INFOLINK UNIVERSITY COLLEGE

Department of Information Technology

System and Network Administration Module

Comprehensive Learning Outcomes Study Guide

Covering All 5 Learning Outcomes | Based on Module Compiled by Atnafu Gizaw (MSc)
Table of Contents
Learning Outcome 1: Manage a Network and Its Devices ............... Page 3
Learning Outcome 2: Create and Manage Users and Groups ............. Page 8
Learning Outcome 3: Manage Disks and Files .......................... Page 12
Learning Outcome 4: Backup and Restore System and User Data ........ Page 16
Learning Outcome 5: Remotely Administer a Network .................. Page 19
 LEARNING OUTCOME 1: MANAGE A NETWORK AND ITS DEVICES

1.1 Network Overview and Types

A network is defined as two or more computers connected together to share resources. A computer network is
a collection of computers or hardware devices connected either physically or logically, using special hardware
and software to exchange information and cooperate.

1.1.1 Network Types by Geographical Span

• Personal Area Network (PAN): Spans across a table; devices within a few meters. Uses Bluetooth
technology.
• Local Area Network (LAN): Spans a building or multiple buildings within an organization using
switches/hubs.
• Metropolitan Area Network (MAN): Spans an entire city, interconnecting multiple buildings and
organizations.
• Wide Area Network (WAN): Spans multiple cities, countries, or continents. The Internet is an example of
WAN.

1.1.2 Network Topologies

• Bus Topology: All devices connected to a central cable (bus/backbone) terminated at both ends. If the
main cable breaks, the entire network fails.
◦ Advantages: Easy installation, less cable required.
◦ Disadvantages: Entire network shuts down if main cable breaks.
• Star Topology: Each node connected directly to a central hub or switch. Most common with twisted pair
cable and RJ-45 connectors.
◦ Advantages: Easy installation, robust, single link failure only affects connected device(s).
◦ Disadvantages: Single point of failure (central device), more cable required.
• Ring Topology: All devices connected in a closed loop; each device connected to two others.
◦ Advantages: Easy to install and reconfigure, even performance regardless of users.
◦ Disadvantages: A break anywhere can disable the entire network.
• Mesh Topology: Devices connected with redundant interconnections. Full mesh: every node connects to
every other. Formula: n(n-1)/2 cables.
◦ Advantages: Dedicated links, robust, private/secure direct communication.
◦ Disadvantages: Expensive, difficult installation, large cable volumes.
• Hybrid Topology: A combination of more than one topology type.

1.1.3 Network Administration Role

A Network Administrator is responsible for installing, updating, and configuring network devices. Tasks include:
• Troubleshoot and maintain network devices (routers, switches, cabling, Phone system/VoIP, firewalls)
• Configuration and management of switches, routers, firewalls, VPN gateways, etc.
• In smaller companies: may also configure databases, manage user accounts, desktop support
• Management and maintenance of network infrastructure
1.2 TCP/IP Protocols and Network Configuration
1.2.1 Network Configuration Files (Linux)
• File: /etc/hosts
◦ Always contains localhost IP address: [Link]
◦ Never remove the localhost line — programs requiring network functionality depend on it!
# Sample /etc/hosts
[Link] [Link] localhost
[Link] [Link] IUD
• File: /etc/[Link]
◦ Configures access to DNS server. Contains domain name and nameserver addresses.
search [Link]
nameserver [Link]
• File: /etc/[Link]
◦ Defines the order in which to contact different name services.
$ grep hosts /etc/[Link]
hosts: files dns
◦ Instructs computer to look up hostnames in /etc/hosts first, then contact DNS server.

1.2.2 Network Configuration for Linux Distributions

• Ubuntu: System → Administration → Networking
• RedHat Linux: redhat-config-network (graphical and text mode interface)
• Suse: YAST or YAST2 (all-in-one configuration tool)
• Mandrake/Mandriva: Network and Internet Configuration Wizard via Control Center
• GNOME systems: gnome-network-preferences

1.3 Network Commands

1.3.1 The ip Command
The ip command is the modern way to display and configure the kernel's networking. Used for assigning IP
addresses to interfaces, setting up routes, and displaying TCP/IP configurations.
• lo: Local loop interface — linked with internal [Link] address. NEVER change local loop configuration!
• eth0: First Ethernet interface for the real NIC, pointing to local LAN IP address.
• wlan0: Wireless interface naming convention.
• ppp0: Modem interface naming convention.
📌 NOTE: Multiple interfaces can be active simultaneously and are numbered sequentially (eth0, eth1, eth2...).

1.3.2 The ifconfig Command

Still very popular; used without option for displaying network interface information.
• inet addr: Marks the IP address
• HWaddr: Marks the hardware (MAC) address
• Both ifconfig and ip show whether interface is UP and RUNNING
$ ifconfig # Display all interfaces
$ ifconfig eth0 # Display specific interface
1.3.3 The netstat Command
Common utility useful on any UNIX system. Routing information displayed with -nr option:
$ netstat -nr # Display routing table
• [Link] line: Default route — traffic for other networks is sent to router at specified IP via eth0
• 192.168.x.0 line: Local network traffic routed through primary interface without router

1.3.4 The host Command

Used to display information on hosts or domains:
$ host <hostname or domain> # Display DNS information about host/domain

1.3.5 The ping Command

Used to check if a host is alive:
$ ping <hostname or IP> # Check if host is reachable
• Interrupt ping with Ctrl+C if system sends more than one packet

1.3.6 The traceroute Command

Used to check the route that packets follow to a network host:
$ traceroute <hostname or IP> # Trace path to destination

1.4 NAT (Network Address Translation)

NAT allows private IP addresses to access the Internet using a public address. Private IP ranges include: [Link]–
[Link], [Link]–[Link], and [Link]–[Link].

How NAT Works:

• Workstation makes a request to an Internet computer
• Routers recognize the request is for an external resource, send it to the firewall
• Firewall makes the request using its own public address and returns the response
• From the Internet's perspective, only the firewall's IP is visible
• All internal users share the same public IP address — one public IP can serve thousands of users
• Modern firewalls are stateful — they track connection state, ports, packet order, and IPs involved

Additional NAT Uses:

• Web servers requiring Internet access can be assigned public IPs on the firewall
• Workstations needing special external access can be assigned specific external IPs
• NAT conserves public IP addresses and allows stricter access control

1.5 Proxies and Gateways

1.5.1 Proxy Server
A proxy server acts as a gateway between users and the Internet, separating end users from the websites they
browse.
• Firewalls: Proxy servers can host firewalls that intercept and approve/block incoming traffic
• Content filters: Block undesired outgoing traffic (e.g., prevent employees from accessing blocked sites)
• Bypassing content filters: Use another proxy to circumvent restrictions
 • Caching: Temporarily store frequently accessed data to reduce latency and improve load times
• Security: All network users appear anonymous behind the proxy's IP address
• Sharing Internet connections: Multiple devices share a single Internet connection through proxy
📌 NOTE: When you use a proxy, your browser connects to the proxy first, which then forwards traffic to the website.
Proxy servers are also known as 'forward proxies.'

1.5.2 Gateway
A gateway is a node (router) in a computer network — a key stopping point for data traveling to/from other
networks.
• In workplaces: the gateway is the computer routing traffic from workstations to external networks
• At home: the gateway is typically the ISP that provides Internet access (modem/router combo)
• A gateway is characterized as the combination of a router and a modem
• Gateways store information about host network internal paths and additional network paths
• Gateways are protocol converters, facilitating compatibility between protocols on any OSI layer

Types of Gateways:
• Web application firewalls: Filter traffic to/from a web server at the application layer
• Cloud storage gateways: Translate storage requests with cloud storage API calls
• API, SOA or XML gateways: Manage traffic in microservices or XML-based web services
• IoT gateways: Aggregate sensor data and translate between sensor protocols
• Media gateways: Convert data formats between different network types
• Email security gateways: Prevent transmission of policy-violating or malicious emails
• VoIP trunk gateways: Allow plain old telephone service equipment to work with VoIP networks

1.6 Samba Setup and Windows Workgroups/Domains

1.6.1 Windows Workgroups
A workgroup is a collection of computers on a LAN sharing common resources and responsibilities. It is
Microsoft's term for a peer-to-peer LAN.
• Each computer uses its own local accounts database to authenticate resource access
• Works best with 15 or fewer computers — becomes difficult to administer beyond this
• No common security/resource database — users and resources defined on each computer
• All Windows computers (7, 8, 10) automatically assigned to default group named WORKGROUP (MSHOME
in XP)
• To access shared resources: user must know workgroup name + username + password of remote
computer account

Workgroup Disadvantages:
• User accounts must be created on each machine if accessing resources on multiple machines
• Low security protocol for authentication between nodes
• Desktop computers limited to 15 or fewer connections per individual desktop
1.6.2 Windows Domains and Active Directory
A Windows domain is a logical group of computers sharing a central directory database (Active Directory).
Domain Controller (DC) authenticates all users.
• Active Directory (AD): Microsoft's implementation of LDAP directory services
• Domain Controller (DC): Server running Active Directory that authenticates users and computers
• Microsoft recommends more than one DC for automatic failover protection
• DCs should ideally be single-purpose — avoid running SQL Server or Exchange on the same DC

Trust Types in Active Directory:

• One-way trust: One domain allows access to users of another, but not vice versa
• Two-way trust: Both domains allow access to users of each other
• Transitive trust: Extends beyond two domains to other trusted domains in the forest
• Forest trust: Applies to the entire forest; transitive, one- or two-way
• Shortcut trust: Joins two domains in different trees; transitive, one- or two-way

AD Management Tools:
• Active Directory Administrative Center (Windows Server 2012+)
• Active Directory Users and Computers
• Active Directory Domains and Trusts
• Active Directory Sites and Services
• ADSI Edit
• SysInternals ADExplorer
• Unix integration via PowerBroker Identity Services, ADmitMac (Thursby), or Samba (can act as domain
controller)

1.6.3 Samba — Windows-Linux Integration

Samba is a free, open-source implementation of the SMB/CIFS protocol for Unix systems. It allows Linux to serve
Windows clients as if it were a Windows server.
• SMB (Server Message Block): Protocol used by Windows systems to share files and printers
• CIFS (Common Internet File System): Modern name for SMB protocol
• smbd: The SMB Daemon — handles actual file/printer share requests from clients
• nmbd: Handles name lookup requests; manages NetBIOS names and browsing
• [Link]: Main configuration file for Samba (located in /etc directory)

Samba's Four Core CIFS Services:

• File and print services
• Authentication and Authorization (share mode or user mode)
• Name resolution (broadcast or NBNS/WINS point-to-point)
• Service announcement (browsing — Local Master Browser election)

Samba Utilities:
• smbclient: Simple SMB client (similar to FTP). Used to connect to SMB shares, transfer files.
$ smbclient //server/share -U username
• nmblookup: NetBIOS name service client. Finds NetBIOS names and looks up their IP addresses.
 • swat: Samba Web Administration Tool. Configure Samba remotely using a web browser.

SMB Filesystem for Linux:

• smbfs: Allows Linux to map a remote SMB share into its directory structure
# SMB share can be mounted at /mnt/zarquon — files accessible like local files
• smbsh (SMB shell): Allows SMB shares to appear mounted on a per-user, per-shell basis
📌 NOTE: Samba uses [Link] (similar to Windows .ini files) for configuration. Changes are immediately detected by
smbd and nmbd — no restart required.

1.7 Network Printing

• Method 1: Connect regular printer to a workstation (Workstation 1) and share it on the network
◦ Access via UNC path: \\computername\sharename
◦ Disadvantage: Workstation must remain on; users on that computer affect availability
• Method 2: Printer with its own NIC connected directly to the network
◦ Connect using IP address and TCP/IP port
◦ No dependency on a workstation
• Print Server: Manages flow of documents sent to the printer. Types: OS-based, internal (built into printer),
external hardware print server
• Each host wanting to use the network printer must have the corresponding printer driver installed
• UNC path format: //servername/path (Unix) or \\servername\path (Windows)
 LEARNING OUTCOME 2: CREATE AND MANAGE USERS AND GROUPS

2.1 Windows User Administration

2.1.1 User Account Concepts
A user account is a collection of settings and information that tells the OS which files and folders can be
accessed, what operations can be performed, and what network resources are available.
• User name: The name given to the account
• Password: The password associated with the user account
• User group: A collection of user accounts sharing the same security rights and permissions
• Type: Defines permissions — Administrator, Standard, or Guest

Windows Account Types:

• Administrator: Complete control over the PC. Can install anything and make changes affecting all users.
• Standard: Can only use pre-installed software and change settings that don't affect other users.
• Guest: Special account with no password. Temporary access only. Cannot change system settings.

2.1.2 Windows File and Folder Permissions

• Read: View and list files and folders
• Write: Write to a file or add files and subfolders to a folder
• List folder contents: View and list files/subfolders, execute files in folder (folders only)
• Read & execute: Read, access, and execute files; view and list contents
• Modify: Read, write, and delete files/subfolders
• Full control: Read, write, change, and delete any file/subfolder
📌 NOTE: To view permissions: Right-click folder → Properties → Security tab → 'Group or user names' section

2.1.3 Assigning User Rights

The most efficient way to assign user rights is to make the user a member of a group that already has the right.
Assign through Local Policies node of Group Policy.
• Local policies can be set per-computer using local security policy, or per-domain/OU via group policy
• Remote Desktop Users group: Created by Microsoft to grant 'Allow Logon Through Terminal Services'

2.2 Roaming Profiles

A Windows roaming profile stores user settings on a central file server, enabling the same experience on any
domain-joined computer.
• Profile path format: \\server\profiles\user_name
• At login: Profile copied from central server to local computer
• At logout: Profile merged from local computer back to server
• If profile caching is enabled: Only newest files are merged on subsequent logins (faster)

Profile Contents:
• Application data and settings
 • Documents/My Documents folder
• Downloads folder
• Files stored on Desktop
• Directories under c:\users\[username]
• HKEY_CURRENT_USER registry hive (designed to roam with user)

2.3 Linux User Administration

2.3.1 The Root Account
The root user is the superuser — has unlimited privileges. The normal file permissions and security precautions
do not apply to root.
• Can change every file on the system regardless of ownership
• Method 1: Log in directly as root (NOT recommended for GUI — all graphical apps run with root privileges)
• Method 2: Use su command from a normal shell to obtain root shell (preferred)
$ su - # Obtain root shell; requires root password
• Root prompt: # (hash mark); regular user prompt: $ (dollar sign)
• su creates a log entry in /var/log/messages — important for tracking on multi-administrator systems
📌 NOTE: Avoid logging into the GUI as root. Prefer: log in as normal user, then use 'su -' when administrator privileges
are needed.

2.3.2 User Concepts

• Every user assigned a unique number: UID (User ID)
• UIDs 0–99: Reserved for system; UIDs 100–499: For software packages needing pseudo-user accounts
• Real users' UIDs start from 500 or 1000 (distribution-dependent)
• Root's UID and GID: Both are 0
• Users can be in one primary group and multiple secondary groups
• Files created by a user are assigned to the primary group
• Linux kernel uses UID internally — not textual user names
$ id # Display UID, GID, and group memberships
$ last # Show who logged in and when

2.4 System Files for User and Group Management

2.4.1 The /etc/passwd File
The system user database. Contains one entry per user.
Format: <username>:<password>:<UID>:<GID>:<GECOS>:<home_dir>:<shell>
• username: Lowercase letters and digits; first character must be a letter
• password: In modern systems, shows 'x' — actual password stored in /etc/shadow
• UID: Numerical user identifier (0 to 2^32 - 1)
• GID: Primary group GID
• GECOS: Comment field — real name, office number, telephone
• home directory: User's personal area for storing files
• shell: Program started by login after authentication (usually a shell)
📌 NOTE: Do not edit /etc/passwd by hand. Use useradd, usermod, userdel, or vipw instead.
2.4.2 The /etc/shadow File
Stores encrypted passwords securely. Readable only by root; members of 'shadow' group can also read it.
Format: <username>:<password>:<change>:<min>:<max>:<warn>:<grace>:<lock>:<reserved>
• password: Encrypted password. '*' or '!' prevents login (locks account)
• change: Date of last password change (days since 1 Jan 1970)
• min: Minimum days before password may be changed again
• max: Maximum days password remains valid
• warn: Days before expiry when user is warned
• grace: Days after max expiry before account is locked if password not changed
• lock: Date account will be definitively locked (days since 1 Jan 1970)
📌 NOTE: Password 'encryption' in Linux is one-way — it is impossible to recover the original password from
/etc/shadow.

2.4.3 The /etc/group File

Stores group information. Contains one entry per group.
Format: <group_name>:<password>:<GID>:<members>
• group name: Name of the group
• password: Optional group password ('*' blocks changing to group via newgrp; 'x' refers to /etc/gshadow)
• GID: Numerical group identifier
• members: Comma-separated list of users who have this as a secondary group

2.5 User Management Commands

2.5.1 Creating User Accounts
The useradd program automates creating /etc/passwd and /etc/shadow entries, creating the home directory,
and copying profile files.
$ useradd <options> <username> # Create new user account
After creating an account with useradd, the administrator must set a password:
$ passwd new_user # Set password for user (as root)
$ passwd # Change own password (as regular user)

passwd Options:
• passwd -S username: View password status ('P'=set, 'LK'/'L'=locked, 'NP'=no password)
$ passwd -l username # Lock the account
$ passwd -u username # Unlock the account
$ passwd -n 7 username # Password change interval: at most every 7 days
$ passwd -x 30 username # Password must change at least every 30 days
$ passwd -w 3 username # 3 days grace period warning before password expires

chage Command (additional shadow settings):

$ chage -E 2021/12/21 username # Lock account from specified date
$ chage -E -1 username # Cancel expiry date
$ chage -I 7 username # Grace period 1 week from password expiry

2.5.2 Deleting User Accounts — userdel

$ userdel <username> # Remove user account (keeps home directory)
 $ userdel -r <username> # Remove user account AND home directory and mail box
$ find / -uid <UID> -delete # Find and delete all files owned by specific UID
📌 NOTE: userdel removes entries from /etc/passwd and /etc/shadow, and deletes references from /etc/group. Use -r to
also remove home directory and /var/mail mailbox.

2.5.3 Modifying User Accounts — usermod

usermod accepts mostly the same options as useradd but changes existing accounts.
$ usermod -g <group> <username> # Change user's primary group
$ chown -R hello /home/hello # Transfer file ownership after UID change

2.5.4 Direct Editing — vipw

The vipw command invokes an editor (vi) to edit /etc/passwd directly. It locks the file to prevent simultaneous
edits by other users or programs like passwd.
$ vipw # Edit /etc/passwd safely with file locking

2.6 Group Management Commands

2.6.1 Creating Groups — groupadd
$ groupadd <group_name> # Create group (auto-assign GID)
$ groupadd -g <GID> <group_name> # Create group with specific GID
📌 NOTE: GIDs up to 99 are usually reserved for system groups.

2.6.2 Modifying Groups — groupmod

$ groupmod -g <GID> <group_name> # Change group's GID
$ groupmod -n <new_name> <group_name> # Rename group (GID unchanged)

2.6.3 Deleting Groups — groupdel

$ groupdel <group_name> # Remove group entry
📌 NOTE: When editing /etc/group manually, also update /etc/gshadow if group passwords are used.
 LEARNING OUTCOME 3: MANAGE DISKS AND FILES

3.1 Linux Filesystem Philosophy

On a UNIX/Linux system: 'Everything is a file; if something is not a file, it is a process.' Directories are just files
containing names of other files. Programs, services, texts, images, input/output devices — all are considered
files.

3.1.1 File Types in Linux

• Regular file (–): Normal data files (text, executables, program output)
• Directory (d): Contains names of other files
• Link (l): Symbolic or hard link to another file
• Special file (c): Character device files
• Socket (s): Network socket file
• Named pipe (p): Inter-process communication pipe
• Block device (b): Block device files (disk drives)
$ ls -l # Display file type as first character of each line

3.2 Linux Filesystem Structure

The Linux filesystem is arranged in a tree structure starting at the root (/) directory.

Standard Directory Layout:

• /bin — Common programs shared by system, administrator, and users
• /boot — Startup files, the kernel (vmlinuz), and GRUB data
• /dev — References to all CPU peripheral hardware (represented as special files)
• /etc — Most important system configuration files (similar to Windows Control Panel)
• /home — Home directories of common users
• /lib — Library files needed by system and users
• /lost+found — Every partition has one; files saved during failures
• /misc — For miscellaneous purposes
• /mnt — Standard mount point for external filesystems (CD-ROM, camera)
• /opt — Typically contains extra and third-party software
• /proc — Virtual filesystem containing system resources information
• /root — Home directory of the administrative root user
• /sbin — Programs for use by the system and system administrator
• /tmp — Temporary space; CLEARED upon reboot — do NOT save important work here!
• /usr — Programs, libraries, documentation for all user-related programs
• /var — Storage for variable and temporary files: log files, temporary downloads

3.2.1 Absolute and Relative Pathnames

• Absolute pathname: Described from root (/); always begins with /
/etc/passwd
/home/hello/programming/notes
 • Relative pathname: Relative to current working directory; never begins with /
programming/notes
personal/reserved
$ pwd # Print current working directory

3.3 Inodes
Every partition has its own filesystem. In a filesystem, a file is represented by an inode — a kind of serial number
containing information about the actual data.
• Each partition has its own set of inodes; files across partitions can share inode numbers
• Fixed number of inodes per partition created at initialization: typically 1 inode per 2–8 kilobytes

Inode Contains:
• Owner and group owner of the file
• File type (regular, directory, etc.)
• Permissions on the file
• Date and time of creation, last read, and last change
• Date and time the inode information was changed
• Number of links to this file
• File size
• Address defining actual location of file data on disk
📌 NOTE: File names and directories are NOT stored in the inode — they are stored in special directory files. Inode does
NOT contain the filename.
$ ls -i # Display inode numbers for files

3.4 Linux Partition Types

• Data partition: Normal Linux system data, including the root partition with all data to start and run the
system
• Swap partition: Extension of computer's physical memory (extra memory on hard disk)

3.5 File Permissions (Linux)

Permission Format
drwxrwxr-x 6 hello hello 4096 July 19 18:25 Android
||||||||||
|rwx------ Owner permissions (r=read, w=write, x=execute)
|---rwx--- Group permissions
|------r-x Others permissions

Changing Permissions:
$ chmod <permissions> <file/dir> # Change file permissions
$ chown -R username /path # Change ownership recursively

3.6 RAID (Redundant Array of Independent Disks)

RAID is a data storage virtualization technology combining multiple physical disk drives into logical units for data
redundancy, performance improvement, or both.
 📌 NOTE: Originally contrasted with SLED (Single Large Expensive Disk). RAID levels standardized by SNIA in the Common
RAID Disk Drive Format (DDF).

3.6.1 RAID Terminology

• Striping: Segmenting logically sequential data so consecutive segments are stored on different physical
devices
• Mirroring: Replication of logical disk volumes onto separate physical hard disks in real time
• Parity: Error-correction bits written at the rate of one parity bit per n bits (where n = number of disks)

3.6.2 RAID Levels

• RAID 0 — Striping (no mirroring or parity):
◦ Capacity: Sum of all drive capacities
◦ Performance: Read/write throughput multiplied by number of drives
◦ Risk: If ANY drive fails, entire RAID 0 volume and ALL files are LOST
◦ Minimum drives: 2
• RAID 1 — Mirroring (without parity or striping):
◦ Data written identically to two or more drives ('mirrored set')
◦ Array continues to operate as long as at least ONE drive is functioning
◦ Read throughput: Approaches sum of all drives. Write throughput: Always slower (all drives
updated)
◦ Minimum drives: 2
• RAID 2 — Bit-level striping with dedicated Hamming-code parity:
◦ Historical significance only; not used by any commercially available system as of 2014
• RAID 3 — Byte-level striping with dedicated parity disk:
◦ Parity calculated across corresponding bytes and stored on a dedicated parity drive
◦ Not commonly used in practice
• RAID 4 — Block-level striping with dedicated parity:
◦ Advantage over RAID 2 and 3: I/O parallelism (single read does not spread across all data drives)
◦ Result: More I/O operations can execute in parallel; better performance for small transfers
• RAID 5 — Block-level striping with distributed parity:
◦ Parity information distributed among all drives
◦ Can survive failure of ONE drive; subsequent reads recalculated from distributed parity
◦ Minimum drives: 3
◦ Risk: Large RAID 5 arrays are vulnerable to system failure during array rebuild (chance of second
drive failure)
• RAID 6 — Block-level striping with DOUBLE distributed parity:
◦ Fault tolerance up to TWO failed drives simultaneously
◦ Makes larger RAID groups more practical for high-availability systems
◦ Minimum drives: 4
◦ The larger the drive capacities, the more important it becomes to choose RAID 6 over RAID 5
3.7 Storage Monitoring
3.7.1 What to Monitor for Storage
• Free Space: Most critical metric — watch closely or automate
• File System-Related Statistics: Number of files/directories, average file size
• Transfers per Second: Determines if device's bandwidth limits are being reached
• Reads/Writes per Second: Understand the nature of I/O loads (some technologies have different read vs.
write performance)

3.7.2 Disk Monitoring in Windows

Windows Resource Monitor (Resmon) provides detailed disk monitoring:
Windows-R → type [Link] → Enter
Windows-R → type [Link] /res → Enter
• Disk tab: Lists disk activity per process; shows read/write per process
• Storage listing: Shows all drives with available/total space and active time
• Disk queue length graph: Indicates if disk performance cannot keep up with I/O operations
• Windows Task Manager: Ctrl+Shift+Esc — shows CPU, Memory, Disk, and Network usage
 LEARNING OUTCOME 4: BACKUP AND RESTORE SYSTEM AND USER DATA

4.1 Backup Strategies

4.1.1 Backup Planning Philosophy
Backup and disaster recovery planning is a core responsibility of system administrators. The recommended
philosophy:
• Communicate with the backup team and establish data and client priorities for backup
• Anything done more than once should be examined as a candidate for automation
• Backup procedures should be documented step-by-step
• Document each change with: name/initials of person making change, date, and reason

4.1.2 Recommended Backup Schedule for Production Servers

• Incremental backups: Daily, Monday to Friday
• Full backup: Saturday and Sunday
• Disaster recovery drills: Perform restoration mock drills once a month (or quarterly at minimum) with the
backup team
📌 NOTE: The purpose of monthly restoration drills is to ensure data can actually be restored when needed. A backup
that cannot be restored is useless.

4.2 Backup Types

• Full Backup: Complete backup of all selected data. Performed on weekends (Saturday and Sunday per
recommended schedule).
◦ Advantage: Complete, self-contained backup
◦ Disadvantage: Consumes more time and storage space
• Incremental Backup: Backs up only data that has changed since the last backup. Performed daily
(Monday–Friday).
◦ Advantage: Faster and uses less storage
◦ Disadvantage: Restore requires the last full backup plus all subsequent incrementals

4.3 Disaster Recovery Planning

4.3.1 Core Principles
• Plan ahead: Expect the unexpected — plan for system outages and problems
• Backup and disaster recovery planning is a fundamental theme of system administration
• Know your resources: Understand available processing power, memory, disk space, and network
bandwidth

4.3.2 Documentation for DR Planning

• Hardware inventory: List all physical/virtual servers with OS, RAM, CPU, HDD, storage, ports, IP addresses
◦ OS: Linux or Windows, hypervisor with versions
◦ RAM: DIMM slots in physical servers
◦ CPU: Logical and virtual CPUs
 ◦ HDD: Type and size of hard disks
◦ External storage (SAN/NAS): Make, model, management IP and interface IP
◦ Open ports: Ports opened at server for incoming traffic
• Software inventory: Configured applications (Oracle WebLogic, IBM WebSphere, Apache Tomcat, Red Hat
JBoss)
• Third-party software: Any software not shipped with the installed OS
• License details: License counts for physical and virtual servers; Windows licenses, Linux subscriptions
• Policies: Written policies formalizing the relationship with users and how requests are handled
• Procedures: Step-by-step sequences for backup, user account management, problem reporting

4.4 Patching
Operating system patches for known vulnerabilities must be implemented promptly.

Patch Types:
• Security patches: Address security vulnerabilities
• Critical patches: Address critical system issues
• Moderate patches: Address moderate-severity issues

Patching Procedure:
• Check bug/vulnerability details to see how it applies to your specific hardware
• Take necessary actions to apply patches when required
• Cross-verify applications' compatibility with patches or upgrades before applying

4.5 Server Hardening

4.5.1 Linux Server Hardening
• Set a BIOS password: Prevents users from altering BIOS settings
• Set a GRUB password: Stops users from altering the GRUB bootloader
• Deny root access: Rejecting root access minimizes probability of intrusions
• Sudo users: Create sudo users and assign limited privileges for invoking commands
• TCP wrappers: Protect server from hackers. Apply SSH daemon rule to allow only trusted hosts; deny all
others. Apply similar rules for FTP, SFTP.
• Firewalld/iptables: Configure rules for incoming traffic (port, source IP, destination IP). Configure public
and private zones.
• Antivirus: Install antivirus software and update virus definitions regularly
• Secure and audit logs: Check logs regularly
• Rotate logs: Keep logs for limited periods (e.g., 7 days) to preserve disk space
# TCP Wrappers example — allow only trusted host for SSH:
# /etc/[Link]: sshd: [Link]
# /etc/[Link]: sshd: ALL

4.5.2 Windows Server Hardening

• Set a BIOS password: Prevents users from altering BIOS settings
• Antivirus: Install antivirus software and update virus definitions regularly
 • Configure firewall rules: Prevent unauthorized parties from accessing systems
• Deny administrator login: Limit users' ability to make changes that increase system vulnerabilities

4.6 Log Management

4.6.1 Syslog Server
Configure a syslog server in the environment to keep records of system and application logs. In the event of an
intrusion or issue, the sysadmin can check previous and real-time logs to diagnose and resolve problems.
• Linux log location: /var/log/ (e.g., /var/log/messages, /var/log/syslog)
• su command logs: /var/log/messages records when su is used to become root
Example log entry:
Dec 1 08:18:21 HOST su: (to root) hello on /dev/tty2

4.6.2 Log Rotation

• Rotate logs: Keep logs for a limited period (e.g., 7 days) to maintain sufficient disk space for normal
operation
• Automate log checking and free disk space reporting

4.7 Automation of Backup Tasks

Most system administrators are outnumbered by users and systems. Automation is often the only way to keep
up. Commonly automated tasks include:
• Free disk space checking and reporting
• Backups (incremental and full)
• System performance data collection
• User account maintenance (creation, deletion, etc.)
• Business-specific functions (pushing data to web servers, running monthly/quarterly/yearly reports)
 LEARNING OUTCOME 5: REMOTELY ADMINISTER A NETWORK

5.1 Remote Administration Overview

Remote administration is an approach to control a computer system, network, or application from a remote
location without physically being present at the system's terminal.
• Requirements: Network connectivity (Internet, TCP/IP, or LAN), server software installed on host, known
host IP address
• Static IP recommended — dynamic IP (dial-up) makes remote administration impractical
• After connection: A window showing the host desktop appears; control is as if sitting in front of it

5.2 Common Tasks for Remote Administration

• General: Controlling one's own computer from a remote location (e.g., from an Internet café)
• ICT Infrastructure Management: Administer servers, routing/switching components, security devices
• Shutdown: Shutting down or rebooting computers over a network
• Accessing Peripherals: Using network devices like printers; retrieving streaming data (CCTV)
• Modifying: Editing Registry settings, troubleshoot issues, modify system services, install software
• Viewing: Remotely run programs, copy files, assist others, supervise Internet usage
📌 NOTE: Computers infected with malware (Trojans) may open back doors enabling malicious remote access — be
aware of unauthorized remote administration.

5.3 Remote Administration Tools

5.3.1 SSH (Secure Shell)
SSH is a cryptographic network tool for secure data communication between two networked computers via a
secure channel over an insecure network.
• Protocol versions: SSH-1 and SSH-2
• Best known for: Remote shell access to Unix-like systems (GNU/Linux, OpenBSD, FreeBSD)
• Also used for: Windows accounts, tunneling, forwarding TCP ports and X11 connections
• File transfer: SSH file transfer (SFTP) or secure copy (SCP) protocols
• Architecture: Client-server model
• Cloud computing: SSH provides secure path over the Internet through a firewall to a virtual machine
$ ssh username@hostname # Connect to remote host
$ ssh -p 2222 user@host # Connect on non-standard port
$ scp [Link] user@host:/path # Secure copy file to remote
$ sftp user@hostname # SSH file transfer protocol

5.3.2 OpenSSH (OpenBSD Secure Shell)

OpenSSH is a tool providing encrypted communication sessions using the SSH protocol. Created as an open-
source alternative to the proprietary SSH software suite by SSH Communications Security.
• Available on all major Unix/Linux platforms
• Provides: remote login, file transfer, port forwarding, X11 forwarding
5.3.3 Telnet
Telnet connects a remote computer over a network, providing a bidirectional interactive text-oriented
command-line interface using TCP.
• Port: TCP port 23
• Supports remote configuration of most network equipment and operating systems with TCP/IP stack

Telnet Security Concerns — EXPERTS RECOMMEND DISCONTINUING USE:

• Does NOT encrypt any data (including passwords) — vulnerable to eavesdropping via packet analyzer
• Most implementations have NO authentication ensuring communication with intended hosts
• Several vulnerabilities discovered over the years in commonly used Telnet daemons
📌 NOTE: Anyone with access to a router, switch, hub, or gateway on the network between Telnet hosts can intercept
packets and obtain login credentials.

5.3.4 rlogin
rlogin is a Unix utility allowing users to log in to another host remotely via TCP port 513.
• Security issue: All information including passwords transmitted in UNENCRYPTED mode
• Vulnerable to interception — rarely used across untrusted networks

5.3.5 rsh (Remote Shell)

rsh connects to a remote host running the rsh daemon (rshd) on TCP port 514.
• NOT recommended from a security standpoint

5.3.6 VNC (Virtual Network Computing)

VNC is a remote display system allowing the user to view the desktop of a remote machine anywhere on the
Internet.
• Can be directed through SSH for additional security
• Setup: Install VNC server on host; install VNC client on local PC
• Client configuration: Set resolution and connect to IP of VNC server
• Cross-platform: Works between different operating systems

5.3.7 Remote Desktop Connection (RDC) / RDP

Remote Desktop Connection (RDC) is a Microsoft technology allowing a local computer to control a remote PC
over a network or Internet using the Remote Desktop Protocol (RDP).
• Uses: Remote Desktop Service (RDS) / Terminal Service using Microsoft's proprietary RDP
• Requires: Remote computer to enable RDS and be powered on
• Supports: Desktop computers, servers, laptops, and virtual machines
• Introduced in: Windows XP
• Access level: Full or restricted access to remote computer after authentication
Windows built-in: [Link] # Open Remote Desktop Connection

5.3.8 FreeNX
FreeNX allows accessing a graphical desktop from another computer over the Internet.
• Use case example: FreeNX server on home computer; log in graphically from work using FreeNX client
• More efficient than VNC — compresses X11 protocol for better performance over WAN
5.3.9 Wireless Remote Administration
Remote administration software for wireless devices: BlackBerry, Pocket PC, Palm, and some mobile phones.
• Capabilities: Rebooting computers, resetting passwords, viewing system event logs
• Reduces/eliminates need for administrators to carry a laptop or be within reach of office
• Tools: AetherPal, Netop (for full wireless remote access on Smartphone devices)
• Wireless remote administration is typically the only method to maintain objects in space

5.4 Network Printer Management (Remote)

Network printing allows efficient use of printing resources across a network.
• Windows built-in: Remote access to printer management through shared UNC path (\\computername\
sharename)
• Print server management: Use management software to connect to and manage print jobs on network
printers
• Windows automatic driver delivery: When sharing a printer, driver is automatically delivered to clients
• Adding drivers for different OS: Use 'Advanced' and 'Sharing' tab in printer properties
📌 NOTE: Print Server functions: Formats, prioritizes, queues, and spools print jobs one at a time as the printer becomes
available.

5.5 Samba for Remote Windows-Linux Integration

5.5.1 Samba as a Remote Administration Tool
Samba allows Linux systems to participate in Windows network neighborhoods, enabling centralized remote
file/print management across mixed environments.
• swat (Samba Web Administration Tool): Configure Samba remotely using a web browser
• smbclient: Remotely connect to SMB shares, transfer files, send print jobs
• [Link]: Changes to this file are immediately detected by smbd and nmbd — no restart required

5.5.2 Remote Share Access

\\WCU\documents # Windows UNC path to access Samba share
$ smbclient //server/share -U username # Linux access to Windows share
• File shares: Normally mapped to drive letters (e.g., S:) on Windows clients
• Print shares: Connected to fake printer ports (e.g., lpt2:) on Windows clients
• Clients send jobs to printer and can view/cancel queued jobs

5.6 Mail Server (Remote Communication Service)

Electronic mail (email) is a method of exchanging messages between people using electronic devices.
Administered remotely as part of network services.
• History: Ray Tomlinson credited as inventor of networked email (1971 — first system to send mail
between users on different ARPANET hosts)
• Used the @ sign to link user name with destination server (still used today)
• Modern form: Webmail (became ubiquitous by the 2010s)
• Mail servers are administered remotely using configuration tools, CLI, and web interfaces
5.7 Disadvantages and Security of Remote Administration
• Security: Certain ports must be open at server level for remote administration — creates attack surface
• Open ports allow hackers/attackers to attempt to compromise the system
• Best practice: Use remote administration only in emergency or essential situations; block ports in normal
operation
• Recommendation: Restrict remote administration to trusted IP addresses only
• Use SSH instead of Telnet or rlogin to ensure encrypted communications

5.8 Linux Remote Network Administration Commands (Summary)

$ ssh user@hostname #Secure remote login
$ scp file user@host:/path #Secure file copy
$ sftp user@hostname #Secure file transfer
$ ping hostname #Test host reachability
$ traceroute hostname #Trace network path
$ netstat -nr #Display routing table
$ ip addr # Display IP addresses
$ ifconfig # Display network interfaces
$ host domainname # DNS lookup

End of System and Network Administration Study Guide | Infolink University College