Successfully reported this slideshow.
Chapter 10
Network Administration & Support

Networking Concepts – Eric Vanderburg ©2005
Managing Users & Groups
 Active

Directory Users & Computers
 Edit a text file in Linux
 Computer Management for local ...
Best Practices


Administrators should have 2 accounts








Rename the administrator account (cannot be deleted ...
Considerations
•
•
•
•
•

User name naming
conventions
Password complexity
Logon Hours
Auditing
Security

Networking Conce...
Passwords
 Change

passwords often

 Too

often: written down
 Not often enough: insecure network
 Dictionary attacks
...
Computer Accounts
 Used

to restrict access to the domain to
certain computers
 Must be Domain/Enterprise admin to
add c...
User Rights
 Permissions

- access to resources
 Rights - permitted actions
Log on locally
 Shut down the computer
 Sh...
Groups


Security Group










Local Group
Global Group
Universal Group

Distribution Group
Users should be pl...
Built in Groups









Administrators (Also Domain &
Enterprise)
Account Operators - Create and
manage user accou...
Automatic Groups









User Groups
Everyone
Authenticated Users –
non guest users
Interactive – local user
Netw...
Automatic Groups

Networking Concepts – Eric
Vanderburg ©2005
Domain & Forest Groups
 Local

Group

 For

permissions to local resources
 Other groups should be inside
 Global
 Us...
Functional Levels
Functional Level

Supported DC OS

Windows 2000 Mixed

Windows NT 4.0
Windows 2000
Windows Server 2003

...
Functional Levels
Functional Level

Options

Windows 2000 Mixed

No Universal Groups & Nesting

Windows 2000 Native

Unive...
Trusts
 Types

1-way
 2-way
 Transitive
 Universal – all domains in a tree trust each other


 NT

uses 1-way explic...
Accounts
 SID

(Security Identifier) - Unique number
for AD objects
 We see names, Windows sees SIDs
 Recreated account...
Event Viewer
 System

Log – records information about
operating system services and hardware
 Security Log – records sec...
Performance Monitor






Records individual
events to show trends in
a graph
Object – the item you
want to track (ex:
...
Monitoring
 Network

Monitor

Install from Add/Remove Windows Components
(must be server OS)
 Data read from and written...
Long-term monitoring
 Develop

a baseline
 Update the baseline when the network
changes
 Bandwidth

changes
 New serve...
Security
 Know

the costs

 Costs

due to loss of data
 Costs of downtime
 Cost of implementing security measures
 Ph...
Security
 Securing

data

 Make

it safe from intruders
 Make sure damaged data can be replaced
 Plan

for network sec...
Windows Security Features
 Kerberos
 PKI

(Public Key Infrastructure)
 Group Policy
 VPN (Virtual Private Network)
 I...
Windows 2003
 CLR

(Command Language Runtime) –
reduces bugs that leave Windows vulnerable
by reducing the power of indiv...
Kerberos
 Authentication

Method (Win2k &2k3

default)
 Based on RFC 1510
 Uses Kerberos version 5
 Replaces NTLM (NT ...
Kerberos Components
KDC (Key Distribution Center)
 AS (Authentication Service)
 Verifies identity through AD
 Gives TGT...
Items of Note
 Delegation

with Forwarding and Proxy For a server such as a database server
to access resources on your b...
PKI
 Deploying

a PKI allows you to perform
tasks such as:
 Digitally

signing files (documents and
applications)
 Secu...
Certificates
Digital certificates - Electronic credentials,
consisting of public keys, which are used to
sign and encrypt ...
Certificates
View issued certs from
Certificates MMC
Certificate policy and practice statements
The two documents that out...
Certificate Server Role







Publish certificates - The PKI administrator makes certificate
templates available to c...
Group Policy
AD Users & Computers MMC
Select your
group policy

Group Policy MMC

Edit as needed

Networking Concepts – Er...
Group Policy

Properties

Double click
an item to edit
the properties
for it

Networking Concepts – Eric
Vanderburg ©2005
VPN
 Encapsulates

& encrypt one packet

inside another
 Server to Server - Connecting LANs
 Client to Server - Remote ...
VPN Protocols




L2TP (Layer 2 Tunneling Protocol)
 Encrypts with IPSec
 Works on many protocols (X.25, ATM, IP, Fram...
VPN Advantages
 Distance

is not a concern
 More scalable - can adjust bandwidth to use
 Less reliant on expensive mode...
IPSec





Tunnel - encrypts the header and the payload of each
packet
Transport - encrypts the payload only.
All syst...
Security
 Firewalls
 IDS
 Honeypot
 Malicious

Code

 Wireless
A

“hardened” OS is
one that has been
made as secure ...
Hardware Firewalls
Screening Router - filters
packets & closes ports

Screened host - hardware
firewall filters packets & ...
Hardware requirements
 Storage

– large amounts of log files will
be present on this computer so there
must be a large am...
Software Firewalls
 Most

are cumbersome to configure and control
 Inexpensive extra layer of protection
 Firewall plac...
Firewalls (cont)
 Multiple

firewalls can be used for load
balancing

Networking Concepts – Eric
Vanderburg ©2005
Firewalls

ZoneAlarm
Windows Firewall
Networking Concepts – Eric
Vanderburg ©2005
IDS (Intrusion Detection System)








NIDS (Network IDS) – analyzes network traffic
HIDS (Host IDS) – analyzes tr...
Rules
 Rule

base – set of rules that tell the
firewall or IDS what action to take when
types of traffic flow through it....
Honeypot
A

lure for a hacker
 Wastes the hackers time
 Fake computer or network behind
security barriers
 Can be anal...
Malicious Code
Virus - self-replicating code segment which is be attached to an
executable. When the program is started, t...
Viruses
 Implement

virus protection at these locations:

Workstation – protects a single computer by
scanning files from...
Wireless Security
 Site

Survey - adjust location and range
so that wireless access extends only to
business borders
 Pa...
Hardening
 Remove

unneeded services
 Close unused ports
 Remove unused user accounts

Networking Concepts – Eric
Vande...
Preventing Data Loss
 Backup,

Backup, Backup

Normal - copy with a reset of the archive bit
 Incremental






Copie...
Alternate Boot Methods


Recovery Console










Fixmbr: Replace the
master boot record
Fixboot: Write a new b...
Other Recovery Programs
 System

Restore - takes snapshots
(restore points) of the system state
 Driver Rollback
 Shado...
Shadow Copy
Enabling shadow copies

Click Settings

Networking Concepts – Eric
Vanderburg ©2005
Shadow Copy
Viewing shadow copies –
WinXP

Viewing shadow copies – Win2k

Select a copy and click restore
to go back to th...
Redundancy
 RAID

(Redundant Array of Inexpensive
Disks)
0

- Striping
 1 - Mirroring
 5 - Striping with Parity
 10 -...
Intellimirror
 Push

software to users or computers

 Assigning
 Publishing

(only for users, not computers)

 Protect...
Published Applications

Networking Concepts – Eric
Vanderburg ©2005
UPS (Uninterruptible Power Supply)
 Capabilities:

Power conditioning - cleans power, removing
noise
 Surge protection -...
Auditing
 Records

certain actions for security and
troubleshooting
 Failed

access
 Granted access
 Should

use audit...
Upcoming SlideShare
Loading in …5
×

Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg

929 views

Published on

Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg

  1. 1. Chapter 10 Network Administration & Support Networking Concepts – Eric Vanderburg ©2005
  2. 2. Managing Users & Groups  Active Directory Users & Computers  Edit a text file in Linux  Computer Management for local clients Networking Concepts – Eric Vanderburg ©2005
  3. 3. Best Practices  Administrators should have 2 accounts       Rename the administrator account (cannot be deleted or disabled) Disable the guest account (also add restrictions)      Have an account for normal use Use the administrator level account only when it is needed “Run As” SU (Super User) Only access from this computer No permissions No access times Audit use of administrative rights In Linux, a user account can be disabled by editing the password file and deleted by using the userdel command Networking Concepts – Eric Vanderburg ©2005
  4. 4. Considerations • • • • • User name naming conventions Password complexity Logon Hours Auditing Security Networking Concepts – Eric Vanderburg ©2005
  5. 5. Passwords  Change passwords often  Too often: written down  Not often enough: insecure network  Dictionary attacks  NOS Passwords lengths  Windows 2000/2003 limit is 128 characters  Windows NT limit is 14 characters  Linux limit is 256 characters Networking Concepts – Eric Vanderburg ©2005
  6. 6. Computer Accounts  Used to restrict access to the domain to certain computers  Must be Domain/Enterprise admin to add computers Networking Concepts – Eric Vanderburg ©2005
  7. 7. User Rights  Permissions - access to resources  Rights - permitted actions Log on locally  Shut down the computer  Share resources  Manage printers  Add computers to the domain  Adjust quotas  Backup & Restore  Take ownership  ……  Networking Concepts – Eric Vanderburg ©2005
  8. 8. Groups  Security Group         Local Group Global Group Universal Group Distribution Group Users should be placed in groups Permissions should be given to groups, not individual user accounts Users can belong to many groups Effective permissions – End result of all group memberships. All permissions from all groups are added together but deny overrides allow (use deny sparingly) Networking Concepts – Eric Vanderburg ©2005
  9. 9. Built in Groups        Administrators (Also Domain & Enterprise) Account Operators - Create and manage user accounts Backup Operators - backup & restore Incoming Forest Trust Builders make one way trusts to the root forest domain Network Configuration Operators Change TCP/IP settings for DCs Performance Log Users - configure performance counters, logs, & alerts Performance Monitor Users remotely view performance monitor             Print Operators Remote Desktop Users Replicator - Can change the way AD data is sent between DCs and can start the replicator Server Operators - log onto DCs, start & stop services, backup & restore, format… Cert Publishers - Publish CRL, CTL, & Templates Enrollment Agent - Issue Certs DHCP Administrators DNS Admins Group Policy Creator Owner Schema Admins Help Services Group - Manage Help & Support center (remote assistance) Guests Networking Concepts – Eric Vanderburg ©2005
  10. 10. Automatic Groups         User Groups Everyone Authenticated Users – non guest users Interactive – local user Network – logged onto domain Creator / Owner Anonymous Logon Terminal Services User Dialup Program/Service Groups  Service  Batch  System Networking Concepts – Eric Vanderburg ©2005
  11. 11. Automatic Groups Networking Concepts – Eric Vanderburg ©2005
  12. 12. Domain & Forest Groups  Local Group  For permissions to local resources  Other groups should be inside  Global  User Group accounts should go here  Universal Groups  Contains accounts from entire forest  Native mode only Networking Concepts – Eric Vanderburg ©2005
  13. 13. Functional Levels Functional Level Supported DC OS Windows 2000 Mixed Windows NT 4.0 Windows 2000 Windows Server 2003 Windows 2000 Native Windows 2000 Windows Server 2003 Windows Server 2003 Interim Windows NT 4.0 Windows Server 2003 Windows Server 2003 Windows Server 2003 • Domain or forest functional level Networking Concepts – Eric Vanderburg ©2005
  14. 14. Functional Levels Functional Level Options Windows 2000 Mixed No Universal Groups & Nesting Windows 2000 Native Universal Groups Allowed, Group Nesting Allowed, Group Conversion Allowed, SID History Win Server 2003 Interim No Universal Groups & Nesting Windows Server 2003 Universal Groups Allowed, Group Nesting Allowed, Group Conversion Allowed, SID History, Rename DC’s Networking Concepts – Eric Vanderburg ©2005
  15. 15. Trusts  Types 1-way  2-way  Transitive  Universal – all domains in a tree trust each other   NT uses 1-way explicit trusts  2000 & 2003 use 2-way transitive implicit trusts  Allows sharing between domains (permissions are still needed) Networking Concepts – Eric Vanderburg ©2005
  16. 16. Accounts  SID (Security Identifier) - Unique number for AD objects  We see names, Windows sees SIDs  Recreated accounts will have new SIDs  NT stores user rights in SAM (Security Accounts Manager)  2000 & 2003 stores rights in AD Networking Concepts – Eric Vanderburg ©2005
  17. 17. Event Viewer  System Log – records information about operating system services and hardware  Security Log – records security events based on audit filters or policy settings  Application Log – maintains information about applications  Directory Service  DNS Server  File Replication Service Networking Concepts – Eric Vanderburg ©2005
  18. 18. Performance Monitor    Records individual events to show trends in a graph Object – the item you want to track (ex: processor) Counter – the aspect of the item that you want to track (ex: interrupts/sec) Networking Concepts – Eric Vanderburg ©2005
  19. 19. Monitoring  Network Monitor Install from Add/Remove Windows Components (must be server OS)  Data read from and written to server each second  Queued commands  Number of collisions per second  Security errors  Connections currently maintained to other servers (server sessions)   Linux users can choose from many open source add on products Networking Concepts – Eric Vanderburg ©2005
  20. 20. Long-term monitoring  Develop a baseline  Update the baseline when the network changes  Bandwidth changes  New servers  Software change  Compare performance to the baseline Networking Concepts – Eric Vanderburg ©2005
  21. 21. Security  Know the costs  Costs due to loss of data  Costs of downtime  Cost of implementing security measures  Physical must be protected first  Share oriented security (Win9x)  User oriented security (Win2k, 2k3, XP) Networking Concepts – Eric Vanderburg ©2005
  22. 22. Security  Securing data  Make it safe from intruders  Make sure damaged data can be replaced  Plan for network security  Identify threats  Communicate with other managers in office to make sure security system meets needs (it is not only about IT & think of the users) Networking Concepts – Eric Vanderburg ©2005
  23. 23. Windows Security Features  Kerberos  PKI (Public Key Infrastructure)  Group Policy  VPN (Virtual Private Network)  IPSec (IP Security) Networking Concepts – Eric Vanderburg ©2005
  24. 24. Windows 2003  CLR (Command Language Runtime) – reduces bugs that leave Windows vulnerable by reducing the power of individual programs, placing them under the control of the OS.  IIS 6.0 – configured for maximum security by default & disabled by default  Unsecured clients cannot login – Windows 95, and NT prior to SP4 cannot login to Windows 2003 domain by default; certificates and encryption required by all clients Networking Concepts – Eric Vanderburg ©2005
  25. 25. Kerberos  Authentication Method (Win2k &2k3 default)  Based on RFC 1510  Uses Kerberos version 5  Replaces NTLM (NT LAN Manager) & NTLMv2 – still used with pre 2k clients Networking Concepts – Eric Vanderburg ©2005
  26. 26. Kerberos Components KDC (Key Distribution Center)  AS (Authentication Service)  Verifies identity through AD  Gives TGT (Ticket Granting Ticket) which gives access to certain resources  TGS (Ticket-Granting Service)  Verifies TGT  Creates a service ticket & session key for a resource based on TGT. Client can present the service ticket to another server to access it’s content. NOTE: Servers have tickets too.  Only services it’s own domain. Must refer to another TGS for interdomain resource access (gives referral ticket)  Server with the desired resource  Client  Networking Concepts – Eric Vanderburg ©2005
  27. 27. Items of Note  Delegation with Forwarding and Proxy For a server such as a database server to access resources on your behalf. (given proxy or forwarding ticket)  NTP (Network Time Protocol) is used to synchronize time between machines. Keys are based on system time so all must be the same. Networking Concepts – Eric Vanderburg ©2005
  28. 28. PKI  Deploying a PKI allows you to perform tasks such as:  Digitally signing files (documents and applications)  Securing e-mail  Enabling secure connections between computers,  Better user authentication (smart cards) Networking Concepts – Eric Vanderburg ©2005
  29. 29. Certificates Digital certificates - Electronic credentials, consisting of public keys, which are used to sign and encrypt data.  CA (Certification Authority) Issues digital certificates. Form a hierarchy  Root CA  Subordinate CA  Intermediate CA  Issuing CA  Rudimentary CA restricted to issuing certain certs  Networking Concepts – Eric Vanderburg ©2005 Select CA Role
  30. 30. Certificates View issued certs from Certificates MMC Certificate policy and practice statements The two documents that outline how the CA and its certificates are to be used, the degree of trust that can be placed in these certificates, legal liabilities if the trust is broken, and so on.  Certificate repositories - Where certificates are stored and published. (AD)  CRL (Certificate Revocation List) - List of certificates that have been revoked before reaching the scheduled expiration date  CTL (Certificate Trust List) - The list of the certificates you trust. If you trust a root, you trust all certs from that root.  Networking Concepts – Eric Vanderburg ©2005 Double click to see cert
  31. 31. Certificate Server Role     Publish certificates - The PKI administrator makes certificate templates available to clients (users, services, applications, and computers) and enables additional CAs to issue certificates. Enroll clients - Users, services, or computers request and receive certificates from an issuing CA or a Registration Authority (RA). The CARA administrator or enrollment agent uses the information provided to authenticate the identity of the requester before issuing a certificate. Publish CRL & CTL - Users need to know which certificates are revokes and which servers are trusted by their CA. Renew or revoke certificates Networking Concepts – Eric Vanderburg ©2005
  32. 32. Group Policy AD Users & Computers MMC Select your group policy Group Policy MMC Edit as needed Networking Concepts – Eric Vanderburg ©2005
  33. 33. Group Policy Properties Double click an item to edit the properties for it Networking Concepts – Eric Vanderburg ©2005
  34. 34. VPN  Encapsulates & encrypt one packet inside another  Server to Server - Connecting LANs  Client to Server - Remote users & Extranet Networking Concepts – Eric Vanderburg ©2005
  35. 35. VPN Protocols   L2TP (Layer 2 Tunneling Protocol)  Encrypts with IPSec  Works on many protocols (X.25, ATM, IP, Frame Relay) PPTP (Point to Point Tunneling Protocol)  Encrypts with MPPE (Microsoft Point to Point Encryption) - 40, 56, or 128bit  Authenticates with PAP (Password Authentication Protocol), CHAP (Challenge Handshake Authentication Protocol), MSCHAP, or EAP  Works only over IP Networking Concepts – Eric Vanderburg ©2005
  36. 36. VPN Advantages  Distance is not a concern  More scalable - can adjust bandwidth to use  Less reliant on expensive modem pools Networking Concepts – Eric Vanderburg ©2005
  37. 37. IPSec     Tunnel - encrypts the header and the payload of each packet Transport - encrypts the payload only. All systems must be IPSec compliant Encryption  Authentication Encryption    Data Encryption     SHA (Secure Hash Algorithm) - 160bit, high overhead. MD5 (Message Digest 5) - 128bit DES (Data Encryption Standard) 56bit 3DES (Triple DES) - high processor overhead AES IPv6 has IPSec built-in Networking Concepts – Eric Vanderburg ©2005
  38. 38. Security  Firewalls  IDS  Honeypot  Malicious Code  Wireless A “hardened” OS is one that has been made as secure as possible Networking Concepts – Eric Vanderburg ©2005
  39. 39. Hardware Firewalls Screening Router - filters packets & closes ports Screened host - hardware firewall filters packets & ports. Bastion host does application filtering. NAT or proxy Multiple DMZ – each section has its own set of firewalls and DMZ separating it from the others Screened Subnet/DMZ (Demilitarized Zone) – put external access machines in between 2 firewalls Networking Concepts – Eric Vanderburg ©2005
  40. 40. Hardware requirements  Storage – large amounts of log files will be present on this computer so there must be a large amount of storage  Processor – this computer will be analyzing many packets  2 NICs – must be able to connect the outside with the inside Networking Concepts – Eric Vanderburg ©2005
  41. 41. Software Firewalls  Most are cumbersome to configure and control  Inexpensive extra layer of protection  Firewall places itself in between the NIC and the TCP/IP stack  Vendors Windows Firewall (built-in)  Novell Border Manager (built-in)  Macintosh Firewall (built-in)  Norton Internet Security  BlackIce  ZoneAlarm  Networking Concepts – Eric Vanderburg ©2005
  42. 42. Firewalls (cont)  Multiple firewalls can be used for load balancing Networking Concepts – Eric Vanderburg ©2005
  43. 43. Firewalls ZoneAlarm Windows Firewall Networking Concepts – Eric Vanderburg ©2005
  44. 44. IDS (Intrusion Detection System)       NIDS (Network IDS) – analyzes network traffic HIDS (Host IDS) – analyzes traffic sent only to its host LIDS (Linux IDS) – Open source IDS for linux clients or servers (http://www.lids.org/) Looks at network or host traffic based on rules to determine whether an attack is in progress The IDS can be configured to respond accordingly ex: close ports, ban IP addresses, alert admins, close shares, disable accounts, ect.. Examples: snort Networking Concepts – Eric Vanderburg ©2005
  45. 45. Rules  Rule base – set of rules that tell the firewall or IDS what action to take when types of traffic flow through it.  Should be based on security policy Networking Concepts – Eric Vanderburg ©2005
  46. 46. Honeypot A lure for a hacker  Wastes the hackers time  Fake computer or network behind security barriers  Can be analyzed to view attack methods and improve security. Identify what they are after, what is their skill level, and what tools they use. Networking Concepts – Eric Vanderburg ©2005
  47. 47. Malicious Code Virus - self-replicating code segment which is be attached to an executable. When the program is started, the virus code may also run. If possible, the virus will replicate by attaching a copy of itself to another file. A virus may also have an additional ``payload'' that runs when specific conditions are met.  Trojan horse - malicious code pretending to be a legitimate application. The user believes they are running an innocent application when the program is actually initiating its ulterior activities. Trojan horses do not replicate.  Worm - self-replicating program, does not require a host program, creates a copy and causes it to execute; no user intervention is required. Worms commonly utilize network services to propagate to other computer systems  Spyware - a program that secretly monitors your actions. Could be a remote control program used by a hacker, or it could be used to gather data about users for advertising, aggregation/research, or preliminary information for an attack. Some spyware is configured to download other programs on the computer.  Networking Concepts – Eric Vanderburg ©2005
  48. 48. Viruses  Implement virus protection at these locations: Workstation – protects a single computer by scanning files from server or e-mail messages  Server – scans data read from or written to server; prevents virus from server spreading throughout network  Internet gateway – scans all Web browser, FTP, and e-mail traffic; stops viruses before they enter network. Do not infect those checking your website  Networking Concepts – Eric Vanderburg ©2005
  49. 49. Wireless Security  Site Survey - adjust location and range so that wireless access extends only to business borders  Passwords should be changed and so should WEP keys. WEP should be enabled.  Filter MACs  Disable SSID broadcasting Networking Concepts – Eric Vanderburg ©2005
  50. 50. Hardening  Remove unneeded services  Close unused ports  Remove unused user accounts Networking Concepts – Eric Vanderburg ©2005
  51. 51. Preventing Data Loss  Backup, Backup, Backup Normal - copy with a reset of the archive bit  Incremental    Copies files changed since last full or incremental backup Differential  Copies files changed since last full backup Copy - copy with no reset of the archive bit  Daily - copies all files modified today   Create a backup schedule  Test backups (verify & do a test restore)  Use a UPS (Uninterruptible Power Supply) Networking Concepts – Eric Vanderburg ©2005
  52. 52. Alternate Boot Methods  Recovery Console         Fixmbr: Replace the master boot record Fixboot: Write a new boot sector Format: format the disk Diskpart: Manage disk partitions Last known good configuration Safe mode Safe mode with networking VGA mode Networking Concepts – Eric Vanderburg ©2005
  53. 53. Other Recovery Programs  System Restore - takes snapshots (restore points) of the system state  Driver Rollback  Shadow Copy Networking Concepts – Eric Vanderburg ©2005
  54. 54. Shadow Copy Enabling shadow copies Click Settings Networking Concepts – Eric Vanderburg ©2005
  55. 55. Shadow Copy Viewing shadow copies – WinXP Viewing shadow copies – Win2k Select a copy and click restore to go back to that version Networking Concepts – Eric Vanderburg ©2005
  56. 56. Redundancy  RAID (Redundant Array of Inexpensive Disks) 0 - Striping  1 - Mirroring  5 - Striping with Parity  10 - 2 RAID 5 configurations Mirrored  0+1 - Striped volumes mirrored  Duplexing provides redundancy for the controller also Networking Concepts – Eric Vanderburg ©2005
  57. 57. Intellimirror  Push software to users or computers  Assigning  Publishing (only for users, not computers)  Protect system files from damage  Mandatory & Roaming profiles  Not present in NT Networking Concepts – Eric Vanderburg ©2005
  58. 58. Published Applications Networking Concepts – Eric Vanderburg ©2005
  59. 59. UPS (Uninterruptible Power Supply)  Capabilities: Power conditioning - cleans power, removing noise  Surge protection - protects computer from sags and spikes   Categories Stand-by – must switch from wall to battery power  Online – continually supplies power through battery; no switching. Wall power recharges battery continually  Networking Concepts – Eric Vanderburg ©2005
  60. 60. Auditing  Records certain actions for security and troubleshooting  Failed access  Granted access  Should use auditing sparingly – uses resources & more is harder to utilize effectively Networking Concepts – Eric Vanderburg ©2005

×