UNIT 2 COMPUTER SECURITY

Structure Page Nos.

2.0 Introduction
2.1 Objectives 23
2.2 Hardening Operating System and Application Code 23
2.3 Hardening File System Security 25
2.4 Hardening Local Security Policies 25
2.5 Hardening Services
2.6 Hardening Default Accounts
2.7 Hardening Network Activity
2.7.1 Malicious Code
2.7.2 Firewall

2.8 Fault Tolerant System 35

2.9 BACKUP and UPS 38
2.1 0 Summary 44
2.1 1 Solutions/Answers 44
2.12 Further Readings 46

2.0 INTRODUCTION
In the previous unit we described threats to computer security, what are the reasons
for these threats and various security techniques. In this unit we will provide you
specific guidelines for establishing a secure Microsoft Windows 2000. This includes
hardening operating system, File System, Local Security, various services, default
accounts. network services etc.

2.1 OBJECTIVES
After going through this unit you will be able to secure:
operating System;
application Code;
file System;
local Security;
services;
default Accounts like guest and administrator, and
network services etc.

2.1 HARDENING OPERATING SYSTEM AND

APPLICATION CODE
I
The first step towards hardening is to make sure that your OS and Applications are
up-to-date with service packs and hotfixes.
Microsoft periodically distributes large updates to its OS in the form of Service Packs.
Service Packs include all the major and minor fixes up. Service Packs sliould be used
in a test setup before being pushed into production due to the possibility of hidden or
undetected bugs. If a test system is not available, wait a week or two after the release
of a Service Pack, and monitor Microsoft Website for potential bug reports.
Microsoft also distributes intermediate updates to their operating systems in the form of
Hotfix. These updates are usually small and address a single prsblem.Hotfixes can be
released within hours of discovering a particular bug or vulnerability.
It is important to be aware that Service Pack and Hotfixes are not just applicable to
Operating Systems. Individual applications have their own Service Pack and Hotfix
requirements. The total security of the system requires attention to both operating
system and application levels.

indow 2000 system.

Open IE (~nternetExplorer)
Go to Tools -+Windows Update
When asked if you trust Microsoft, say Yes.
Wi~idowsupdate will take sonie time to analyze your system. You will then be
prompted with a.listing of Service Packs or Hotfixes for your system. Additionally the
following websites provide the necessary information for mani~alupdates.
Security Bulletins: littp://www.microsoft.com/technet~security/

Hotfixes : http://ww.microsoft.com/window~2000/down1oads/critica1/

eCheck Your Progress 1

1) Describe the strategy for hardening your windows 2000 operating system.

................................................................................................................................
................................................................................................................................

................................................................................................................................

2) List the steps for discovering and installing services packs and hotfixes to a
Windows 2000 system.

................................................................................................................................
................................................................................................................................
................................................................................................................................
................................................................................................................................
3) Fill in the blanks: Computer Seewrity

a) The first step towards hardening is to make sure that your OS and
Applications are up-to-date with and . .
b) Service Packs should be used in a before being pushed into
production due to the possibility of hidden or undetected bugs.

c) The total security of the system requires attention to both and

2.3 HARDENING FILE SYSTEM SECURITY

The second step is to make sure that your hard drive partitions are formatteid with
~ T F (NT
S File System). This file system is more secure than FAT or FAT32 schemes.
Step 1: Check your hard drive partitions
Log in as Administrator
Double click on My Computer
Right Click on each Hard Drive and Choose properties
General Tab will identify the File System type.
Step 2: Converting FAT or FAT32 partitions to NTFS
Go to Start +RUN
. Type cmd and click OK
At command prompt issue the following command convert drive /FS:NTFS N
Hit return to run the command
Reboot the system.

2.4 HARDENING LOCAL SECURITY POLICIES

The third step is to modify the default local security policy. While many system attacks
take advantage of software inadequacy, many also make use of user accounts. To
prevent such sort of vulnerability, "Policies" or rules define what sort of account1
password "behavior" is appropriate; what type of auditing is required. The
configuration of user account policies is inadequate or disabled in a default installation.
Account policies answers the following:
Ho~voften do I need to change my password?
How long or how complex does my password need to be?
Auditing polici,es determine what kind of security transactions are recorded in the
Security Event Log. By default, not is retained in the Security Event Log, so any
attempt to compromise a system goes completely unrecorded. Logging events is
critical for analisis in the aftermath of an intrusion incident.
The options given below can be set using the Local Security Policy editor on each
individual computer. Nevertheless, Group Policy Configurationsmay override any
changes made at the local level.
 Local Security Policy Editor Tool
a Go to Start +Programs *Administrative Tools* Local Security Policy
a Expand Account Policies by clicking the + box
a Select the appropriate category
a Double-click the individual policy setting to make the appropriate changes for the
following.
a Password Policy
a Account Lockout Policy
Audit Policy
User Right Management
a Security Options
When all settings have been configured, close the policy editor.
'EVENT VIEWER
I t is important to frequently check the Event Viewer to review log files for possible
security concerns. You can access the Event Viewer by:
a Go to Start 3 Programs+ Administrative Tools -+Event Viewer
a Go to.Start +Programs +Administrative Tools+ Local Security Policy
a Expand Account Policies by clicking the + box
a Select the appropriate category '

r Double-click the individual policy setting to make the appropriate changes for the
following:
a Password Policy
Accou~ltLockout Policy
r Audit Policy
r User Right Management
a Security Options

When all settings have been configured, close the policy editor.

I
Check Your Progress 2

1) What steps will you take for hardening your Windows file system?

...............................................................................................................................

...............................................................................................................................

...............................................................................................................................
...............................................................................................................................
 The Guest account is disabled in Wind~ws2000 by default. Enabling the guest account
allows anonymous users to access the system. If you share a folder, the default
permission is that Everyone has full control. Since the Guest account is included in
"Everyone", system security is compromised. A standard practice is to always remove
the share permissions from "Everyone" and add them to "Authenticated Users."

Login as Administrator
Go to Start3Programs+Administrative Tools3Computer management
Open Local Users and Groups
Click on the User Folder
Right-clkk the Guest Account, and choose to rename it. Make it a non-obvious
name.
Right click this renamed Administrator account and select "set password."

2.7 HARDENING NETWORK ACTIVITY

' Next step is to install a host based antivirus solution and firewall/intrusion detection
system. This step will provide an added level and you can configure TCPIUDP ports
that can be accessed. This step is to ensure that undesired communications are not
occurring on ports.
2.7.1 Malicious Code
Type of ~ i l i c i o u Codes
s
Viruses
Worms
Trojan Horses
Back doors/Trap Doors
LogicBombs
BacteridRabbit
A. Viruses
A true virus is a sequence of code that is inserted into other executable code, so that
when the regular program is run, the viral code is also executed. Viruses modify other
programs on a computer, inserting copies of them.
Different ~ y p e sof Viruses
Boot Sector viruses: They infect either the DOS boot sector or the master boot
records of the disk and execute during booting.
File infector& They attach themselves to executable files. These viruses are
activated when the program is run.
Macro viruses: They come attached with documents with macro (built in program).
When the document is opened the viruses are activated.
Multipartite viruses: They combine boot sedor with file infector.
Polymorphic viruses: They alter themselves when they replicate so that anti-virus Computer Security
software looking for specific patterns known as signature, will not find them.
B. Worm
Worms are programs that can execute independently and trqvel from machine to
machine across network connections.
a
They create a copy of themselves. This self-replication spreads worrns like a
flood in the networks causing slowdown and even breakdown of network
communication services.
C. Trojan Horses
It is a code that appears to be innocent and usefi~lbut it also contains &,hidden
and unintended function that presents a security risk. It does not replicate but it
can steal passwords, delete data, format hard disks or cause other problems.
D. Back DoorsfTrap Doors
These are codes written into applications to grant special access to prograrns '
\
bypassing normal methods of authentication.
This special code used by programmers during debugging can be present in
released version, both unintentionally or intentionally, and is a security risk.
E. Logic Bombs
Logic bombs are programmed threats that lie dormant in co~nmotilyused software for
an extended period of time until they are triggered when some pre-conditions are met
like a particular day etc. Logic bombs come embedded with some programs.
F. BacteriaJRabbit
These codes do not damage files. Their purpose is to deny access to the resources by
consuming all processor capabiIity/memory/diskspace by self replicating.
Damage caused by Malicious Codes
The damage ranges from merely annoying to catastrophic ( loss of data services,
disclosure of information).
Loss of reputation or legal consequences for s o h a r e firm if sfhe inadvertently ships
software containing any malicious code.
Who creates or writes virus code
Disgruntled employees
Spies
Experimenters
Publicity Hounds
Political activists
Steps for protecting your system from viruses
Be careful about installing new sofhvare.
Never install binaries obtained from untrustworthy sources.

When installing new software, install it first on a non-critical system and test for
bugs.
Security and Periodically review all system start-up and configuration files for changes.
Management
Turn off the automatic open on receipt feature from your email software.
Before opening any attachments first scan it using updated anti-virus software.
Regularly update anti-virus software engine and data files.
Select "Hide File Extension" option.
While opening any .doc file attachment using word disable macro.
Turn off visual basic scripting.
When not in use turn off the workstation or disconnect it from the network.
Take regular backup of critical data and system files.

2.7.2 Firewell
A firewall is a safeguard one can use to control access between a trusted and a less
trusted on. A firewall is a that:
Enforces strong authentication for users who wish to establish connection inbound
or outbound.
Associates data streams that are allowed to pass. through the firewall with
previously authenticated users.
'A firewall is a collection of hardware, software and security policy.

Without firewall, a site is more exposed to TCPAP vulnerabilities, attacks from

internet, and OS vulnerabilities.
Due to increased number of hosts in a network, it is difficult to achieve host
security through imposition of control on individual hosts.

All traffic in and out of the trusted network can be enforced to pass through this
intermediate system.
This intermediate system is agood place to collect information about system and
network use or misuse.
This intermediate system is known as firewall.
Why Firewall?
Protection from vulnerable services:
Filtering inherently insecure services like NFSNIS.
. Routing based attacks
Controlled access to site system:
Prevent outside access except some special service like E-mail or HTTP
Concentrated security:
All security measures like one time password and authentication software
can be at the firewall as o p ~ o s e dto each host.
 Enhanced privacy: Computer Security

Services like "finger" which displays information about user like last login,
whether they have read e-mail etc., can be blocked.
IP addresses of the site can be shielded from outside world by blocking
DNS service.
Logging statistics on Network use or misuse:
All incoming and outgoing traffic from the Internet can be logged to provide
statistics about the network usage. These statistics will provide the
adequacy of control of firewall on network.
Policy enforcement:
Provides means for implementing and enforcing a network control.

Limitations of firewall
Restricted access to desirable services:
It may block services like TELNET, FTP, NFS, etc,. which user wants
Some network topologies require major restructuring from implementation
of firewall.
Large potential back door:
If modem access is permitted, attacker could effectively jump around the
firewall.
Little protection from insider attack:
Firewalls are generally designed to prevent outsider's attack.
Cannot prevent an insider from copying data, etc.
Other issues:
Firewall does not provide protection against users downloadingvirus-
infected program from Internet or from E-mail attachments.
Potential bottleneck in throughput
Firewall, if compromised, will be a disaster.
Primary Aspects
The primary aspects of a firewall are:
Firewall policy
Packet filters
Application Gateway
Advanced authentication mechanism.

The firewall policy directly influences the design, installation and use of the firewall
system.
Higher Level Policy: The Higher level policy addresses the services that will be
allowed or explicitly denied from/to the restricted network. 7 1
 It is a subset of overall organisation's policy on security of its information assets.

It focuses on Internet specific issues and outside network access ( dial-in policy,
PPP connections, etc.).
It should be drafted before the implementation of the firewall.

It should maintain a reasonable balance between protecting the network from

known risks while still providing Internet access to the users.

Its implementation depends on the capabilities and limitations of the Firewall

System.

Example

No inbound access from Internet but allow outbound access from the network.

Allow access from the Internet to selected systems like Web Server, Email
Server, etc.
Allow some users access from the Internet to selected servers but after strong
authentication.

Lower level Policy: The Low level policy describes how the Firewall actually goes
about restricting access and filtering the services that are defined in the Higher-level

Generally implements one ofthe two basic design policies:

Permit any service unless it is specifically denied

Source IP address
Source port
Destination IP address
Destination port
IP protocol (TCP or UDP)

sender letting him know that the packet was rejected. If the packet was dropped, the
firewall simply does not respond to the packet. The sender must wait for the
communications to time out. Dropping packets instead of rejecting them greatly
increases the time required to scan your network. Packet filtering firewalls operate on
Layer 3 of the OSI model, the Network-Layer. Routers are a very common form of
packet filtering firewall.

A packet filter rule consists of two parts: An Action Field (BLOCK or DENY) and a
Selection criteria (PERMIT or ALLOW).
Example: Sample Basic Packet Filters rule set. Computer Security
I
SI. Protocol Source Destination Source Desti- Action Description
No. Address Address Port nation
Port

1 TCP Any 1%.168200.3 '>lo23 80 Permit Allow inbound

HTTP access to the
host having IP
address
1%.168200.3

1 2 TCP Any 192.168200.4 >lo23 21 Permit Allow inbound

FTP control
channel to the host
having IP address
1%.168.200.4

3 TCP Any 1%.168200.4 Any XI Permit Allow FTP data

channel to this .
host
4 UDP Any Any 53 >I023 Permit Permit all inbound
DNS resolution

5 Any Any Any Any Any Deny Cleanup rule

blocking all traffic
not included above.

Problems with Packet Filters

Packet filtering rules are complex to specify and difficult to test thoroughly.

Exception to packet filtering rules sometimes can be unmanageable.

Some packet filtering routers do not filter on the TCPIUDP source port, which
can make the filtering rule set more complex and can open up "holes" in the
filtering scheme.

Problem of IP Fragmentation: If fragmentation of IP packet occurs only the first

fragment keeps the TCPIUDP header information of the original packet, which is
necessary to make filtering decision. Some packet filters may apply rules on the
first fragmented piece, which is not serious for inbound traffic. For outbound
traffic, eve11if the first fragmented piece is dropped other may go out. leaving a
serious security threat.

Stateful Packet Filtering

An improved form of the packet filtering firewall is a packet filtering firewall with a
stateful inspection engine. With this enhancement, tlie firewall 'remembers'
conversations between systems. It is then necessary to fully examine only the first
packet of a conversation.

A stateful inspection peeks into the payload of data of tlie IP packets and takes out the
required information on which the filtering can be done. A stateful inspection maintains
the state information about tlie past IP packets.

For robust security, a firewall must track and control the flow of communication
passing through it.
For TCPIIP based services, firewall must obtain information from all
communication layers.
Security and State information, derived from past communications and other applications, are
Management an essential factor in making the decision.
State information :
Communication information from all layers in the packet.
Communication derived from previous communications( Example: The outgoing
"Port" command of an FTP session could be saved so that an incoming FTP data
connection can be verified against it).
Application derived state from other application. ( Example: A previously
authenticated wser would be allowed access through the firewall for authorized
services only).
Application Proxy Firewall
Another type of firewall is the application-proxy firewall. In a proxying firewall, every
packet is stopped at the firewall. The packet is then examined and compared to the
rules configured into the firewall. If the packet passes the examinations, it is re-created
and sent out. Because each packet is destroyed and re-created, there is a potential that
an application-proxy firewall can prevent unknown attacks based upon weaknesses in
the TCPIIP protocol suite that would not be prevented by a packet filtering firewall.
The drawback is that a separate application-proxy must be written for each application
type being proxied. You need an HTTP proxy for web traffic, an FTP proxy for file
transfers, a Gopher proxy for Gopher traffic, etc... Application-proxy firewalls operate
on Layer 7 of the OSI model, the Application Layer.
Application Gateway Firewall
Application-gateway firewalls also operate on Layer 7 of the OSI model. Application-
gateway firewalls exist for only a few network applications. A typical application-
gateway firewall is a system where you must telnet to one system in order to telnet
again to a system outside of the network.
Gateway interconnects one network to another for a specific application.
Gateway used in firewall configuration is an Application Level Gateway or a
Proxy Server.
'The function of application Gateway is application specific. If an application
Gateway contains proxies for FTP and TELNET, then only those traffics will be
allowed and other services are completely blocked.
Imposition of an application gateway breaks the conventional clientlserver model
as each communication requires two connections one from the client and the
other from the firewall to the server.
The Internet community often uses the term Bastion Host to refer to an exposed
firewall system that hosts an application gateway.
Advantages of Application gateways:
Information Hiding: The application gateway is the only host whose name is made
known to the outside systems.
Robust authentication and logging: All traffic can be pre-authenticated and logged
to monitor the effectiveness of security policy.
Less complex filtering rule: The packet filtering router needs only to allow traffic
destined for the application gateway and reject the rest.
 Computer Security
2.8 FAULT TOLERANT SYSTEM
A Fault tolerant system is designed by using redundant hardware (hard disk, disk
controller, server as a whole) to protect the system in the event of hardware failure.
There are various techniques to do that:

SFT ( System Fault Tolerance) Techniques

Disk Mirroring: Data is writer in two separate disks, which are effectively mirror
images of the each other. The disk mirroring. techniaue is de~ictedin Fimre I.

-
Disk Duplexing: Disk duplexing ,shown in Figure 2, implements separate
controller for each disk.

Controller
w Controller

The term RAID (Redundant Array of Independent Disks) was first coined by a
research group at University of California, Berkeley, to describe a collection of
disk drives (disk array), which can:

Collectively act as a single storage system

Tolerate the failure of a drive without losing data.

' Function independently of each other.

The RAID advisory board defines RAID levels and the most common levels are
numbered from 0 to 6, show11 in Figure 3, where each level corresponds to a specific
type of fault tolerance.
 rr

blocks (striping with

Figure 3: RAID Levels

Striping Without Parity

Disk striping is a technique where data is divided into 64K blocks and spread in a fixed
order among all the disks in the array. Because it provides no redundancy, this method
cannot be said to be a true RAID implementation. If any partition in the set fails, all
data is lost. It is used to improve performance by spreading disk I10 over multiple

This strategy requires between 2 and 32 hard disks. It provides the best performance
when used with multiple disk controllers. The technique is shown below in Figure 4.

Mirroring / Duplexing

Figure 4: Drive Mirroring

Mirroring requires two hard disks and a single disk controller. It takes place qt the
partition level and any partition, including the bootlsystem partitions, can be mirrored.
This strategy is the sinlplest way of protecting a single disk against failure.

In terrrls of cost per megaby~e,disk mirroring is more expensive than other forms of
fault toleral~cebecause disk-space utilisation is only 50 percent. However, for peer-to-
peer and modes! server based LANs, disk mirroring usually has a lower entry cost
because it requires only two disks. Stripe sets with parity (RAID level 5) require three
or more.

Data is written simultaneously to both partitionsldisks.

Duplexing is simply a mirrored pair with an additional disk controller on the second
drive. This reduces channel traffic and potentially improves performance. Duplexing is
intended to protect against controller failures as well as media failures.
 Computer Security

I
Striping with parity (RAID 5) depicted in Figure 5, is the most common strategy for
new fault tolerance designs. It differs from other levels in that it writes the parity
information across all the disks in the array. The data and paritj information are
managed so that the two are always on different disks. If a single drive fails, enough
information is spread across the remaining disks to allow the data to be colnpletely
reconstructed.

II
Stripe sets with parity offer the best performance for read operations. Hofiever, when
a disk has failed, the read performance is degraded by the need to recover the data
using the parity information. Also, all normal write operations require three times as
much me~dorydue to the parity calculation.

Striping with parity requires a minimum ofthree drives and up to thirty-two drives are
supported. All partitions except the bootlsystem partition can be part of a stripe set.

The parity stripe block is used to reconstruct data for a failed physical disk. A parity
stripe block exists for each stripe (row) across the disk. RAID 4 stores the parity
stripe block on one physical disk, while RAID 5 distributes parity evenly across each.
of the disks in the stripe set.

Implementing RAID
It is possible to implement RAID using either hardware or software.

Hardware Solutions
Some vendors impIement RAID level 5 data protection directly into hardware, as with
disk array controller cards. Because these methods do not require software drivers,
they generally offer performance improvements. In addition, some hardware
implementations allow you to replace a failed drive shuttingdown the system.
The disadvantages of a hardware implementation can be very expensive
and may lock you into a single vendor solution.

SCSI controllers can be purchased with dual interfaces and buiit-in logic to irnplerne~l~
a hardware-level RAID system. This can be used with any operating system, even if
the operating system itself is not RAID-aware.

Software Solutions
Both Windows WT Server and NetWare provide the option to set up software fa~rit
tolerance using standard disks and controllers.

Mirroring Versus Stripe Sets with Parity ,

l~nplementinga fault tolerance strategy will require some trade-off depending on the
level of protection required. The major differences between disk mirroring and striping

1
with parity are performance and cost.
Security and Overall, disk mirroring offers better I10 performance and has the advantage of being
Management able to mirror the bootlsystem partition. Because mirroring utilises only 50% of
available disk space, it tends to be inore expensive in cost per megabyte. As hard-disk
prices decrease, these costs will become less significant.

Disk striping with parity offers better read performance than mirroring, especially
with multiple controllers. This is because the data is split among multiple drives.
However, the need to calculate parity information requires more system memory and
can slow down performance considerably. The cost per megabyte is much lower with
striping because tlle disk utilisation is much greater.

Clustering
It is a collection of computers, which work together like a single system. If a computer
in the cluster crashes other surviving computers can serve the client request.

A combination of clustering and disk mirroring can be used to provide a very secure
system, in addition to maintaining integrity and high availability it gives scalability.

2.9 BACKUP AND UPS

Why backup?

The backup is required to recover valuable data and to restore system in the event of
disaster due to:

User1 System-staff error

Hardware I Software failure

CrackerslMalicious code

Theft

Natural Disaster

Archival of information

Types of Backup

Complete or Full backup

Every file on the source disk is copied.

It clears the archive bits of the all the files of the source disk.

Slowest but most con~prehensive.

Restoring from full backup is straightforward.

Incremental backup

Copies only those files for which the archive bit is set.

Clears the archive bit after backup.

Saves backup time and backup media.

Restoration has to be done first from the full backup tapes from the
incremental backup tapes in order of creation.
 Differential Backup Computer Security

It is only the backup ofthe files, modified since the last fill1 or incremental
backup.

It does not alter the archive bit setting.

Takes more space than incremental backup.

Restoration is simple, restore from the full backup and the latest differential
backup.

CASE STUDY: Windows 2000 Backup Strategies

Figure 6: Windows 2000 Backup

One of the most important operations in a network system is the creation of a secure
backup. Typically, backups take place using a tape system that has the advantage of
high capacity, relatively low cost and portability. When you click on backup option,
screen as displayed in Figure 6 will be presented to the user.

B a c k u p Methods

Figure 7: Choosing the Backup Type 39

Security and A b a c k u ~may be verformed using one of three methods as shown in Figure 7:

A full backup includes all selected files and directories while incremental and
differential backups check the status of the archive attribute before including a file.
The archive attribute is set whenever a file is modified. This allows backup software to
determine which files have been changed, and therefore need to be copied.

The criteria for determining which method to use is based on the time it takes to

Incremental backups save backup time but can be more time-consuming when the
system must be restored. The system must be restored from the last full backup set
and then from each incremental backup that has subsequently occurred. A differential
backup system only involves two tape sets when restore is required.

Table I summarises the three different backup types:

Table 1: Three different backup types

p ---. ----. .-.

&
-
.
'a $-*. "*
-----.*- *-A\*-" --*. ..-
&- -.w-.

Differential ; All data mdified since the I Modera$/ Not Cleared

r"
1 ! sets)
Doing a full everyday backup on a large network takes a long time. A typical strategy
for a complex network would be a full weekly backup followed by an incremental or
differential backup at the end of each day.
--*-

The advantage of using a full daily backup is that only one tape set is required to
restore the system.
The advantage of an incremental backup is that it takes less time to. back up but'
several tape sets may need to be restored before the system is operational.
The advantage of a differential backup is the balance of time for both restoring
 and
Security It takes a small amount of time for an offline UPS to detect a power failure, start the
Management inverter and switch it into the power circi~it.This delay can be just a few milliseconds
and is not usually 'noticed' by the equipment to which it is connected. However, t w
not always the case and some equipment will not work properly with an offline UPS.

Online UPS
An online UPS is constantly supplying power from the batteries and inverter, while at
the same time, charging the batteries from the incoming supply. The benefit ofthis
design is that there is no switchover delay when the power fails.

Choosing a UPS
Choosing the right type of UPS is relatively straightforward. The following guidelines
assist the choice but should be used in conjunction with the information available from
the equipment and UPS manufacturers.

Offline or online
Check the type of UPS that is suitable for the equipment to be protected.

Power rating
The ~naxi~nurn power rating (and hence cost) of a UPS is determined by the battery
specification and the power handling of the inverter and other circuitry. Each UPS is
rated according to the maximum VA (power) they can supply without overloading.
4) a) RAID - Redundant Array of Independent Disks
b) UPS - Uninterruptible Power Supplies

5) Backup Strategies are:

- Complete Backup
- Incremental Backup

- Differential Backup
6) Selecting a UPS
The following criterias are considered :
a). Offline or Online: Check the type of UPS that is suitable for the
equipment to be protected.
b) Power rating: To find out the required VA rating of a UPS apply the
following formula.
= Sum [Watt (power) used by each device] * 1.6 each device
c) UPS Monitoring
d) Networking Monitoring
7) Discuss and Compare Nortan, Oficescan and other Virus tool. Take informention
from their respective websites.

2.12 FURTHER READINGS

1) Security Bulletins: http://www.microsoft.com/technet/securitv/
2) Service Pack: httD://www.microssoft.com/windows200O/downloads/serviceaacks/
3) Hotfixes : http://www.microsoft.com/windows2000/downloads/critical/
4) Microsoft ~ T n d o w Security:
s http://www.Microsoft.com/security