1LAN Management© Abdou Illia, Fall 2006School of BusinessEastern Illinois University (Week 9, Thursday 10/19/2006)2Learning Objectives Understand Accounts and Access rights3LAN management It take a few days to set up a PC LAN The rest of the time, Network administrator must keep it functioning– Using the NOS and– Network management utilities (e.g. Protocol analyzers like Etherpeek or IBM's NetView)24LAN management Definition: Using Network Operating System and utility programs to monitor a Local Area Network in order to keep it functioning. Common management activities: – Creating and managing user accounts and groups of user accounts (e.g. Accounting group)– Sharing resources (e.g. folders, printers, programs)– Assigning Access rights: What resources users can see and what actions they can take for each resource?– Diagnosing problems in LAN’s operation– Gathering statistics about LAN’s traffic5User accounts A user account is a record that contains– User name– User password– Groups the user belongs to– User’s logon time, etc. Domain user account: allows users to log on to a domain and gain access to resources anywhere on the network Local user account: allows users to log on and gain access to resources on the computer where the user account is created Built-in User accounts:– Administrator, Guest, 6Group accounts A Group account is a collection of User accounts Users can be members of more than one group Assigning Access rights:– Should be done for each user in each directory (i.e. each folder)– Usually, however, users are assigned to groups– So, we can give access rights to groups– If access rights are assign to a group, all members of the group get those rightsUsing Groups greatly simplifies the assignment of access rights37Access rights List of Access rights found in most NOS:– Ability to see a directory of file– Ability to get a read-only copy of a file in a directory (i.e. copy that cannot be edited and then saved under the same name)– Ability to edit and then save a file– Ability to create and delete files– Ability to create and delete subdirectories– Ability to assign access rights in a directory to other users.ApplicationsWordProcessingsDatabasesDrive COracle QuickDB8Automatic Inheritance of Access Rights Assigning rights to user or group accounts in a directory Rights are automatically inherited in lower-level directories9Automatic Inheritance of Access Rights Assigning rights to users or group in a directory Rights automatically inherited in lower directories Simplifies rights assignmentApplicationWord Processing DatabaseOracle QuickDBAssigned BrowseAnd Read RightsInherits BrowseAnd Read RightsInherits BrowseAnd Read Rights410Automatic Inheritance of Access Rights Blocking of Inheritance– If rights explicitly assigned in subdirectory, inheritance is blocked– Only assigned rights are effectiveApplicationWord Processing Database(Browse and Execute Only)QuickDBAssigned BrowseAnd Read RightsInherit BrowseAnd Read RightsAssigned BrowseAnd Execute RightsOracle11Omnibus rights Users normally have very limited access rights Administrator normally has omnibus rights, i.e.– Total access rights in every directory (Full Control)– Can read, delete, etc. any file in any directory Omnibus rights necessary to allow the administrator to fix problems wherever they occur Problem: No file is hidden from Administrator’s eyes (including encrypted files)12Omnibus rights Administrators often assign Omnibus rights to their assistants Omnibus rights dangerous but– Eliminating them can create limitations on the Administrator’s abilities to manage the Network.513Summary Questions1. Directory Applications has subdirectories Databasesand WordProcessings. The Network administrator assigns user Lee to the group Outer. The administrator assigns Outer the access rights R, S, and T in Directory Applications. (Don’t worry about the meaning of R, S, and T. They are simply types of rights.) The administrator assigns Outer the access rights S, U, and V in subdirectory Databases. a)What access rights does user Lee have in directory Applications? Explain. b) What access rights does user Lee have in directory Databases? Explain. c)What access rights does user Lee have in directory WordProcessings? Explain.ApplicationsWordProcessingsDatabases14Summary Questions2. (a) What is LAN management ? (b) Name some common management activities.3. a) What are access rights? b) How does the use of groups simplify the assignment of access rights? c) How does automatic inheritance simplify the assignment of access rights? d) How does explicit assignment modify automatic inheritance? 15Etherpeek Frame-by-Frame AnalysisIP-UDP13:01:39.589130IP-128.171.17.151IP-128.171.17.87NW IPX13:01:39.5826400:50:DA:29:7A:E900:A0:C9:AC:FE:B06NW IPX13:01:39.5826400:40:C7:2F:04:6100:A0:C9:AC:FE:B05IP-UDP13:01:39.58278IP-128.171.17.151IP-128.171.17.84NW IPX13:01:39.5816400:40:05:3E:6F:DC00:A0:C9:AC:FE:B03NW IPX13:01:39.5816400:40:C7:A1:12:8B00:A0:C9:AC:FE:B02NW IPX13:01:39.5816400:40:C7:95:6E:EF00:A0:C9:AC:FE:B01ProtocolTime StampSizeDestinationSource616Etherpeek Summary
View Full Document