8 Network Services, Virtualization, and Cloud Computing

Question 1

What is a screened subnet ?

Answer 1

formerly called a demilitarized zone [DMZ], is a network separated from the internal network by a firewall but also protected from the Internet by a firewall.

Question 2

What are DNS servers ?

Answer 2

Domain Name System (DNS) servers resolve hostnames to IP addresses.

If a company wants to host its own website, it also needs to maintain two public DNS servers with information on how to get to the website. (Two servers are required for redundancy.) An advantage of using ISPs or web hosting companies to host the website is that they are then also responsible for managing the DNS servers.

Each DNS server has a database, called a zone file, which maintains records of hostname to IP address mappings.

If a DNS server doesn’t have an address in its zone file or its cache, it is configured to ask another, higher-level DNS server called the root server.

Within the zone file, some key record types are:
A (IPv4 host)
AAAA (IPv6 host)
MX (mail exchanger)
TXT (text)

DNS servers for intranet use only can be located on the internal network (inside the network firewalls). If the DNS server is being used for Internet name resolution, it’s most effective to place it in the screened subnet. DNS uses UDP or TCP port 53.

Question 3

What is DHCP ?

Answer 3

Dynamic Host Configuration Protocol (DHCP) servers

DHCP servers are configured to provide IP configuration information automatically to clients, such as an IP address, subnet mask, default gateway, and the address of a DNS server.

DHCP servers are configured with a scope, which contains the information that the server can provide to clients. DHCP servers need at least one scope, but they can also have more than one.

Scopes contain an IP address pool, lease duration, address reservations, and scope options such as the default gateway and DNS server address.

If a client is on a different subnet than the DHCP server, the client’s network segment needs to have a DHCP relay agent, which will pass along the DHCP request.

If a Windows-based DHCP client is unable to reach a DHCP server, it will configure itself with an Automatic Private IP Address (APIPA) address. Those addresses have the format 169.254.x.x.

DHCP servers should be located on the internal network. If the network has clients that are connecting via remote access, then a device with DHCP capabilities (such as the Remote Access Service [RAS]) can be placed in the screened subnet. DHCP uses UDP ports 67 and 68.

Question 4

What are Fileshare or File Servers ?

Answer 4

A fileshare or file server provides a central repository for users to store, manage, and access files on the network. There are a few distinct advantages to using file servers:

Ease of access to files for collaboration
Centralized security management
Centralized backups

Fileshares come in a variety of shapes and sizes. Some are as basic as Windows-, macOS-, or Linux-based servers with a large amount of internal hard disk storage space. Networks can also use network-attached storage (NAS) devices, which are stand-alone units that contain hard drives, come with their own file management software, and connect directly to the network. If a company has extravagant data storage needs, it can implement a storage area network (SAN). A SAN is basically a network segment, or collection of servers, that exists solely to store and manage data. Since the point of a fileshare is to store data, it’s pretty important to ensure that it has ample disk space. Some dedicated file servers also have banks of multiple optical drives for extra storage (letting users access files from optical media) or for performing backups. Processing power and network bandwidth can also be important to manage file requests and deliver them in a timely manner. As far as location goes, fileshares will almost always be on the internal network. You might have situations where a fileshare is also an FTP server, in which case the server should be on the screened subnet. In those cases, however, you should ensure that the server does not contain highly sensitive information or other data that you don’t want to lose.

Question 5

What are Print Servers ?

Answer 5

Print servers are much like file servers, except, of course, they make printers available to users. In fact, file servers and print servers are combined so often that you will see a lot of publications or tools refer to file and print servers as if they were their own category.

On its own, a print server makes printers available to clients over the network and accepts print requests from those clients. A print server can be a physical server like a Windows-or Linux-based server, a small stand-alone device attached to a printer (or several printers), or even a server built into the printer itself. Print servers handle the following important functions:

Making printers available on the network
Accepting print requests
Managing print requests (in the print queue)
In some cases, processing and storing print jobs

Question 6

What are Mail Servers ?

Answer 6

Email servers are responsible for sending, receiving, and managing email. To be a mail server, the computer must be running a specialized email server package. Some popular ones are Microsoft Exchange, Sendmail, Postfix, and Exim, although there are dozens of others on the market.
Clients access the mail server by using an email client installed on their systems. The most common corporate email client is Microsoft Outlook, but Apple Mail, HCL Notes (formerly IBM Notes and Lotus Notes), Gmail, and Thunderbird are also used. Mobile and Internet email clients (which are more popular than their corporate cousins) include the iPhone, iPad, and Android email clients; Gmail; Outlook, Apple Mail, and Yahoo! Mail.
In addition to sending and receiving email, mail servers often have antispam software
built into them as well as the ability to encrypt and decrypt messages. Email servers are most often located in the screened subnet.

Question 7

Email Protocols:

Answer 7

Protocol Port Purpose

SMTP 25 Sending email and transferring email between mail servers.

POP3 110 Receiving email.

IMAP4 143 Receiving email. It’s newer and has more features than POP3.

Question 8

What is Syslog ?

Answer 8

Syslog works as a client-server model, where the clients generate messages based on the
triggering of certain conditions, such as a login event or an error with a device, and send them to a centralized logging server, also known as the syslog server. Syslog uses UDP port 514 by default. Consequently, the term syslog can be applied to a standard or system for event monitoring, the protocol, or the actual server that collects the logged messages. Syslog got its start in the UNIX world and is used extensively with Linux-based networking systems and devices. Microsoft operating systems don’t natively support syslog—Windows comes with its own event logger called Event Viewer but
it’s easy to find packages that let Windows
servers participate in a syslog environment.

Question 9

Syslog messages:

Answer 9

Messages have the following three components:

A Facility Code
The facility code is a number between 0 and 23 that identifies the type of device sending the message. For example, facility code 0 is for operating system kernel messages; code 2 is used by email servers; code 4 is for security messages; and code 6 is used by printers.

A Severity Level
The severity level lets the administrator know how urgent the issue is. The lower the level, the more urgent the message is. Facility codes and error levels can be helpful when sorting events on a syslog server, and they can also be used to send the administrator an alert if something catastrophic happens. Facility codes and severity levels are required message components.

A Text Description
The final portion of the message is the text description of the message itself. The description may be in easy-to-read
language, or it could be nonsensical
ranting. It really depends on the device developer and what they program it to be. There is no standardized format for the description, so it can come in any number of formats. Most messages do come with an IP address or device name included, but the lack of standardization can make understanding messages a challenge.

Question 10

Syslog severity levels:

Answer 10

0 Emergency A panic condition when the system is unusable

1 Alert Immediate action needed

2 Critical Major errors in the system

3 Error “Normal” error conditions

4 Warning Warning conditions, usually not as urgent as errors

5 Notice Normal operation but a condition has been met

6 Information Provides general information

7 Debug Information used to help debug programs

Question 11

What is a Syslog server ?

Answer 11

The syslog server’s job is to collect and store messages. Most syslog servers are made up of three components:

the listener, a database, and management and filtering software.

Syslog servers listen on UDP port 514 by default. Remember that UDP is a connectionless protocol, so the delivery of packets is not guaranteed. The default implementation of syslog is also not secure. However, you can secure it by running syslog over Transport Layer Security (TLS) and TCP port 6514. Regardless of whether you secure it or not, always place the syslog server behind your firewall and on the internal network. Even on small networks, devices can generate huge numbers of syslog messages. Therefore, most syslog implementations store messages in a database for easier retrieval and analysis.
Finally, most syslog servers will have management software that you can use to view messages. The software should also have the ability to send the administrator a console message or text (or email) if a critical error is logged. Dozens of syslog packages are available. Some popular packages are Kiwi Syslog by SolarWinds, Splunk, syslog-ng,
and Syslog Watcher.

Question 12

What is a Web Server ?

Answer 12

Whenever you visit a web page, you are making a connection from your device (the client) to a web server. To be more specific, a connection is requested by your Internet software (generally, a web browser) using the Hypertext Transfer Protocol Secure (HTTPS) of the TCP/IP protocol suite. Your client needs to know the IP address of the web server, and it will make the request on port 443. The web server itself is configured with web hosting software, which listens for inbound requests on port 443. Two of the most common web server platforms are the open source Apache and Microsoft’s Internet Information Services (IIS), although there are a few dozen different packages available for use. Web servers provide content on request, which can include text, images, and videos, and they can also do things like run scripts to open additional functions, such as processing credit card transactions and querying databases. Individuals or independent companies can manage web servers, but more often than not an Internet service provider or web hosting company that manages hundreds or thousands
of websites manages them. If a company wants to host its own web server, the best place for it is in the screened subnet. The firewall can be configured to allow inbound port 443 requests to the screened subnet but not to allow inbound requests on those ports to make it to the internal corporate network.

Question 13

What is triple A in information security ?

Answer 13

A framework for access control known involving authentication, authorization, and accounting (AAA).

Occasionally auditing is added to the mix, making it quad A.

Question 14

Servers that handle all aspects of AAA:

Answer 14

Domain Controller: a centralized authentication server.

Remote Access Service (RAS)

Remote Authentication Dial-In User Service (RADIUS)

Terminal Access Controller Access-Control
System Plus (TACACS+)

Kerberos

Question 15

Authentication

Answer 15

User authentication happens when the system being logged into validates that the user has proper credentials. Oftentimes, this is as simple as entering a username and password

There are two categories of authentication:

Single-Factor Authentication
A single-factor system requires only one piece of information beyond the username to allow access. Most often, this is a password. Single-factor authentication is
quite common, but it’s not the most secure method out there.

Multifactor Authentication
To increase security, your computer or network might require multifactor authentication, which as the name implies requires multiple pieces of information for you to log in. Generally speaking, in addition to a username, multifactor authentication requires you to provide two or more pieces of information out of these four categories: something you know, something you have, something you are, or somewhere you are.

Question 16

Authorization

Answer 16

Users are allowed to perform only specific tasks on specific objects based on what they are authorized to do. Most computers grant access based on a system of permissions, which are groups of privileges. One of the key foundations of an authorization system is the principle of least privilege. This states that users should be granted only the least amount of access required to perform
their jobs, and no more. This principle applies to computers, files, databases, and all other available resources.

Question 17

Accounting

Answer 17

The principle of accounting seeks to keep a record of who accessed what and when, and the actions they performed. The most common method of tracking user actions is through the use of logs. Nearly all operating systems have built-in logs that track various actions. For example, Windows-based
systems contain Windows Logs, which are part of Event Viewer.

Question 18

What are Internet Appliances ?

Answer 18

The definition of an Internet appliance is a device that makes it easy to access the Internet. Taking a slightly broader view, Internet appliances can also help users safely access the Internet by protecting against some of the dangers that lurk there.

spam gateways
unified threat management (UTM)
load balancers
proxy servers

Question 19

What are Spam Gateways ?

Answer 19

A spam gateway is an appliance—most
likely a software installation or virtual appliance—that blocks malicious emails from entering a network. They go by other names as well, such as antispam gateways, spam
blockers, and email gateways. Antispam gateways can be located in two places: on the cloud or on an internal network,
meaning internal to where the firewall is placed. Flagged emails get sent to a
spam folder, quarantined, or deleted.
Some spam gateways will also handle outbound emails.

Question 20

Unified Threat Management (UTM)

Answer 20

The goal of unified threat management (UTM) is to centralize security management,
allowing administrators to manage all their security-related hardware and software through a single device or interface. For administrators, having a single management point greatly reduces administration difficulties. The downside is that it introduces a single point of failure. If all network security is managed through one device, a device failure could be problematic.

UTM is generally implemented as a stand-alone device (or series of devices) on a network, and it will replace the traditional firewall. A UTM device can generally provide the following types of services:

Packet filtering and inspection, like a firewall
Intrusion prevention service
Gateway antimalware
Spam blocking
Malicious website blocking (either prohibited or nefarious content)
Application control

Question 21

What is Load Balancing ?

Answer 21

Hundreds of web servers, each of them capable of fulfilling the same tasks, helps balance out the work for the website, which is called load balancing. Load-balancing
technology can be implemented with local hardware or on the cloud. If implemented on a local network, a load balancer acts like the web server to the outside world. When a user visits the website, the load balancer sends the request to one of many servers to fulfill the request. Cloud implementations have made load balancing easier to configure and expand, since the servers can be virtual instead of physical.

Common Load Balancing Configurations:

cross-region: In a cross-region setup, all servers likely provide access to the same types of content with servers local to each region—proximity to the users will help speed up network performance. When a request comes in, the load balancer senses the incoming IP address and routes the request to a server in that region.

content-based: Another common way to load-balance is to split up banks of servers to handle specific types of requests. For example, one group of servers could handle web requests, while a second set hosts streaming video and a third set manages downloads. This type of load balancing is called content-based load balancing.

Question 22

Load Balancing Benefits:

Answer 22

Load balancing has performance benefits for high-traffic networks and heavily used applications. Scalability and reliability are important benefits as well.

Performance
Servers that are specialized to handle a specific content type are often more efficient than multipurpose ones.

Scalability
If using cloud-based load balancing, services are easily scalable. With cloud-based load balancing, traffic spikes can be handled
by quickly provisioning additional virtual servers to handle the traffic. When the
capacity is no longer required, the servers are turned off.

Reliability
With load balancing, different servers can host the application, even in different regions. Perhaps a hurricane wipes out the data center in Florida. The load balancer can direct users to other data centers in different regions, and the business can continue to generate revenue.

Question 23

What is a Proxy Server ?

Answer 23

A proxy server makes requests for resources on behalf of a client. The most common one
that you will see is a web proxy, but you might run into a caching proxy as well.

The user on the client computer opens a web browser and types in a URL. Instead of the
request going directly to that website, it goes to the proxy server. The proxy then makes the request of the website, and it returns the requested information to the client computer. If it sounds to you like this slows down Internet browsing, you’re right—it
does. But there are three strong potential benefits to using a proxy. First, the proxy server can cache the information requested, speeding up subsequent searches. (This is also the only function of a caching proxy, but caching-only proxies are most commonly configured to work on a local intranet.) Second, the proxy can act as a filter,
blocking content from prohibited websites. Third, the proxy server can modify the requester’s information when passing it to the destination, blocking the sender’s identity and acting as a measure of security; the user can be made anonymous. Keep in mind that if all of the traffic from a network must pass through a proxy server
to get to the Internet, that can really slow down the response time. Make sure the proxy or proxies have ample resources to handle all the requests.

Question 24

Legacy/Embedded Systems

Answer 24

Legacy system in the computer world means that the system is old and hopelessly outdated by today’s computing standards. Legacy systems are usually defined as those using old technology in one or more of the following areas:

Hardware
Software (applications or operating system)
Network protocols

Question 25

Cloud Services

Answer 25

Cloud providers sell everything “as a service.” The type of service is named for the highest
level of technology provided. For example, if computing and storage is the highest level, the client will purchase infrastructure as a service. If applications are involved, it will be software as a service. Nearly everything that can be digitized can be provided as a service.

Infrastructure as a Service:
Is a lot like paying for utilities—the
client pays for what it uses. Of the three major cloud services, IaaS requires the most network management expertise from the client. In an IaaS setup, the client provides and manages the software.

Platform as a Service:
Platform as a service (PaaS) adds a layer to IaaS that includes software development tools such as runtime environments. Because of this, it can be very helpful to software developers; the vendor manages the various hardware platforms. This frees up the software developer to focus on building their application and scaling it. The best PaaS solutions allow for the client to export their developed programs and run them in an environment other than where they were developed. Examples of PaaS include Google App Engine, Microsoft Azure, Red Hat OpenShift, Amazon Web Services (AWS) Elastic Beanstalk, Engine Yard, and Heroku.

Software as a Service (SaaS):
The highest of these three levels of service is software as a service (SaaS), which handles the task of managing software and its deployment, and includes the platform and infrastructure as well. Google Docs, Microsoft Office 365, and Dropbox. The advantage of this model is to cut costs for software ownership and management; clients typically sign up for subscriptions
to use the software and can renew as needed.

Question 26

Types of Clouds

Answer 26

private cloud: Companies can purchase virtualization software to set up individual clouds within their own network. That type of setup is referred to as a private cloud. Running a private cloud eliminates many features such as rapid scalability and eliminating the need to purchase and manage computer assets. The big advantage, though, is that it allows the company to control its own security within the cloud.

public cloud: These clouds offer the best in
scalability, reliability, flexibility, geographical independence, and cost effectiveness. If the client needs more resources, it simply
scales up and uses more, also pays more.

hybrid cloud: This gives the client the great features of a public cloud while simultaneously allowing for the storage of more sensitive information on the private cloud.

community cloud: These are created when multiple organizations with common interests combine to create a cloud. In a sense, it’s like a public cloud but with better security. The clients know who the other clients are and can trust them. The economies of scale and flexibility won’t be as great as with a public cloud, but that’s the trade-off for better security.

Question 27

Cloud Characteristics: File synchronization

Answer 27

File synchronization makes sure that the most current copy is on the cloud as well as on a local device. If changes are made to one, the other copy gets updated accordingly.

Question 28

Availability downtime

Answer 28

Availability Downtime/year Downtime/day

Three nines (99.9%) 8.77 hours 1.44 minutes

Four nines (99.99%) 52.6 minutes 8.64 seconds

Five nines (99.999%) 5.26 minutes 864 milliseconds

Six nines (99.9999%) 31.56 seconds 86.4 milliseconds

Question 29

Cloud-Based Storage

Answer 29

Users store files just as they would on a hard drive, but with two major advantages. One, they don’t need to buy the hardware. Two, different users can access the files regardless of where they are physically located.

Question 30

Cloud-Based Applications

Answer 30

Cloud-based apps run through your web browser. This is great for end users for a couple of reasons. One, your system does not have to use its own hardware to run the application; you are basically streaming a virtual application. Two, different client OSs can run the application (usually) without worrying about compatibility issues. Applications can often work across platforms as well, meaning that laptops, desktops, tablets, and smartphones can all use various apps.

Question 31

The Hypervisor

Answer 31

The key enabler for virtualization is a piece of software called the hypervisor, also known
as a virtual machine manager (VMM). The hypervisor software allows multiple operating systems to share the same host, and it also manages the physical resource allocation to those virtual OSs. There are two types of hypervisors: Type 1 and Type 2.

A Type 1 hypervisor sits directly on the hardware, and because of this, it’s sometimes referred to as a bare-metal
hypervisor. In this instance, the hypervisor is basically the operating system for the physical machine. This setup is most commonly used for server-side virtualization, because the hypervisor itself typically has very low hardware requirements to support its own functions. Type 1 is generally considered to have better performance than
Type 2, simply because there is no host OS involved and the system is dedicated to supporting virtualization. Virtual OSs are run within the hypervisor, and the virtual (guest) OSs are completely independent of each other. Examples of Type 1 hypervisors include Microsoft Hyper-V, VMware ESXi, and Citrix Hypervisor (formerly XenServer)

A Type 2 hypervisor sits on top of an existing operating system, called the host OS. This
is most commonly used in client-side virtualization, where multiple OSs are managed on the client machine as opposed to on a server. The downsides of Type 2 hypervisors are that the host OS consumes resources, such as processor time and memory, and a host OS failure means that the guest OSs fail as well. Examples of
Type 2 hypervisors include Microsoft’s Windows Virtual PC and Azure Virtual Server, Oracle VM VirtualBox, VMware Workstation, and Linux KVM.

Question 32

Cloud Characteristics: On-Demand Self-Service

Answer 32

With on-demand self-service, users can access additional storage, processing, and capabilities automatically, without requiring intervention from the service provider.

Question 33

Cloud Characteristics: Broad Network Access

Answer 33

This means that cloud capabilities are accessible over the network by different types of clients, such as workstations, laptops, and mobile phones, using common access software such as web browsers (ubiquitous access).

Question 34

Cloud Characteristics: Resource Pooling

Answer 34

The provider’s resources are seen as one large pool that can be divided up among clients as needed, and each client pays for the fraction of those resources they use. Clients should be able to access additional resources as needed, even though the client may not be aware of where the resources are physically located. Typical pooled resources include network bandwidth, storage, processing power, and memory.

Question 35

Cloud Characteristics: Rapid Elasticity

Answer 35

Rapid elasticity is the term used to describe the flexibility of virtualization, which includes allowing users to add and remove resources to servers instantly as they need them. For the client, this is a great feature because
they can scale up without needing to purchase, install, and configure new hardware. Elasticity can also work backward; if fewer resources are required, the client may be able to scale down and pay less without needing to sell hardware.

Question 36

Cloud Characteristics: Measured Service

Answer 36

Most cloud providers track clients’ usage and then charge them for the services used. This type of setup is called metered service or measured service. Resource usage is monitored by the provider and reported to the client.

Question 37

Cloud Characteristics: High availability

Answer 37

High availability refers to uninterrupted and
responsive service. The level of uptime guaranteed by the cloud service provider
(CSP) will be specified in a document called the service level agreement (SLA).

Question 38

internal networking (Virtual Machines)

Answer 38

The internal networking function allows a VM to communicate with other VMs that you specify, but not access the Internet or any other computers on your network.

Question 39

NAT mode (Virtual Machines)

Answer 39

The NAT mode option in a virtual machine allows the virtual machine to make outbound connections only.

Question 40

bridge mode (Virtual Machines)

Answer 40

In bridge mode, the VM is able to communicate directly through the network to which the physical machine is connected.