Identify and select administration tools to meet organisational policies

Why we need administration tools 2

Reviewing organisational policies on network use and administration 3

Policy review 3

What is administration? 4

Identifying administration tools 6

Configuring and documenting network settings 6

Checking applications are network capable 6

Designing and building network folder structures 7

Securing user accesses and managing user accounts 8

Maintaining network services 8

Managing virus prevention: strategies 9

Undertaking network risk analysis 10

Maintaining ongoing network security 11

Making recommendations to overcome weaknesses 12

Summary 14

Check your progress 14

Why we need administration tools

As a Network Administrator you will be responsible for the smooth running of the network. Networks are now critical in many organisations and failure cannot be tolerated. You must be proactive in your role and use all necessary tools to ensure that the network operates as the organisation expects it to. Many of these administration tools will be built into either the operating system or the network hardware itself. In addition, third party organisations may provide generic administration tools that work with different operating systems and hardware and so provide a central point of control to perform a number of administration tasks.

In selecting appropriate administration tools, you will need to consider:

·  the organisational policies and procedures

·  the type and level of services required

·  whether to recommend to management that they invest in any third party products.

In this topic we will show you how to review organisational policies to identify the need for network administration. You will then see how to identify the appropriate tools and to make suggestions to fill in any gaps in requirements.

Reviewing organisational policies on network use and administration

Policy review

What will you be looking for?

Most organisations should have developed policies and procedures which detail how the network is to be operated and maintained. As the network administrator you should be aware of the requirements that these place on you and while it is great service to exceed requirements, you should be making sure that you at least meet expected outcomes.

So the first thing you need to do is to review the relevant parts of these documents. You may find that the policies and procedures manual is a printed, hard copy document or you may find that it is online and accessible across the Intranet. Either way you have a duty to be aware of the contents of these documents and be especially cognisant of those that directly impact your administration role.

The Service Level Agreement (SLA)

Your organisation may also have a published a Service Level Agreement (SLA) between the network group and the user community. This will also contain essential information about the performance and operation of the network that you will need to know in order to develop your administration routines and thus identify the resources and systems that you require.

There are likely to be three main areas to consider when identifying administration policy requirements:

1 regular administration requirements that should be undertaken as a matter of course

2 ad-hoc administration requirements such as certain troubleshooting routines that are needed on demand

3 performance related administration which is required to ensure that the network continues to deliver to users.

The SLA should also include details of performance metrics to identify whether the administration is meeting targets. If this is the case then you may want to also review these statistics.

Reflection

Can you think of other documents that the administrator could review to identify administration policy requirements?

Feedback

There could be help desk statistics or incident logs that may be used to identify problems that could be the result of poor administration routines. If any network or IT committees meet regularly, the minutes of these meetings may again have identified administration issues.

What is administration?

As you look through the various documents you will need to identify those policies or SLA requirements that are squarely administration activities and those that fall into other categories such as help desk procedures, response times, etc.

While the exact determination of your role as an administrator will vary from organisation to organization, in this topic we will be looking at the following tasks as part of an administrator’s job:

·  configuration and documentation of network settings

·  checking applications are network capable

·  designing and building network folder structures

·  securing user accesses

·  managing user accounts

·  maintaining network services

·  managing virus prevention strategies.

·  network risk analysis

·  ongoing Network security.

Before you undertake any of these roles you will need to know what the policies say, or what the SLA requires, in each area. Then you can review the tools to assist you in your regular, ad-hoc or performance related work.

Reflection

What else may an administrator be required to do?

Feedback

Administrators could also be required to:

·  Recommend hardware purchases and/or upgrades.

·  Carry out backups and restores.

·  Monitor network traffic and analyse performance.

·  Advise on standard operating environments across client computers.

·  Maintain Wide Area Networks (WAN).

·  Manage the intranet website.

As you can see the role of a network administrator is varied and challenging.

Identifying administration tools

Now that you know what you need to do and how you will be measured you can turn your attention to the tools that will help you in your job. While the exact tool and operation of the tool will vary from network to network we will generally discuss the main groups of tool as related to the administration roles that we identified earlier.

Configuring and documenting network settings

During the installation of the network operating system certain settings and/or parameters will have been used. Ideally these should have been documented at the time but often they are not.

As part of the need to fully document your network you should make use of the tools that summarise these settings.

Activity

For a computer that you may have access to identify the means by which you can discover information about the network.

Feedback

You should have been able to identify settings such as the IP address used, the computer name, any domain it may belong to, etc.

Checking applications are network capable

The tools for doing this will again depend upon the network operating system in use and the application itself. Network applications should also be able to handle concurrent access to data. Applications may have their own network settings that need to be configured and these can include parameters such as port numbers that they use, network protocols and server accesses.

Research

Certain Port numbers are reserved for common applications such as email or file transfers (FTP). Use the Internet to identify what these may be.

Feedback

You will find a comprehensive list of port numbers and their use on the Internet Assigned Numbers Authority website at: http://www.iana.org. Just follow the links ‘Most Popular Link’ and ‘TCP and UDP Port Numbers’.

Designing and building network folder structures

File servers are used to share files with many users. To facilitate this, an effective and efficient file structure is required. Creating a folder structure on a server is similar to creating one on a single PC. The main difference is that each folder needs to be secured to allow the appropriate users the correct level of access, and that one or more folders will be shared on the network to allow access from other computers on the network

Activity

For an operating system that you are familiar with (ideally a networking operating system) identify the types of access that can be granted to a shared folder.

Feedback

As an example with Windows Server operating system you can set the following access rights on a shared folder:

·  Read — users can see folders and files in that folder. They can run programs in the folder.

·  Change — users can create and add files to the folder. They can delete files and folders.

·  Full Control — users can take ownership of files and folders and manage the permission of the files and folders.

Note that when permissions are assigned it is usual to put users into groups and assign permissions at the group level. This makes security easier to administer.

Securing user accesses and managing user accounts

Ensuring users have appropriate access to network resources is a major administration activity both at installation time and during the life of the network. There are many features in the networking operating system to allow you to do this. Settings may be configured as users are created or at a latter date. As discussed earlier, users will be given appropriate access to folders but there are many other network resources such as printers, servers and network applications.

Activity

For an operating system that you are familiar with (ideally a networking operating system) create a new user and identify the security access features that an administrator may use.

Feedback

As an example with Windows Server operating system you have the following user access features:

·  Whether the password will expire within a set timeframe.

·  Account expiration. For temporary staff

·  When users can logon to restrict access times

·  Membership of groups to facilitate access permissions

Maintaining network services

Network services can relate to specific, additional features in the network operating system such as TELNET or FTP that need to be added and configured. There may also be more generic network services required such as an application requiring access to a particular port number. There could be the need to implement a new application using a client/server network structure.

As with most of these requirements the application should fully document any network requirements in the installation guide. The administrator should then review these and make the appropriate network changes.

Reflection

What should an administrator do if a new application requires a network configuration that is contrary to the current policies and procedures?

Feedback

This can always be a difficult issue and one would hope that during the selection phase the network administrator was involved in identifying the technical feasibility of the new application. Any discrepancies should have been highlighted, discussed and resolved at that point. It may even have meant that the application was not purchased.

However, assuming that the application has now been selected and paid for there are two main approaches to consider.

1 Review the impact of changing the policy. It may be possible to continue operations even if a strict policy is not adhered to, or an exception was made. For example, if the policy clearly states that program files and data should be separated but the new application must have its data with the programs then this may be acceptable. A new procedure may be required to change the backup routines to ensure that this data is backed up.

2 Review the impact of changing the way the application operates. If the application is modular or certain features may be switched off, then it may be possible that the offending module may not be installed. Users would have to determine the impact of this. Alternatively, the application may be able to run with other settings. For example, an application may state that it uses a default port number. This may not be available in the network but the application can be configured to use another port number.

Managing virus prevention: strategies

Viruses are a fact of life today and nearly every organisation and individual is susceptible to a virus attack and the vast majority have experienced such an attack. It is essential that the network administrator use all available resources and features to minimise the likelihood and loss from such an event. Viruses are no longer simply transmitted in files or as attachments to emails. With the increasing use of Internet access and permanent connections, harmful code may be sent without users being aware of the transmission.

While most network operating systems do not include a virus checker they now often include firewall software and other facilities to minimise the impact of hacker attacks. Virus checking software is definitely a third party administration tool that should be top of the list of ‘must have’ applications for all network administrators.

Activity

For an operating system that you are familiar with (ideally a networking operating system) what firewall or other virus minimisation features does it have available?

Feedback

As an example with Windows Server operating system you have the following facilities:

·  A boot sector virus checker, often used during install to ensure no existing viruses are on the hard drive boot sector.

·  Built-in Internet connection firewall.

·  Quarantining of dial in access users to verify appropriate virus checking has been installed.

Undertaking network risk analysis

Risk analysis is an important part of any IT system. The risk analysis is an exercise that is undertaken to consider disastrous events that may occur and then what can be done to minimise or remove the impact of the event.

Someone other than the network administrator may undertake a risk analysis using a risk analysis methodology. Obviously the administrator will have input to the analysis but the most important issue from an administration point of view is to be aware of any network features that can be used to combat events.

For example servers may be duplicated so that if one fails the other can continue running. This is known as fault tolerance.

Activity

For an operating system that you are familiar with (ideally a networking operating system), find out what fault tolerant or other features it may have available.

Feedback

As an example with Windows Server operating system you have the facility to make use of RAID technology. RAID or Redundant Array of Independent (or Inexpensive) Disks allows for data to be written across multiple physical disks. Along with the data, recovery information is also stored. This is organised in such a way that if any one physical disk were to malfunction that data is still retrievable across the remaining disks. This means that an organisation using RAID would not suffer loss if a disk should stop operating.