Qualification ICA40599 CERTIFICATE IV in IT – TECHNICAL SUPPORT and ICA50199 DIPLOMA of IT - SYSTEM ADMINISTRATION
Cluster and Units Name: Computer networks (Troubleshooting)
ICAITS025B Run Standard Diagnostic Tests; ICAITS031B Provide advice to clients; ICAITS107B Rectify system faults on a live system; ICAITS109B Evaluate system status; ICAITS023B Provide one-to-one instruction; ICAITS022B Determine client computing problems and action
Cluster 5 Troubleshooting
Assignment 1
Due 21th Mar 2007
Update your technical glossary of terms (minimum 20) to your knowledge base. Use the class discussion overview for the cluster as your primary source of terms.
Cluster 5 Troubleshooting
Assignment 2
Due 17th July 2006
Prepare a short report (3pages with diagrams) on the functions of Help Desk in an organisation.
Cluster 5 Troubleshooting
Assignment 3
Due 19th July 2006
Prepare a short report on the following topics
GENERAL (2 pages)
1. Troubleshoot @ http://en.wikipedia.org/wiki/Troubleshoot
2. Root cause analysis @ http://en.wikipedia.org/wiki/Root_cause_analysis
3. Scientific method @ http://en.wikipedia.org/wiki/Scientific_method
4. Trial and error @ http://en.wikipedia.org/wiki/Trial_and_error
5. http://en.wikipedia.org/wiki/Debugging @ http://en.wikipedia.org/wiki/Debugging
HARDWARE (3pages)
Troubleshooting Your Computer @ http://www.pcmech.com/show/troubleshoot/758/
Beep Codes@ http://www.pcmech.com/show/troubleshoot/14/
Common Hard Drive Problems@ http://www.pcmech.com/show/troubleshoot/68/
NETWORK (3 pages)
REAL Common Network Troubleshooting @http://www.pcmech.com/show/troubleshoot/353/
Windows 2000 Command Prompt Troubleshooting Tools
http://www.pcmech.com/show/troubleshoot/192/
Troubleshooting TCP/IP - Detailed Steps @
http://www.practicallynetworked.com/sharing/troubleshoot/
VIRUS (1 page)
http://computer.howstuffworks.com/virus.htm
Qualification ICA40599 CERTIFICATE IV in IT – TECHNICAL SUPPORT and ICA50199 DIPLOMA of IT - SYSTEM ADMINISTRATION
Cluster and Units Name: Computer networks (Troubleshooting)
ICAITS025B Run Standard Diagnostic Tests; ICAITS031B Provide advice to clients; ICAITS107B Rectify system faults on a live system; ICAITS109B Evaluate system status; ICAITS023B Provide one-to-one instruction; ICAITS022B Determine client computing problems and action
Cluster 5 Troubleshooting
Assignment 4
Due 21th Mar 2007
Question1: Use the information from the following 3 panes; prepare a reference using the proper format.
Answer 1:
Question 2: Go to the QUE website, what is the latest edition of this manual?
Answer 2:
Question 3: For the following three panes. What is the meaning of “system”, “component”, “external peripherals”, and “devices”?
Use the manual to find out about the meaning of:
BIOS
Non fatal error
Error code
Bootable
Fatal error
Properly grounded power supply
Non fatal error
POST
diagnostics
DOS
Answer 3:
Question 4: Use the pane below, find out what is the meaning of:
Secured
Configuration
Driver
Switches
Jumpers
Add-on boards
Input voltage
SIMS
DIMS
Reseating
Operating system
Answer 6:
Question 5: Use the pane below, find out what are:
Crash
RAM
CMOS
RIMMS
Brownout
Random
Outage
Answer 5:
Question 6: Use the pane given below, what are:
Minimum hardware requirement
Scan
Latest antivirus software
Answer 6:
Question 7: Use the pane given below, what are:
Interrupt
DMA
I/O address
Improper board installation
Answer 7:
Qualification ICA40599 CERTIFICATE IV in IT – TECHNICAL SUPPORT and ICA50199 DIPLOMA of IT - SYSTEM ADMINISTRATION
Cluster and Units Name: Computer networks (Troubleshooting)
ICAITS025B Run Standard Diagnostic Tests; ICAITS031B Provide advice to clients; ICAITS107B Rectify system faults on a live system; ICAITS109B Evaluate system status; ICAITS023B Provide one-to-one instruction; ICAITS022B Determine client computing problems and action
Cluster 5 Troubleshooting
Assignment 5
Due 21th Mar 2007
Using the PC Upgrade and repairs e-book videos
Prepare a short description of the clips 1 to 10
For each clip, identity 3 technical terms and find out about there meaning.
Qualification ICA40599 CERTIFICATE IV in IT – TECHNICAL SUPPORT and ICA50199 DIPLOMA of IT - SYSTEM ADMINISTRATION
Cluster and Units Name: Computer networks (Troubleshooting)
ICAITS025B Run Standard Diagnostic Tests; ICAITS031B Provide advice to clients; ICAITS107B Rectify system faults on a live system; ICAITS109B Evaluate system status; ICAITS023B Provide one-to-one instruction; ICAITS022B Determine client computing problems and action
Cluster 5 Troubleshooting
Assignment 6
Due 21st Mar 2007
Using the notes in the Help Desk Folder on K drive
Prepare three Power Point files using the following documents:
The top user complaints about it support[1].doc
The 10 worst ways to communicate with end users[1].doc
10 extra questions to help you make the best help desk hire[1].doc
Qualification ICA40599 CERTIFICATE IV in IT – TECHNICAL SUPPORT and ICA50199 DIPLOMA of IT - SYSTEM ADMINISTRATION
Cluster and Units Name: Computer networks (Troubleshooting)
ICAITS025B Run Standard Diagnostic Tests; ICAITS031B Provide advice to clients; ICAITS107B Rectify system faults on a live system; ICAITS109B Evaluate system status; ICAITS023B Provide one-to-one instruction; ICAITS022B Determine client computing problems and action
Cluster 5 Troubleshooting
Assignment 7
Due 21st Mar 2007
Prepare two Power Point files on the topics “Negotiations” and “Change Management”
For your reference, use the following sites:
http://en.wikipedia.org/wiki/Negotiation
http://en.wikipedia.org/wiki/Change_management
Each file should be around 10 to 15 slides, together with notes.
Qualification ICA40599 CERTIFICATE IV in IT – TECHNICAL SUPPORT and ICA50199 DIPLOMA of IT - SYSTEM ADMINISTRATION
Cluster and Units Name: Computer networks (Troubleshooting)
ICAITS025B Run Standard Diagnostic Tests; ICAITS031B Provide advice to clients; ICAITS107B Rectify system faults on a live system; ICAITS109B Evaluate system status; ICAITS023B Provide one-to-one instruction; ICAITS022B Determine client computing problems and action
Cluster 5 Troubleshooting
Assignment 8
Due 21st Mar 2007
Prepare a Power Point file on the topic “Business Domain”
You need to build a business relation with your client before you can provide service to the client. As you are in IT and you are providing help desk and system administration services, you need to know the business.
Study the graph @ http://www.workplace.gov.au/NR/rdonlyres/B8A3D45B-193C-410D-B081-DC2D10525E31/0/B13MainEmployingIndustriesStGeorgeSutherlndESA.gif
Choose two categories from the list. From the categories, choose a subcategory.
For a case study on a “Business Domain”, prepare an information grid for your two choices.
\
In the information grid for you case study, compile the following information.
Category
Subcategory
(Experience)
You have worked in it
(Knowledge)
You have not worked in it, but have knowledge
(Need to develop knowledge)
You would like to work in it
The information lists you need to gather for the business domain case study are:
External Entities relating to your business domain such as:
· Clients (types)
· Suppliers (types)
· Financial Institutions (types)
· Transport (types)
· Government (3 levels, Departments and legislation)
· IT suppliers for hardware and software
· Others
Internal process and structure such as:
· Workflows
· Organisation
· Mission Statement
· Vision Statement
· Network type and configuration
Qualification ICA40599 CERTIFICATE IV in IT – TECHNICAL SUPPORT and ICA50199 DIPLOMA of IT - SYSTEM ADMINISTRATION
Cluster and Units Name: Computer networks (Troubleshooting)
ICAITS025B Run Standard Diagnostic Tests; ICAITS031B Provide advice to clients; ICAITS107B Rectify system faults on a live system; ICAITS109B Evaluate system status; ICAITS023B Provide one-to-one instruction; ICAITS022B Determine client computing problems and action
ROLE PLAYS
Cluster 5 Troubleshooting
Assignment 9
Due 21th Mar 2007
This assignment is done in pairs.
Scenario:
Prepare and act out a role play for Troubleshooting Windows XP
Step 1: Gather information on “error checking”, “de-fragmentation” or “backup”
(Refer to Figure 1)
Step 2: Develop a set of instructions to train a user. You need to use a series of screen dumps.
Step 3: Create a role play with the following structure:
Person A: Technician
Person B: Office Staff
Role-play scripts for Person A and B to ensure that Person B can use the Windows XP hard disk tools
The scripts need to have the following:
Dialogues for interaction between person A and B
Person A: Introduction
Person A: Instruction steps to arrive at the pop up menu depicted in Figure 1 and proceed with one of the three options
Person A: Demonstrates the steps
Person B: Follows the demonstrated steps
Person A: Observes Person B to correct for any problems
Person B: Corrects any problems
Person A: Close out (leave instructions such as “if you need any further help go to…or …ring …..Etc)
Figure 1: Windows XP Hard Disk Tools
Thursday, June 26, 2008
Tuesday, April 1, 2008
Minor Project (System Upgrade Plan)
Certificate IV in IT (ICA40599)
Diploma of Information Technology (Systems Administration) ICA50199
Minor Project (System Upgrade Plan)
ICAITU019C - Migrate to new technology
BSX154L405 – Apply skills in quality management
BSX154L403 – Apply skills in time management
ICAITPM129A - Apply skills in project integration
This is a take home test which must be completed within three days.
Please complete the answers to the following questions and return this paper to your assessor. Questions 1 to 12 is worth 1 mark each, Question 13 is worth 8 marks.
1. What is the best course of action plan for the Fragrance Shop to adopt to update their technology?
· Analyse Market Trends
· Cost analysis of updating technology vs improved system efficiency
· Cost analysis of updating technology vs implementing technology, staff training
· Cost analysis of updating technology vs future projections in technology
· Cost analysis of updating technology vs improved customer service
2. What current hardware and software products are available that would be suitable for The Fragrance Shop?
- Hardware: Update all PCs computers to min 512 RAM and possibly HD to 40GB and to Pentium IV
- Database: Update Database of products to sit on Oracle on Unix Box
- Web Development:
Ø Update eBusiness site to be created in Dreamweaver or similar application
Ø Update eBusiness site to be interactive with database and clients
3. Where would you source information for updating to new technology?
· Consulting Company: Engage a consulting company to analyse your IT Systems and provide advice
· Approach major vendors for advice on their products (Microsoft, Dell, IBM, Oracle)
· Review computer literature including magazines and on-line academic papers.
· Make comparisons with other companies who have recently migrated to new technology. Find out what their requirements were and the products they purchased. Discuss what the advantages and disadvantages of these products are for them.
4. What strategic direction is The Fragrance Shop taking in relation to future IT requirements?
· An organisation’s business strategy is its top level direction.
· Corporate planning comprises policy statements that define the corporate aims and objectives and strategies and plans which provide a means to achieve the corporate aims and objectives.
· The IS Strategy interprets the business strategy in IS related terms by identifying the requirements for resources and investment in IS and sets priorities and allocates responsibility.
· Strategy planning includes; scope study, strategy study, strategy definition, implementation planning and monitoring tuning
· In relation to The Fragrance Shop:
Ø IT upgrades and enhancements accepted and encouraged by Managing Director Judy Reynolds
Ø System needs to support high demand times such as Mothers Day, Fathers Day, Valentines Day, Christmas.
Ø A global presence in eBusiness may see increases in other countries and they will probably have specific days where business will intensify.
5. How does the IT Organisational plan fit in with the rest of the organisation at The Fragrance Shop?
· The eBusiness part of the business will increase presence of the company.
· The Fragrance Shop should not lose sight of its infrastructure and delivery systems to satisfy customers receiving their orders on time.
· In relation to IT within The Fragrance Shop:
Ø Upgrades in Systems need to support the 10% increase in sales from $3,590,000
Ø Infrastructure and timely delivery needs to match the international global presence
6. List some features and functions of the Operating System that may be suitable for the Fragrance Shop database.
- Capable to support client / server computing model where application processing load is distributed between client computer and a server computer to share processing loads.
- Support the number of users whether staff or clients for single job, multiprogramming or multiprocessing.
- Easy user Interface:
Ø to enable easy management of system
Ø to control languages for multiprogramming systems
- Service routines Interface:
Ø provides access to I/O facilities
Ø provides communication interfaces
- Prevents user from interfering with runtime environment
- Adequate application services and identity management.
- Delivers the security, manageability and performance to increase service levels and decrease costs and risks
- Types of OS appropriate for The Fragrance Shop: multi threading, multi user others are:
Ø multi-user : Allows two or more users to run programs at the same time. Some operating systems permit hundreds or even thousands of concurrent users.
Ø multiprocessing : Supports running a program on more than one CPU.
Ø multitasking : Allows more than one program to run concurrently.
Ø multithreading : Allows different parts of a single program to run concurrently.
Ø real time: Responds to input instantly. General-purpose operating systems, such as DOS and UNIX, are not real-time
7. How does the development of the IT Business Solution for The Fragrance Shope relate to the Business Planning Process?
· Now IT integral part of Business Planning
· The Fragrance Shop wishes to increase sales by 10% and must have adequate computer systems to support this increase in transactional processing and tracking systems for efficient delivery.
· Adequate systems for electronic buying and selling of products.
8. What do you recognise as important factors of The Fragrance Shop’s Business Domain?
· Interpersonal and team communication and ownership
· Market/business understanding by IT developers
· Customer focus
· Clear specifications including dependencies
· Architecture is understandable by all
· Solve at least the current problem
· Validation of requirements during each step of the process
· identifying organisation specific issues
· monitoring and adjusting procedures
9. How would you implement quality management in the project life cycle of the new technology introduced at The Fragrance Shop?
· Documentation standards to be introduced from planning to implementation to final stage.
· Planning overview: defining vision and scope based on business need;
· Planning address development testing techniques and communication methods
· Developing: documenting each stage continues and testing occurs. Once testing completed pilot programs implemented and reviewed.
· Deployment: testing the solution is stable and useable. Responsibility shifts to operations and support staff.
10. How to ensure that employees are able to take responsibility to ensure quality management process is implemented?
· Ensure that the employee is an expert in the field.
· Employees must take responsibility for the implementation of quality management within their job specification.
· Ensure all job specifications are clearly understood by everyone in the IT team.
· Ensure standard processes and procedures are clearly understood by everyone in the IT Team.
· Ensure automatic processes are implemented where possible to improve project efficiency and throughput time such as electronic forms, email, and multi access to project management documentation.
· Ensure systems are implemented so employees can perform their best. This includes, that they know their duties, obligations and rights and have opportunities to make their views known to management on issues that affect them
11 Why is it important to ensure employees are able to take responsibility to ensure that time management to be implemented into the IT Project and followed?
· Time management is a subset of Project Management.
· Employees must take responsibility for the implementation of time management within their job specification.
· Employees must complement their area of responsibility within the allocated time frame.
· BUT Flexibility in time must also be allocated for unforeseen circumstances to ensure quality management is continued.
· If time management is not followed, it may impact on a number of other factors in the organisation.
12. How, when and why do Project Managers implement schedule identification, monitoring and reporting processes?
· Introduced at the beginning of the planning process of the project and continues until the end of the project.
· Frequently accessed to ensure that each phased is started and completed on time.
· Used to calculate the time spent specific issues of the project.
· After the project complete the documentation. Evaluate the success of the project and document for future reference for similar projects.
· Allow any external resources to be referenced or ordered at the appropriate time.
13. For assessing your Project Integration knowledge, describe the following:
a) Information gathering techniques that you used for the Fragrance Shop project
· Walkthrough, sampling, Internet research, Interview, Internal database reports
b) The nine functions of Project Management
· Scope, hr, communication, risk, time, cost, quality, procurement, integration
c) The project process, the project life cycle and the relationship between project phases
· Phases: concept, development, implementation, close out
· Life cycle is collection of phases which connect sequentually
d) The components have you identified for the business planning process relevant to the development of IT business solutions
· Definition of components of business planning processes – (the features of the business that has to be considered when engaging in business planning ie. Technology infrastructure, Organisation structure, its market, its suppliers, business domain, legislative framework)
· Definition of process: series of actions directed toward a particular result
· Need to consider the following: employment policy, assessment strategy; cross functional processes;
· Business Plan needs to consider policies, goals, objectives, strategies, tactics require for decision-making.
e) Concepts for planning, control procedures, resource management and risk management
· Planning:
· Control procedures
· Resource mgt:
· Risk mgt: why, what how who when how much, user involvement, executive support, planning, ownership, market risk, financial risk, technology risk
f) Three methods, techniques or tools available to project managers
· Methods: Management
· Technical processes: CASE (Computer Aided software Engineering) - design, software, documentation
· Tools: Low end tools: provide basic management features, Mid-range tools: designed to handle larger projects, multiple users, multiple projects; high-end tools: enterprise project management software. Provide robust capabilities to handle very large projects, dispersed workgroups, enterprise functions that summarise and combine individual project info
· Vendor products eg. MS Project, MS Visio
· Techniques can include CPA, PERT, Gannt Chart
g) Internal and external environment factors that may affect the project
· External: political, economic, social, technology, customers, suppliers, competitors
· Internal: ORGANISATIONAL ecology model – view organisation. As result of external controls, managerial innovation, attitude, IT Knowledge, business size, structure, culture
h) Scope Creep
· Tendency for project scope to keep getting bigger and bigger
i) Pareto Analysis
· Identifying the vital few contributors that account for most quality problems in a system.
· Pareto Diagrams: Histograms that help identify and prioritise problem areas
j) Milestones
· Significant event on a project with zero duration
· May use SMART criteria to define them ie specific, measurable, assignable, realistic, time-framed
k) Work Breakdown Structure (WBS)
· Definition: A basic unit of work used to plan out the plan for project management purposes
· Use for outcome oriented document that defines total scope of project
· Use for foundation document in project management providing the basis for planning and managing project schedules, costs, changes
· Decompose the project into pieces small enough that you can reliably estimate each piece
l) Performance Evaluation and Review Technique (PERT)
· PERT analysis is one means for evaluating schedule risk on projects
· Used to estimate project duration with the individual activity duration estimates (earliest, most likely and latest).
m) Gantt Chart
· Display project schedule information
· Provide a standard format for displaying project schedule info by listing project activities, start, finish dates
n)
· An approach for risk management where the decision is based on convergence of opinions from a panel of expert to minimise risk
· The responses are evaluated, where there is divergence, the process is re-iterated with feedback to identify the problem.
o) Project Charter
· Key document to initialise the project signed off between project manager and project owner
· Provides direction on project’s objectives and management; scope, schedule, resource requirements and cost
p) Estimation of task time
· Example - Use of historical as-completed product, its size and resource usage database (bottom up approach); industry standard metrics.
· Use for task tracking
· Can include load factor for improve estimation based on environmental variables
PRACTICAL :
Tuesday, February 26, 2008
Computer networks (administration) 1
Theory Assessment
Computer networks (administration) 1
Questions & Answers
ICAITU127B Support system software
ICAITS032B Provide network system administration
ICAITS112B Optimize system performance
ICAITS115B Maintain equipment and software in working order
Time Allowed: 3 hours for Theory Paper
1 Week for Assignments
Pass Mark: 25
(Assessor’s Copy)
Table 1 Marks allocation
| Theory Questions and Assignment Topics | Options | Marks |
| Question 1 | Compulsory | 2 |
| Question 2 | Compulsory | 1 |
| Question 3 | Compulsory | 3 |
| Question 4 | Compulsory | 2 |
| Question 5 | Compulsory | 12 |
| Questions 6,7,8 | Select 1 | 10 |
| Assignment Topics 1, 2, 3 | Select 2 | 20 |
| Total Marks | | 50 |
Table 2 Assessment Grid
| UNIT | Theory/Project | Practicum |
| ICAITU127B (All elements) | X | X |
| ICAITS032B (All elements) | X | X |
| ICAITS112B (All elements) | X | X |
| ICAITS115B (All elements) | X | X |
| Marks | 50 | 50 |
| Grade : < style=""> 50 - 72 competent, 73 – 82 competent with credit, 83+ competent with distinction | ||
ICAITU127B Support system software
ICAITS032B Provide network system administration
ICAITS112B Optimize system performance
ICAITS115B Maintain equipment and software in working order
Content
Question 1: What are the tasks that the network administrator is required to perform?
Question 2: What are the maintenance options available to the system administrator?
Question 4: Briefly describe the features an organisations need to have in a Disaster Recovery Plan
Question 5: Discuss the following system administration terms
Question 6: Discuss the concept and significance of backup and recovery
ASSESSOR NOTES: ADDITIONAL FEATURES AROUND WHICH QUESTIONS CAN BE STRUCTURED
Question 1: What are the tasks that the network administrator is required to perform?
answer
Coverage includes the following
Generally, a network administrator needs to include the following areas of responsibilities in the job description:
a. In relation to the management of network software, the administrator is responsible for:
- Maintaining the network system’s software
- Creating and management of system files
- Manage the system usage
- Monitor system security
- Carry out system back-up and restore functions
b. For the management of the network, the administrator is responsible for:
- Management of staff access and security
- Input into and dissemination of disaster recovery plan
c. For quality assurance, the system administrator is responsible for:
- Monitoring of the network performance
- To be proactive in the identification of areas of poor performance for corrective action
- To proactive in the investigation of better methods to improve performance
- Fine tune system for optimal performance
d. For systems maintenance, the administrator is responsible to provide the following service to the organization:
- Equipment maintenance requirements
- Diagnosis of system faults and manage the repair of the fault
- Documentation of the maintenance of equipment and formation of proposals to management for the maintenance plan of the system.
e. Additionally (reference: http://en.wikipedia.org/wiki/System_administrator), the system administrator is responsible for:
- Applying operating system updates, and configuration changes
- Installing and configuring new hardware/software
- Answering technical queries
- Responsibility for documenting the configuration of the system
- Troubleshooting any reported problems
In larger organizations, some of the tasks listed above may be divided between different system administrators. For example, there may be a dedicated individual or group responsible for testing and applying system upgrades.
In smaller organizations, the system administrator can also perform any number of duties elsewhere associated with other fields:
- Technical support
- Database administrator (DBA)
- Network administrator/analyst/specialist
- Application analyst
- Programmer
System administrators also tend not to be system architects/system engineers/system designers, although these duties are sometimes given to them, too.
In smaller organizations, IT/computing specialties are less often set out in detail, and the term "system administrator" is used in a rather generic way — they are the people who know how the computer systems work and can respond when something fails.
Question 2: What are the maintenance options available to the system administrator?
answer
Coverage includes the following:
On-site response
Remote diagnostics
Web based diagnostics
Return to depot
24x7 hours support
On-line real-time support
Business hours only support
Telephone support
Second level support
Question 3: Briefly discuss the general features you need to include in a Password Policy for your organisation.
answer
Coverage includes the following:
1. Overview In this section, a briefing on the significance of the concept of a password policy in relation to computer security
2. Purpose defines the objectives of the policy. i.e., to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change
3. Scope describes the range of coverage of the document, i.e. all individuals who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides in the organization, has access to the organization’s network, or stores any non-public organization information.
4. Policy The following sub-sections are included:
4.1 Standard User Accounts
Once this policy becomes effective, all users will have a mandatory one time password change.
All user-level passwords (e.g., email, web, desktop computer, etc.) will be audited by ITS with password cracking software every six months. The accounts that fail the password audit will be required to change their password at that time. ITS recommends that passwords be changed every six months.
Passwords must not be inserted into email messages or other forms of electronic communication.
All user-level and system-level passwords must conform to the guidelines described below.
4.2 Admin Level Accounts
All Administrator-level passwords (e.g., Help Desk, root, enable, MS Windows admin, application administration accounts, etc.) must be changed on at least a quarterly basis.
All production system-level passwords must be part of the ITS administered Active Directory Database (with the exception of legacy systems).
User accounts that have system-level privileges granted through group memberships must have a unique password from all other accounts held by that user.
4.3 Guidelines
General Password Construction Guidelines
Passwords are used for various purposes: user level accounts, web accounts, email accounts and screen saver protection logins.
Since it is easy to guess or crack certain types of passwords, everyone should be aware of how to select strong passwords.
Poor, weak passwords have the following characteristics:
The password contains less than eight characters
The password is a word found in a dictionary (English or foreign)
The password is a common usage word such as:
Names of family, pets, friends, co-workers, fantasy characters, etc.
Computer terms and names, commands, sites, companies, hardware, software.
The words "….. [organization name or Alias]
Birthdays and other personal information such as addresses and phone numbers.
Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
Any of the above spelled backwards.
Any of the above preceded or followed by a digit (e.g., secret1, 1secret)
Strong passwords have the following characteristics:
Contain both upper and lower case characters (e.g., a-z, A-Z)
Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
Are at least eight alphanumeric characters long.
Are not a word in any language, slang, dialect, jargon, etc.
Are not based on personal information, names of family, etc.
Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.
Password Protection Standards
Do not use the same password for the organization accounts as for other non-organization access (e.g., personal ISP account, option trading, benefits and e-banking). Where possible, don't use the same password for various organization access needs. For example, select one password for the network logon and a separate password for Internet access.
Do not share the organization passwords with anyone, including administrative assistants or secretaries. All passwords are to be treated as sensitive, confidential information.
Here is a list of "do nots":
Don't reveal a password over the phone to ANYONE
Don't reveal a password in an email message
Don't reveal a password to a friend
Don't talk about a password in front of others
Don't hint at the format of a password (e.g., "my family name")
Don't reveal a password on questionnaires or security forms
Don't share a password with family members
For employees, don't reveal a password to co-workers while on vacation
If someone demands a password, refer them to this document or have them call the Information Technology Systems Administrator.
Avoid using the "Remember Password" feature of applications (e.g., Eudora, OutLook, Netscape Messenger), where possible.
Again, do not write passwords down and store them anywhere in your office. Do not store passwords in a file on ANY computer system (including Palm Pilots or similar devices) without encryption.
Change passwords on a regular basis (except system-level passwords which must be changed quarterly). The recommended change interval is every six months.
If an account or password is suspected to have been compromised, report the incident to the Help Desk and change all passwords.
5. Enforcement
Staff violations of this policy will be referred to supervisors or the General Manager of the organisation.
6. Definitions
| Terms | Definitions |
| Active Directory | Central user account database |
| Account: | Any account that is for the administration of an application |
| Application Administration | (e.g., Oracle database administrator, Web administrator) |
7. Revision History
e.g., Draft Version 0.6 March 29, 2004
e.g. Version 1.0 April 7, 2004
7.1 Wet Signature of Custodian and Owner of the Policy Document and Date.
Question 4: Briefly describe the features an organisation needs to have in a Disaster Recovery Plan
answer
Coverage includes the following:
1. Provide a brief overview of the organization in terms of employees, organizational structure, buildings occupied and core business
2. A description of what the plan is aiming to achieve, what it contains and scope
3. The major business processes and associated hardware, software and data, criticality rating for processes and data
4. A description of the relevant risks to hardware, software and data
5. An analysis of risks which includes a description of the probability of the risk and the impact on the business
6. A listing of which risks are acceptable and a listing of which risks should be mitigated. An explanation of why the risks which have a high impact but low likelihood of occurring have a low priority for mitigation
7. A description of the strategies and procedures for disaster prevention
8. A description of the strategies and procedures for disaster response
9. A description of the strategies and procedures for disaster recovery
10. A description of the criteria and procedures for declaring a disaster and the staff involved
11. A statement of how often the plan needs to be updated and by whom
12. A statement of how often the plan will be tested, how the plan will be tested and who will be responsible for testing.
Question 5: Discuss the following system administration terms
answer
Coverage includes the following:
5.1 Logical page sizes
The logical page size is a server-wide setting. The databases needs to have standard sized logical pages within the same server.
The server can create master devices and databases with logical page sizes of 2K, 4K, 8K, or 16K. A given server installation can have only one of these four logical page sizes. All databases in a server and all objects in every database, use the same logical page size.
5.2 Using "test" servers
It is best to install and use a "test" and/or "development" Server, and then remove it before you create the "production" server. Using a test server makes it easier to plan and test different configurations and less stressful to recover from mistakes. It is much easier to learn how to install and administer new features when there is no risk of having to restart a production server or re-create a production database.
For test servers, it is recommended to approach it from the point of installing or upgrading the Server through the process of configuring the server. It is in these steps that you make some of the most important decisions about your final production system.
5.3 Benefit of test server
1. Understanding new procedures and features
Using a test server allows you to practice basic administration procedures before performing them in a production environment. Many procedures may take several attempts to complete a task successfully. So the benefit is from practising techniques that are introduced by new features in a server.
2. Planning resources
Working with a test server helps in planning the final resource requirements for the system and helps in the discovery of resource deficiencies that might not have been anticipated.
Disk resources can have a dramatic effect on the final design of the production system. For example, there may be a requirement that a particular database needs nonstop recovery in the event of a media failure. This would necessitate configuring one or more additional database devices to mirror the critical database. Discovering resource requirements by using a test server allows changes to the physical layout of databases and tables without affecting database users.
A test server can be use to benchmark both the production server and your applications using different hardware configurations. This enables the determination of the optimal setup for physical resources at both the production server level and the operating system level before bringing the entire system online for general use.
3. Achieving performance goals
Most performance objectives can be met by planning a database's design and configuration. For example, the insert and I/O performance of a particular table may turn out to be a bottleneck. In this case, the best course of action may be to re-create the table on a dedicated segment and partition the table. Changes of this nature are disruptive to a production system; even changing a configuration parameter may require the restart of the production server.
5.4 Steps in installing network software
1. Check product compatibility –
Always read the release bulletin included with the products to understand any compatibility issues that might affect your system. Compatibility problems can occur between hardware and software and between different release levels of the same software. Reading the release bulletin in advance can save the time and guesswork of troubleshooting known compatibility problems.
2. Install or upgrade Server -
Read through the installation documentation for the platform (network operating system) before beginning a new installation or upgrade. It is necessary to plan parts of the installation and configure the operating system before installing the server software.
Requirements include the configuration of memory, raw devices and asynchronous I/O. Many of these tasks must be completed before beginning the installation.
For upgrading, back up all data (including the master database, user databases, triggers, and system procedures) offline before beginning. After upgrading, immediately create a separate, full backup of the data, especially if there are incompatibilities between older dump files and the newer versions.
5.5 Install additional third-party software
1. Network protocols
Check if the network supports additional protocols, it maybe necessary to install the required protocol support.
2. Directory services
A directory service can be used to obtain a server's address and other network information. Directory services are provided by platform or third-party vendors and may be sourced independently and installed separately from the installation of server (network operating system).
5.6 Configure and test client connections
A successful client connection depends on the coordination of server, the client software, and network products. If using one of the network protocols installed with the server,
read the configuration documentation for the platform for information about testing network connections. If using a different network protocol, follow the instructions included with the network product. The "ping" utilities included with Network Operating Systems NOS can be used to test client connections with the server.
5.7 Allocating physical resources
This is the process of giving the server, the memory, disk space, worker processes, and CPU power required to achieve your performance and recovery goals.
When installing a new server, every System Administrator must make decisions about resource utilization.
Making these decisions is necessary when reallocating server’s resources if upgrading the platform by adding new memory, disk controllers, or CPUs, or if the design of the database system changes.
Additionally, conducting benchmarking tests on server plus the applications installed regularly can help spot deficiencies in hardware resources that create performance bottlenecks. Therefore, reallocation of resources may be necessary following these tests.
The first step in planning server resources is to understand the resources required by other applications running on the same machine.
On a shared system, other applications, such as client programs or print servers, run on the same machine as the server. It can be difficult to calculate the resources available to the server on a shared system, because the types of programs and their pattern of use may change over time.
In either case, the System Administrator is responsible to take into account the resources used by operating systems, client programs and windowing systems when configuring resources for the server.
Configure the server to use only the resources that are available to it. Otherwise, the server may perform poorly or fail to start.
5.8 Resource planning
It is necessary to understand and plan resource usage in advance.
In the case of disk resources, for example, after you initialize and allocate a device to the server, that device cannot be used for any other purpose (even if the server never fills the device with data). Likewise, the server automatically reserves the memory for which it is configured, and this memory cannot be used by any other application.
The following can help in planning resource usage:
· For recovery purposes, it is always best to place a database's transaction log on a separate physical device from its data.
· Consider mirroring devices that store mission-critical data. Using disk arrays and disk mirroring for server data if these features are available.
· If working with a test server, it is sometimes easier to initialize database devices as operating system files, rather than raw devices, for convenience. The server supports either raw partitions or certified file systems for its devices.
· Bear in mind that changing configuration options can affect the way the server consumes physical resources.
5.9 Operating system configuration
This task follows resource planning. This is the configuration of the physical resources at the operating system level:
· If using raw partitions, initialize the raw devices to the sizes required by the server. If the raw device is initialized for the server, that device cannot be used for any other purpose (for example, to store operating system files).
· Configure the number of network connections. Ensure that the machine on which the server runs can actually support the number of connections configured. This should be in the operating system documentation.
· Often, additional configuration requirements for the operating system and the applications used are needed. It is necessary to consult the technical installation documentation for the platform and applications
5.10 Monitor the log size
The reason why the log size should be monitored is that when the transaction log becomes nearly full, it may be impossible to use standard procedures to dump transactions and reclaim space. The System Administrator needs to monitor the log size and perform regular transaction log dumps in addition to regular database dumps to ensure this situation never occurs. The preferred method is to set up a threshold stored procedure that notifies you (or dumps the log) when the log reaches a certain capacity. It is also a good strategy to dump the transaction log just prior to doing a full database dump in order to shorten the time required to dump and load the database.
Question 6: Discuss the concept and significance of backup and recovery
Question 7: As a system administrator, you need to undertake the function of ongoing maintenance and troubleshooting. Discuss some of the features of this function.
Answer
Coverage includes the following:
For maintenance, the System Administrator performs the following activities throughout the life of a server.
7.1 Starting and stopping Server
Most System Administrators automate the procedure for the start-up of the server machine. This can be accomplished by editing operating system start-up scripts or through other operating system procedures.
7.2 Viewing and pruning the error log
Examine the contents of the error log on a regular basis to determine if any serious errors have occurred. Use operating system scripts to scan the error log for particular messages and to notify the System Administrator when specific errors occur. Checking the error log regularly helps you determine whether there are continuing problems of the same nature or whether a particular database device is going bad. The error log file can grow large over time, as the server appends informational and status messages to it each time it starts up. It is necessary to periodically "prune" the log file by opening the file and deleting old records. Keeping the log file to a manageable size saves disk space and makes it easier to locate current errors.
7.3 Keeping records
Accurate records of changes and problems encountered can be a valuable reference when it is necessary to recover databases and obtain vendor support. More importantly, they can provide vital information for administrators who manage the server system in the absence of the system administrator.
The types of records kept are:
1. A list of primary and secondary contacts: the System Administrator; the System Security Officer; operator, and database owners of the system. This information is available to all server users so that the appropriate contacts receive enhancement requests and problem reports.
2. Script files: part of the job includes creating databases, creating database objects, and configuring the server using script files that you later store in a safe place. Storing the script files makes it possible to re-create your entire system in the event of a disaster. It also enables re-creation of database systems quickly on new hardware platforms for evaluation purposes. If a third-party tool is used to perform system administration, it is necessary to generate equivalent scripts after performing administration tasks.
3. Commands used to create databases and database objects (DDL scripts)
4. Commands that add new server logins and database users
5. The current server configuration file
6. The names, locations, and sizes of all files and raw devices initialized as database devices
7. Dated log: a dated log of all changes to the server configuration; mark each change with a brief description of when and why the change was made, as well a summary of the end result.
8. System information: Record information about the hardware and operating system on which you run the server. This includes:
· Copies of operating system configuration files or start-up files
· Copies of network configuration files (the hosts and services files)
· Names and permissions for the server executable files and database devices
· Names and locations of the tape devices used for backups
· Copies of operating system scripts or programs for automated backups, starting Server, or performing other administration activities.
7.4 Maintenance schedules
Keep a calendar of regularly scheduled maintenance activities. This calendar lists the procedures performed on site and includes:
1. checking database for consistency
2. backing up user and system databases
3. monitoring the space left in transaction logs (if this is not done automatically)
4. dumping the transaction log
5. examining the error log contents for the server and backup server
6. Running the update statistics command for Performance and Tuning
7. Examining auditing information, if the auditing option is installed
8. Recompiling stored procedures
9. Monitoring the resource utilization of the server machine
Question 8a: In some organisations, the system administrator takes on the responsibility of technical support, discuss this association.
Question 8b: the organisation’s Help Desk is sometimes managed by the System Administrator. Discuss the features of the Help Desk.
Assignment Topic 1: Perhaps the most difficult task as a system administrator is that you need to conduct troubleshooting and problem solving (1) discuss these two terms. (2) In your problem solving training, you would have noticed that problems can present themselves from just about anywhere. Give some examples from your training in problem solving, as you need to understand techniques, the problems need not come from just the system you are operating. Sometimes in the future, one of these situations could appear in another business domain or environment.
answer
Coverage includes the following:
Reference: http://en.wikipedia.org/wiki/Troubleshoot
a. Troubleshooting is a form of problem solving. It is the systematic search for the source of a problem so that it can be solved. Troubleshooting is used in many fields such as system administration and electronics. Normally a process of elimination is used to isolate possible causes of problems.
Usually troubleshooting is applied to something that has suddenly stopped working, so the first focus, or concentration of attention, should be on what has changed. However, care must be used to not jump to false conclusions of causality - correlation does not always mean cause.
A basic principle in troubleshooting is to start from the simplest and most probable possible problems first. This principle results in the common complaint about help desks or manuals, that they sometimes first ask: "Is it plugged in?", but this should not be taken as an affront, rather it should serve as a reminder or conditioning to always check the simple things first before calling for help.
Further steps in troubleshooting are to check each component in a system one by one, and to substitute known good components for any suspect ones. A cognitive walkthrough is also a good thing to try. Comprehensive documentation produced by proficient technical writers is very helpful, especially if it provides a theory of operation for the subject device or system.
b. Problem solving
Reference: John Malouff (2001), Fifty Problem Solving Strategies Explained,
According to Malouff, problem solving can be improved by being organised and structured in approach. The techniques checklisted below help in finding solutions more effectively.
b.1 Understand the problem
| Clarify the problem |
b.2 Simplify the task
| Simplify the problem |
b.3 Determine the cause of the problem
| Collect information about what happens before, during, and after the problem |
b.4 Use of external aids to help you identify possible solutions
| Ask someone, especially an expert |
b.5 Use of logic to help you identify possible solutions
| Reason by analogy in using what you have learned about similar problems |
b.6 Using a possible solution as a starting point to help you solve a problem
| Guess, check, and adjust |
b.7 Determine which possible solution is best
| Estimate the likely costs and benefits of possible solutions |
b.8 Function optimally while problem solving
| Think of options without immediately evaluating them |
b.9 Solve multiple problems
| Adopt a problem solving orientation |
Below are examples the application of problem solving techniques: (Students can give four or five examples from the list below)
1. Clarify the problem.
It is easier to solve a specific problem than a vague one. So clarify the problem before you start looking for a solution. If your problem is that your spouse tells you that you are not supportive enough, find out what he or she means by supportive. If your problem is that your mother can’t get the new VCR to work, determine what doesn’t happen that she wants to happen. If your problem is a math homework question, read carefully the question (usually at the end): Is the answer supposed to be in metres or centimetres, rounded or not, square or not and so on.
2. Identify key elements of the problem.
Problems come to us with varying amounts of important and useless information. Focusing on useless information distracts us and wastes time. So identify the key elements of the problem before you start looking for a solution. If the problem is that of a couple who come to you for counselling because they argue continually, ask them what they argue about, when, and where. If the problem is that your bike squeaks when you ride it, determine what part squeaks.
3. Visualize the problem or relevant process or situation.
Sometimes we can see the problem and all its important details right in front of us. This helps us understand the problem. Other times we can’t see important elements because they have already occurred or are not visible. In these cases, it is valuable to visualize important elements of the problem. So, if you want to predict the future of the universe, visualize the big bang and the ensuing events. If you want to open a lock without a key, visualize the lock mechanism. If you want to determine how a murder was committed, visualize events that would explain the physical evidence.
3. Draw a picture or diagram of the problem or a relevant process or situation.
Visualizing a problem can aid understanding. However, we can keep only some much visual information in our minds at once. Hence, it is often useful to draw a picture or diagram. So, if you want to calculate when two airplanes will collide, draw their paths and speeds. If you plan to assault a house where a terrorist holds hostages, draw a picture of the room, doors, windows, or hostages, If you want to speed up delivery of goods to retailers, draw a diagram showing the steps in the process.
4. Create a model of the problem or a relevant process
Creating a model of a problem or relevant process helps us focus on essential elements and gives us the potential to alter the model and see what happens. For instance, if you want to minimize harm to individuals in auto accidents, create a computer model of the structures and forces involved. If you want to build a Mars rover, build a model. If you want to reduce international strife, create a model of causes.
5. Imagine being the problem, a key process, or the solution
Imagination can help us understand a problem by visualizing it. More understanding can occur in some cases if we go farther and imagine being the problem, a key process, or the solution. So, if you want to understand space and time, you can imagine, as Einstein did, riding a light beam. If you want to help a person who is very paranoid, you can imagine being that person and seeing the world as he does. If you want to get a hit in a big cricket game, you can imagine going up to bat, seeing the ball clearly, and swinging crisply while you step into the pitch, etc.
6. Simulate or act out a key element of the problem
Understanding complex or vague problems can be difficult. Simulating or acting out some key element of the problem can be productive. For instance, if you are calculating probabilities of some event happening, you can simulate the situation and observe outcomes yourself. If you want to help someone become more socially successful, you can act as that person does and observe the consequences. If you want to determine why a spacecraft exploded, simulate its flight, and try ways of recreating the explosion.
7. Consider a specific example.
Problems often come to us in the abstract. Creating a concrete example helps us explore the problem just as we might explore a specific example of dinosaur bones to understand dinosaurs. So, if you want to determine what makes a person psychotic, consider real people who have become psychotic. If you want to learn how to calculate the volume of a sphere, use a specific radius, such as one metre, and apply the formula. If you want to determine why frogs are dying right and left in your community, examine dead frogs.
8. Consider extreme cases.
Considering extreme cases is a type of considering a specific example. Here the example is chosen to test the limits of a relevant parameter. Sometimes this gives insight into important processes. So, if you want to determine whether level of intelligence affects retention on a police force, consider officers with the highest and lowest intelligence on the force. If you want to determine what happens to black holes in the long run, consider black holes that continue for infinitely long or black holes that suck up everything in the universe .If you want to determine how temperature affects the flow of electricity, consider a temperature of absolute 0.
9. Change perspective.
If you want to reduce crime in a community, look at crime from the perspective of criminals and victims. If you want to convince a hostage taker to surrender, take that person’s perspective. If you want to avoid being bitten by a vicious dog, take the dog’s perspective.
10. Consider levels and systems
If you want to prevent skin cancer, consider events that trigger the cancer at the level of the external environment, the intercellular level, and the intracellular level. If you want to reduce school violence, consider systems such as communities, families, and individuals. If you want to predict the weather, consider local conditions and approaching fronts.
11. Simplify the problem
Some problems overwhelm us with their complexity. In such cases, it may pay off to simplify the problem. So, if you want to solve an equation (a squared – 2a + 1) = 0, simplify it to (a – 1) squared = 0.If you want to determine how far you can drive on the fuel remaining in your tank, you can estimate the amount of fuel and divide by the estimated kilometres per litre. To simplify the task, round the amounts. If you want to protect your country from terrorist attack, identify the countries most likely to aid the terrorists and defend against the potential methods of those countries.
12. Solve one part at a time.
It is sometimes possible to make a problem easier to solve by attacking one part at a time. For instance, if you want to reduce international conflict in the
13. Redefine the problem.
If a problem seems presently unsolvable, consider what value underlies the desire to solve that problem, and redefine the problem into something solvable. For example, if a farmer cannot solve the problem of how to grow a specific crop on his land, he might analyse why he finds growing this crop is desirable. If he decides that the reason is that the crop generally has a high profit margin, he might review what other crops have a high profit margin or even consider profitable uses of his land that do not involve farming. He thereby has redefined the problem from raising a certain crop on his land to making a high profit with his land.
14. Collect information about what happens before, during, and after the problem.
Problems are often triggered by something observable and reinforced by something that happens afterward. So if Carrie often has temper tantrums, observe her and the situation carefully to collect information about what happens before, during, and after the tantrum. You may find that pressing her to do difficult schoolwork usually happens before and allowing her to avoid the schoolwork happens after. If Jake often has digestive problems, you might find that nothing special happens before, during, or after. No specific foods seem to trigger the problem, so diet restriction is unlikely to help. If you want to help heart surgery patients avoid depression after their surgery, observe them before, during, and after surgery.
15. Organize information into a table, chart, or list and look for patterns
Information collected about a problem often becomes easier to search for patterns when put into a table, chart, or list. The patterns may reveal causes of the problem. So, if you want to predict the next time a man will beat his wife, organize information about his prior instances of wife beating and look for a pattern, such as beating being delivered after he suffered an affront and drank heavily. If you want to determine how to prevent auto accidents, put information about causes of past accidents into a table and look for patterns in the aggregated data, such as a high proportion of the accidents being caused by young males who have been drinking and were driving faster than the speed limit. If you want to predict when a stock will rise, chart its price fluctuations over time and events in the past.
16. Try to make the problem worse
One way to determine whether you know what causes a problem is to try to make the problem worse. This may be worth doing when the supposed solution is so difficult, inconvenient, expensive, or dangerous as to justify caution in trying it. So, if you suspect that eating strawberries is causing your nose to turn red, wait until your nose is its usual colour and eat a few strawberries. If you think that mentally retarded children has tantrums because of changes in his routine, change the routine substantially on a few occasions and observe his behaviour.
17. Compare situations with and without the problem
Comparing situations with and without the problem can sometimes shine light on a difference that causes the problem. So, if you want to eliminate bacterial infections that kill women giving birth, compare the care given women who become infected with those don’t. You might see, as a 19th Century researcher did, that the women who are “helped” by physicians who don’t wash their hands between patients. Women become ill and the women who are helped by midwives who do wash their hands do not become ill. If you want to know what causes AIDS, compare people who do and don’t have HIV and observe the people for several years. If you want to know what causes violent crime, compare the intelligence of individuals who have and have not been convicted of violent crimes.
18. Consider multiple causes and interactions
Sometimes two or more variables or influences cause a problem to occur. For instance, level of drunkenness depends on many factors, including the amount of alcohol consumed and the body weight of the person. A harmful level of carbon monoxide gas may flow into a house only if the wind is blowing hard in a certain direction, the heat exhaust pipe is less than a metre above the roof, and the heat is on high. If we do not look for all the causes of a problem, we may never find them. So if you want to determine what causes autism, wood rot in a house, or the cause of someone’s death, consider multiple causes and interactions.
19. Consider non-linear effects
Variables sometimes cause problems in a linear way, e.g., the more lead a child eats, the greater the harm. However, some variables have curvilinear effects. For instance, some arousal aids human performance, while a great deal of arousal impairs performance. So, if you want to determine what causes a problem, consider non-linear effects.
19. Ask someone, especially an expert
If we look hard enough we can usually find someone who knows more about how to solve a particular problem than we do. The fastest way to solve the problem may be to ask that person. So if you don’t know how to fix a leaking faucet, or help your child act more outgoing, or improve your job interviewing success, ask an expert.
20. Seek the answer in written material
Written materials exist that show how to solve many problems. New devices often come with instruction manuals. Libraries and bookstores are loaded with “How To” books. The Internet offers answers to many problems – if we ask the right question and use judgment about which web sites are credible. So if you want to learn how to improve the appearance of your nose, you could look up “cosmetic” or “nose” surgery in an Internet search engine and in a medical encyclopaedia in the library.
21. Use a tool or technology
Some problems require the right tool, which could be a hammer, a computer, or a metal detector. So whenever you have a problem to solve, consider whether some type of technology might help you.
22. Apply a theory
Good theories can point us in the right direction to find a solution to a problem. For instance, Albert Bandura’s social learning theory suggests that if we want to teach a child to act altruistically, we would set an altruistic model in our behaviour, talk about our altruistic goals, and reward the child (perhaps with praise) when she acts altruistically. Other theories in fields as different as economics and physics provide possible solutions to various types of problems.
23. Apply the scientific method
The scientific method has helped to produce many of the great accomplishments of recent human history, such as doubling the average human lifespan, putting a human on the moon, and discovering planets orbiting other stars. The method involves systematically collecting data to test a hypothesis, applying certain types of research design and analysis methods to the data, and being sceptical about the results.
24. Use mathematics
Mathematics is essential to solving some problems, such as how to put an exploring robot on Mars, how to determine whether one treatment is generally more effective than another for pancreatic cancer, and how to defend an area from enemy missiles. There are many types of mathematics, but even the simplest can be helpful in problem solving. For example, if you want to make yourself happier, you might start by counting the number of days in the next 14 that you feel happy. Then you have a baseline to use as a comparison after you make some behavioural or situational changes in pursuit of more happiness. If you wanted to determine whether a new treatment for diabetes is better than the usual treatment, you might use a t test to compare the blood sugar levels are of the group of people using the new treatment with a group of people using the usual treatment.
25. Use a formula
Sometimes, a formula can help solve a problem. The formula could be a recipe, a set of chemicals, pressures, and heat levels, or an established method of doing something else. So, if you want to develop a permanent way of marking the right lens for contact lens wearers, start with the formulas for permanent pens and markers. If you want to create better toothpaste, start with a typical formula and try altering its components.
26. Reason by analogy, using what you have learned about similar problems
Going through life we solve many problems. Often the problem solving methods we used and the actual solutions we found effective in the past can work to solve a current problem. So, if you have solved before a problem with a neighbour’s dog barking all night, the same solution may work with another neighbour who plays loud music all night. In fact, the same solution might be something to try with anyone who is chronically annoying.
27. Use deductive reasoning
Deductive reasoning involves going from a general rule to an application in a specific instance. So, if we assume that people commit murder only if they have a motive, then we look for murder suspects among people who had a motive. If we start with a premise that people do what they think is in their best interest, we try to provide employees incentives to work productively. If we believe causes must occur prior to effects, we can conclude that a huge grass fire did not cause the high level of asthma attacks that started two days before the fire.
28. Use inductive reasoning
Inductive reasoning involves drawing on specific instances to form a general rule. So, if you want to know whether your child will leave your yard if left outside alone, one thing you could do would be to set up that situation and covertly observe the child on several occasions. If you want to find out whether eating chocolate causes you acne, eat chocolate every day for two weeks, then not at all for two weeks, then every day again for two weeks, then not at all for two week, and record the state of your skin every day. If you want to know whether a genetically altered microbe will reproduce in field settings, put a specific number of the microbes in field settings and later count the number.
29. Question assumptions
Our thinking contains many assumptions or beliefs that have never been well tested, such as that our religion or ethnic group is the best one. If you want to reduce inter-group conflict, questioning these assumptions might help. If you want to stop children from starting to use illegal drugs, question the assumption that educating them about the effects of the drugs will discourage use. If you want to develop close relations with your supervisor, you may benefit from questioning your assumption that all supervisors are power hungry and self-centred.
30. Guess, check, and adjust
It may work to guess at a solution, especially if the range of possible solutions is limited as in a multiple-choice test. You can check to see whether your guess is right, and then eliminate the option if it is not. As Sherlock Holmes said, once you have eliminated all the possibilities except one, that one must be the solution. Sometimes guessing can help us even when the range of possible answers is unlimited. For instance, in solving for x in x + y = 12 and 2x – y = 3, if there are no answers from which to choose, and you don’t know how to solve simultaneous equations, you can guess at what x is, and if you miss, you can use how much you miss by to make a better second guess, and so on, adjusting your guessing as you go. That, in essence, is how software for structural equation modelling proceeds to a solution.
31. Work backwards
In solving a printed maze, looking at the goal area and working backward sometimes offers the fastest solution. That may occur because the maze maker did not expect you to use this strategy. Also, if you want to recreate the events involved in a crime, you could start with a possible perpetrator and the available evidence, work backward in time, and see what makes sense.
32. Estimate the likely costs and benefits of possible solutions.
Use deductive and inductive reasoning and the scientific method to estimate the costs and benefits of each possible solution. For instance, if you have a wart on your hand, one option is to buy a commercial product that slowly disintegrates the wart. The costs include the financial cost of buying the product, the time spent in applying it daily, the cost of bandages to cover the area, the inconvenience of wearing bandages, the possible embarrassment of being asked why your are wearing a bandage, and the possibility of a life-long scar. On the benefit side the wart is very likely to be eliminated.
33. Choose one or more options to implement.
Solving a problem usually involves doing something. So, use deductive and inductive reasoning and the scientific method to choose one or more options to implement. This usually involves weighing the costs and benefits of each option according to your values. For instance, if you want to eliminate a wart, you might choose to do nothing and bet on the significant chance the wart will go away on its own and leave no scar. You might choose this approach because you have strong feelings against creating a life-long scar, such as those caused by more active approaches.
34. Implement the best solution and collect information about the effects
Use deductive and inductive reasoning and the scientific method to determine the effects of the chosen option. So, if you want to eliminate a wart, you might wait a year and see whether it goes away on its own. If it doesn’t, you could choose a more active option.
35. Think of options without immediately evaluating them
It is often wise to consider a range of solution options when engaged in problem solving. Several options may solve a problem, but one may solve the problem more completely or cheaply. Individuals may squelch their own good ideas or the good ideas of others by immediately evaluating the ideas. Hence, it may help to brainstorm possible solutions, i.e., record them without first evaluating them. Even a very bad idea might point in a useful direction if it is not pushed aside too quickly.
36. Set a goal with a purpose you value
Setting a goal with an outcome we value tends to help us achieve more. So, if you have an assignment of math problems to complete, you might set a personal goal of completing all of them correctly for the purpose of earning an “A” on the assignment and in the course so that you can improve your chances of gaining admission to medical school, so you can spend your life helping ill children. If you have a problem of getting your research approved by an ethics board, set a goal of gaining approval so that you can do the research and help others with your findings.
37. Avoid distraction
Distractions slow the problem solving process. Distractions can include environmental events such as phone calls and machinery noise. Distractions can also include repeated intrusive thoughts (“This is a terrible situation!”) and. One way to avoid external distractions is to go somewhere peaceful where no one can find you. Another way is to disconnect the phone and put up a “Do not disturb, please” sign. One way to reduce intrusive thoughts is to tell yourself that you will think about these emotion-laden matters at a specific later time, but for now you are going to yell “STOP!” every time the thought intrudes. Another way to reducing intrusive thoughts is to write them down or to tell someone close to you about them.
New settings sometimes prompt new types of thinking that can be useful in solving hard problems. For instance, go sit and think in the quiet park across from your headquarters, in a forest cabin, or in a different library.
39. Adjust time limit to optimum.
Some problems are easy to solve but tedious. It may facilitate efficiency to set an artificially brief time frame for completion, e.g., “I’m going to finish these math problems in 30 minutes”. For difficult problems, increasing the time frame for solution may help by reducing distraction-provoking anxiety. So if you are asked to solve a difficult problem, ask for an amount of time that will be sufficient to eliminate time pressure but still not so long as to induce inefficiency.
All else being equal, several people working on a difficult problem tend to produce a better solution than one person. Some efficiency may be lost, so working with someone may best be reserved for very difficult problems. So, if you want to clone a bonobo, work with someone. If you want to end your dependency on tobacco, work with someone.
41. Create a positive mood with an optimum arousal level
People work better when they have a positive mood and a moderate arousal level. To create a positive mood, you could engage in some activity you greatly enjoy, such as listening to music or reading a book, or you could think back about huge triumphs and outstanding moments in your life. To avoid excessive arousal, you could use a relaxation method such as deep breathing, tensing and relaxing muscle groups, and telling yourself to stay calm.
42. Think of the problem as a challenge or opportunity.
No one wants to have “problems”. So we often think of problem solving as an unfortunate, unpleasant task. Such a negative view of the problem solving may impair our performance at the task. In order to keep a positive mood and keep working on a problem, it is helpful to think of the problem as a challenge or opportunity. So, if the barking of your neighbour’s dog is driving you batty, look at the situation as an opportunity to practice your assertion skills. If your PC won’t come on, look at the situation as an opportunity to challenge yourself, as you might with an anagram. If your investments go sour, think of the situation as a challenge: Do you still have what it takes to make yourself rich through earnings or investment?
43. Think confidently
Confidence helps us persist in problem solving, and confidence comes most powerfully from problem solving success. So, think about past problem solving successes or solve another problem to boost your confidence about solving a specific problem. Useful thoughts include “I have solved more difficult (or similar) problems,” “I know how to approach this problem,” and “I can solve this problem if I try hard enough.”
People can get fixed on a certain way of thinking about a problem or a specific class of possible solutions. It sometimes helps to take a break and think about matters unrelated to the problem in order to open the mind to new ideas. Some people benefit from sleeping on a problem.
45. Persist
Persistence in problem solving often pays off. It took many years to build the
46. Adopt a problem solving orientation
People who look for problems to solve have a decided advantage over others. These individuals can often identify problems when the problems are small enough to be easily solved and when enough time is available to allow the use of good problem solving strategies. For instance, it is far easier to lose a few kilograms of weight than to lose 50 kilos. Individuals who wait for problems to become unbearable or unavoidable before dealing with them may experience unnecessary stress when circumstances force them to tackle a problem. Naturally, looking for problems to solve will tend to lead to more problems solved. A math student who does all the problems in a textbook rather than just the half assigned is an example of that principle. So is an executive who looks for problems that keep her workers from being productive.
47. Apply triage
Often there are multiple problems a person could try to solve at any one time. Emergency room physicians have developed the custom of triage, which is assessing the urgency of the health problem of each of the current patients. In problem solving, it is wise to consider during triage which problem has (1) the most important outcome, (2) the greatest chance for solution, and (3) the nearest deadline. So, if you lose your 3-year-old child in an outdoor crowd and your 8-year-old child has a headache, you focus on the lost child because the risk of harm is greater with that child. If you have two problems to solve, and one, such as developing a method of time travel, seems currently unsolvable, work on the other problem first. If you have two important problem-solving assignments, with one due tomorrow and one due in a week, focus first on completing the one due tomorrow. Sometimes the problem with the most important outcome is different from the problem with the best chance of solution or the nearest deadline. Then you have to apply your own judgment in weighing the triage considerations.
48. Solve one problem at a time
When faced with multiple problems, individuals may panic or lose hope and then quit trying. When facing more than one problem, to the extent possible, focus on solving one at a time. So if you are overweight and smoke, choose one of these problems to work on at a time. If you dislike your job and your roommate, choose one to work on. If you want to improve your writing and speaking skills, choose one with which to start.
Assignment Topic 2: As a system administrator you need to be familiar with the types of threats. Discuss some of the common threats that the IT industry have come across
answer
Coverage includes the following:
http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/chapter4.html
Errors and Omissions
These errors are caused not only by data entry clerks processing hundreds of transactions per day, but also by all types of users who create and edit data.
A sound awareness and training program can help an organization reduce the number and severity of errors and omissions.
Users, data entry clerks, system operators, and programmers frequently make errors that contribute directly or indirectly to security problems. In some cases, the error is the threat, such as a data entry error or a programming error that crashes a system. In other cases, the errors create vulnerabilities. Errors can occur during all phases of the systems life cycle.
A long-term survey of computer-related economic losses conducted by Robert Courtney, a computer security consultant and former member of the Computer System Security and Privacy Advisory Board, found that 65 percent of losses to organizations were the result of errors and omissions.
Programming and development errors, often called "bugs," can range in severity from benign to catastrophic. In a 1989 study for the House Committee on Science, Space and Technology, entitled Bugs in the Program, the staff of the Subcommittee on Investigations and Oversight summarized the scope and severity of this problem in terms of government systems as follows:
These concerns are heightened as computers perform more critical tasks, where mistakes can cause financial turmoil, accidents, or in extreme cases, death.
Since the study's publication, the software industry has changed considerably, with measurable improvements in software quality. Yet software "horror stories" still abound, and the basic principles and problems analyzed in the report remain the same. While there have been great improvements in program quality, as reflected in decreasing errors per 1,000 lines of code, the concurrent growth in program size often seriously diminishes the beneficial effects of these program quality enhancements.
Installation and maintenance errors are another source of security problems.
Fraud and Theft
Computer systems can be exploited for both fraud and theft both by "automating" traditional methods of fraud and by using new methods. For example, individuals may use a computer to skim small amounts of money from a large number of financial accounts, assuming that small discrepancies may not be investigated. Financial systems are not the only ones at risk. Systems that control access to any resource are targets (e.g., time and attendance systems, inventory systems, school grading systems, and long-distance telephone systems).
In addition to the use of technology to commit fraud and theft, computer hardware and software may be vulnerable to theft.
Employee Sabotage
Employees are most familiar with their employer's computers and applications, including knowing what actions might cause the most damage, mischief, or sabotage. The downsizing of organizations in both the public and private sectors has created a group of individuals with organizational knowledge, who may retain potential system access (e.g., if system accounts are not deleted in a timely manner). The number of incidents of employee sabotage is believed to be much smaller than the instances of theft, but the cost of such incidents can be quite high.
The motivation for sabotage can range from altruism to revenge:
Common examples of computer-related employee sabotage include:
- destroying hardware or facilities,
- planting logic bombs that destroy programs or data,
- entering data incorrectly,
- "crashing" systems,
- deleting data,
- holding data hostage,
- changing data
As long as people feel cheated, bored, harassed, endangered, or betrayed at work, sabotage will be used as a direct method of achieving job satisfaction -- the kind that never has to get the bosses' approval.
Loss of Physical and Infrastructure Support
The loss of supporting infrastructure includes power failures (outages, spikes, and brownouts), loss of communications, water outages and leaks, sewer problems, lack of transportation services, fire, flood, civil unrest, and strikes. These losses include such dramatic events as the explosion at the New York World Trade Centre as well as more common events, such as broken water pipes. A loss of infrastructure often results in system downtime, sometimes in unexpected ways. For example, employees may not be able to get to work during a winter storm, although the computer system may be functional.
Malicious Hackers
The term “malicious hackers”, sometimes called “crackers”, refers to those who break into computers without authorization. They can include both outsiders and insiders. Much of the rise of hacker activity is often attributed to increases in connectivity in both government and industry.
The hacker threat should be considered in terms of past and potential future damage. Although current losses due to hacker attacks are significantly smaller than losses due to insider theft and sabotage, the hacker problem is widespread and serious. One example of malicious hacker activity is that directed against the public telephone system.
Studies by the National Research Council and the National Security Telecommunications Advisory Committee show that hacker activity is not limited to toll fraud. It also includes the ability to break into telecommunications systems (such as switches), resulting in the degradation or disruption of system availability. While unable to reach a conclusion about the degree of threat or risk, these studies underscore the ability of hackers to cause serious damage.
The hacker threat often receives more attention than more common and dangerous threats. The U.S. Department of Justice's Computer Crime Unit suggests three reasons for this.
- First, the hacker threat is a more recently encountered threat. Organizations have always had to worry about the actions of their own employees and could use disciplinary measures to reduce that threat. However, these measures are ineffective against outsiders who are not subject to the rules and regulations of the employer.
- Second, organizations do not know the purposes of a hacker -- some hackers browse, some steal, some damage. This inability to identify purposes can suggest that hacker attacks have no limitations.
- Third, hacker attacks make people feel vulnerable, particularly because their identity is unknown. For example, suppose a painter is hired to paint a house and, once inside, steals a piece of jewelry. Other homeowners in the neighborhood may not feel threatened by this crime and will protect themselves by not doing business with that painter. But if a burglar breaks into the same house and steals the same piece of jewelry, the entire neighborhood may feel victimized and vulnerable.
Industrial Espionage
Industrial espionage is the act of gathering proprietary data from private companies or the government for the purpose of aiding another company. Industrial espionage can be perpetrated either by companies seeking to improve their competitive advantage or by governments seeking to aid their domestic industries. Since information is processed and stored on computer systems, computer security can help protect against such threats; it can do little, however, to reduce the threat of authorized employees selling that information.
The three most damaging types of stolen information were pricing information, manufacturing process information, and product development and specification information. Other types of information stolen included customer lists, basic research, sales data, personnel data, compensation data, cost data, proposals, and strategic plans. Technology-related information is the main target, but also lists corporate proprietary information, such as negotiating positions and other contracting data, as a target
Malicious Code
Malicious code refers to viruses, worms, Trojan horses, logic bombs, and other "uninvited" software. Sometimes mistakenly associated only with personal computers, malicious code can attack other platforms.
Key Terms reference (NIST Special Publication 800-5)
Virus: A code segment that replicates by attaching copies of itself to existing executables. The new copy of the virus is executed when a user executes the new host program. The virus may include an additional "payload" that triggers when specific conditions are met. For example, some viruses display a text string on a particular date. There are many types of viruses, including variants, overwriting, resident, stealth, and polymorphic.
Trojan Horse: A program that performs a desired task, but that also includes unexpected (and undesirable) functions. Consider as an example an editing program for a multi-user system. This program could be modified to randomly delete one of the users' files each time they perform a useful function (editing), but the deletions are unexpected and definitely undesired!
Worm: A self-replicating program that is self-contained and does not require a host program. The program creates a copy of itself and causes it to execute; no user intervention is required. Worms commonly use network services to propagate to other host systems.
Foreign Government Espionage
Some unclassified information that may be of interest includes travel plans of senior officials, civil defense and emergency preparedness, manufacturing technologies, satellite data, personnel and payroll data, and law enforcement, investigative, and security files.
Threats to Personal Privacy
The threat to personal privacy arises from many sources. In several cases federal and state employees have sold personal information to private investigators or other "information brokers."
It is apparent that information technology is becoming powerful enough to warrant fears of both government and corporate "Big Brothers." Increased awareness of the problem is needed.
Assignment Topic 3: A server generates error messages when certain events develop. Give some examples of error messages from an operating system that you have investigated. How can they be used in response to rectify system problems?
ASSESSOR NOTES: ADDITIONAL FEATURES AROUND WHICH QUESTIONS CAN BE STRUCTURED
Using system software and system tools
Security and network guidelines/procedures
Approaches to back up and restoring computer data
Help desk and maintenance practices
System performance
Practical and concepts of diagnostic tools
Operating systems
Win 95/98/NT/2000
Sun Solaris/SunOS
HP-UX
AIX
Digital Unix
Silicon Graphics IRIX
DOS
DEC
VMS
Mac OSX
Linux
NetWare
Hardware
Workstations, PCs, IBM, Compaq, Hewlett Packard, Sun, Dell, Gateway 2000, SGI, Sun Microsystems
Bridges, 3Com, Compaq, CISCO, IBM
Modems, analog, cable, ISDN, DSL
servers, Acer, Apple, Compaq, Dell, Gateway 2000, Hewlett-Packard, IBM, Macintosh, NEC, SGI, Sun Microsystems, Unisys
Network cards, Adaptec, ARTIC, Compex, SMC
Switches, 3Com, Accton, Cabletron, CISCO, D-Link, Farallon, Hewlett-Packard, Intel, Network Technologies
hubs & repeaters, 3Com, Compaq, CISCO, Accton,
Routers & gateways, 3Com, CISCO, D-Link, Intel
File & print servers, AcerAltos, Aerocomm, AlphaServer, Dell, D-Link, Hewlett-Packard, IBM, NEC, Sun Microsystems
Software
Most likely to be packaged software but can be supplied from many varying vendors and can include full suites or individual components:
Intranet Connections
ColdFusion
Xpedio
Samba
ERoom
Collabra Share.
Groupware/email/office
Possible groupware applications and servers include:
Novell Groupwise
Lotus Notes, Domino
MS Exchange
Netscape SuiteSpot
Teamware Office
Email applications
Group calendars
Collaborative writing systems
Shared whiteboards
Decision support systems
Application/web servers; BEA Weblogic Servers, IBM VisualAge and WebSphere, Microsoft Host Integration Server, NetDynamics, Netscape Application Server
Email Servers
File & Print Servers
FTP Servers
Proxy Servers
Subscribe to:
Posts (Atom)
