Ben’s Blog

Very simple day today, we simply took the 2nd test of the quarter, and I tallied your grades and let you know whether or not you need to be here IN TWO WEEKS to take the final or not.  Did you catch that?  We’re not in class next week.  It will be two weeks from now — September 14 — when we take the final.  If you even have to.

It’s been a fun quarter, thanks for your hard work and attention.  I’ll miss seeing you guys next quarter.

Homework:

• Study for the final, if you have to take it.

Well, today was the day we executed on what we have learned this quarter.  I hope it was a learning experience as well as an enjoyable one.

Any feedback you want to leave will be welcomed.

Homework:

• Study for the final, if you have to take it.
• Remember, no class next week!!!!  Final is on 9/14, if you have to take it!

Today’s the last day of mindlessly thumping your way through the book!  Woo!  More on what that means in a minute…

What we covered today was using tables inside of PowerPoint, and then (somewhat randomly) different ways we can share our presentations.  This lesson is actually very important, and I’d consider using it if you find yourself needing to present on a computer on which you’re not familiar — and therefore not sure about the existance of PowerPoint on it.  How embarrassing would it be to show up ready to go, and not be able to run your presentation!

Most of you are well aware of this, but next week your PowerPoint presentations are due, and they are worth 100 points (a test grade!).  The requirements sheet, if you still haven’t gotten a copy, is available in the Files section to your right, or can be downloaded here.

Homework:

• Chapter 8: Matching
• Chapter 8: Review Questions
• Chapter 8: Projects 8C, 8D.
• Finish your projects, they’re due next week!!!!!  Download requirements sheet here.

Chapter 8 was all about securing your Internet connection.  We used this chapter to kind of springboard off of the morning class discussion.

We discussed connecting our networks to the INternet, as well as connecting our remote users to our internal networks, using the Internet (VPNs).

Homework:

• Take Home Test #9 – download it here.

Forgive me if this is brief.  WordPress ate my first draft.

Today we talked about Chapter 10, dealing with Network security.  As we’ve talked about time and time again, securing your network is very important in today’s culture, and we looked at several ways of accomplishing this.

The first way we examined was packet filtering.  This way is typically used with firewalls, and let’s us flag certain types of traffic and do certain things with it.  Let’s say, for example, I wanted to block FTP commands, I would go into my firewall and block TCP port 20 traffic.  This would, in theory, allow FTP data through the firewall, but would block any commands that would initiate such an upload.

We also looked at IPSec.  IPSec is a way to authenticate or encrypt data sent over the IP layer — a layer 3 function.  Since this operates at the Network layer, any device that can handle IP traffic (most things!) will be able to pass this traffic on.  IPSec will operate in one of two modes: tunnel mode, in wihch the entire communications tunnel is encrypted), or transport mode, in which the packet is encrypted, sent out in clear, yet encrypted text, and then received at the destination computer, where it is decrypted.

Using IPSec, we can get really granular with our packets and what we do with them.  Following along with the FTP example, let’s say that I want all FTP traffic to my servers to be encrypted.  After all, FTP traffic is sent unencrypted, if left to its own devices.  What I can do is set up an IPSec rule that requires security on all traffic coming in and leaving across ports 20 and 21.  By the way, if for some reason I have some 9x computers still floating out there, I can set this rule to “request” security, so that if the clients have it, they’ll use it, but if not they’ll work anyway.  I’d recommend setting it to require and using that as an excuse to update those babies to Win7.  But that’s just me.

Homework:

• Take Home Test #9 – download it here.

Tonight we hammered down and finished up the book, covering Units 9 and 10.

Unit 9 covered performance monitoring.  Depending on what type of server you’re running, there are various types of tools available to monitor your server’s performance.  If, for example, you’re sporting a linux server (and why not, most of them are free!), you have these tools at your disposal:

• Vmstat – information on memory usage, CPU and interrupts
• Ps – lists all processes running
• Df – lists disk space used and available
• Top – shows top several processes running and amount of resources they use

If you’re running Windows (more likely, if y0u’re coming from this school), you’re looking at Performance Monitor, which is actually made up of two tools: System Monitor and Performance Logs and Alerts.  System Monitor uses items called counters which can monitor a number of individual perfomance items such as the % amount of CPU time or HDD time is being used in real time.  Using these counters in conjunction with Performance Logs and Alerts allows you to generate alarms if a server’s CPU usage stays consistently too high, or if it consistently runs short on RAM, or if the network card gets overloaded, etc.

Moving on to Chapter 10 (wow, 2 in one night!), we moved to the topic of troubleshooting.  I always am challenged when we get to chapters regarding troubleshooting, because it really is such an art.  The main thing I can suggest is to always try the simple things first (even though I generally don’t follow this advice!), and to always document everything you do.  We discussed some tools available to us to help us troubleshoot and document.

Next week, we’ll simply have the last test of the quarter, and then we’ll find out who has to come to the final.  Hopefully, that’ll be none of you!

Homework:

• Chapter 9 – Review Questions
• Chapter 10- Review Questions
• Study for Checkpoint #2 Exam!

Today’s the last real day of class!  Woah!

Being the last day, we went over the last chapters in the book.  For us, that means Chapters 10, 11 and 12.  And luckily (or maybe notsomuch) this was largely a repeat from the earlier days of the course.

Chapter 10 covered printers.  As a reminder we talked about the difference Windows makes between printers and print devices.  Printers are the software interfaces that talk to print devices — the actual hardware you hook up to a computer or network.  We also discussed various aspects about printing, such as setting up a network printer, installing print drives for any OS that might connect to your printer, and not just the OS that’s currently installed.  The reason is is that the drivers are served up to the client requesting your printer when it accesses yoru share.  So if you have older OSs on the network who might be connecting up to you, it’s a good idea to provide drivers for them.  If in doubt, include the drivers.  We also spoke about printer pools and using different software printers for the same print devices.  Make sure you know why and when to use these techniques, I have a feeling they’ll show up really soon (ahem, ahem).

And speaking of drivers, Chapter 11 dealt with device drivers.  Device drivers, in case you’ve forgotten, are the pieces of software that interface with the hardware  devices connected to your computer.  It’s what lets Windows communicate with them.  Luckily, Windows includes a large number of drivers with it, but it’s always a good idea to install the drivers that came with your device, as they generally include much more functionality over the Windows-included ones.

And to cap off the book, Chapter 12 was all about disk storage.  We discussed the differences between basic and dynamic disks, setting up partitions (and the types of partitions), the differences between simple, spanned, and striped volumes (and that you have to be sporting dynamic disks for those to even be options.  We also discussed disk quotas, where you can control how much hard drive space each user has on the drive.  HDD space is cheap nowadays, but you still may want to consider implementing some kind of quota, lest Chad decide to rip his entire 500 DVD movie collection to the company server.

And that was pretty much it.  Next week, come in fresh and refreshed!  We will be having our day-long network build, and I promise that every chapter we’ve covered this quarter will be represented in some way or fashion.  I will be available for limited help (hints mostly), but you will generally be on your own.  You should be excited, this is going to be a lot of fun!

Homework:

• Take Home Checkpoint #2 – download it here.

Trucking right along, we covered Chapter 7 — covering charts and graphs (or, chartsengrafs, if you want to put it all together as one word like I do).  This chapter topic is directly required in your project which is due in two weeks: September 2.  Make sure you don’t forget!!!

Homework:

• Chapter 7 Fill-in-the-Blank
• Chapter 7 Matching
• Chapter 7: Project 7C
• Chapter 7: Project 7D
• Continue work on your project — they are due September 2.  If you need another requirement sheet, you can download it here.

Continuing on the security theme from the morning class (it’s interesting how that seems to work out, doesn’t it?), we talked about the designing process of setting up security in AD.  There are a number of approaches to go about setting up, and here are the four basic methodologies we discussed:

1. Centralized IT
2. Centralized IT with Decentralized Administration
3. Decentralized IT
4. Outsourced IT

Depending on which methodology your company ends up subscribing to will dictate what you do with your AD organization and what you do in order to secure it.  Whatever methodology you end up using, make sure you set up your OUs so that you have as few GPOs as possible — GPOs take up space (about 4MB) and the more you have flying over the wires, the slower your network will run.  One trick you can do is to set up your OU hierarchy in a way that you can assign GPOs to the higher OUs and let inheritance take over (remember from last semester that inheritance can be blocked at any time, just click and make it happen).  Needless to say, this is an art.

Homework:

• Take Home Test #8 – download it here.

PKI, or Public Key Infrastructure, was the topic for today’s class.  Making sure you have an understanding of PKI is important, as it’s the way we secure our data as it travels from one location to another.

In a PKI, there are two keys used to encrypt/decrypt our data — the private key and the public key.  The private key is stored on a user’s individual computer and the private key is stored within the certificate that is issued by a certificate server (typically called a certificate authority).  It doesn’t matter which key is used to encrypt, the other key will be used to decrypt.  For example, if I were to use my private key to encrypt a file and send it off to a server, the receiving server would use the public key of my certificate to decrypt it.

On the topic of certificate authorities (CAs), you can have either an internal or an external CA.  External CAs are more trusted as they are third party authorities who actually check on your business and make sure you really are who you say you are.  Using a third party CA shows the outside world, who you are issuing certificates to, that you are in fact a legitimate business and not some hack pretending to be one.  The downside to using an external CA is of course cost, and it can cost a lot of money just to get a simple text file proving to users who you are.  But, without this third party authentication, you can get errors which might scare away many users.

If you are just using your certificates in house, there is no reason to get a third-party CA, and you can simply use an internal CA.  It works exactly the same way except you don’t have to file a bunch of paperwork, deal with an intense barrage of phone verification and pay hundreds of dollars.

As you are managing an internal CA, you’ll have options to do when working with certificates.  For example, if a particular user gets fired for some reason, you can go in and revoke their certificate, even if their certificate isn’t set to expire for another year — that’s just one more way of ensuring that your systems are as secure as they can possibly be.

Homework:

• Take Home Test #8 – download it here.