monitoring (RMON) MIB.

20
 • The development of SNMPv3 was based on the security issues.
SNMPv3 defines two security-related capabilities.
• The User-Based Security Model (USM) and the View-Based
Security Model (VACM).

Limitation of SNMPv2:

Lacked the following features, which are all focused on the security
aspects. They are:
• Authentication
• Privacy
• Authorization and Access Control
• Suitable remote configuration and administration capabilities for
these features.

21