LAN Management © Abdou Illia, Fall 2006 School of Business Eastern Illinois University (Week 9, Thursday 10/19/2006)
2 Learning Objectives n Understand Accounts and Access rights
3 LAN management n It take a few days to set up a PC LAN n The rest of the time, Network administrator must keep it functioning – Using the NOS and – Network management utilities (e.g. Protocol analyzers like Etherpeek or IBM's NetView)
4 LAN management n Definition: Using Network Operating System and utility programs to monitor a Local Area Network in order to keep it functioning. n Common management activities: – Creating and managing user accounts and groups of user accounts (e.g. Accounting group) – Sharing resources (e.g. folders, printers, programs) – Assigning Access rights: What resources users can see and what actions they can take for each resource? – Diagnosing problems in LAN’s operation – Gathering statistics about LAN’s traffic
5 User accounts n A user account is a record that contains – User name – User password – Groups the user belongs to – User’s logon time, etc. n Domain user account: allows users to log on to a domain and gain access to resources anywhere on the network n Local user account: allows users to log on and gain access to resources on the computer where the user account is created n Built-in User accounts: – Administrator, Guest,
6 Group accounts n A Group account is a collection of User accounts n Users can be members of more than one group n Assigning Access rights: – Should be done for each user in each directory (i.e. each folder) – Usually, however, users are assigned to groups – So, we can give access rights to groups – If access rights are assign to a group, all members of the group get those rights Using Groups greatly simplifies the assignment of access rights
7 Access rights n List of Access rights found in most NOS: – Ability to see a directory of file – Ability to get a read-only copy of a file in a directory (i.e. copy that cannot be edited and then saved under the same name) – Ability to edit and then save a file – Ability to create and delete files – Ability to create and delete subdirectories – Ability to assign access rights in a directory to other users. Applications WordProcessings Databases Drive C OracleQuickDB
8 Automatic Inheritance of Access Rights n Assigning rights to user or group accounts in a directory n Rights are automatically inherited in lower-level directories
9 Automatic Inheritance of Access Rights n Assigning rights to users or group in a directory n Rights automatically inherited in lower directories n Simplifies rights assignment Application Word ProcessingDatabase OracleQuickDB Assigned Browse And Read Rights Inherits Browse And Read Rights Inherits Browse And Read Rights
10 Automatic Inheritance of Access Rights n Blocking of Inheritance – If rights explicitly assigned in subdirectory, inheritance is blocked – Only assigned rights are effective Application Word Processing Database (Browse and Execute Only) QuickDB Assigned Browse And Read Rights Inherit Browse And Read Rights Assigned Browse And Execute Rights Oracle
11 Omnibus rights n Users normally have very limited access rights n Administrator normally has omnibus rights, i.e. – Total access rights in every directory (Full Control) – Can read, delete, etc. any file in any directory n Omnibus rights necessary to allow the administrator to fix problems wherever they occur n Problem: No file is hidden from Administrator’s eyes (including encrypted files)
12 Omnibus rights n Administrators often assign Omnibus rights to their assistants n Omnibus rights dangerous but – Eliminating them can create limitations on the Administrator’s abilities to manage the Network.
13 Summary Questions 1. Directory Applications has subdirectories Databases and WordProcessings. The Network administrator assigns user Lee to the group Outer. The administrator assigns Outer the access rights R, S, and T in Directory Applications. (Don’t worry about the meaning of R, S, and T. They are simply types of rights.) The administrator assigns Outer the access rights S, U, and V in subdirectory Databases. a) What access rights does user Lee have in directory Applications? Explain. b) What access rights does user Lee have in directory Databases? Explain. c) What access rights does user Lee have in directory WordProcessings? Explain. Applications WordProcessings Databases
14 Summary Questions 2. (a) What is LAN management ? (b) Name some common management activities. 3. a) What are access rights? b) How does the use of groups simplify the assignment of access rights? c) How does automatic inheritance simplify the assignment of access rights? d) How does explicit assignment modify automatic inheritance?
15 Etherpeek Frame-by-Frame Analysis SourceDestinationSizeTime StampProtocol 100:A0:C9:AC:FE:B000:40:C7:95:6E:EF6413:01:39.581NW IPX 200:A0:C9:AC:FE:B000:40:C7:A1:12:8B6413:01:39.581NW IPX 300:A0:C9:AC:FE:B000:40:05:3E:6F:DC6413:01:39.581NW IPX 4IP IP :01:39.582IP-UDP 500:A0:C9:AC:FE:B000:40:C7:2F:04:616413:01:39.582NW IPX 600:A0:C9:AC:FE:B000:50:DA:29:7A:E96413:01:39.582NW IPX 7IP IP :01:39.589IP-UDP
16 Etherpeek Summary Information