CIT 174 – Blog 12 – Week13

Networking and Printing with Linux,
Case Project --

Three offices, of varying staff size centrally located, are planning to upgrade their information technology infrastructure.
1. a) Would you consider relying on an /etc/host file instead of a DNS server for the firm?
Probably not, I think the firm is too large and it needs a DNS server to resolve addresses that are not internal.
b) Would you consider relying on an /etc/host file for just one office?
I think a good course of action would be to have all the local hosts in the host file and have the nonlocal requests resolved by a DNS server. A law firm that size with government clients do not need to save money using a host file. They can afford their own DNS server, or they can link to the DNS server at their ISP.
c) What are the costs of relying on an /etc/host file?
The main downfall of using the host file is that it has to be updated manually. A DNS server updates addresses dynamically, without the input of a person. According to the text book, dynamic routing is better and faster. Routers can exchange information and reroute traffic without much delay.
d) What are the benefits relying on an /etc/host file?
The host file can be faster for resolving local addresses. If you were to lose your Internet connection, the host file would allow you to work offline to connect to your own internetwork. Each workstation could be configured to resolve addresses in a certain way. If the researcher in the home office used nonlocal addresses more, that machine could be configured to check a DNS server first. However, if the accounting office accessed local addresses frequently, that machine could be configured to read the host file first, then a DNS server.
2. a) Would you consider using DHCP instead of assigning static IP addresses?
The only hosts that require static IP addresses are web, email, file, and ftp servers. If the company had any servers that needed to be accessed by most of the employees or people outside the business, those servers would also need static IP’s. Assigning IP addresses with a DHCP server is easier than manually configuring all the hosts in the company. It is easier to move computers, change users, and manage permissions when IP addresses are assigned dynamically.
b) Would you do this throughout the firm?
Yes, only the servers would have static IP’s.
c) If you used DHCP, would you have a server in every office?
No, I believe one server in the main office would be sufficient, it can run DNS and DHCP.
d) What are the trade-offs you must consider in deciding this?
I would have to consider how many computers there are to manage, how many employees there are who need network access, and the amount to traffic to the servers.
3. a) Find a color printer that has good Linux support. What features make you select one over another?
There are hundreds of Linux compatible printers on the market. The companies with the most printers are HP, Epson, Gestetner, Ricoh, Brother, Canon, Lexmark, Kyocera, Lanier, Infotech, and NRG just to name the top companies. Since I am doing a business case for a lawyer’s office, I till choose a high speed black and white by HP. Maybe the LaserJet P3005dn because it prints 35 pages a minute, has expandable ram, two-sided printing, and is network ready. HP seems to be the company who is taking Linux seriously and professes to be a business partner ready to support Linux all the way.
b) What level of Linux support can you find for high-end color printers? Hewlett Packard has been onboard with Linux drivers for several years that I know of. From the information I have gathered, it looks as if HP is still the industry leader in writing Linux drivers, and offering Linux printer support, black and white as well as color.


References:

DNS Software
http://www.dns.net/dnsrd/servers/

Hewlett Packard Open Source
http://h71028.www7.hp.com/enterprise/cache/309906-0-0-0-121.html

Hewlett Packard HPLIP Software (1686 HP printers supported on Linux!!)
http://hplipopensource.com/hplip-web/index.html

HP Linux Support Contact page
http://hp-linux.cern.ch/support/feedb.php3

Interactive List of Printers from Open Printing Foundation
http://www.openprinting.org/printer_list.cgi
http://www.openprinting.org/printer_list.cgi?make=Anyone

Linux Drivers.org – Extensive List of Drivers
http://www.linux-drivers.org/

Open Printing Foundation
http://www.linuxfoundation.org/en/OpenPrinting

SUSE on Linux Printer Support
http://en.opensuse.org/SDB:Information_for_Printer_Manufacturers_Regarding_Linux_Support

CIT 174 – Week 12 -- Blog 11

CONSIDERING SECURITY

How is a network manager supposed to instruct and influence the users on their network about security risks, especially if they are young, college graduates, with little experience? This is a difficult position to be in, but since the company hired you, someone has confidence that you will do the job well. It helps if you are certified and have a degree. As you settle in to your new job, you need to document, document, document, everything. Find out what the current policies are, find out how to implement new policies, and back up your documentation with several valid sources. If you present a strong case with good arguments the management is more likely to take you seriously and support your new security policy ideas.

There are a plethora of security holes in any network, in almost any setting. If only network managers did not have to deal with users, the risks would be minor. Unfortunately, networks are set up for users to “use” and the more users, the more security risks there are. Risks come from many different areas, the Internet, instant messaging and email applications, wireless networks, and removable media.

There are resources, both online and in books, that will help a network administrator conduct a risk analysis; Cisco is one of these resources. Once the risks have been identified, the more obvious ones should be shared with the entire company, not just kept within the IT department. I believe a network manager should explain in relatively simple terms why people needed to protect the network, the users would be more willing to co-operate with security measures. Videos and animated presentations can help educate users, while quizzes and surveys can provide feedback to the IT department about knowledge and compliance. This information can be used to judge the success of the security training program.

Create usage policy statements so the users are aware of the IT department’s mission to keep the network secure and how they are going to implement those security measures. According to Cisco’s Best Practices White Paper On Network Security Policy, “[They] recommend a statement that outlines users' roles and responsibilities with regard to security”. I agree with Cisco that the users need to understand network, computer, and personal security risks. The actions of the user that could result in punitive or disciplinary action should be included in the employment package. These expectations should be reviewed yearly. If possible, the executives and leadership of the company should also be educated about the necessity of security to protect their information, computers, and employees. A network manager cannot expect security policies to be enforced unless the management is aware of the risks and benefits.

Using passwords is the most common way to manage user accounts, limit accessibility, and track user activity. Until we use biometric logons passwords is all network administrators have to work with. Depending on the sensitivity of the data or the service the user is accessing, the more important it is to have a secure password. The passwords need to be designed with “ease of remembrance” in mind. A password written on a post-it-note, on the monitor has defeated the purpose of a password. The best passwords are not “words” from the dictionary, but acronyms, such as “to be or not to be” can be “2BRnot2B”. Try using random words in a non-sense sentence. “I ate kiwis in 1987” can be “i8ki19wis87”. Passwords can be administrated in several different ways. If the operating system is UNIX/Linux, this can be done with PAM. This is a special file that has parameters for security settings. These include password strength, a password expiration date, and the ability to keep users from changing their password to something too simple to protect the network.

Always run your workstations with non-administrative users. This technique provides a sort of insurance by limiting any damage that could result from a security breach. If a person or program is attempting to gain access to a machine would have access to many of the files, but would probably not be able to install malware on the computer, nor would not be able to compromise the operating system or the network.

A wireless environment should be properly secured, at home, at work, and on the road. Change any wireless router's default password and to use WPA encryption. Do not allow routers to be administered over the Internet and consider creating a closed network and limiting access by mac address. Keep logs to see who is trying to access the fire wall and watch out for rogue access points. NetStumbler can detect wireless access points and it supports the use of a GPS card, which allows it to create a map showing the locations of wireless access points. Wireless access to a network creates a huge security risk. If employees really want a wireless network, it is better to set one up for them with some security in place instead of allowing people to randomly connect to the network.

A SHORT LIST OF SECURITY SUGGESTIONS:
Keep all of your software updated
Run anti-virus and anti-malware software
Use permissions, preferences, and group policies to limit user’s ability to install software
Implement a good backup policy; consider storing periodic backup off site
Avoid unsafe behavior, such as, opening email attachments or file sharing.
Block unsigned ActiveX scripts
Do not allow remote access except by the IT department
Establish logs for user logons and logoffs, consider a centralized logging server for easy access to logs
Research the latest security risks, Phishing was an unheard of threat a few years ago, there seem to always be new threats
Use firewalls
Have a disaster recovery plan documented
 
Reference sites:

Apple Product Security
http://www.apple.com/support/security/

CERT® Coordination Center - The United States Computer Emergency Readiness Team (US-CERT)
Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

Cisco Systems, Inc.
Copyright © 2006−2007
http://www.cisco.com/warp/public/126/secpol.pdf

Mandriva Security Advisories
http://www.mandriva.com/security/advisories

Microsoft TechNet Microsoft Windows XP Baseline Security Checklist
http://www.microsoft.com/technet/archive/security/chklist/xpcl.mspx

RedHat Security and Errata
http://www.redhat.com/apps/support/errata/

Slackware Security Advisories
http://www.slackware.com/security/

SUSE Security (US/Canada)
http://www.novell.com/linux/security/securitysupport.html

Tech Republic
Stop rogue access points from showing up on your network
http://articles.techrepublic.com.com/5100-10878_11-5053779.html

Ubuntu Security notices
http://www.ubuntu.com/usn/

University of Indiana Information Technology Services, Knowledge Base, Computer Security
Copyright 2005-2007, The Trustees of Indiana University
http://kb.iu.edu/data/hack.html

Happy Easter

CIT 174
Week 11 -- Chapter 10

Sorry for the missed post!
It was family week for me.

87.8 %

http://www.top500.org/stats/list/32/osfam/

According to top500.org the Linux kernel is being run on 439 of the top 500 supercomputers, that's a whopping 87.80 %

GO TUX !!!!!

CIT 174 --Week 10 -- Blog 9

Chapter 9 Review

1. Which of the following occurs first when a computer is booted? (d) The CPU starts executing commands found in the BIOS.
   
2. On newer computers, the BIOS can typically boot from which of the following devices? (a) Hard disks, CD-ROM drives, removable disks, a network connection, or USB device.
   
3. When using LILO rather than GRUB, you must do which of the following after making a configuration change in order for the change to be effective the next time you boot Linux? (b) Run the lilo command as root.
   
4. Assuming a standard configuration, the BIOS looks first in which of the following locations on a hard disk when trying to find a boot loader or operating system? (a) The MBR (the first sector of the first IDE disk).
   
5. In order to use chained boot loaders, you must be certain that: (c) The first boot loader can by found by the BIOS, and each operating system can be reached via one of the chained boot loaders.
   
6. The Linux kernel is a file having a name that starts with (a) wmlinuz and typically stored in the /boot subdirectory.
   
7. Which feature is part of GRUB but not LILO? (a) Including non-Linux operating systems in the list of bootable systems.
   
8. Describer the output of the uname command. This command displays information about the kernel, so that you know exactly which version you are using.
   
9. The GRUB boot manager can be reconfigured directly as you boot your system, but is also controlled by this configuration file. (d) /boot/grub/grub.conf.
   
10. Which of the following statements about boot parameters is accurate? (a) They are passed to the Linux kernel by the boot loader.
    
11. The scripts in /etc/rc.d/init.d are provided by: (c) the software package that installs the service that the script controls.
    
12. Explain the difference between the configuration data stored in files within the /etc/sysconfig directory and the service-specific configuration data stored in other subdirectories. The data in the /etc/sysconfig is used to start and configure a service to run on the computer. The data in the subdirectory is used by the service itself to determine its parameters.
    
13. The (c) dmesg utility displays kernel hardware configuration messages from the system book process.
    
14. The init program relies on the following configuration file (b) /etc/inittab.
    
15. Name the two run levels normally used to run a Linux-based computer, and describe the difference between those two run levels. The single-user mode is for system maintenance but does not provide networking capabilities. The regular multi-user networking mode is the standard text mode with no graphical interface typically used on network servers.
    
16. The files in /etc/rc.d/init.d can be used to (b) stop and restart most standard services in Linux.
    
17. Name three commands that can be used to begin a graceful shutdown of Linux. Reboot, shutdown, and halt.
    
18. A boot loader can be configured to boot multiple Linux kernels that use the same partition as their root file system. True.
    
19. The timeout= parameter in a GRUB configuration and the delay= parameter in a LILO configuration both refer to (d) how long the boot loader waits for user input before booting the default operating system.
    
20. The service command is used to (a) view or change the current status of a service via a script located in /etc/rc.d/init.d.
    
21. The chkconfig command is used to (b) change the boot-up status of a service that is controlled via a script located in /etc/rc.d/init.d.
    
22. Name the graphical configuration utility provided with Red Hat Linux and Fedora that can be used in place of the command-line utilities service and chkconfig. Service Configuration utility (or servicesonf at the command line).
    
23. If a journaling file system prevents partially written information from causing a corrupted file system in Linux, why is it still important to use graceful shutdown techniques rather than just turning off the system power? Because there are dozens of services running in the background and data in the memory, turning off the power can still cause data loss. All the journaling file system protects against is corrupted file systems.
    
24. Which command is typically executed when the Ctrl+Alt+Del key combination is pressed, and where is that command configured? Immediate restart. In the /etc/inittab file.
    
25. What is the command you use to cause the init program to reread its configuration file after you have made changes to it. "telinit q"