LAN ManagementLearning ObjectivesLAN managementSlide 4User accountsGroup accountsAccess rightsAutomatic Inheritance of Access RightsSlide 9Slide 10Omnibus rightsSlide 12Summary QuestionsSlide 14Etherpeek Frame-by-Frame AnalysisEtherpeek Summary InformationLAN Management© Abdou Illia, Fall 2006School of BusinessEastern Illinois University (Week 9, Thursday 10/19/2006)2Learning ObjectivesUnderstand Accounts and Access rights3LAN managementIt take a few days to set up a PC LANThe rest of the time, Network administrator must keep it functioning–Using the NOS and–Network management utilities (e.g. Protocol analyzers like Etherpeek or IBM's NetView)4LAN managementDefinition: Using Network Operating System and utility programs to monitor a Local Area Network in order to keep it functioning. Common management activities: –Creating and managing user accounts and groups of user accounts (e.g. Accounting group)–Sharing resources (e.g. folders, printers, programs)–Assigning Access rights: What resources users can see and what actions they can take for each resource?–Diagnosing problems in LAN’s operation–Gathering statistics about LAN’s traffic5User accountsA user account is a record that contains–User name–User password–Groups the user belongs to–User’s logon time, etc.Domain user account: allows users to log on to a domain and gain access to resources anywhere on the networkLocal user account: allows users to log on and gain access to resources on the computer where the user account is createdBuilt-in User accounts:–Administrator, Guest,6Group accountsA Group account is a collection of User accountsUsers can be members of more than one groupAssigning Access rights:–Should be done for each user in each directory (i.e. each folder)–Usually, however, users are assigned to groups–So, we can give access rights to groups–If access rights are assign to a group, all members of the group get those rightsUsing Groups greatly simplifies the assignment of access rights7Access rightsList of Access rights found in most NOS:–Ability to see a directory of file–Ability to get a read-only copy of a file in a directory (i.e. copy that cannot be edited and then saved under the same name)–Ability to edit and then save a file–Ability to create and delete files–Ability to create and delete subdirectories–Ability to assign access rights in a directory to other users.ApplicationsWordProcessingsDatabasesDrive COracle QuickDB8Automatic Inheritance of Access RightsAssigning rights to user or group accounts in a directoryRights are automatically inherited in lower-level directories9Automatic Inheritance of Access RightsAssigning rights to users or group in a directoryRights automatically inherited in lower directoriesSimplifies rights assignmentApplicationWord Processing DatabaseOracle QuickDBAssigned BrowseAnd Read RightsInherits BrowseAnd Read RightsInherits BrowseAnd Read Rights10Automatic Inheritance of Access RightsBlocking of Inheritance–If rights explicitly assigned in subdirectory, inheritance is blocked–Only assigned rights are effectiveApplicationWord Processing Database(Browse and Execute Only)QuickDBAssigned BrowseAnd Read RightsInherit BrowseAnd Read RightsAssigned BrowseAnd Execute RightsOracle11Omnibus rightsUsers normally have very limited access rightsAdministrator normally has omnibus rights, i.e.–Total access rights in every directory (Full Control)–Can read, delete, etc. any file in any directoryOmnibus rights necessary to allow the administrator to fix problems wherever they occurProblem: No file is hidden from Administrator’s eyes (including encrypted files)12Omnibus rightsAdministrators often assign Omnibus rights to their assistantsOmnibus rights dangerous but–Eliminating them can create limitations on the Administrator’s abilities to manage the Network.13Summary Questions1. Directory Applications has subdirectories Databases and WordProcessings. The Network administrator assigns user Lee to the group Outer. The administrator assigns Outer the access rights R, S, and T in Directory Applications. (Don’t worry about the meaning of R, S, and T. They are simply types of rights.) The administrator assigns Outer the access rights S, U, and V in subdirectory Databases. a) What access rights does user Lee have in directory Applications? Explain. b) What access rights does user Lee have in directory Databases? Explain. c) What access rights does user Lee have in directory WordProcessings? Explain.ApplicationsWordProcessingsDatabases14Summary Questions2. (a) What is LAN management ? (b) Name some common management activities.3. a) What are access rights? b) How does the use of groups simplify the assignment of access rights? c) How does automatic inheritance simplify the assignment of access rights? d) How does explicit assignment modify automatic inheritance?15Etherpeek Frame-by-Frame AnalysisSource Destination Size Time Stamp Protocol1 00:A0:C9:AC:FE:B0 00:40:C7:95:6E:EF 64 13:01:39.581 NW IPX2 00:A0:C9:AC:FE:B0 00:40:C7:A1:12:8B 64 13:01:39.581 NW IPX3 00:A0:C9:AC:FE:B0 00:40:05:3E:6F:DC 64 13:01:39.581 NW IPX4 IP-128.171.17.8 IP-128.171.17.151 78 13:01:39.582 IP-UDP5 00:A0:C9:AC:FE:B0 00:40:C7:2F:04:61 64 13:01:39.582 NW IPX6 00:A0:C9:AC:FE:B0 00:50:DA:29:7A:E9 64 13:01:39.582 NW IPX7 IP-128.171.17.8 IP-128.171.17.151 130 13:01:39.589 IP-UDP16Etherpeek Summary
View Full Document