Chapter 1: Introduction and Background

Chapter 1: Introduction and Background

1.1. Computer Systems & Network Overview
Computer System
Computer system is a collection of entities (hardware and software) that are designed to receive,
process, manage and present information in a meaningful format. Hardware refers to the physical,
tangible computer equipment and devices, which provide support for major functions such as input,
processing (internal storage, computation and control), output, secondary storage (for data and
programs), and communication. There are five main hardware components in a computer system:
Input, Processing, Storage, Output and Communication devices.

Computer software, also known as programs or applications, are the intangible components of the
computer system. They can be classified into two main classes namely – system software and
application software.

Network Overview
A network can be defined as two or more computers connected together in such a way that they can
share resources. The primary purpose of a network is to share resources, and a resource could be:
➢ a file,
➢ a folder,
➢ a printer,
➢ a disk drive,
➢ or just about anything else that exists on a computer.

Therefore, a computer network is simply a collection of computers or other hardware devices that are
connected together, either physically or logically, using special hardware and software, to allow them to
exchange information and cooperate. Networking is the term that describes the processes involved in
designing, implementing, upgrading, managing and otherwise working with networks and network
technologies.

There are different types of a computer networks based on their respective attributes. These includes:
geographical span, inter-connectivity (physical topology), administration and architecture.

Geographical Span: based on geographical area it covers there are different types of network:
➢ Personal Area Network (PAN): is a network may be spanned across a given table with
distances between the devices not more than few meters. The technology used to interconnect
the devices could be a Bluetooth. These networks are called Personal Area Networks, since the
devices interconnected in these networks are belongs to a single person.

1
Chapter 1: Introduction and Background

➢ Local Area Network (LAN): is a network that may span across a building, or across several
buildings within a single organization, by using an intermediate devices, like switches and/or
hubs, to interconnect devices in all floors. Sometimes such kind of networks are
➢ Metropolitan Area Network (MAN): is a network that may span across a whole city
interconnecting several buildings and organizations.
➢ Wide Area Network (WAN): is a network that may span across multiple cities, or an entire
country, or an entire continent, or it may even cover the whole world. For example, an Internet
is one example of WAN.

Inter-connectivity: components of a network, including end devices and interconnecting devices, can
be connected to each other differently in some fashion. By connectedness we mean either logically,
physically or both ways. Network topology refers to the shape of a network, or the network's layout. It
is the geometric representation of the relationship of all the links and linking devices to one another.
There are four basic types of topologies, namely bus, star, ring and mesh topologies.
➢ Bus Topology: in this topology all devices are connected to a central cable, called the bus or
backbone, which is terminated at its ends (see figure 1.1 a). The purpose of the terminators is to
stop the signal from bouncing, thereby clearing the cable so that other computers can send data.
Message transmitted along the Bus is visible to all computers connected to the backbone cable.
As the message arrives at each workstation, the workstation checks the destination address
contained in the message either to process or drop the packet if it matches or not respectively.
Its advantages are, ease of installation and less amount of cable requirement. Its main drawback
is, the entire network will be shutdown if there is a break in the main cable.
➢ Star Topology: in this topology, each node is connected directly to a central device called a hub
or a switch (see figure 1.1 b). Data on a star network passes through the central device (switch)
before continuing to its destination. The central device manages and controls all functions of the
network. This configuration is common with twisted pair cable. RJ-45 Connectors are used to
connect the cable to the Network Interface Card (NIC) of each computer. Its advantages
include, ease of installation and reconfiguration, robust (ease of fault identification and
isolation), link failure only affects device(s) connected to that link, and is less expensive than
mesh. Its drawbacks include more cable requirements (than bus and ring) and single point of
failure (if central device fail, the whole system will be down).
➢ Ring Topology: in this topology, all devices are connected to one another in the shape of a
closed loop, so that each device is connected directly to two other devices, one on either side of
it (see figure 1.1 c). Some of its advantages include, easy to install and reconfigure, less
expensive (than mesh), and performance is even despite the number of users. Its cons include,
break in the ring (such as a disabled station) can disable the entire network, and limitations on
media and traffic (limitation on ring length and number of devices).

2
Chapter 1: Introduction and Background

➢ Mesh Topology: in this topology devices are connected with many redundant interconnections
between network nodes. In a full mesh topology (see figure 1.1 d), every node has a connection
to every other node in the network, which makes it the most expensive topology over all the
other topologies. The number of cables grows fast as the number of nodes increases, and it can
be calculated by using the general formula ((n (n - 1)) /2) , where n is the number of nodes in
the network. It has several benefits, such as: dedicated links between devices, robust (single link
failure don’t affect entire network), privacy/security (direct communication between
communicating devices), and ease of fault identification and isolation. Its drawbacks include,
installation and reconnection are difficult (large number of cables), huge amount of cables
consumes a lot of space, and it is the most expensive of all.
➢ Hybrid Topology: A network structure whose design contains more than one topology is said to
be Hybrid Topology. Hybrid topology inherits merits and demerits of all the incorporating
topologies. As its name indicates, this topology can be created by merging one or more of the
above basic topologies. Figure 1.1 e shows hybrid topology that made up of ring and star.

(a) Bus topology (b) Star topology

(c) Ring topology (d) Mesh topology

(e) Hybrid topology (Ring + Star)

Figure 1.1. Types of computer networks based on their physical topology

3
Chapter 1: Introduction and Background

Administration: From administrator's point of view, a network can be private network which belongs
to a single autonomous system and cannot accessed outside of its physical or logical domain. Or a
network can be public network, which can be accessed by anyone inside or outside of an organization.

Network Architecture: based on the architecture (where do the clients get the shared resources?),
networks can be categorized into three:
➢ Client-Server Architecture: There can be one or more systems acting as Server. Other being
Client, request the Server to serve requests. Servers take and process request on clients’ behalf.
➢ Peer-to-Peer (Point-to-point): Two systems can be connected Point-to-Point, or in other words
back-to-back fashion. They both reside on same level and called peers.

➢ There can be hybrid network which involves network architecture of both the above types.
Figure 1.2. Client-Server (left) and Peer-to-Peer (right) network

1.1.1. Network Protocols

Protocol is a set of rules or standards that control data transmission and other interactions between
networks, computers, peripheral devices, and operating systems.

While to devices communicate with each other, the same protocol must be used on the sending and
receiving devices. It is possible for two devices that use different protocols to communicate with each
other, but a gateway is needed in between.

1.1.2. Overview of the TCP/IP Protocol suites

The TCP/IP protocol suite was developed prior to the OSI model. Therefore, the layers in the TCP/IP
protocol suite do not exactly match those in the OSI model. The original TCP/IP protocol suite was
defined as having four layers: host-to-network, Internet, transport, and application layers. However,
when TCP/IP is compared to OSI, we can say that the host-to-network layer is equivalent to the
combination of the physical and data link layers. The Internet layer is equivalent to the network layer,
and the application layer is roughly doing the job of the session, presentation, and application layers
with the transport layer in TCP/IP taking care of part of the duties of the session layer.

4
Chapter 1: Introduction and Background

TCP/IP is a hierarchical protocol made up of interactive modules, each of which provides a specific
functionality; however, the modules are not necessarily interdependent. Whereas the OSI model
specifies which functions belong to each of its layers, the layers of TCP/IP suite contain relatively
independent protocols that can be mixed and matched depending on the needs of the system. The term
hierarchical means that each upper-level protocol is supported by one or more lower-level protocols.

At the transport layer, TCP/IP defines three protocols: Transmission Control Protocol (TCP), User
Datagram Protocol (UDP), and Stream Control Transmission Protocol (SCTP). At the network layer,
the main protocol defined by TCP/IP is the Internetworking Protocol (IP); there are also some other
protocols that support data movement in this layer.

Figure 1.3. TCP/IP Protocol Stack

(1) Network Access (Physical and Data Link Layers)

The Network Access layer of the TCP/IP model corresponds with the Data Link and Physical layers of
the OSI reference model. It defines the protocols and hardware required to connect a host to a physical
network and to deliver data across it. Packets from the Internet layer are sent down the Network Access
layer for delivery within the physical network. The destination can be another host in the network,
itself, or a router for further forwarding. So the Internet layer has a view of the entire Internetwork
whereas the Network Access layer is limited to the physical layer boundary that is often defined by a
layer 3 device such as a router.
The Network Interface layer (also called the Network Access layer) is responsible for placing TCP/IP
packets on the network medium and receiving TCP/IP packets off the network medium. TCP/IP was
designed to be independent of the network access method, frame format, and medium. In this way,
TCP/IP can be used to connect differing network types. These include LAN technologies such as
Ethernet and Token Ring and WAN technologies such as X.25 and Frame Relay. Independence from

5
Chapter 1: Introduction and Background

any specific network technology gives TCP/IP the ability to be adapted to new technologies such as
Asynchronous Transfer Mode (ATM).
Network Access layer uses a physical address to identify hosts and to deliver data.
➢ The Network Access layer PDU is called a frame. It contains the IP packet as well as a protocol
header and trailer from this layer.
➢ The Network Access layer header and trailer are only relevant in the physical network. When a
router receives a frame, it strips of the header and trailer and adds a new header and trailer
before sending it out the next physical network towards the destination.
The Network Access layer manages all the services and functions necessary to prepare the data for the
physical network. These responsibilities include:
➢ Interfacing with the computer's network adapter.
➢ Coordinating the data transmission with the conventions of the appropriate access method.
➢ Formatting the data into a unit called a frame and converting that frame into the stream of
electric or analog pulses that passes across the transmission medium.
➢ Checking for errors in incoming frames.
➢ Adding error-checking information to outgoing frames so that the receiving computer can check
the frame for errors.
➢ Acknowledging receipt of frames and resending frames if acknowledgment is not received.

Network Access Layer Protocols

The Network Access layer defines the procedures for interfacing with the network hardware and
accessing the transmission medium. Below the surface of TCP/IP's Network Access layer, you'll find an
intricate interplay of hardware, software, and transmission-medium specifications. Unfortunately, at
least for the purposes of a concise description, there are many different types of physical networks that
all have their own conventions, and any one of these physical networks can form the basis for the
Network Access layer. A few examples include:
➢ Ethernet
➢ Token ring
➢ FDDI
➢ PPP (Point-to-Point Protocol, through a modem)
➢ Wireless networks
➢ Frame Relay
The good news is that the Network Access layer is almost totally invisible to the end user. The network
adapter driver, coupled with key low-level components of the operating system and protocol software,
manages most of the tasks relegated to the Network Access layer, and a few short configuration steps

6
Chapter 1: Introduction and Background

are usually all that is required of a user. These steps are becoming simpler with the improved plug-and-
play features of desktop operating systems.

(2) Network (Internet) Layer

At the network layer (or, more accurately, the Internetwork layer), TCP/IP supports the Internetworking
Protocol. IP, in turn, uses four supporting protocols: ARP, RARP, ICMP, and IGMP.
The Internet (Network) Layer Protocols
 Internet Protocol (IP): IP essentially is the Internet layer. The other protocols found here
merely exist to support it. It is an unreliable and connectionless protocol (i.e. a best-effort
delivery service). The term best effort means that IP provides no error checking or tracking.
It assumes the unreliability of the underlying layers and does its best to get a transmission
through to its destination, but with no guarantees.
• IP transports data in packets called datagrams, each of which is transported separately.
Datagrams can travel along different routes and can arrive out of sequence or be
duplicated. IP does not keep track of the routes and has no facility for reordering
datagrams once they arrive at their destination.
 Internet Control Message Protocol (ICMP): works at the Network layer and is used by IP
for many different services. ICMP is a management protocol and messaging service provider
for IP. The following are some common events and messages that ICMP relates to:
• Destination Unreachable If a router can’t send an IP datagram any further, it uses ICMP
to send a message back to the sender, advising it of the situation.
• Buffer Full If a router’s memory buffer for receiving incoming datagrams is full, it will
use ICMP to send out this message until the congestion abates.
• Hops Each IP datagram is allotted a certain number of routers, called hops, to pass
through. If it reaches its limit of hops before arriving at its destination, the last router to
receive that datagram deletes it. The executioner router then uses ICMP to send an
obituary message, informing the sending machine of the demise of its datagram.
• Ping (Packet Internet Groper) uses ICMP echo messages to check the physical and
logical connectivity of machines on a network.
• Traceroute Using ICMP timeouts, Traceroute is used to discover the path a packet takes
as it traverses an Internetwork.
 Address Resolution Protocol (ARP): finds the hardware address (physical or MAC address)
of a host from a known IP address. ARP interrogates the local network by sending out a
broadcast asking the machine with the specified IP address to reply with its hardware address.
 Reverse Address Resolution Protocol (RARP): discovers the identity of the IP address for
diskless machines by sending out a packet that includes its MAC address and a request for the

7
Chapter 1: Introduction and Background

IP address assigned to that MAC address. A designated machine, called a RARP server,
responds with the answer, and the identity crisis is over.

(3) Transport Layer

Traditionally the transport layer was represented in TCP/IP by two protocols: TCP and UDP. IP is a
host-to-host protocol, meaning that it can deliver a packet from one physical device to another. UDP
and TCP are transport level protocols responsible for delivery of a message from a process (running
program) to another process. A new transport layer protocol, SCTP, has been devised to meet the needs
of some newer applications.

The Transport Layer Protocol

 Transmission Control Protocol (TCP): TCP provides full transport-layer services to
applications. TCP is a reliable stream transport protocol. The term stream, in this context,
means connection-oriented (i.e. a connection must be established between both ends of a
transmission before either of the communicating devices can transmit data – three way
handshaking). At the sending end of each transmission, TCP divides a stream of data (that it
received from the application layer) into smaller units called segments. Each segment includes
a sequence number for reordering after receipt, together with an acknowledgment number for
the segments received. Segments are carried across the Internet inside of IP datagrams. At the
receiving end, TCP collects each datagram as it comes in and the destination’s TCP protocol
reorders the transmission based on sequence numbers.
 User Datagram Protocol (UDP): UDP is the simplest of all transport layer protocols, and it is
a process-to-process protocol which does not sequence the segments and does not care in
which order the segments arrive at the destination, . But after that, UDP sends the segments off
and forgets about them. It doesn’t follow through, check up on them, or even allow for an
acknowledgment of safe arrival complete abandonment (i.e. it does not guarantee successful
delivery of transmitted message).
 Stream Control Transmission Protocol: SCTP provides support for newer applications such
as voice over the Internet (VoIP). It is a transport layer protocol that combines the best features
of both UDP and TCP.
NOTE: TCP for reliability and UDP for faster transfers.

The Port Numbers

TCP and UDP must use port numbers to communicate with the upper layers, because they’re what
keeps track of different conversations crossing the network simultaneously. These port numbers
identify the source and destination application or process in the TCP segment. There are 216 = 65,536
ports available.

8
Chapter 1: Introduction and Background

➢ Well-known ports: The port numbers range from 0 to 1,023.

➢ Registered ports: The port numbers range from 1,024 to 49,151. Registered ports are used by
applications or services that need to have consistent port assignments.
➢ Dynamic or private ports: The port numbers range from 49,152 to 65,535. These ports are not
assigned to any protocol or service in particular and can be used for any service or application.

If a port is closed/blocked, you cannot communicate with the computer by the protocol using that port.
For example, if port 25 is blocked you cannot send mail. Firewalls by default block all ports. You
should know the port numbers of different protocols!!
TCP Ports UDP Ports
Protocol TCP Port Number Protocol TCP Port Number
Telnet 23 SNMP 161
SMTP 25 TFTP 69
HTTP 80 DNS 53
FTP 21 POP3 110
DNS 53 DHCP 68
HTTPS 443 NTP 123
SSH 22 RPC 530
Table 1.1. Sample TCP and UDP port numbers from well-known category
(4) Application Layer

The application layer in TCP/IP is equivalent to the combined session, presentation, and application
layers in the OSI model, and many protocols are defined at this layer.

The Process/Application Layer Protocols

 Telnet: allows a user on a remote client machine, called the Telnet client, to access the
resources of another machine, the Telnet server. Telnet makes client machine appear as though
it were a terminal directly attached to the server.
 File Transfer Protocol (FTP): is the protocol that actually lets us transfer files, and it can
accomplish this between any two machines using it. Usually users are subjected to
authentication before accessing an FTP server.
 Network File System (NFS): a protocol specializing in file sharing allowing two different
types of file systems to interoperate.
 Simple Mail Transfer Protocol (SMTP): uses a spooled, or queued, method of mail delivery.
_ POP3 is used to receive mail.

9
Chapter 1: Introduction and Background

 Simple Network Management Protocol (SNMP): collects and manipulates valuable network
information. This protocol stands as a watchdog over the network, quickly notifying managers
of any sudden turn of events.
 Domain Name Service (DNS): resolves hostnames—specifically, Internet names, such as
www.wcu.edu.et to the IP address 10.6.10.3
 Dynamic Host Configuration Protocol (DHCP): gives IP addresses to hosts. It allows easier
administration and works well in small-to-even-very large network environments.

1.2. Philosophy of System Administration

1.2.1. What is Network Administration?
Network Administrators Focus on Computers Working Together. A Network Administrator's main
responsibilities include installing, configuring, and supporting an organization's local area network
(LAN), wide area network (WAN), Internet systems, and/or a segment of a network system. Daily job
duties may depend on the size of a company's network. For example, at a smaller company, a network
administrator may be directly responsible for performing updates and maintenance on network and IT
systems, as well as overseeing network switches and setting up and monitoring a virtual private
network (VPN). However, at a larger company, responsibilities may be more broad and managerial,
such as overseeing a team of IT specialists and working with network architects to make decisions
about equipment and hardware purchases and upgrades.
Network administration involves a wide array of operational tasks that help a network to run smoothly
and efficiently. Without network administration, it would be difficult for all but the smallest networks
to maintain network operations.
The main tasks associated with network administration include:
➢ Design, installation and evaluation of the network
➢ Execution and administration of regular backups
➢ Creation of precise technical documentation, such as network diagrams, network cabling
documents, etc.
➢ Provision for precise authentication to access network resources
➢ Provision for troubleshooting assistance
➢ Administration of network security, including intrusion detection
As you can easily guess, the exact definition of "network administration" is hard to pin down. In a
larger enterprise, it would more often be strictly related to the actual network. Specifically, this would
include the management and maintenance of switches, routers, firewalls, VPN gateways, etc. In smaller
companies, the network administrator is often a jack-of-all trades and involved in the configuration of

10
Chapter 1: Introduction and Background

databases, installation, maintenance and upgrading of software, management of user accounts and
security groups, desktop support, and sometimes even basic software development.
Network administrator is a person who is responsible for installing, update, configuring network
devices. Troubleshoot and maintain network devices work on routers, cabling, Phone system (VoIP),
switches and firewalls.

1.2.2. What is System Administration?

System Administrators work directly with computer hardware and software. At the most basic level, the
difference between these two roles (between system and network administrators) is that a Network
Administrator oversees the network (a group of computers connected together), while a System
Administrator is in charge of the computer systems – all the parts that make a computer function. A
Computer Systems Administrator's responsibilities may include software and hardware installation and
upkeep, data recovery and backup, setup, and training on user accounts and maintenance of basic
security best practices.

As with Network Administrator positions, specific daily job duties may depend on the size and scope of
a company's computer systems. At smaller businesses, the System Administrator may handle all IT
duties, and thus maintain and update all computers as well as ensure data security and backup. Larger
corporations may divide system administrators' responsibilities into more specific sub-roles, therefore
resulting in specialized positions like database administrators or security administrators.

System administration refers to the management of one or more hardware and software systems. The
task is performed by a system administrator who monitors system health, monitors and allocates system
resources like disk space, performs backups, provides user access, manages user accounts, monitors
system security and performs many other functions.

System administration is a job done by IT experts for an organization. The job is to ensure that
computer systems and all related services are working well. The duties in system administration are
wide ranging and often vary depending on the type of computer systems being maintained, although
most of them share some common tasks that may be executed in different ways.

Common tasks include installation of new hardware or software, creating and managing user accounts,
maintaining computer systems such as servers and databases, and planning and properly responding to
system outages and various other problems. Other responsibilities may include light programing or
scripting to make the system work flows easier as well as training computer users and assistants.

Whereas system administrator is a person who is responsible for active configure reliable of computer
systems especially multi user computers such as servers. System administrator ensures the up time,
performance, resources and security of the computers. And also install, upgrade hardware and software

11
Chapter 1: Introduction and Background

components. System administrator maintain security polices and troubleshoot. System administrator
install server operating system and work on/with servers/vendors.

Although the specifics of being a system administrator may change from platform to platform, there are
underlying themes that do not. These themes make up the philosophy of system administration. The
themes are:
➢ Automate everything
➢ Document everything
➢ Communicate as much as possible
➢ Know your resources
➢ Know your users
➢ Know your business
➢ Security cannot be an afterthought
➢ Plan ahead
➢ Expect the unexpected
➢ Backup and disaster recovery planning
➢ Patching

Automate Everything
Most system administrators are outnumbered — either by their users, their systems, or both. In many
cases, automation is the only way to keep up. In general, anything done more than once should be
examined as a possible candidate for automation. Here are some commonly automated tasks:
➢ Free disk space checking and reporting
➢ Backups
➢ System performance data collection
➢ User account maintenance (creation, deletion, etc.)
➢ Business-specific functions (pushing new data to a Web server, running
monthly/quarterly/yearly reports, etc.)
This list is by no means complete; the functions automated by system administrators are only limited
by an administrator's willingness to write the necessary scripts.

Document Everything
If given the choice between installing a brand-new server and writing a procedural document on
performing system backups, the average system administrator would install the new server every time.
While this is not at all unusual, you must document what you do. Many system administrators put off
doing the necessary documentation for a variety of reasons:
What should you document? Here is a partial list:

12
Chapter 1: Introduction and Background

➢ Hardware inventory: Maintain lists of all your physical and virtual servers with the following
details:
• OS: Linux or Windows, hypervisor with versions
• RAM: DIMM slots in physical servers
• CPU: Logical and virtual CPUs
• HDD: Type and size of hard disks
• External storage (SAN/NAS): Make and model of storage with management IP address
and interface IP address
• Open ports: Ports opened at the server end for incoming traffic
• IP address: Management and interface IP address with VLANs
• Engineering appliances: e.g., Exalogic, PureApp, etc.
➢ Software inventory:
• Configured applications: e.g., Oracle WebLogic, IBM WebSphere Application Server,
Apache Tomcat, Red Hat JBoss, etc.
• Third-party software: Any software not shipped with the installed OS
➢ License details
• Maintain license counts and details for physical servers and virtual servers (VMs), including
licenses for Windows, subscriptions for Linux OS, and the license limit of hypervisor host.
➢ Policies: Policies are written to formalize and clarify the relationship you have with your user
community. They make it clear to your users how their requests for resources and/or assistance
are handled. The nature, style, and method of disseminating policies to your a community varies
from organization to organization.
➢ Procedures: Procedures are any step-by-step sequence of actions that must be taken to
accomplish a certain task. Procedures to be documented can include backup procedures, user
account management procedures, problem reporting procedures, and so on. Like automation, if
a procedure is followed more than once, it is a good idea to document it.
➢ Changes: A large part of a system administrator's career revolves around making changes
configuring systems for maximum performance, tweaking scripts, modifying configuration
files, and so on. All of these changes should be documented in some fashion. Otherwise, you
could find yourself being completely confused about a change you made several months earlier.
Some organizations use more complex methods for keeping track of changes, but in many cases
a simple revision history at the start of the file being changed is all that is necessary. At a
minimum, each entry in the revision history should contain:
 The name or initials of the person making the change
 The date the change was made
 The reason the change was made

13
Chapter 1: Introduction and Background

Backup and disaster recovery planning

Communicate with the backup team and provide them the data and client priorities for backup. The
recommended backup criteria for production servers is:
➢ Incremental backups: Daily, Monday to Friday
➢ Full backup: Saturday and Sunday
➢ Disaster recovery drills: Perform restoration mock drills once a month (preferably, or quarterly
if necessary) with the backup team to ensure the data can be restored in case of an issue.

Patching
Operating system patches for known vulnerabilities must be implemented promptly. There are many
types and levels of patches, including:
➢ Security
➢ Critical
➢ Moderate
When a patch released, check the bug or vulnerability details to see how it applies to your system (e.g.,
does the vulnerability affect the hardware in your system?), and take any necessary actions to apply the
patches when required. Make sure to cross-verify applications' compatibility with patches or upgrades.

Server hardening
Linux:
➢ Set a BIOS password: This prevents users from altering BIOS settings.
➢ Set a GRUB password: This stops users from altering the GRUB bootloader.
➢ Deny root access: Rejecting root access minimizes the probability of intrusions.
➢ Sudo users: Make sudo users and assign limited privileges to invoke commands.
➢ TCP wrappers: This is the weapon to protect a server from hackers. Apply a rule for the SSH
daemon to allow only trusted hosts to access the server, and deny all others. Apply similar rules
for other services like FTP, SSH File Transfer Protocol, etc.
➢ Firewalld/iptables: Configure firewalld and iptables rules for incoming traffic to the server.
Include the particular port, source IP, and destination IP and allow, reject, deny ICMP requests,
etc. for the public zone and private zone.
➢ Antivirus: Install antivirus software and update virus definitions regularly.
➢ Secure and audit logs: Check the logs regularly and when required.
➢ Rotate the logs: Keep the logs for limited period of time like "for 7 days", to keep the sufficient
disk space for flawless operation.
Windows:
➢ Set a BIOS password: This prevents users from altering BIOS settings.
➢ Antivirus: Install antivirus software and update virus definitions regularly.

14
Chapter 1: Introduction and Background

➢ Configure firewall rules: Prevent unauthorized parties from accessing your systems.
➢ Deny administrator login: Limit users' ability to make changes that could increase your
systems' vulnerabilities.

Use a syslog server

By configuring a syslog server in the environment to keep records of system and application logs, in
the event of an intrusion or issue, the sysadmin can check previous and real-time logs to diagnose and
resolve the problem.

Communicate as Much as Possible

When it comes to your users, you can never communicate too much. Be aware that small system
changes you might think are practically unnoticeable could very well completely confuse the
administrative assistant in Human Resources.

Know Your Resources

System administration is mostly a matter of balancing available resources against the people and
programs that use those resources. Therefore, your career as a system administrator will be a short and
stress-filled one unless you fully understand the resources you have at your disposal. Some of the
resources are ones that seem pretty obvious:
➢ System resources, such as available processing power, memory, and disk space
➢ Network bandwidth
➢ Available money in the IT budget

Security Cannot be an Afterthought

No matter what you might think about the environment in which your systems are running, you cannot
take security for granted. Even standalone systems not connected to the Internet may be at risk
(although obviously the risks will be different from a system that has connections to the outside world).
Therefore, it is extremely important to consider the security implications of everything you do. The
following list illustrates the different kinds of issues you should consider:
➢ The nature of possible threats to each of the systems under your care
➢ The location, type, and value of the data on those systems
➢ The type and frequency of authorized access to the systems
While you are thinking about security, do not make the mistake of assuming that possible intruders will
only attack your systems from outside of your company. Many times, the perpetrator is someone within
the company. So the next time you walk around the office, look at the people.

15