Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. System & Network Administration <ul><li>Chapter 0 – Introduction </li></ul><ul><li>Chapter 1 – Desktops </li></ul><ul><li>By Chang-Sheng Chen (20080218) </li></ul>
  2. 2. The Practice of System and Network Administration <ul><li>Components of the book </li></ul><ul><ul><li>Part 1: The Principles </li></ul></ul><ul><ul><li>Part 2: The Processes </li></ul></ul><ul><ul><li>Part 3: The Practices </li></ul></ul><ul><ul><li>Part 4: Management </li></ul></ul><ul><li>The Editing Style of each chapter </li></ul><ul><ul><li>The Basics </li></ul></ul><ul><ul><li>The Icing </li></ul></ul>
  3. 3. System Administration Tasks <ul><li>A Typical Life Cycle of SA Tasks </li></ul><ul><ul><li>Identification/Definition Phase </li></ul></ul><ul><ul><ul><li>Collecting information </li></ul></ul></ul><ul><ul><ul><li>Analysis </li></ul></ul></ul><ul><ul><li>Design Phase </li></ul></ul><ul><ul><li>Deployment Phase </li></ul></ul><ul><ul><ul><li>Installation, Configuration </li></ul></ul></ul><ul><ul><li>Maintenance Phase </li></ul></ul><ul><ul><ul><li>Update </li></ul></ul></ul><ul><ul><ul><li>Debug/Troubleshooting </li></ul></ul></ul><ul><ul><ul><li>Reconfiguration, Rebuild </li></ul></ul></ul>
  4. 4. Contents of Chapter 0 - Introduction <ul><li>I.1 Do These Now ! </li></ul><ul><ul><li>Use a Trouble-Tick System </li></ul></ul><ul><ul><li>Manage Quick Requests Right </li></ul></ul><ul><ul><li>Start Every New Host in a Known State </li></ul></ul><ul><li>I.2 Conclusion </li></ul>
  5. 5. Contents of Chapter 1 <ul><li>1.1 The Basics </li></ul><ul><ul><li>1.1.1 Loading the System Software and Applications initially </li></ul></ul><ul><ul><li>1.1.2 Updating the System Software and Applications </li></ul></ul><ul><ul><li>1.1.3 Network Configuration </li></ul></ul><ul><ul><li>1.1.4 Dynamic DNS with DHCP </li></ul></ul><ul><li>1.2 The Icing </li></ul><ul><ul><li>1.2.1 High Confidence in Completion </li></ul></ul><ul><ul><li>1.2.2 Involve customers in the Standarization Process </li></ul></ul><ul><ul><li>1.2.3 A Variety of Standard Configurations </li></ul></ul><ul><li>1.3 Conclusion </li></ul>
  6. 6. Desktops <ul><li>Desktops are usually deployed in large quantities and in long life cycles . </li></ul><ul><li>The Big Three Tasks of managing operations systems on Desktops </li></ul><ul><ul><li>Loading the system software and applications initially </li></ul></ul><ul><ul><li>Updating the system and applications </li></ul></ul><ul><ul><li>Configuring network parameters </li></ul></ul><ul><li>Automating these tasks makes a world of difference </li></ul>
  7. 7. Desktops - The Basics <ul><li>Managing operations systems on Desktops </li></ul><ul><ul><li>Loading the system software and applications initially </li></ul></ul><ul><ul><li>Updating the system and applications </li></ul></ul><ul><ul><li>Configuring network parameters </li></ul></ul><ul><li>Evard’s life cycle of a machine (Evard 1997) </li></ul><ul><li>Automating Installation Reduces Frustration </li></ul><ul><li>First-class Citizens (i.e., Fully-support) </li></ul><ul><ul><li>A variety of platforms </li></ul></ul>
  8. 8. Evard’s life cycle of a machine ( LISA XI, Evard 1997)
  9. 9. What can we learn from the diagram in previous page ? <ul><li>1. Various states and transitions exists. </li></ul><ul><ul><li>Plan for installation, things will break and require repair , etc . </li></ul></ul><ul><li>2. The computer is usable only in the configured state. </li></ul><ul><ul><li>We want to maximize the amount of time spent in that state. </li></ul></ul><ul><ul><ul><li>The setup and recovery process should be fast, efficient, and automated. </li></ul></ul></ul><ul><ul><ul><li>Ensure that the OS degrades as slowly as possible . </li></ul></ul></ul><ul><ul><ul><ul><li>Design decisions by the vendor have the biggest impacts </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Architecture decisions by the SA can weaken the protection </li></ul></ul></ul></ul>
  10. 10. What can we learn from the diagram in previous page ? (Cont.) <ul><li>3. When mistakes are made during installation, the host will start into a decay cycle . </li></ul><ul><li>4. Reinstallation (rebuild) is similar to installation, except one may potentially have to carry forward old data and applications . </li></ul><ul><li>5. Finally, machines are eventually retired. </li></ul><ul><ul><li>Some data and applications must be carried to the replacement machine or stored on the tape for future reference. </li></ul></ul>
  11. 11. Updating the system software and Applications <ul><li>Updates are different from the Initial Load </li></ul><ul><ul><li>The host is in usable state (vs. disabled state) </li></ul></ul><ul><ul><li>The host is in an office </li></ul></ul><ul><ul><li>No physical access </li></ul></ul><ul><ul><li>The host is already in use </li></ul></ul><ul><ul><ul><li>Cannot be messed up after the update/patches </li></ul></ul></ul><ul><ul><li>The host may not in “known state” </li></ul></ul><ul><ul><li>The host may have “live” users (e.g., log in and still running active programs) </li></ul></ul><ul><ul><li>The host may be gone (e.g., not booted temporarily). </li></ul></ul><ul><ul><li>The host may be dual-boot (e.g., Windows + Linux, or even multi-boot,) </li></ul></ul>
  12. 12. Updating the system software and Applications <ul><li>Characteristic: </li></ul><ul><ul><li>An automated update system has potential to cause massive damage. </li></ul></ul><ul><ul><li>Use the One-Some-Many technique to reduce the risk of a failed patch. </li></ul></ul><ul><ul><ul><li>One -> Some -> Many </li></ul></ul></ul><ul><li>Tips for guiding the update process </li></ul><ul><ul><li>Create a well-defined update that will be distributed to all hosts. </li></ul></ul><ul><ul><li>Establish a communication plan so that those affected do not feel surprised by updates. </li></ul></ul><ul><ul><li>Checkpoints and restart </li></ul></ul><ul><ul><ul><li>If there is a single failure , the group size returns to a single host and starting growing again. </li></ul></ul></ul><ul><ul><li>Needing a way for customers to stop the deployment process if things go disastrously wrong. </li></ul></ul>
  13. 13. DHCP <ul><li>Dynamic DNS with DHCP </li></ul><ul><ul><li>Adds unnecessary complexity and security risks </li></ul></ul><ul><ul><li>Letting a host determine its own hostname is a security risk (e.g., conflicting names) </li></ul></ul><ul><ul><li>Workaround: Dynamic DNS should be limited to specific DNS zones (i.e., building a “jail” for dynamic DNS configuration) </li></ul></ul><ul><li>Advantages of Using DHCP </li></ul><ul><ul><li>Avoiding situations in which the customers are put into a position that allow their simple mistakes to disrupt others. </li></ul></ul><ul><ul><ul><li>E.g., The same IP address as a router (default gateway) </li></ul></ul></ul><ul><ul><li>Managing DHCP Lease Time </li></ul></ul><ul><ul><ul><li>Lease time can be managed to aid in propagating updates. (e.g., Change subnet netmask) </li></ul></ul></ul><ul><ul><li>DHCP Also assists in Moving Clients away from Resources (e.g., Changing IP address of a DNS server) </li></ul></ul>
  14. 14. Network Configuration <ul><li>DHCP (Dynamic Host Configuration Protocol) </li></ul><ul><ul><li>The most common system to automating ways to update network parameters for a large desktop environment </li></ul></ul><ul><li>Use Template Rather Than Per-Host Configuration </li></ul><ul><li>When to Use Dynamic Lease </li></ul><ul><ul><li>When you have many hosts chasing a small number of IP address </li></ul></ul><ul><ul><ul><li>Cf. Office LANs  statically assigned </li></ul></ul></ul><ul><ul><ul><li>Servers -> static assignment (permanent lease) </li></ul></ul></ul><ul><li>DHCP and Public Network </li></ul><ul><ul><li>LANs in university labs or dorms, hotel rooms, wireless LANs, etc. </li></ul></ul>
  15. 15. 1.2 The Icing <ul><li>High confidence in Completion </li></ul><ul><ul><li>automation </li></ul></ul><ul><li>Involve Customers in the Standardization Process </li></ul><ul><ul><li>Platform controlled by management (i.e., specific AP sites, telesales offices, etc.) </li></ul></ul><ul><ul><li>Platforms controlled by SA Team (more common) </li></ul></ul><ul><ul><ul><li>Base system, most commonly required applications, utilities that can be licensed economy in bulk </li></ul></ul></ul><ul><li>A Variety of Standard Configurations </li></ul><ul><ul><li>Beauty or nightmare ? </li></ul></ul><ul><ul><ul><li>Simple (all the same) and scalability (multiple configuration schemes) </li></ul></ul></ul>
  16. 16. Appendix <ul><li>Background - Internet Applications </li></ul><ul><li>Networking Troubleshooting Process </li></ul><ul><li>5 Phases of Software Life Cycle </li></ul><ul><li>DNS security and DHCP </li></ul><ul><li>Case Study: E-mail delivery errors of NCTU-course portal </li></ul>
  17. 17. Background - Internet Applications
  18. 18. Networking Troubleshooting Process DNS_b DNS_a SMTP_a SMTP_b DNS Filtering DNS Filtering Router/Switch Filtering Router/Switch Filtering SMTP Filtering SMTP Filtering Client Router_a Router_b
  19. 19. 5 Phases of Software Life Cycle Waterfall Model
  20. 20. 5 Phases of Software Life Cycle Realistic Waterfall Model
  21. 21. Local Attacks (1) DNS spoofing HOST DNS MITM If the attacker is able to sniff the ID of the DNS request , he/she can reply before the real DNS server
  22. 22. Local Attacks (2) DNS spoofing - tools <ul><li>Ettercap ( ) </li></ul><ul><ul><li>Phantom plugin </li></ul></ul><ul><li>Dsniff ( ) </li></ul><ul><ul><li>Dnsspoof </li></ul></ul><ul><li>Zodiac ( Projects / zodiac ) </li></ul>
  23. 23. Local to remote attacks (1) DHCP/DNS spoofing <ul><li>The DHCP request are made in broadcast . </li></ul><ul><li>If the attacker replies before the real DHCP server it can manipulate : </li></ul><ul><ul><li>IP address of the victim </li></ul></ul><ul><ul><li>GW address assigned to the victim </li></ul></ul><ul><ul><li>DNS address </li></ul></ul>
  24. 24. Local to remote attacks (2) DHCP spoofing - countermeasures <ul><li>YES - detection of multiple DHCP replies </li></ul><ul><li>Yes – restrict the DHCP replies to a range of IP </li></ul><ul><ul><li>e.g., discard the DHCP replies from remote sites across edge routers since they can be spoofed </li></ul></ul>
  25. 27. Viewing Header Source of a Mail Messages
  26. 28. Excerption of The SMTP System Log <ul><li>Sep 13 12:43:31 mail sm-mta[1868]: k8D4hUEP001868: from=<>, size=4154, class=0, nrcpts=3, msgid=<>, proto=ESMTP, daemon=MTA, [] </li></ul><ul><li>Sep 13 12:43:31 mail sm-mta[1870]: k8D4hUEP001868: to=<>, ctladdr=<> (1002/20), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=94461, relay=local, dsn=2.0.0, stat=Sent </li></ul><ul><li>Sep 13 12:43:33 mail sm-mta[1870]: k8D4hUEP001868: to=<>, ctladdr=<> (1002/20), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=94461, [], dsn=2.0.0, stat=Sent (Ok: queued as A6EA617029) </li></ul><ul><li>Sep 13 12:43:34 mail sm-mta[1870]: k8D4hUEP001868: to=<>, ctladdr=<> (1002/20), delay=00:00:03, xdelay=00:00:01, mailer=esmtp, pri=94461, [], dsn=2.0.0, stat=Sent (Ok: queued as EC8D419EF4) </li></ul>