Implementing and Managing NetworksChapter 15 After reading this chapter and completing the exercises, you will be able to: ■ Describe the elements and benefits of project management ■ Ma
Trang 1security policy—A document or plan that identifies an organization’s security goals, risks,
lev-els of authority, designated security coordinator and team members, responsibilities for eachteam member, and responsibilities for each employee In addition, it specifies how to addresssecurity breaches
server_hello—In the context of SSL encryption, a message issued from the server to the
client that confirms the information the server received in the client_hello message It alsoagrees to certain terms of encryption based on the options the client supplied Depending onthe Web server’s preferred encryption method, the server may choose to issue your browser apublic key or a digital certificate at this time
session key—In the context of Kerberos authentication, a key issued to both the client and the server
by the authentication service that uniquely identifies their session
SFTP (Secure File Transfer Protocol)—A protocol available with the proprietary version of
SSH that copies files between hosts securely Like FTP, SFTP first establishes a connectionwith a host and then allows a remote user to browse directories, list files, and copy files UnlikeFTP, SFTP encrypts data before transmitting it
social engineering—The act of manipulating personal relationships to circumvent network
security measures and gain access to a system
SSH (Secure Shell)—A connection utility that provides authentication and encryption With
SSH, you can securely log on to a host, execute commands on that host, and copy files to orfrom that host SSH encrypts data exchanged throughout the session
SSL (Secure Sockets Layer)—A method of encrypting TCP/IP transmissions—including
Web pages and data entered into Web forms—en route between the client and server usingpublic key encryption technology
SSL session—In the context of SSL encryption, an association between the client and server
that is defined by an agreement on a specific set of encryption techniques An SSL sessionallows the client and server to continue to exchange data securely as long as the client is stillconnected to the server SSL sessions are established by the SSL handshake protocol
symmetric encryption—A method of encryption that requires the same key to encode the data
as is used to decode the ciphertext
TACACS (Terminal Access Controller Access Control System)—A centralized
authentica-tion system for remote access servers that is similar to, but older than, RADIUS
Terminal Access Controller Access Control System—See TACACS.
TGS (Ticket-granting service)—In Kerberos terminology, an application that runs on the
KDC that issues ticket-granting tickets to clients so that they need not request a new ticketfor each new service they want to access
Trang 2TGT (ticket-granting ticket)—In Kerberos terminology, a ticket that enables a user to be
accepted as a validated principal by multiple services
three-way handshake—An authentication process that involves three steps.
ticket—In Kerberos terminology, a temporary set of credentials that a client uses to prove that
its identity has been validated by the authentication service
Ticket-granting service—See TGS.
ticket-granting ticket—See TGT.
TLS (Transport Layer Security)—A version of SSL being standardized by the IETF
(Inter-net Engineering Task Force) With TLS, IETF aims to create a version of SSL that encryptsUDP as well as TCP transmissions TLS, which is supported by new Web browsers, usesslightly different encryption algorithms than SSL, but otherwise is very similar to the mostrecent version of SSL
Transport Layer Security—See TLS.
Triple DES (3DES)—The modern implementation of DES, which weaves a 56-bit key
through data three times, each time using a different key
war driving—The act of driving while running a laptop configured to detect and capture
wire-less data transmissions
WEP (Wired Equivalent Privacy)—A key encryption technique for wireless networks that uses
keys both to authenticate network clients and to encrypt data in transit
Wi-Fi Alliance—An international, nonprofit organization dedicated to ensuring the
inter-operability of 802.11-capable devices
Wi-Fi Protected Access—See WPA.
Wired Equivalent Privacy—See WEP.
WPA (Wi-Fi Protected Access)—A wireless security method endorsed by the Wi-Fi Alliance
that is considered a subset of the 802.11i standard In WPA, authentication follows the samemechanism specified in 802.11i The main difference between WPA and 802.11i is that WPAspecifies RC4 encryption rather than AES
WPA2—The name given to the 802.11i security standard by the Wi-Fi Alliance The only
difference between WPA2 and 802.11i is that WPA2 includes support for the older WPA rity method
Trang 3d. brute force attack
4. A _ is a password-protected and encrypted file thatholds an individual’s identification information, including a public key
Trang 46. True or false? Networks that use leased public lines, such as T1 or DSL connections
to the Internet, are vulnerable to eavesdropping at a building’s demarcation point, at aremote switching facility, or in a central office
7. True or false? Proxy servers manage security at the Network layer of the OSI Model
8. True or false? The Password Authentication Protocol (PAP) encrypts usernames andpasswords for transmission
9. True or false? If routers are not configured to mask internal subnets, users on outsidenetworks can read the private addresses
10. True or false? Dial-up networking turns a remote workstation into a node on the work, through a remote access server
net-11. A(n) _ occurs when a system becomes unable to tion because it has been deluged with data transmissions or otherwise disrupted data
func-12. A(n) _ identifies your security goals, risks, levels of
authority, designated security coordinator and team members, responsibilities for eachteam member, and responsibilities for each employee
13. A(n) _ is a router that examines the header of every
packet of data it receives to determine whether that type of packet is authorized tocontinue to its destination
14. In _ encryption, data is encrypted using a single key thatonly the sender and the receiver know
15. The _ protocol defines encryption, authentication, andkey management for TCP/IP transmissions
Trang 5This page intentionally left blank
Trang 6Implementing and Managing Networks
Chapter 15
After reading this chapter and completing the exercises, you will be able to:
■ Describe the elements and benefits of project management
■ Manage a network implementation project
■ Understand network management and the importance of baselining to assess a network’s health
■ Plan and follow regular hardware and software maintenance routines
■ Describe the steps involved in upgrading network software and hardware
Trang 7In this book, you have learned the technologies and techniques necessary to design an cient, secure network In this chapter, you will learn how to put those elements together toplan a network implementation or improve an existing network from start to finish One ofthe first steps in implementing a network is devising a plan Before you can create such a plan,however, you must learn some project management fundamentals After a network is in place,
effi-it requires continual review and adjustment Therefore, a network, like any other complex tem, is in a constant state of flux Whether the changes are due to internal factors, such asincreased demand on the server’s processor, or external factors, such as the obsolescence of arouter, you should count on spending a significant amount of time investigating, performing,and verifying changes to your network In this chapter, you will build on this knowledge to learnabout changes dictated by immediate needs as well as those required to enhance the network’sfunctionality, growth, performance, or security
sys-Project Management
Whether you are designing a network from scratch or making significant changes to an ing network, it’s important to plan carefully before purchasing hardware or software or com-mitting staff time Project management provides a framework for planning and implementingsignificant undertakings
exist-Project management is the practice of managing staff, budget, timelines, and other resources
and variables to achieve a specific goal within given bounds The project might be constrained
by time, money, or the number of developers who can help you with the project In the working field, for example, you might employ project management when upgrading yourservers to Solaris version 10, or when replacing the CAT 3 wiring in your organization’s build-ing with CAT 6 wiring This section describes some project management techniques thatapply specifically to network and other technology implementations
net-Different project managers have differing philosophies about the best way to ensure that ject goals are met However, most would agree that project management attempts to answer atleast the following questions in roughly the following order:
pro-◆ Is the proposed project feasible?
◆ What needs must the project address?
◆ What are the project’s goals? (What are the standards for success?)
◆ What tasks are required to meet the goals?
◆ How long should tasks take, and in what order should they be undertaken?
◆ What resources are required to accomplish the tasks, and how much will they cost?
Trang 8◆ Who will be involved and what skills must they possess?
◆ How will staff communicate with others about the project?
◆ After completion, did the project meet the stated need?
Most projects can be divided into phases, each of which addresses some of the questions in thepreceding list For example, you might divide a project into four phases: initiation, specifica-tion, implementation, and resolution In that case, the initiation phase would include deter-mining whether the project is feasible, assessing needs, and determining which staff will beinvolved Identifying goals and answering questions about tasks, timelines, costs, resources, staffrequirements, and communication methods would occur during the specification phase Nextcomes implementation, when the work of the project would take place Finally, the completion
of a project and the analysis of its success would be considered the project’s resolution Figure15-1 illustrates how a project can be divided into these four phases In fact, there are many dif-ferent ways to depict a project’s progress over time, and in many cases the phases overlap
At several points during a project the team might stop to assess its progress In project
plan-ning, a milestone is a reference point that marks the completion of a major task or group of
tasks in the project and contributes to measuring the project’s progress For example, if you were
in charge of establishing an e-commerce server, you might designate the completion of the ware installation on your server as being a milestone Milestones are particularly useful in largeprojects that have high visibility within the organization They provide a quick indication of aproject’s relative success or failure
soft-FIGURE 15-1 Project phases
Trang 9The following sections discuss project management steps in more detail Throughout these tions, the example of a comprehensive network upgrade is used to illustrate project manage-ment concepts as they relate to networking.
sec-Determining Project Feasibility
Before committing money and time to a project, you must decide whether the proposed ject is possible—that is, whether it’s feasible Often, and especially in technology-based com-panies, staff become so enamored with gadgetry and the desire for faster network access thatthey push a project through without realistically assessing its costs and benefits To formalizethe process of determining whether a proposed project makes sense, you can conduct a feasi-
pro-bility study A feasipro-bility study outlines the costs and benefits of the project and attempts to
predict whether it will result in a favorable outcome (for example, whether it will achieve itsgoals without imposing excessive cost or time burdens on the organization) A feasibility studyshould be performed for any large-scale project before resources are committed to that project
Often, organizations hire business consultants to help them develop a feasibilitystudy The advantage to outsourcing this work is that consultants do not make thesame assumptions that internal staff might make when weighing the costs and bene-fits of a proposed project
NOTE
Suppose you are the network manager for the Wyndham School District, which consists ofnine buildings: one administration building, one high school, two middle schools, and five ele-mentary schools Some staff have complained to you about the slow performance of the LAN,slow access to the Internet, and client computers that are barely powerful enough to run learn-ing software You, too, recognize that the district’s technology is outdated You and other staffperceive that a comprehensive upgrade seems necessary However, you don’t know whether theschool board has sufficient money to allocate to the project, if it’s a priority compared to otherexpenses, or if students’ and staff productivity will be significantly hampered during such anupgrade Your feasibility study might consist of rough estimates for the following:
◆ Costs of equipment, connectivity, consulting services
◆ Required staff time for project participation, training, and evaluation
◆ Duration of project
◆ Decrease in productivity due to disruption versus increase in future productivity due
to better network and client performance
◆ A conclusion that addresses whether the costs (equipment, staff, decreased tivity) justify the benefits (increased ongoing productivity)
produc-If you conclude that the project is feasible, you can move to the next step of project planning:assessing needs
Trang 10Assessing Needs
All the staff in the Wyndham School District might agree that the current e-mail system istoo slow and needs to be replaced, or numerous users might complain that the connectionbetween their classroom computers and the LAN’s servers is unreliable Often a networkchange project begins with a group of people identifying a need Before you concur with pop-ular opinion about what portions of the network must be upgraded and how changes mustoccur, as a responsible network administrator you should perform a thorough, objective needs
assessment A needs assessment is the process of clarifying the reasons and objectives
under-lying a proposed change It involves interviewing users and comparing perceptions to factualdata It probably also involves analyzing network baseline data (discussed later in this chapter).Your goal in performing a needs assessment is to determine the appropriate scope and nature
of the proposed changes
A needs assessment may address the following questions:
◆ Is the expressed need valid, or does it mask a different need?
◆ Can the need be resolved?
◆ Is the need important enough to allocate resources to its resolution? Will meetingthe need have a measurable effect on productivity?
◆ If fulfilled, will the need result in additional needs? Will fulfilling the need satisfyother needs?
◆ Do users affected by the need agree that change is a good answer? What kind of olution will satisfy them?
res-A network’s needs and requirements should be investigated as they relate to users, networkperformance, availability, scalability, integration, and security Although only one or a few ofthese needs may constitute driving forces for your project, you should consider each aspectbefore drafting a project plan A project based solely on user requirements may result inunforeseen, negative consequences on network performance, if performance needs are notconsidered as well
A good way to start clarifying user requirements is to interview as many users as possible Just
as if you were a reporter, you should ask pointed questions If the answer is not complete orsufficiently specific, follow up your original question with additional questions The more nar-rowly focused the answers, the easier it is to suggest how a project might address those needs.Besides asking the user what he needs, you may also want to ask why the need should beaddressed, what ways he suggests the need can be addressed, what kind of priority he wouldplace on the need being met, and whether it takes precedence over other needs
In the process of interviewing users, you may recognize that not all users have the same needs
In fact, the needs of one group of users may conflict with the needs of another group In suchcases, you must sort out which needs have a greater priority, which needs were expressed by themajority of users, whether the expressed needs have anything in common, and how to addressneeds that do not fall into the majority
Trang 11In the case of the Wyndham School District, you have identified a broad need for improvingnetwork performance The performance of different segments and the network as a whole can
be measured over time However, performance goals and the steps necessary to improve formance may be subjective One of the district’s network engineers might believe that upgrad-ing the network to a fully switched 100BASE-TX solution is the best way to improveperformance, whereas the technical manager might think it critical to replace all of the net-work’s CAT 5 with fiber-optic cable The choice of which solution to pursue (if not both) mightdepend on budgetary constraints, ease of installation, technical research that favors one solu-tion, or results from preliminary tests
per-Suppose that after interviewing key Wyndham School District staff you discover that the topneed for elementary school teaching staff is to improve performance between workstations inthe classrooms and servers, which are currently housed in the district’s small data center at thehigh school For example, students currently wait between 30 seconds and a minute for popu-lar applications to load over the WAN Ideally, that time would be cut to 10 seconds The pri-mary need for middle school and high school teaching staff is improving response time betweencomputers on the LAN and the Internet For example, using the current fractional T1 to theInternet, students in the foreign language lab wait an average of 15 seconds before a Web-basedtraining tool refreshes its screens Ideally, teachers want this wait reduced to no more than fiveseconds At the same time, technical staff have identified specific WAN performance andsecurity improvements and administrators have established specific budget limits
Now that you have collected a list of project requirements, you are ready to turn those ments into project goals
require-Setting Project Goals
Project goals help keep a project on track They are also necessary later when evaluating whether
a project was successful A popular technique for setting project goals is to begin with a broadgoal, then narrow it down into specific goals that contribute to the larger goal For example,one of the Wyndham School District’s goals is to improve performance between its networkand the Internet Beneath that goal, you may insert several smaller goals, such as increasing thethroughput of its current Internet connection, connecting to a nationwide ISP, and using aproxy server to cache frequently accessed Web pages
In addition to being specific, project goals should be attainable The feasibility study shouldhelp determine whether you can achieve the project goals within the given time, budgetary,and staffing constraints If project goals are not attainable from the outset, you risk losing back-ing from the project participants, the users, and the managers who agree with the project’s goalsand who will strive to help you achieve them Managers and others who oversee resource allo-
cation are called sponsors In the Wyndham School District upgrade example, the high school
principal and key members of the school board might act as sponsors Although sponsors donot necessarily participate in project tasks or supervise project teams, they can lobby for thefunding necessary to complete the project, appeal to a group of managers to extend a project’sdeadline, assist with negotiating vendor contracts, and so on And if you lose backing, chances
Trang 12are good that the project will fail Sponsors belong to a larger group of interested parties
known as stakeholders A stakeholder is any person who is affected by the project For
exam-ple, in the Wyndham School District upgrade project, stakeholders include teachers, trators, technical staff, and even students, because students are also network users
adminis-Projects without clear goals suffer from inefficiencies A lack of well-defined goals can result
in misunderstandings between project participants, lack of focus among team members, lack
of proper resource allocation, and an uncertainty about whether the project’s outcomes tuted success After you have worked with project participants and sponsors to clearly identifythe project’s goals, you are ready to develop a project plan
consti-Project Planning
A project plan organizes the details (for example, the timeline and the significant tasks) of a
managed project Plans for small projects may take the form of a simple text or spreadsheetdocument For larger projects, however, you typically take advantage of project managementsoftware such as Microsoft Project or PrimaVera Project Planner Project management soft-ware facilitates project planning by providing a framework for inputting tasks, timelines,resource assignments (identifying which staff are responsible for each task), completion dates,and so on Such software is also highly customizable, so you can use only a small portion or all
of its features, depending on the scope of your project and your project management skills.Figure 15-2 shows a list of tasks as they might appear in Microsoft Project
FIGURE 15-2 A project plan in Microsoft Project
Trang 13Tasks and Timelines
A project should be divided into specific tasks Larger tasks are then broken into evensmaller subtasks For example, upgrading the Wyndham School District’s backbone fromCAT 5 to fiber-optic cabling represents a large task with numerous subtasks: document-ing the current cable plant, obtaining the fiber-optic cable, obtaining the connectivitydevices compatible with fiber-optic connections, scheduling network downtime duringwhich the upgrade can occur, removing the CAT 5 cabling, installing the fiber-opticcabling, testing the changes, and so on
After you have identified tasks, you can assign a duration, start date, and finish date to eachtask and subtask in the project plan You can also designate milestones, task priority, and howthe timeline might change depending on resource availability or dependencies Timelines arenot always easy to predict Seasoned professionals may be able to gauge how long a particulartask might take based on their previous experience with similar tasks However, every projectmay entail conditions that affect a timeline differently When creating a timeline, you should
allow extra time for any especially significant tasks A Gantt chart is a popular method for
depicting when projects begin and end along a horizontal timeline Figure 15-3 illustrates asimple Gantt chart
FIGURE 15-3 A simple Gantt chart
Trang 14In addition to these elements, project plans may provide information on the amount of bility in the timeline, task dependencies, links to other project plans, and so on With most pro-ject planning software, you can add your own columns to the plan and insert any type ofinformation you deem appropriate For example, if you are managing a very large networkdesign project, you might create a Web site with links to documentation for each phase of theproject In the project plan, you might include a column to list the URLs of the documents foreach task or group of tasks.
flexi-Communication
Without clear and regular communication, a project will falter Communication is necessary toensure that all participants understand the project’s goals, help keep a project’s budget and time-line on track, encourage teamwork, avoid duplicate efforts, and allow learning from previousmistakes The project manager is responsible for facilitating regular, effective communicationamong project participants In addition, the project manager must ensure consistent commu-nication with all project stakeholders
No matter how small and insignificant your network change appears, if it could potentiallyaffect the way that users accomplish their daily work, you must prepare users for the change
In some cases, the likelihood of a change affecting users is plainly evident For example, if youupgrade the version of NetWare used by your file servers and therefore must upgrade the Nov-ell networking client version used by clients, every user will see a slightly different screen whenshe starts up the computer and logs on to the network If you replace a segment of CAT 3cabling with CAT 6 cabling, however, users might not notice the difference
For a major network change, you definitely must inform users Among other things, explain tousers:
◆ How their access to the network will be affected
◆ How their data will be protected during the change (even if you are confident thatthe data will remain unaffected by the change, explain how the protection works)
◆ Whether you will provide any means for users to access the network during the
change
◆ Whether the change will require users to learn new skills
You may be asked to plan a project with seemingly impossible deadlines One
tech-nique for making the project fit into a tight time frame is to work backward to create
the timeline Begin at the project’s predetermined endpoint and move toward the
beginning of the project, allowing the normal time requirements for tasks This
method highlights which tasks may delay the project and therefore need to be
dropped or modified, at least temporarily
TIP
Trang 15Although providing all of this information may seem burdensome, it lessens the possibilitythat your project might be stymied by negative reaction To minimize the amount of timespent communicating with users, you might convene company-wide meetings or send mass e-mail distributions If a network implementation has the potential to drastically change the waythat users perform their work, you might want to form a committee of user representativeswho can attend project meetings and provide input from the users’ point of view.
Contingency Planning
Even the most meticulously planned project may be derailed by unforeseen circumstances Forinstance, a key team participant may quit, your budget may be unexpectedly cut, or a softwarepackage may not work as promised Each of these conditions may threaten to delay your pro-ject’s completion To prepare for such circumstances, you must create a contingency plan at the
beginning of the project Contingency planning is the process of identifying steps that
mini-mize the risk of unforeseen events that could affect the quality or timeliness of the project’sgoals
For example, suppose that as the Wyndham School District network manager, you have onlyone week—while students are on spring break—to replace older servers with new, high-per-formance servers Long before that week, you have established an excellent relationship withyour hardware vendor You order the servers two months in advance However, after six weeks,they still haven’t arrived, due to a quality control problem at the manufacturer Spring break isnearing, so you arrange with your hardware vendor to ship a slightly different, but similar model
of server that’s in stock in case the new servers don’t appear in the coming week This changemay require a modification in your installation process, but it ensures that the upgrade can stilloccur
Using a Pilot Network
One of the best ways to evaluate a large-scale network or systems implementation is to firsttest it in your environment on a small scale A small-scale network that stands in for the larger
network is sometimes called a pilot network Although a pilot network is much smaller than
the enterprise-wide network, it should be similar enough to closely mimic the larger network’shardware, software, connectivity, unique configurations, and load If possible, you should estab-lish the pilot network in the same location or environment in which the final network will exist.The following tips will help you create a more realistic and useful pilot network:
◆ Include at least one of each type of device (whether a critical router or a client station) that might be affected by the change
work-◆ Use the same transmission methods and speeds as employed on your network
◆ Try to emulate the number of segments, protocols, and addressing schemes in yournetwork And, although it is impractical to emulate the same number of nodes, ifpossible, try to generate a similar amount of traffic