Sunday, April 04, 2010

Duties of the System

The Linux System Administrator
Using Linux involves much more than merely sitting down and turning on the
machine. Often you hear talk of a “steep learning curve” but that discouraging
phrase can be misleading. Instead, Linux is quite different from the most popular
commercial operating systems in a number of ways. While it is no more difficult to
learn than other operating systems, it is likely to seem very strange even to the
experienced administrator of other systems. In addition, the sophistication of a
number of parts of the Red Hat distribution has increased by an order of magnitude,
so even an experienced Linux administrator is likely to find much that is new and
unfamiliar. Fortunately, there are new tools designed to make system administration
easier than ever before.
3
03 544985 ch01.qxd 1/8/04 9:22 AM Page 3
Make no mistake: Every computer in the world has a system administrator. It
may be—and probably is—true that the majority of system administrators are
those who decided what software and peripherals were bundled with the machine
when it was shipped. That status quo remains because the majority of users who
acquire computers for use as appliances probably do little to change the default
values. But the minute a user decides on a different wallpaper image or adds an
application that was acquired apart from the machine itself, he or she has taken on
the role of system administration.
The highfalutin title of system administrator brings with it some responsibilities.
No one whose computer is connected to the Internet, for instance, has been immune
to the effects of poorly administered systems, as demonstrated by the Distributed
Denial of Service (DDoS) and e-mail macro virus attacks that have shaken the
online world in recent years. The scope of these acts of computer vandalism (in
some cases, computer larceny) would have been greatly reduced if system administrators
had a better understanding of their duties.
Linux system administrators are likely to understand the necessity of active system
administration more than those who run whatever came on the computer,
assuming that things came properly configured from the factory. The user or enterprise
that decides on Linux has decided, too, to assume the control that Linux
offers, and the responsibilities that this entails.
By its very nature as a modern, multiuser operating system, Linux requires a
degree of administration greater than that of less robust, home-market systems.
This means that even if you use just a single machine connected to the Internet by
a dial-up modem—or not even connected at all—you have the benefits of the same
system employed by some of the largest businesses in the world, and will do many
of the same things that IT professionals employed by those companies are paid to
do. Administering your system does involve a degree of learning but it also means
that in setting up and configuring your own system you gain skills and understanding
that raise you above mere “computer user” status. The Linux system
administrator does not achieve that mantle by purchasing a computer but by taking
full control of what the computer does and how it does it.
You may end up configuring a small home or small office network of two or more
machines, perhaps including ones that are not running Linux. You may be responsible
for a business network of dozens of machines. The nature of system administration
in Linux is surprisingly constant, no matter how large or small your installation.
It merely involves enabling and configuring features you already have available.
By definition, the Linux system administrator is the person who has “root”
access, which is to say the one who is the system’s “super user” (or root user). A
standard Linux user is limited to whatever he or she can do with the underlying
engine of the system. But the root user has unfettered access to everything—all
user accounts, their home directories, and the files therein; all system configurations;
and all files on the system. A certain body of thought says that no one should
ever log in as “root,” because system administration tasks can be performed more
easily and safely through other, more specific means, which we discuss in due
course. Because the system administrator has full system privileges, your first duty
is to know what you’re doing, lest you break something.
4 Part I: System and Network Administration Defined
03 544985 ch01.qxd 1/8/04 9:22 AM Page 4
By definition, the Linux system administrator is the person who has “root”
access—the one who is the system’s “super user.”
The word duty implies a degree of drudgery; in fact, it’s a manifestation of the
tremendous flexibility of the system measured against the responsibility to run a
tight organization. These duties do not so much constrain you, the system administrator,
as free you to match the job to the task. Let’s take a brief look at them.
Installing and Configuring Servers
When you hear the word server to describe a computer, you probably think of a
computer that offers some type of service to clients. The server may provide file or
printer sharing, File Transfer Protocol (FTP) or Web access, or e-mail processing
tasks. Don’t think of a server as a standalone workstation; think of it as a computer
that specifically performs these services for many users.
In the Linux world, the word server has a broader meaning than what you might
be used to. For instance, the standard Red Hat graphical user interface (GUI)
requires a graphical layer called XFree86. This is a server. It runs even on a standalone
machine with one user account. It must be configured. (Fortunately, Red Hat
has made this a simple and painless part of installation on all but the most obscure
combinations of video card and monitor; gone are the days of anguish as you configure
a graphical desktop.)
Likewise, printing in Linux takes place only after you configure a print server.
Again, this has become so easy as to be nearly trivial.
In certain areas the client-server nomenclature can be confusing, though. While
you cannot have a graphical desktop without a server, you can have Web access
without a Web server, FTP access without running an FTP server, and e-mail capabilities
without ever starting a mail server. You may well want to use these servers,
all of which are included in Red Hat; then again, maybe not. Whenever a server is
connected to other machines outside your physical control, there are security implications
to consider. You want your users to have easy access to the things they
need but you don’t want to open up the system you’re administering to the whole
wide world.
Whenever a server is connected to machines outside your physical control,
security issues arise. You want users to have easy access to the things they
need but you don’t want to open up the system you’re administering to the
whole wide world.
Chapter 1: Duties of the System Administrator 5
03 544985 ch01.qxd 1/8/04 9:22 AM Page 5
Linux distributions used to ship with all imaginable servers turned on by default.
Just installing the operating system on the computer would install and configure—
with default parameters—all the services available with the distribution. This was a
reflection of an earlier, more innocent era in computing when people did not consider
vandalizing other people’s machines to be good sportsmanship.
Unfortunately, the realities of this modern, more dangerous world dictate that all
but the most essential servers remain turned off unless specifically enabled and
configured. This duty falls to the system administrator. You need to know exactly
which servers you need and how to employ them, and to be aware that it is bad
practice and a potential security nightmare to enable services that the system isn’t
using and doesn’t need. Fortunately, the following pages show you how to carry
out this aspect of system administration easily and efficiently.
Installing and Configuring
Application Software
Although it is possible for individual users to install some applications in their
home directories—drive space set aside for their own files and customizations—
these applications are not available to other users without the intervention of the
system administrator. Besides, if an application is to be used by more than one user,
it probably needs to be installed higher up in the Linux file hierarchy, which is a job
that only the system administrator can perform. (The administrator can even decide
which users may use which applications by creating a “group” for that application
and enrolling individual users in that group.)
New software packages might be installed in /opt if they are likely to be
upgraded separately from the Red Hat distribution itself. Doing this makes it simple
to retain the old version until you are certain that the new version works and meets
your expectations. Some packages may need to go in /usr/local or even /usr if
they are upgrades of packages installed as part of Red Hat. (For instance, there are
sometimes security upgrades of existing packages.) The location of the installation
usually matters only if you compile the application from source code; if you use a
Red Hat Package Manager (RPM) application package, it automatically goes where
it should.
Configuration and customization of applications is to some extent at the user’s
discretion, but not entirely. “Skeleton” configurations—administrator-determined
default configurations—set the baseline for user employment of applications. If
there are particular forms, for example, that are used throughout an enterprise, the
system administrator would set them up or at least make them available by adding
them to the skeleton configuration. The same applies to configuring user desktops
and in even deciding what applications should appear on user desktop menus. For
instance, your company may not want to grant users access to the games that ship
with modern Linux desktops. You may also want to add menu items for newly
installed or custom applications. The system administrator brings all this to pass.
6 Part I: System and Network Administration Defined
03 544985 ch01.qxd 1/8/04 9:22 AM Page 6
Creating and Maintaining
User Accounts
Not just anyone can show up and log on to a Linux machine. An account must be
created for each user and—you guessed it—no one but the system administrator
can do this. That’s simple enough.
But there’s more. It involves decisions that either you or your company must
make. You might want to let users select their own passwords, which would no doubt
make them easier to remember but which probably would be easier for a malefactor
to crack. You might want to assign passwords, which is more secure in theory but
increases the likelihood that users will write them down on a conveniently located
scrap of paper—a risk if many people have access to the area where the machine(s)
is located. You might decide that users must change their passwords periodically—
something you can configure Red Hat Enterprise Linux to prompt users about.
What happens to old accounts? Suppose someone leaves the company. You probably
don’t want him or her to gain access to the company network, but you also
don’t want to delete the account wholesale, only to discover later that essential data
resided nowhere else.
To what may specific users have access? It might be that there are aspects of
your business that make Web access desirable, but you don’t want everyone spending
their working hours surfing the Web. If your system is at home, you may wish
to limit your children’s access to certain Web sites.
These and other issues are part of the system administrator’s duties in managing
user accounts. Whether the administrator or his or her employer establishes policies
governing accounts, these policies should be delineated—preferably in writing for
a company—for the protection of all concerned.
Backing Up and Restoring Files
Until computer equipment becomes infallible, until people lose the desire to harm
others’ property, and—truth be told—until system administrators become perfect,
there is considerable need to back up important files so that the system can be up
and running again with minimal disruption in the event of hardware, security, or
administration failure. Only the system administrator may do this. (Because of its
built-in security features, Linux doesn’t allow users even to back up their own files
to removable disks.)
It’s not enough to know that performing backups is your job. You need to formulate
a strategy for making sure your system is not vulnerable to catastrophic disruption.
This is not always obvious. If you have a high-capacity tape drive and several
good sets of restore disks, you might make a full system backup every few days. If
you are managing a system with scores of users, you might find it more sensible to
back up user accounts and system configuration files, figuring that reinstallation
from the distribution CDs would be quicker and easier than getting the basics off a
Chapter 1: Duties of the System Administrator 7
03 544985 ch01.qxd 1/8/04 9:22 AM Page 7
tape archive. (Don’t forget about applications you install separately from your Red
Hat distribution, especially those involving heavy customization.)
Once you decide what to back up, you need to decide how frequently to perform
backups, whether to maintain a series of incremental backups—adding only files
that have changed since the last backup—or multiple full backups, and when these
backups should be performed. Do you trust an automated, unattended process? If
you help determine which equipment to use, do you go with a redundant array of
independent disks (RAID), which is to say multiple hard drives all containing the
same data as insurance against the failure of any one of them, in addition to other
backup systems? (A RAID is not enough because hard drive failure is not the only
means by which a system can be brought to a halt.)
You don’t want to become complacent or foster a lackadaisical attitude among
users. Part of your strategy should be to maintain perfect backups without ever
needing to resort to them. This means encouraging users to keep multiple copies of
their important files in their home directories so that you won’t be asked to mount
a backup to restore a file that a user corrupted. (If your system is a standalone one
then, as your own system administrator, you should make a habit of backing up
your configuration and other important files.)
Restoring files from your backup media is no less important than backing them
up in the first place. Be certain you can restore your files if the need arises by testing
your restore process at least once during a noncritical time.
Chances are good that even if you work for a company, you’ll be the one making
these decisions. Your boss just wants a system that runs perfectly, all the time.
Backing up is only part of the story, however. You need to formulate a plan for
bringing the system back up after a failure. A system failure could be caused by any
number of problems, either related to hardware or software (application, system
configuration) trouble, and could range from a minor inconvenience to complete
shutdown.
Hardware failures caused by improper configuration can be corrected by properly
configuring the device. Sometimes hardware failures are caused by the device
itself, which typically requires replacing the device. Software failures caused by
improperly configured system files are usually corrected by properly configuring
those files. An application can cause the system to fail for many reasons and may
require a lot of research on the part of the administrator to find the root of the
problem.
If you are the administrator of servers and workstations for a business, you
should have a disaster recovery plan in place. Such a plan takes into account the
type of data and services provided and how much fault tolerance your systems
require—that is, how long your systems could be down and what effect that would
have on your company’s ability to conduct business. If you require 100 percent
fault tolerance, meaning your systems must be online 24/7, then disaster recovery
is unnecessary as your systems never go down and there is no disaster from which
to recover. Most organizations, though, cannot afford such a high level of fault tolerance;
they are willing to accept less stringent standards. Based on the level of
8 Part I: System and Network Administration Defined
03 544985 ch01.qxd 1/8/04 9:22 AM Page 8
fault tolerance you require, your disaster recovery plan should list as many possible
failures as you can anticipate and detail the steps required to restore your systems.
In Chapter 2, we describe fault tolerance and disaster recovery in more detail.
Backing up is only part of the story. You need to formulate a disaster recovery
plan to bring your system back up in the event of a failure.
Monitoring and Tuning Performance
The default installation of Red Hat Enterprise Linux goes a long way toward capitalizing
on existing system resources. There is no “one size fits all” configuration,
however. Linux is infinitely configurable, or close to it.
On a modern standalone system, Linux runs pretty quickly. If it doesn’t, there’s
something wrong—something the system administrator can fix. Still, you might
want to squeeze one last little bit of performance out of your hardware—or a number
of people might be using the same file server, mail server, or other shared machine,
in which case seemingly small improvements in system performance add up.
System tuning is an ongoing process aided by a variety of diagnostic and monitoring
tools. Some performance decisions are made at installation time, while others
are added or tweaked later. A good example is the use of the hdparm utility, which
can increase throughput in IDE drives considerably; but for some high-speed modes
a check of system logs shows that faulty or inexpensive cables can, in combination
with hdparm, produce an enormity of nondestructive but system-slowing errors.
Proper monitoring allows you to detect a misbehaving application that consumes
more resources than it should or fails to exit completely upon closing.
Through the use of system performance tools you can determine when hardware—
such as memory, added storage, or even something as elaborate as a hardware
RAID—should be upgraded for more cost-effective use of a machine in the enterprise
or for complicated computational tasks such as three-dimensional rendering.
Possibly most important, careful system monitoring and diagnostic practices
give you an early heads-up when a system component is showing early signs of
failure, so that you can minimize any potential downtime. Combined with the
resources for determining which components are best supported by Red Hat
Enterprise Linux, performance monitoring can result in replacement components
which are far more robust and efficient in some cases.
In any case, careful system monitoring plus wise use of the built-in configurability
of Linux allows you to squeeze the best possible performance from your existing
equipment, from customizing video drivers to applying special kernel patches
or simply turning off unneeded services to free memory and processor cycles.
Chapter 1: Duties of the System Administrator 9
03 544985 ch01.qxd 1/8/04 9:22 AM Page 9
To squeeze the best performance from your equipment, monitor your system
carefully and use Linux’s built-in configurability wisely.
Configuring a Secure System
If there is a common thread in Linux system administration, it is the security of the
computer and data integrity.
What does this mean? Just about everything. The system administrator’s task,
first and foremost, is to make certain that no data on the machine or network are
likely to become corrupted, whether by hardware or power failure, by misconfiguration
or user error (to the extent that the latter can be avoided), or by malicious or
inadvertent intrusion from elsewhere. It means doing all the tasks described
throughout this chapter, and doing them well, with a full understanding of their
implications.
No one involved in computing has failed to hear of the succession of increasingly
serious attacks on machines connected to the Internet. For the most part,
these attacks have not targeted Linux systems. That doesn’t mean Linux systems
have been entirely immune, either to direct attack or to the effects of attacks on
machines running other operating systems. In one Distributed Denial of Service
(DDoS) attack aimed at several major online companies, for instance, many “zombie”
machines—those that had been exploited so that the vandals could employ
thousands of machines instead of just a few—were running Linux that had not
been patched to guard against a well-known security flaw. In the various “Code
Red” attacks during the summer of 2001, Linux machines themselves were invulnerable,
but the huge amount of traffic generated by this “worm” infection nevertheless
prevented many Linux machines from accomplishing much Web-based
work for several weeks, so fierce was the storm raging across the Internet. And few
e-mail users have been immune from receiving at least some “SirCam” messages—
nonsensical messages from strangers with randomly selected files attached from
their machines. While this infection did not corrupt Linux machines per se, as it did
those running MS Windows, anyone on a dial-up Internet connection who had to
endure downloading several megabytes of infected mail each day would scarcely
describe himself or herself as unaffected by the attack.
Depending on how a Linux machine is connected, and to what, the sensitivity of
the data it contains and the uses to which it is put, security can be as simple as
turning off unneeded services, monitoring the Red Hat security mailing list to make
sure that all security advisories are followed, and otherwise engaging in good computing
practices to make sure the system runs robustly. It’s almost a full-time job
involving levels of security permissions within the system and systems to which it
is connected; elaborate firewalls to protect not just Linux machines but machines
that, through their use of non-Linux software, are far more vulnerable; and physical
security—making sure no one steals the machine itself!
10 Part I: System and Network Administration Defined
03 544985 ch01.qxd 1/8/04 9:22 AM Page 10
For any machine connected to another machine, security means hardening
against attacks and making certain no one else uses your machine as a platform for
launching attacks against others. If you run Web, FTP, or mail servers, it means giving
access to only those who are entitled to it, while locking out everyone else. It
means making sure that passwords are not easily guessed and not made available
to unauthorized persons. It means that disgruntled former employees no longer
have access to the system and that no unauthorized person may copy files from
your machines.
Security is an ongoing process. The only really secure computer is one that contains
no data, is unplugged from networks and power supplies, has no keyboard
attached, and resides in a locked vault. While that is theoretically true, it implies
that security diminishes the usefulness of the machine. Your job as system administrator
is to strike the right balance between maximum utility and maximum
safety, all the while bearing in mind that confidence in a secure machine today
means nothing about the machine’s security tomorrow.
In the chapters that follow, you learn about the many tools that Red Hat provides
to help you guard against intrusion, even to help you prevent intrusion into non-
Linux machines that may reside on your network. Linux is designed from the
beginning with security in mind. In all your tasks you should maintain that same
security awareness.
Your job as system administrator is to strike the right balance between maximum
utility and maximum safety, all the while bearing in mind that confidence
in a secure machine today means nothing about the machine’s security
tomorrow.
Using Tools to Monitor Security
People who, for purposes of larceny or to amuse themselves, like to break into computers—
they’re called “crackers”—are a clever bunch. If there is a vulnerability in
a system, they will find it. Fortunately, the Linux development community is quick
to find potential exploits and to create ways of slamming the door shut before
crackers can enter. Fortunately, too, Red Hat is diligent in making available new,
patched versions of packages in which potential exploits have been found. Your
first and best security tool, therefore, is making sure that whenever a security advisory
is issued, you download and install the repaired package. This line of defense
can be annoying but it is nothing compared to rebuilding a compromised system.
As good as the bug trackers are, sometimes their job is reactive. Preventing the use
of your machine for nefarious purposes and guarding against intrusion are, in the
end, your responsibility alone. Red Hat equips you with tools to detect and deal with
unauthorized access of many kinds. As this book unfolds, you’ll learn how to install
and configure these tools and how to make sense of the warnings they provide. Pay
Chapter 1: Duties of the System Administrator 11
03 544985 ch01.qxd 1/8/04 9:22 AM Page 11
careful attention to those sections and do what they say. If your machine is connected
to the Internet, you will be amazed at the number of attempts made to break
into your machine. You’ll be struck by how critical the issue of security is.
Summary
As you, the system administrator, read this book, bear in mind that your tasks are
ongoing and that there is never a machine that is completely tuned, entirely up-todate,
and utterly secure for very long. The pace of Linux development is quite rapid,
so it’s important to keep current in the latest breakthroughs. This book gives you the
very best information as to the Red Hat distribution you’re using and tells you all
you need to know about getting the most from it. Even more than that, you should
read it with an eye toward developing a Linux system administrator’s point of view,
an understanding of how the system works as opposed to the mere performance of
tasks. As the best system administrators will tell you, system administration is a state
of mind.
12 Part I: System and Network Administration Defined
03 544985 ch01.qxd 1/8/04 9:22 AM Page 12

networking


What is Peer-to-Peer Networking?
Peer to peer networks share responsibility for processing data among all of the connected devices. Peer-to-peer networking (also known simply as peer networking) differs from client-server networking in several respects.

How is Network Performance Measured?
The performance or "speed" of a computer network is normally measured in units of bits per second (bps). This quantity can represent either an actual data rate or a theoretical limit to available network bandwidth. The related units of Kbps, Mbps, Gbps represent increasingly larger multiples of bps.

Question: What is (Wireless / Computer) Networking?
Answer: In the world of computers, networking is the practice of linking two or more computing devices together for the purpose of sharing data. Networks are built with a mix of computer hardware and computer software.
Question: What Is the Difference Between Bits and Bytes?
The terms bit and byte are common in computer networking. Both terms refer to digital data transmitted over a network connection. For example, bits and bytes both may represent network addresses or port numbers.
Answer:
A bit is a single numeric value, either '1' or '0', that encodes a single unit of digital information. A byte is a sequence of bits; usually eight bits equal one byte.
For example, in Internet Protocol (IP) networking, IP addresses contain 32 bits or 4 bytes. The bits encode the network address so that it can be shared on the network. The bytes divide the bits into groups.
The IP address 192.168.0.1, for instance, is encoded with the following bits and bytes:
11000000 10101000 00000000 00000001
Bits are grouped into bytes to, generally speaking, increase the efficiency of computer hardware, including network equipment, disks and memory.

Client-Server vs Peer-to-Peer and Other Models
The client-server model was originally developed to allow more users to share access to database applications. Compared to the mainframe approach, client-server offers improved scalability because connections can be made as needed rather than being fixed. The client-server model also supports modular applications that can make the job of creating software easier. In so-called "two-tier" and "three-tier" types of client-server systems, software applications are separated into modular pieces, and each piece is installed on clients or servers specialized for that subsystem.
Client-server is just one approach to managing network applications The primary alternative, peer-to-peer networking, models all devices as having equivalent capability rather than specialized client or server roles. Compared to client-server, peer to peer networks offer some advantages such as more flexibility in growing the system to handle large number of clients. Client-server networks generally offer advantages in keeping data secure.
What is VPN?

VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN). VPNs enable file sharing, video conferencing and similar network services. Virtual private networks generally don't provide any new functionality that isn't already offered through alternative mechanisms, but a VPN implements those services more efficiently / cheaply in most cases.
A key feature of a VPN is its ability to work over both private networks as well as public networks like the Internet. Using a method called tunneling, a VPN use the same hardware infrastructure as existing Internet or intranet links. VPN technologies includes various security mechanisms to protect the virtual, private connections.
Q. "What is the difference between a hub and a switch? Which one is better for my network?"
A. A switch is effectively a higher-performance alternative to a hub. This article describes hubs in more detail. People tend to benefit from a switch over a hub if their home network has four or more computers, or if they want to use their home network for applications that generate significant amounts of network traffic, like multiplayer games or heavy music file sharing. In most other cases, home networkers will not notice an appreciable difference between a hub and switch (hubs do cost slightly .. . Technically speaking, hubs operate using a broadcast model and switches operate using a virtual circuit model. When four computers are connected to a hub, for example, and two of those computers communicate with each other, hubs simply pass through all network traffic to each of the four computers. Switches, on the other hand, are capable of determining the destination of each individual traffic element (such as an Ethernet frame) and selectively forwarding data to the one computer that actually needs it. By generating less network traffic in delivering messages, a switch performs better than a hub on busy networks.

What is a port number?

Q. "There are many definitions for the term port number, but they don't help me form a picture in my head. I know every Internet service listens on a particular server port number - like 80 for HTTP, 21 for FTP. But how exactly do port numbers work?"
A. Where port numbers are concerned, consider an analogy between the computer and the telephone. Port numbers and their associated network addresses work something like telephone numbers and associated extensions... (see belo. One can think of a network address - say, an IP address - like a telephone number. The IP address gives a unique number for reaching someone on the Internet, just as a telephone number allows you to reach a specific destination on the public telephone network.
(Note that telephone numbers have additional features that IP addresses do not have, such as area codes that provide some geographic information about a location.)
Many larger organizations set up their telephone networks to use phone extensions. These extensions are typically 2-5 digit numbers that identify an individual phone within the organization. But from the outside, all of these extensions are associated with a single telephone number (in the USA, often a 1-800 or 1-888 number).
A network port number functions similarly to a telephone extension. Taken together with a network address, a port number identifies both a computer and also a "channel" within that computer where network communication will take place. Just as different organizations may use the same extension numbers "inside" their primary phone number, different computers use the same set of port numbers.

What is the difference between solid and stranded CAT5 cable, and which one is better?
Q. "We recently bought 250 ft. (76 m) of CAT5 cable for our home networking project. When it arrived, the box said that the cable was 'stranded.' We were wondering if we may have bought the wrong type and should we have bought solid instead?"
A.Generally speaking, stranded CAT5 is more commonly used in home networking than solid CAT5. Stranded cables are more flexible than solid ones, that allows cabling to be moved around the home without fear of cracking the wires inside. Stranded cables also cost less than solid cables... (see below.. . Solid CAT5 cables have their advantages, too. Theoretically speaking, solid CAT5 supports a higher level of performance due to its superior electrical properties compared to stranded cables, though the benefit can be negligible in practice. Businesses that are accustomed to wiring inside office walls or under floors to fixed locations, and are willing to pay more for the possibility of improved network performance, often prefer solid cabling.
Finally, when working with CAT5 cable, it's important to know that several different types of RJ-45 connectors exist. One type, designed for use with stranded cables, generally is incompatible with solid cable. Other types of RJ-45 connectors may work with both stranded and solid CAT5.
Q. "What is the 5-4-3-2-1 rule of network design?"
A. The 5-4-3-2-1 rule embodies a simple recipe for network design. It may not be easy to find examples in practice, but this rule neatly ties together several important elements of design theory... (See below) .. . To understand this rule, it's first necessary to understand the concepts of collision domains and propagation delay. Collision domains are portions of a network. When a network packet is transmitted over Ethernet, for example, it is possible for another packet from a different source to be transmitted close enough in time to the first packet to cause a collision on the wire. The total range over which a packet can travel and potentially collide with another is its collision domain.
Propagation delays are a property of the physical medium (e.g., Ethernet). Propagation delays help determine how much of a time difference between the sending of two packets on a collision domain is "close enough" to actually cause a collision. The greater the propagation delay, the increased likelihood of collisons.
The 5-4-3-2-1 rule limits the range of a collision domain by limiting the propagation delay to a "reasonable" amount of time. The rule breaks down as follows:
5 - the number of network segments
4 - the number of repeaters needed to join the segments into one collision domain
3 - the number of network segments that have active (transmitting) devices attached
2 - the number of segments that do not have active devices attached
1 - the number of collision domains
Because the last two elements of the recipe follow naturally from the others, this rule is sometimes also known as the "5-4-3" rule for short.
Q. "What is a good computer networking project for a high school or college student?"
A. One good project in networking is home LAN setup. Show how multiple computers can be networked using direct cable connections, hubs and switches, or in other ways. College students might consider building an intranet that consists of a LAN and groupware or other network software for business. High school students can use their LAN to demonstrate chat programs, Napster, or network games... (See below) .. . For college students, Artifical Intelligence (AI) projects can demonstrate "cool" uses of computer networking. One can build a robot, for example, and network it to a controlling computer.
Students can set up a Web server like Apache and show how it is configured and managed.
Finally, computer viruses make for some interesting networking projects. One can demonstrate how these viruses are created, transmitted through email (primarily), and detected and cleaned with antivirus software utilities.
Q. "Is there a way to transfer files between two PCs using a cable called a null modem cable?"
A. Yes! This cable allows you to set up file sharing between two PCs by connecting their serial or parallel ports. The details of the setup depend on which operating
systems run on the PCs... (see below)... . The term "null modem" comes from the ability of the cable to provide networking at relatively slow speeds without actually using modems.
Null modem cables do not require computers to possess Ethernet cards. For this reason, they are a very popular (though not the only) form of Direct Cable Connection (DCC) possible between PCs.

Q. "Is there any difference between bps (small 'b') and Bps (capital 'b')?"

A. The term "bps" specifies network bandwidth in bits per second. The term "Bps" specifies network bandwidth in bytes per second.

VoIP - Voice Over IP - Internet Telephony
With VoIP - voice over IP - service, consumers enjoy the convenience of a cell phone with the benefits of full Internet connectivity for telephony. The same Internet Protocol (IP) technology used in conventional data networks can be used to transmit voice and fax.
WINS - Windows Internet Naming Service
WINS supports name resolution, the automated conversion of computer names to network addresses, for Windows networks. WINS converts NetBIOS names to IP addresses.
NetBIOS - Network Basic Input/Output System
NetBIOS is a protocol for computer communication services on local networks used by Microsoft Windows.
Microsoft Internet Information Server (IIS)
Microsoft IIS implements Web server functionality that integrates with other Microsoft server networking technologies.
DNS servers
Main article: Name server
The Domain Name System is maintained by a distributed database system, which uses the client-server model. The nodes of this database are the name servers. Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain and the name servers of any domains subordinate to it. The top of the hierarchy is served by the root nameservers: the servers to query when looking up (resolving) a top-level domain name (TLD).
DHCP



1. What is DHCP?
DHCP stands for "Dynamic Host Configuration Protocol".
2. What is DHCP's purpose?
DHCP's purpose is to enable individual computers on an IP network to extract their configurations from a server (the 'DHCP server') or servers, in particular, servers that have no exact information about the individual computers until they request the information. The overall purpose of this is to reduce the work necessary to administer a large IP network. The most significant piece of information distributed in this manner is the IP address.
3. Can DHCP work with Appletalk or IPX?
No, it is too tied to IP. Furthermore, they don't need it since they have always had automated mechanisms for assigning their own network addresses.
4. Who Created It? How Was It Created?
DHCP was created by the Dynamic Host Configuration Working Group of the Internet Engineering Task Force (IETF; a volunteer organization which defines protocols for use on the Internet). As such, it's definition is recorded in an Internet RFC and the Internet Activities Board (IAB) is asserting its status as to Internet Standardization. As of this writing (June 1998), DHCP is an Internet Draft Standard Protocol and is Elective. BOOTP is an Internet Draft Standard Protocol and is Recommended. For more information on Internet standardization, see RFC2300 (May 1998)
5. How is it different than BOOTP or RARP?
DHCP is based on BOOTP and maintains some backward compatibility. The main difference is that BOOTP was designed for manual pre-configuration of the host information in a server database, while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts. Additionally, DHCP allows for recovery and reallocation of network addresses through a leasing mechanism.
RARP is a protocol used by Sun and other vendors that allows a computer to find out its own IP number, which is one of the protocol parameters typically passed to the client system by DHCP or BOOTP. RARP doesn't support other parameters and using it, a server can only serve a single LAN. DHCP and BOOTP are designed so they can be routed.
6. How is it different than VLANs?
DHCP and VLANs, which are very different in concept, are sometimes cited as different solutions to the same problem. While they have a goal in common (easing moves of networked computers), VLANs represent a more revolutionary change to a LAN than DHCP. A DHCP server and forwarding agents can allow you to set things up so that you can unplug a client computer from one network or subnet and plug it into another and have it come alive immediately, it having been reconfigured automatically. In conjunction to Dynamic DNS, it could automatically be given its same name in its new place. VLAN-capable LAN equipment with dynamic VLAN assignment allows you to configure things so a client computer can be plugged into any port and have the same IP number (as well as name) and be on the same subnet. The VLAN-capable network either has its own configuration that lists which MAC addresses are to belong to each VLAN, or it makes the determination from the source IP address of the IP packets that the client computer sends. Some differences in the two approaches:
o DHCP handles changes by reconfiguring the client while a VLAN-capable network handles it by reconfiguring the network port the client is moved to.
o DHCP dynamic reconfiguration requires a DHCP server, forwarding agent in each router, and DHCP capability in each client's TCP/IP support. The analogous capability in VLANs requires that all hubs throughout the network be VLAN-capable, supporting the same VLAN scheme. To this point VLAN support is proprietary with no vendor interoperability, but standards are being developed.
o DHCP can configure a new client computer for you while a VLAN-capable network can't.
o DHCP is generally aimed at giving "easy moves" capability to networks that are divided into subnets on a geographical basis, or on separate networks. VLANs are generally aimed at allowing you to set up subnets on some basis other than geographical, e.g. instead of putting everyone in one office on the same subnet, putting each person on a subnet that has access to the servers that that person requires.
There is an issue with trying to use DHCP (or BOOTP) and VLANs at the same time, in particular, with the scheme by which the VLAN-capable network determines the client's VLAN based upon the client computer's source IP address. Doing so assumes the client computer is already configured, which precludes the use of network to get the configuration information from a DHCP or BOOTP server.
7. What protocol and port does DHCP use?
DHCP, like BOOTP runs over UDP, utilizing ports 67 and 68.
8. What is an IP address?
An IP address (also called an IP number) is a number (typically written as four numbers separated by periods, i.e. 107.4.1.3 or 84.2.1.111) which uniquely identifies a computer that is making use of the Internet. It is analogous to your telephone number in that the telephone number is used by the telephone network to direct calls to you. The IP address is used by the Internet to direct data to your computer, e.g. the data your web browser retrieves and displays when you surf the net. One task of DHCP is to assist in the problem of getting a functional and unique IP number into the hands of the computers that make use of the Internet.
9. What is a MAC address?
A MAC address (also called an Ethernet address or an IEEE MAC address) is a number (typically written as twelve hexadecimal digits, 0 through 9 and A through F, or as six hexadecimal numbers separated by periods or colons, i.e. 0080002012ef, 0:80:0:2:20:ef) which uniquely identifes a computer that has an Ethernet interface. Unlike the IP number, it includes no indication of where your computer is located. In DHCP's typical use, the server uses a requesting computer's MAC address to uniquely identify it.
10. What is a DHCP lease?
A DHCP lease is the amount of time that the DHCP server grants to the DHCP client permission to use a particular IP address. A typical server allows its administrator to set the lease time.
11. What is a Client ID?
What is termed the Client ID for the purposes of the DHCP protocol is whatever is used by the protocol to identify the client computer. By default, DHCP implementations typically employ the client's MAC address for this purpose, but the DHCP protocol allows other options. Some DHCP implementations have a setup option to specify the client ID you want. One alternative to the MAC address is simply a character string of your choice. In any case, in order for DHCP to function, you must be certain that no other client is using the client ID you choose, and you must be sure the DHCP server will accept it.
12. Why shouldn't clients assign IP numbers without the use of a server?
It is theoretically possible to develop software for client-machines that finds an unused address by picking them out of the blue and broadcasting a request of all the other client machines to see if they are using them. Appletalk is designed around this idea, and Apple's MacTCP can be configured to do this for IP. However, this method of IP address assignment has disadvantages.
1. A computer that needs a permanently-assigned IP number might be turned off and lose its number to a machine coming up. This has problems both for finding services and for security.
2. A network might be temporarily divided into two non-communicating networks while a network component is not functioning. During this time, two different client-machines might end up claiming the same IP number. When the network comes back, they start malfunctioning.
3. If such dynamic assignment is to be confined to ranges of IP addresses, then the ranges are configured in each desktop machine rather than being centrally administered. This can lead both to hidden configuration errors and to difficulty in changing the range. Another problem with the use of such ranges is keeping it easy to move a computer from one subnet to another.
13. Can DHCP support statically defined addresses?
Yes. At least there is nothing in the protocol to preclude this and one expects it to be a feature of any DHCP server. This is really a server matter and the client should work either way. The RFC refers to this as manual allocation.
14. How does DHCP and BOOTP handle multiple subnets?
For the situations where there is more than one LAN, each with its own subnet number, there are two ways. First of all, you can set up a seperate server on each subnet. Secondly, a feature of some routers known as "BOOTP forwarding" to forward DHCP or BOOTP requests to a server on another subnet and to forward the replies back to the client. The part of such a router (or server acting as a router) that does this is called a "BOOTP forwarding agent". Typically you have to enable it on the interface to the subnet to be served and have to configure it with the IP address of the DHCP or BOOTP server. On a Cisco router, the address is known as the "UDP Helper Address".
15. Can a BOOTP client boot from a DHCP server?
Only if the DHCP server is specifically written to also handle BOOTP queries.
16. Can a DHCP client boot from a BOOTP server?
Only if the DHCP client were specifically written to make use of the answer from a BOOTP server. It would presumably treat a BOOTP reply as an unending lease on the IP address.
In particular, the TCP/IP stack included with Windows 95 does not have this capability.
17. Is a DHCP server "supposed to" be able to support a BOOTP client?
The RFC on such interoperability (1534) is clear: "In summary, a DHCP server: ... MAY support BOOTP clients," (section 2). The word "MAY" indicates such support, however useful, is left as an option.
A source of confusion on this point is the following statement in section 1.5 of RFC 1541: "DHCP must provide service to existing BOOTP clients." However, this statement is one in a list of "general design goals for DHCP", i.e. what the designers of the DHCP protocol set as their own goals. It is not in a list of requirements for DHCP servers.
18. Is a DHCP client "supposed to" be able to use a BOOTP server?
The RFC on such interoperability (1534) is clear: "A DHCP client MAY use a reply from a BOOTP server if the configuration returned from the BOOTP server is acceptable to the DHCP client." (section 3). The word "MAY" indicates such support, however useful, is left as an option.
19. Can a DHCP client or server make a DNS server update the client's DNS entry to match the client's dynamically assigned address?
RFCs 2136 and 2137 indicate a way in which DNS entries can be updated dynamically. Using this requires a DNS server that supports this feature and a DHCP server that makes use of it. The RFCs are very recent (as of 5/97) and implementations are few. In the mean time, there are DNS and DHCP servers that accomplish this through proprietary means.
20. Can a DHCP server back up another DHCP server?
You can have two or more servers handing out leases for different addresses. If each has a dynamic pool accessible to the same clients, then even if one server is down, one of those clients can lease an address from the other server.
However, without communication between the two servers to share their information on current leases, when one server is down, any client with a lease from it will not be able to renew their lease with the other server. Such communication is the purpose of the "server to server protocol" (see next question). It is possible that some server vendors have addressed this issue with their own proprietary server-to-server communication.
21. When will the server to server protocol be defined?
The DHC WG of the IETF is actively investigating the issues in inter-server communication. The protocol should be defined "soon".
22. Is there a DHCP mailing list?
There are several:
List Purpose
---- -------
dhcp-v4@bucknell.edu General discussion: a good list for
server administrators.
dhcp-bake@bucknell.edu DHCP bakeoffs
dhcp-impl@bucknell.edu Implementations
dhcp-serve@bucknell.edu Server to server protocol
dhcp-dns@bucknell.edu DNS-DHCP issues
dhcp-v6@bucknell.edu DHCP for IPv6

The lists are run by listserv@bucknell.edu which can be used to subscribe and sign off. Archives for the dhcp-v4 list (which used to be called the host-conf list) are stored at ftp://ftp.bucknell.edu/pub/dhcp/.
23. In a subnetted environment, how does the DHCP server discover what subnet a request has come from?
DHCP client messages are sent to off-net servers by DHCP relay agents, which are often a part of an IP router. The DHCP relay agent records the subnet from which the message was received in the DHCP message header for use by the DHCP server.
Note: a DHCP relay agent is the same thing as a BOOTP relay agent, and technically speaking, the latter phrase is correct.
24. If a single LAN has more than one subnet number, how can addresses be served on subnets other than the primary one?
A single LAN might have more than one subnet number applicable to the same set of ports (broadcast domain). Typically, one subnet is designated as primary, the others as secondary. A site may find it necessary to support addresses on more than one subnet number associated with a single interface. DHCP's scheme for handling this is that the server has to be configured with the necessary information and has to support such configuration & allocation. Here are four cases a server might have to handle:
0. Dynamic allocation supported on secondary subnet numbers on the LAN to which the server is attached.
1. Dynamic allocation supported on secondary subnet numbers on a LAN which is handled through a DHCP/BOOTP Relay. In this case, the DHCP/BOOTP Relay sends the server a gateway address associated with the primary subnet and the server must know what to do with it.
The other two cases are the same capabilities during manual allocation. It is possible that a particular server-implementation can handle some of these cases, but not all of them. See section below listing the capabilities of some servers.
25. If a physical LAN has more than one logical subnet, how can different groups of clients be allocated addresses on different subnets?
One way to do this is to preconfigure each client with information about what group it belongs to. A DHCP feature designed for this is the user class option. To do this, the client software must allow the user class option to be preconfigured and the server software must support its use to control which pool a client's address is allocated from.
26. Where is DHCP defined?
In Internet RFCs.
RFC 2131
R. Droms, "Dynamic Host Configuration Protocol", 3/97. Supersedes RFC 1541 and RFC 1531. [Note that some of the references in this FAQ are to RFC 1541: I'll update them when I get a chance. -- Author]
RFC 1534
R. Droms, "Interoperation Between DHCP and BOOTP", 10/08/1993.
RFC 2132
S. Alexander, R. Droms, "DHCP Options and BOOTP Vendor Extensions", 3/97. Supersedes RFC 1533.
Some websites with copies of RFCs:
http://info.internet.isi.edu/1s/in-notes/rfc/
http://www.cis.ohio-state.edu/hypertext/information/rfc.html
http://www.pmg.lcs.mit.edu/rfc.html
27. What other sources of information are available?
See the dhcp-v4 mailing list mentioned above as well as its archives.
DHCP - Dynamic Host Configuration Protocol
http://www.eg.bucknell.edu/~droms/dhcp/
Problems and Solutions of DHCP: Experiences with DHCP implementation and Operation
A. Tominaga, O. Nakamura, F. Teraoka, J. Murai. http://info.isoc.org/HMP/PAPER/127/html/paper.html
DHCP Resources
Alan Dobkin. http://NWS.CC.Emory.Edu/WebStaff/Alan/Net-Man/Computing/DHCP/
DHCP Reading Room
Eric Hall. http://www.ehsco.com/reading/dhcp.html
Internet Drafts
Internet drafts are works in progress intended to update the current RFCs or specify additional functionality, and sometimes there is one or more draft related to DHCP. All Internet Drafts are available from various sites: the US East Cost site is ftp://ds.internic.net/internet-drafts/; a web site is http://ds.internic.net/ds/dsintdrafts.html. The DHCP-related drafts currently have filenames of the form "draft-ietf-dhc-SOMETHING". These DHCP-related drafts are also stored at ftp://ftp.bucknell.edu/pub/dhcp/, and are available through http://www.eg.bucknell.edu/~droms/dhcp/. I cannot be more specific about the documents because they are by their nature temporary.
"DHCP Clients: Do They Really Work?"
Eric Hall. Network Computing, Vol. 7, No. 7, May 1, 1996, pp. 114-120. Reviews DHCP-client-function of some popular Windows IP stacks. http://www.ehsco.com/reading/19960515ncw2.html
"The Heaven And Hell Of DHCP Servers"
Eric Hall. Network Computing, Vol. 7, No. 8, May 15, 1996, pp. 118-121. Reviews DHCP servers. http://www.ehsco.com/reading/19960515ncw1.html
28. Can DHCP support remote access?
PPP has its own non-DHCP way in which communications servers can hand clients an IP address called IPCP (IP Control Protocol) but doesn't have the same flexibility as DHCP or BOOTP in handing out other parameters. Such a communications server may support the use of DHCP to acquire the IP addresses it gives out. This is sometimes called doing DHCP by proxy for the client. I know that Windows NT's remote access support does this.
A feature of DHCP under development (DHCPinform) is a method by which a DHCP server can supply parameters to a client that already has an IP number. With this, a PPP client could get its IP number using IPCP, then get the rest of its parameters using this feature of DHCP.
SLIP has no standard way in which a server can hand a client an IP address, but many communications servers support non-standard ways of doing this that can be utilized by scripts, etc. Thus, like communications servers supporting PPP, such communications servers could also support the use of DHCP to acquire the IP addressees to give out.
The DHCP protocol is capable of allocating an IP address to a device without an IEEE-style MAC address, such as a computer attached through SLIP or PPP, but to do so, it makes use of a feature which may or may not be supported by the DHCP server: the ability of the server to use something other than the MAC address to identify the client. Communications servers that acquire IP numbers for their clients via DHCP run into the same roadblock in that they have just one MAC address, but need to acquire more than one IP address. One way such a communications server can get around this problem is through the use of a set of unique pseudo-MAC addresses for the purposes of its communications with the DHCP server. Another way (used by Shiva) is to use a different "client ID type" for your hardware address. Client ID type 1 means you're using MAC addresses. However, client ID type 0 means an ASCII string.
29. Can a client have a home address and still float?
There is nothing in the protocol to keep a client that already has a leased or permanent IP number from getting a(nother) lease on a temporary basis on another subnet (i.e., for that laptop which is almost always in one office, but occasionally is plugged in in a conference room or class room). Thus it is left to the server implementation to support such a feature. I've heard that Microsoft's NT-based server can do it.
30. How can I relay DHCP if my router does not support it?
A server on a net(subnet) can relay DHCP or BOOTP for that net. Microsoft has software to make Windows NT do this.
31. How do I migrate my site from BOOTP to DHCP?
I don't have an answer for this, but will offer a little discussion. The answer depends a lot on what BOOTP server you are using and how you are maintaining it. If you depend heavily on BOOTP server software to support your existing clients, then the demand to support clients that support DHCP but not BOOTP presents you with problems. In general, you are faced with the choice:
0. Find a server that is administered like your BOOTP server only that also serves DHCP. For example, one popular BOOTP server, the CMU server, has been patched so that it will answer DHCP queries.
1. Run both a DHCP and a BOOTP server. It would be good if I could find out the gotcha's of such a setup.
2. Adapt your site's administration to one of the available DHCP/BOOTP servers.
3. Handle the non-BOOTP clients specially, e.g. turn off DHCP and configure them statically: not a good solution, but certainly one that can be done to handle the first few non-BOOTP clients at your site.
32. Can you limit which MAC addresses are allowed to roam?
Sites may choose to require central pre-configuration for all computers that will be able to acquire a dynamic address. A DHCP server could be designed to implement such a requirement, presumably as an option to the server administrator. See section below on servers that implement this.
33. Is there an SNMP MIB for DHCP?
There is no standard MIB; creating one is on the list of possible activities of the DHCP working group. It is possible that some servers implement private MIBs.
34. What is DHCP Spoofing?
Ascend Pipeline ISDN routers (which attach Ethernets to ISDN lines) incorporate a feature that Ascend calls "DHCP spoofing" which is essentially a tiny server implementation that hands an IP address to a connecting Windows 95 computer, with the intention of giving it an IP number during its connection process.
35. How long should a lease be?
I've asked sites about this and have heard answers ranging from 15 minutes to a year. Most administrators will say it depends upon your goals, your site's usage patterns, and service arrangements for your DHCP server.
A very relevant factor is that the client starts trying to renew the lease when it is halfway through: thus, for example, with a 4 day lease, the client which has lost access to its DHCP server has 2 days from when it first tries to renew the lease until the lease expires and the client must stop using the network. During a 2-day outage, new users cannot get new leases, but no lease will expire for any computer turned on at the time that the outage commences.
Another factor is that the longer the lease the longer time it takes for client configuration changes controlled by DHCP to propogate.
Some relevant questions in deciding on a lease time:
Do you have more users than addresses?
If so, you want to keep the lease time short so people don't end up sitting on leases. Naturally, there are degrees. In this situation, I've heard examples cited of 15 minutes, 2 hours, and 2 days. Naturally, if you know you will have 20 users using 10 addresses in within a day, a 2 day lease is not practical.
Are you supporting mobile users?
If so, you may be in the situation of having more users than addresses on some particular IP number range. See above.
Do you have a typical or minimum amount of time that you are trying to support?
If your typical user is on for an hour at minimum, that suggest a hour lease at minimum.
How many clients do you have and how fast are the communications lines over which the DHCP packets will be run?
The shorter the lease, the higher the server and network load. In general, a lease of at least 2 hours is long enough that the load of even thousands of clients is negligible. For shorter leases, there may be a point beyond which you will want to watch the load. Note that if you have a communication line down for a long enough time for the leases to expire, you might see an unusually high load it returns. If the lease-time is at least double the communication line outage, this is avoided.
How long would it take to bring back up the DHCP server, and to what extent can your users live without it?
If the lease time is at least double the server outage, then running clients who already have leases will not lose them. If you have a good idea of your longest likely server outage, you can avoid such problems. For example, if your server-coverage is likely to recover the server within three hours at any time that clients are using their addresses, then a six hour lease will handle such an outage. If you might have a server go down on Friday right after work and may need all Monday's work-day to fix it, then your maximum outage time is 3 days and a 6-day lease will handle it.
Do you have users who want to tell other users about their IP number?
If your users are setting up their own web servers and telling people how to get to them either by telling people the IP number or through a permanent DNS entry, then they are looking for an IP number that won't be changing. While some sites would manually allocate any address that people expected to remain stable, other sites want to use DHCP's ability to automate distribution of relatively permanent addresses. The relevant time is the maximum amount of time that you wish to allow the user to keep their machine turned off yet keep their address. For example, in a university, if students might have their computers turned off for as long as three weeks between semesters, and you wish them to keep their IP address, then a lease of six weeks or longer would suffice.
Some examples of lease-times that sites have used & their rationals:
15 minutes
To keep the maximum number of addresses free for distribution in cases where there will be more users than addresses.
6 hours
Long enough to allow the DHCP server to be fixed, e.g. 3 hours.
12 hours
If you need to take back an address, then you know that it will only take one night for the users' lease to expire.
3 days
This is apparently Microsoft's default, thus many sites use it.
6 days
Long enough that a weekend server outage that gets fixed on Monday will not result in leases terminating.
4 months
Long enough that students can keep their IP address over the summer hiatus. I believe this rational is workable if the summer hiatus is no more than 2 months.
One year
If a user has not used their address in six months, then they are likely to be gone. Allows administrator to recover those addresses after someone has moved on.
36. How can I control which clients get leases from my server?
There is no ideal answer: you have to give something up or do some extra work.
o You can put all your clients on a subnet of your own along with your own DHCP server.
o You can use manual allocation.
o Perhaps you can find DHCP server software that allows you to list which MAC addresses the server will accept. DHCP servers that support roaming machines may be adapted to such use.
o You can use the user class option assuming your clients and server support it: it will require you to configure each of your clients with a user class name. You still depend upon the other clients to respect your wishes.
37. How can I prevent unauthorized laptops from using a network that uses DHCP for dynamic addressing?
This would have to be done using a mechanism other than DHCP. DHCP does not prevent other clients from using the addresses it is set to hand out nor can it distinguish between a computer's permanent MAC address and one set by the computer's user. DHCP can impose no restrictions on what IP address can use a particular port nor control the IP address used by any client.
38. What are the Gotcha's?
o A malicious user could make trouble by putting up an unofficial DHCP server.
 The immediate problem would be a server passing out numbers already belonging to some computer yielding the potential for two or more "innocent bystander" nodes ending up with the same IP number. Net result is problems using the nodes, possibly intermittent of one or the other is sometimes turned off.
 A lot of problems are possible if a renegade server manages to get a client to accept its lease offering, and feeds the client its own version of other booting parameters. One scenario is a client that loads its OS over the network via tftp being directed to a different file (possibly on a different server), thus allowing the perpetrator to take over the client. Given that boot parameters are often made to control many different things about the computers' operation and communication, many other scenarios are just as serious.
Note that BOOTP has the same vulnerabilities.
o The "broadcast flag": DHCP includes a way in which client implementations unable to receive a packet with a specific IP address can ask the server or relay agent to use the broadcast IP address in the replies (a "flag" set by the client in the requests). The definition of DHCP states that implementations "should" honor this flag, but it doesn't say they "must". Some Microsoft TCP/IP implementations used this flag, which meant in practical terms, relay agents and servers had to implement it. A number of BOOTP-relay-agent implementations (e.g. in routers) handled DHCP just fine except for the need for this feature, thus they announced new versions stated to handle DHCP.
o Some of the virtual LAN schemes, i.e., those that use the packet's IP number to decide which "virtual LAN" a client-computer is on for the purposes of TCP/IP, don't work when using DHCP to dynamically assign addresses. DHCP servers and relay agents use their knowledge of what LAN the client-station is on to select the subnet number for the client-station's new IP address whereas such switches use the subnet number sent by the client-station to decide which (virtual) LAN to put the station on.
o Routers are sometimes configured so that one LAN on one port has multiple network (or subnet) numbers. When the router is relaying requests from such a LAN to the DHCP server, it must pass along as IP number that is associated with one of the network (or subnet) numbers. The only way the DHCP server can allocate addresses on one of the LAN's other network (or subnet) numbers is if the DHCP server is specifically written to have a feature to handle such cases, and it has a configuration describing the situation.
o The knowledge that a particular IP number is associated with a particular node is often used for various functions. Examples are: for security purposes, for network management, and even for identifying resources. Furthermore, if the DNS's names are going to identify IP numbers, the numbers, the IP numbers have to be stable. Dynamic configuration of the IP numbers undercuts such methods. For this reason, some sites try to keep the continued use of dynamically allocatable IP numbers to a minimum.
o With two or more servers serving a LAN, clients that are moved around (e.g. mobile clients) can end up with redundant leases. Consider a home site with two DHCP servers, a remote site with DHCP services, and a mobile client. The client first connects to the home site and receives an address from one of the two serves. He/she then travels to the remote site (without releasing the lease at the home site) and attempts to use the acquired address. It is of course NAK'ed and the client receives an address appropriate for the remote site. The client then returns home and tries to use the address from the remote site. It is NAK'ed but now the client broadcasts a DHCPDISCOVER to get a address. The server that holds the previous lease will offer the address back to the client but there is no guarantee that the client will accept that address; consequently, it is possible for the client to acquire an address on the other server and therefore have two leases within the site. The problem can be solved by using only one server per subnet/site and can be mitigated by short lease lengths. But in a very mobile environment, it is possible for these transient clients to consume more than their fair share of addresses.
o If departments, offices, or individuals run DHCP servers with their own small address pools on LANs shared by other departments, offices, or individuals, they can find that their addresses are being used by anyone on the LAN that happens to set their IP configuration to use DHCP.
o An easy mistake to make in setting up a DHCP server is to fail to set all the necessary global parameters. This can result in some functions working while others are not, or functions working when the client is set up manually, but failing to work when set to use DHCP.
o Long leases can be disadvantageous in cases where you need to change a configuration parameter or withdraw an address from use. The length of the lease can mean the difference between having to go to every affected client and rebooting it, or merely waiting a certain amount of time for the leases to be renewed. (Note: one workaround is to fool with the client computer's clock).
Network address translation
In computer networking, network address translation (NAT) is the process of modifying network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another.
Most often today, NAT is used in conjunction with network masquerading (or IP masquerading) which is a technique that hides an entire address space, usually consisting of private network addresses (RFC 1918), behind a single IP address in another, often public address space. This mechanism is implemented in a routing device that uses stateful translation tables to map the "hidden" addresses into a single address and then rewrites the outgoing Internet Protocol (IP) packets on exit so that they appear to originate from the router. In the reverse communications path, responses are mapped back to the originating IP address using the rules ("state") stored in the translation tables. The translation table rules established in this fashion are flushed after a short period without new traffic refreshing their state.
As described, the method only allows transit traffic through the router when it is originating in the masqueraded network, since this establishes the translation tables. However, most NAT devices today allow the network administrator to configure translation tables entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the 'outside' network to reach designated hosts in the masqueraded network.
Because of the popularity of this technique, see below, the term NAT has become virtually synonymous with the method of IP masquerading.
Network address translation has serious consequences (see below, Drawbacks & Benefits) on the quality of Internet connectivity and requires careful attention to the details of its implementation. As a result, many methods have been devised to alleviate the issues encountered. See article on NAT traversal.
Remote Access Service
Remote Access Services (RAS) refers to any combination of hardware and software to enable the remote access to tools or information that typically reside on a network of IT devices.
Originally coined by Microsoft when referring to their built-in NT remote access tools, RAS was a service provided by Windows NT which allows most of the services which would be available on a network to be accessed over a modem link. The service includes support for dialup and logon, and then presents the same network interface as the normal network drivers (albeit slightly slower). It is not necessary to run Windows NT on the client - there are client versions for other Windows operating systems.
A feature built into Windows NT that enables users to log into an NT-based LAN using a modem, X.25 connection or WAN link. RAS works with several major network protocols, including TCP/IP, IPX, and NBF.
To use RAS from a remote node, you need a RAS client program, which is built into most versions of Windows, or any PPP client software. For example, most remote control programs work with RAS.
Over the years, many vendors have provided both hardware and software solutions to gain remote access to various types of networked information. In fact, most modern routers include a basic RAS capability that can be enabled for any dial-up interface.
Remote Installation Services
On Windows 2003, two services are required to provide Remote Installation Services: DHCP and Remote Installation Service. The Remote Installation Server doubles as a proxy DHCP server to provide Boot Server and Filename instructions to clients. Remote Installation Service utilizes UDP port 4011[2] to provide clients the contents of each page the OS Chooser displays. Additionally, this service can provide drivers to clients; it is often used to provide the workstation's network card driver, which is required to launch the OS Chooser and mount the share where images are stored.

SQA (Software Quality Assurance)

These questions are used for software tester or SQA (Software Quality Assurance) positions. Refer to The Real World of Software Testing for more information in the field.


1. The top management was feeling that when there are any changes in the technology being used, development schedules etc, it was a waste of time to update the Test Plan. Instead, they were emphasizing that you should put your time into testing than working on the test plan. Your Project Manager asked for your opinion. You have argued that Test Plan is very important and you need to update your test plan from time to time. Its not a waste of time and testing activities would be more effective when you have your plan clear. Use some metrics. How you would support your argument to have the test plan consistently updated all the time.
2. The QAI is starting a project to put the CSTE certification online. They will use an automated process for recording candidate information, scheduling candidates for exams, keeping track of results and sending out certificates. Write a brief test plan for this new project.
3. The project had a very high cost of testing. After going in detail, someone found out that the testers are spending their time on software that doesnt have too many defects. How will you make sure that this is correct?
4. What are the disadvantages of overtesting?
5. What happens to the test plan if the application has a functionality not mentioned in the requirements?
6. You are given two scenarios to test. Scenario 1 has only one terminal for entry and processing whereas scenario 2 has several terminals where the data input can be made. Assuming that the processing work is the same, what would be the specific tests that you would perform in Scenario 2, which you would not carry on Scenario 1?
7. Your customer does not have experience in writing Acceptance Test Plan. How will you do that in coordination with customer? What will be the contents of Acceptance Test Plan?
8. How do you know when to stop testing?
9. What can you do if the requirements are changing continuously?
10. What is the need for Test Planning?
11. What are the various status reports you will generate to Developers and Senior Management?
12. Define and explain any three aspects of code review?
13. Why do you need test planning?
14. Explain 5 risks in an e-commerce project. Identify the personnel that must be involved in the risk analysis of a project and describe their duties. How will you prioritize the risks?
15. What are the various status reports that you need generate for Developers and Senior Management?
16. You have been asked to design a Defect Tracking system. Think about the fields you would specify in the defect tracking system?
17. Write a sample Test Policy?
18. Explain the various types of testing after arranging them in a chronological order?
19. Explain what test tools you will need for client-server testing and why?
20. Explain what test tools you will need for Web app testing and why?
21. Explain pros and cons of testing done development team and testing by an independent team?
22. Differentiate Validation and Verification?
23. Explain Stress, Load and Performance testing?
24. Describe automated capture/playback tools and list their benefits?
25. How can software QA processes be implemented without stifling productivity?
26. How is testing affected by object-oriented designs?
27. What is extreme programming and what does it have to do with testing?
28. Write a test transaction for a scenario where 6.2% of tax deduction for the first $62,000 of income has to be done?
29. What would be the Test Objective for Unit Testing? What are the quality measurements to assure that unit testing is complete?
30. Prepare a checklist for the developers on Unit Testing before the application comes to testing department.
31. Draw a pictorial diagram of a report you would create for developers to determine project status.
32. Draw a pictorial diagram of a report you would create for users and management to determine project status.
33. What 3 tools would you purchase for your company for use in testing? Justify the need?
34. Put the following concepts, put them in order, and provide a brief description of each:
 system testing
 acceptance testing
 unit testing
 integration testing
 benefits realization testing
For more information & latest freshers&exp jobs go to www.sureshkumar.net
1. What are two primary goals of testing?
2. If your company is going to conduct a review meeting, who should be on the review committe and why?
3. Write any three attributes which will impact the Testing Process?
4. What activity is done in Acceptance Testing, which is not done in System testing?
5. You are a tester for testing a large system. The system data model is very large with many attributes and there are a lot of inter-dependencies within the fields. What steps would you use to test the system and also what are the effects of the steps you have taken on the test plan?
6. Explain and provide examples for the following black box techniques?
 Boundary Value testing
 Equivalence testing
 Error Guessing
7. What are the product standards for?
 Test Plan
 Test Script and Test Report
8. You are the test manager starting on system testing. The development team says that due to a change in the requirements, they will be able to deliver the system for SQA 5 days past the deadline. You cannot change the resources (work hours, days, or test tools). What steps will you take to be able to finish the testing in time?
9. Your company is about to roll out an e-commerce application. Its not possible to test the application on all types of browsers on all platforms and operating systems. What steps would you take in the testing environment to reduce the business risks and commercial risks?
10. In your organization, testers are delivering code for system testing without performing unit testing. Give an example of test policy:
 Policy statement
 Methodology
 Measurement
11. Testers in your organization are performing tests on the deliverables even after significant defects have been found. This has resulted in unnecessary testing of little value, because re-testing needs to be done after defects have been rectified. You are going to update the test plan with recommendations on when to halt testing. Wwhat recommendations are you going to make?
12. How do you measure:
 Test Effectiveness
 Test Efficiency
13. You found out the senior testers are making more mistakes then junior testers; you need to communicate this aspect to the senior tester. Also, you dont want to lose this tester. How should one go about constructive criticism?
14. You are assigned to be the test lead for a new program that will automate take-offs and landings at an airport. How would you write a test strategy for this new program?