Chapter 3. Technical Infrastructure and Operational Practices and Infrastructure

-IT managers must define the role and articulate the value of the IT function.This includes the IT organizational structure as well as operational practices.The IT management functions are generally divided into two functional areas:
➤ Line management—Line managers are concerned with the routine operational decisions on a day-to-day basis.
➤ Project management—Project managers work on specific projects related to the information architecture. Projects are normally a one-time effort with a fixed start, duration, and end that reach a specific deliverable or objective.

- Earlier in this section, we discussed some of the attributes of computing systems, including multiprocessing, multitasking, and multithreading. Theseattributes are defined as follows:
➤ Multitasking—Multitasking allows computing systems to run two or more applications concurrently. This process enables the systems to allocate a certain amount of processing power to each application. In this instance, the tasks of each application are completed so quickly that it appears to multiple users that there are no disruptions in the process.
➤ Multiprocessing—Multiprocessing links more than one processor (CPU) sharing the same memory, to execute programs simultaneously. In today’s environment, many servers (mail, web, and so on) contain multiple processors, allowing the operating system to speed the time for
instruction execution. The operating system can break up a series of instructions and distribute them among the available processors, effecting quicker instruction execution and response.
➤ Multithreading—Multithreading enables operating systems to run several processes in rapid sequence within a single program or to execute (run) different parts, or threads, of a program simultaneously. When a process is run on a computer, that process creates a number of additional
tasks and subtasks. All the threads (tasks and subtasks) can run at one time and combine as a rope (entire process). Multithreading can be defined as multitasking within a single program.

- Risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level (mitigation) and maintaining that acceptable level of risk. Risk identification and management works across all areas of the organizational and IT processes. A configuration-management audit should always verify software licensing for authorized use.

- Reviewing a diagram of the network topology is often the best first step when auditing
IT systems.
- The change-control board provides critical oversight for any production IT infrastructure. This board ensures that all affected parties and senior management are aware of both major and minor changes within the IT infrastructure. The change-management process establishes an open line of communication among all affected parties and allows those parties and subject matter experts (SMEs) to provide input that is instrumental in the change process.

- Client/server architectures differ depending on the needs of organization. An additional component of client/server computing is middleware. Middleware provides integration between otherwise distinct applications. As an example of the application of middleware, IT organizations that have legacy applications (mainframe, non–client/server, and so on) can implement web-based front ends that incorporate the application and business logic in a
central access point. The web server and its applications (Java servlets, VBScript, and so on) incorporate the business logic and create requests to the legacy systems to provide requested data. In this scenario, the web “front end” acts as middleware between the users and the legacy systems. This type of implementation is useful when multiple legacy systems contain data that
is not integrated. The middleware can then respond to requests, correlate the data from multiple legacy applications (accounting, sales, and so on), and present to the client.
Middleware is commonly used to provide the following functionality:
➤ Transaction-processing (TP) monitors—These applications or programs monitor and process database transactions.
➤ Remote procedure calls (RPC)—An RPC is a function call in client/server computing that enables clients to request that a particular function or set of functions be performed on a remote computer.
➤ Messaging services—User requests (messages) can be prioritized, queued, and processed on remote servers.

- Three basic database models exist: hierarchical, network, and relational. A hierarchical database model establishes a parent-child relationship between tables (entities). It is difficult to manage relationships in this model when children need to relate to more than one parent; this can lead to data redundancy. In the network database model, children can relate to more than one parent. This can lead to complexity in relationships, making an ID difficult
to understand, modify, and recover in the event of a failure. The relational database model separates the data from the database structure, allowing for flexibility in implementing, understanding, and modifying. The relational structure enables new relationships to be built based on business needs. The key feature of relational databases is normalization, which structures data to minimize duplication and inconsistencies. Normalization rules include
these:
➤ Each field in a table should represent unique information.
➤ Each table should have a primary key.
➤ You must be able to make changes to the data (other than the primary key) without affecting other fields. Users access databases through a directory system that describes the location
of data and the access method. This system uses a data dictionary, which contains an index and description of all the items stored in the database. The directory system of a database-management system describes the location of data and the access method. In a transaction-processing database, all data transactions to include updating, creating, and deleting are logged to a transaction log. When users update the database, the data contained in the update is written first to the transaction log and then to the database. The purpose of the transaction log is to hold transactions for a short period of time until the database software is ready to commit the transaction to the database. This process ensures that the records associated with the change are ready to accept the entire transactions. In environments with high volumes of transactions, records are locked while transactions are committed (concurrency control), to enable the completion of the transactions. Concurrency controls prevent integrity problems when two processes attempt to update the same data at the same time. The database software checks the log periodically and then commits all transactions contained in the log since the last commit. Atomicity is the process by which data integrity is ensured through the completion of an
entire transaction or not at all.

- Atomicity enforces data integrity by ensuring that a transaction is completed either in its entirety or not at all. Concurrency controls are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information.

-By doing so, the browser makes a special request to have the HTTP request encrypted with the Secure Sockets Layer (SSL) encryption protocol. In conjunction with HTTP, SSL operates at OSI Layer 5, or the session layer.

- At this point, the top three layers—application, presentation, and session— have been used in managing the request for data. This all occurs before consideration of how to transport or logically address the actual packets that need to be transmitted. Looking at all the activity just described, it would make sense that the data itself (data payload) and all the ancillary HTTP, HTTPS, JPG, GIF, and SSL communication could be considered the “thought” we desire to transmit. The technical term for this networking “thought” is the protocol data unit (PDU), known as data. You now understand how a computer needs to think before it speaks, just as you do.

- The data PDU can now be encapsulated into a segment for transport using an OSI Layer 4 protocol such as the Transmission Control Protocol (TCP).

- TCP is a nifty OSI Layer 4 (transportlayer) networking protocol that is especially adept at this task. Not only does it segment the communication, but it does so in a methodical way that allows the receiving host to rebuild the data easily by attaching sequence numbers to its TCP segments.

- Without going into technical specifics, TCP can implement a similar system to ensure reliable transport. However, if you do not have the money or time to arrange for a return receipt for your letter, you might opt to forgo the assurance that the return receipt provides and send it via regular post, which guarantees only best effort, or unreliable delivery.

- The technical parallel is to encapsulate the data PDU using the User Datagram Protocol (UDP) at the OSI transport layer instead of TCP. UDP does not implement a system of successful transmission confirmation, and is known as unreliable transport, providing best-effort delivery. The data PDU itself is unchanged either way because it is merely encapsulated by a transport
protocol for transmission.

- By using an OSI Layer 3, or network-layer, protocol such as Internet Protocol (IP), we can
encapsulate the segment into a packet with a logical destination address.

- If Ethernet is being used for the local area network, the IP packet is encapsulated within an Ethernet frame. If the IP packet needs to traverse a point-to-point link to the Internet service provider (via your pointto- point dial-up connection), the packet is encapsulated using PPP. These protocols are used to link the logical data processes with the physical transmission
medium. Appropriately, this occurs at OSI Layer 2, or the data link layer.

- Protocols at this layer provide access to media (network interface cards, for example) using MAC addresses. They can sometimes also provide transmission error detection, but they cannot provide error correction.

- The last step before transmission is to break the frame into electromagnetic digital signals
at the OSI physical layer, which communicates bits over the connected physicalmedium. These bits are received at the destination host, which can reconstruct the bits into Ethernet frames and decapsulate the frames back to IP packets.

- Degradation of the communication signal as it meets resistance of a length of network cabling or signal attenuation is a risk that results from utilizing cables that are longer than permitted by the physical media and network topology type.

- CSMA/CD is a method by which devices on the network can detect collisions and retransmit. When the collision is detected, the source station stops sending the original transmission and sends a signal to all stations that a collision has occurred on the network. All stations then execute what is known as a random collision back-off timer, which delays all transmission on the
network, allowing the original sending station to retransmit.

- CSMA/CA is a method by which a sending station lets all the stations on the network know that it intends to transmit data. This intent signal lets all other devices know that they should not transmit because there could be a collision, thereby affecting collision avoidance

- If two networks are separated by a bridge, broadcast traffic, but not collision traffic, is allowed to pass. This reduces the size of the collision domain. Routers are used to segment both collision and broadcast domains by directing traffic and working at Layer 3 of the OSI model.

- Tokenpassing networks do not have collisions because only one station at a time can transmit data.

- The bus topology is primarily used in smaller networks where all devices are connected to a single communication line and all transmissions are received by all devices. Cable breaks can cause the entire network to stop functioning.

- In a star topology, each device (node) is linked to a hub or switch, which provides
the link between communicating stations.

- In contrast to a bus topology, a star topology enables devices to communicate even if a device is not working or is no longer connected to the network. Generally, star networks
are more costly because they use significantly more cable and hubs/switches. If the IT organization has not planned correctly, a single failure of a hub/switch can render all stations connected incapable of communicating with the network. To overcome this risk, IT organizations should create a complete or partial mesh configuration, which creates redundant interconnections between network nodes.

- Providing network path redundancy is the best countermeasure or control for potential network device failures. A mesh network topology provides a point-to-point link with every network host. If each host is configured to route and forward communication, this topology provides the greatest redundancy of routes and the greatest network fault tolerance.

- A simple ring topology is vulnerable to failure if even one device on the ring fails. IBM’s Token Ring topology uses dual concentric rings as a more robust ring topology solution.

- Communication on WAN links can be either simplex (one-way), half-duplex (one way at a time), or full duplex (separate circuits for communicating both ways at the same time).

- The first generation of firewalls is known as packet-filtering firewalls, or circuit-level gateways. This type of firewall uses an access control list (ACL) applied at OSI layer 3.

- Improper configuration of traffic rules or access lists is the most common and critical
error in firewall implementations.

- Stateful packet-inspection firewalls are considered the third generation of firewall gateways. They provide additional features, in that they keep track of all packets through all 7 OSI layers until that communication session is closed.

- Proxies are application-level gateways. They differ from packet filtering in that they can look at all the information in the packet (not just header) all the way to the application layer. An application-layer gateway, or proxy firewall, provides the greatest degree of protection and control because it inspects all seven OSI layers of network traffic.

- In general, there are three basic types of firewall configurations:
➤ Bastion host—A basic firewall architecture in which all internal and external communications must pass through the bastion host. The bastion host is exposed to the external network. Therefore, it must be locked down, removing any unnecessary applications or services. A bastion
host can use packet filtering, proxy, or a combination; it is not a specific type of hardware, software, or device.
➤ Screened host—A screened host configuration generally consists of a screening router (border router) configured with access control lists. The router employs packet filtering to screen packets, which are then typically passed to the bastion host, and then on to the internal network. The screened host (the bastion host in this example) is the only device that receives traffic from the border router. This configuration provides an additional layer of protection for the screened host.
➤ Screened subnet—A screened subnet is similar to a screened host, with two key differences: The subnet generally contains multiple devices, the bastion host is sandwiched between two routers (the exterior router and the interior router). In this configuration, the exterior router provides packet filtering and passes the traffic to the bastion. After the traffic is
processed, the bastion passes the traffic to the interior router for additional filtering. The screened subnet, sometimes called a DMZ, provides a buffer zone between the internal and external networks. This configuration is used when an external population needs access to services (web, FTP, email) that can be allowed through the exterior router, but the interior router will not allow those requests to the internal network.

- Layering perimeter network protection by configuring the firewall as a screened host
in a screened subnet behind the bastion host provides a higher level of protection from external attack.

- In the case of software-based firewalls, it is important to remember that they will be
installed on top of commercial operating systems, which may have their own vulnerabilities. This type of implementation requires the IT organization to ensure that the operating system is properly locked down and that there is a process in place to ensure continued installation of security patches.

- Modems convert analog transmissions to digital, and digital transmission to analog. They are required for analog transmissions to enter a digital network.

- A switch combines the functionality of a multi-port bridge and the signal amplification of a repeater.

- An IS auditor usually places more reliance on evidence directly collected, such as
through personal observation.

- The COBIT framework provides 11 processes in the management and deployment of IT systems:
1. Develop a strategic plan
2. Articulate the information architecture
3. Find an optimal fit between the IT and the organization’s strategy
4. Design the IT function to match the organization’s needs
5. Maximize the return on the IT investment
6. Communicate IT policies to the user community
7. Manage the IT workforce
8. Comply with external regulations, laws, and contracts
9. Conduct IT risk assessments
10. Maintain a high-quality systems-development process
11. Incorporate sound project-management techniques

- Computer resources should be carefully monitored to match utilization needs with proper resource capacity levels. Capacity planning and management relies upon network, systems, and staffing monitoring to ensure that organizational goals and objectives regarding information confidentiality, integrity, and availability are met.

- A configuration-management audit should always verify software licensing for authorized use. The remaining answers do not focus on software licensing.

- It is important that database referential integrity be enforced, to avoid orphaned references, or “dangling tuples.” Relational integrity is enforced more at the record level.

- A switch is most appropriate for segmenting the network into multiple collision domains to achieve the result of fewer network communications errors because of congestion-related collisions.

-