ICTNWK403

Manage network and data integrity

Learner Guide
© Copyright, 2015 by North Coast TAFEnow

Date last saved: 28 September 2015 by Power, Rachael Version: 1 # of Pages = 60

Tristam Horn– Content writer

TAFEnow Resource Development Team – Instructional and

graphic design

Copyright of this material is reserved to the Crown in the right of the State of New South Wales.

Reproduction or transmittal in whole, or in part, other than in accordance with the provisions of the Copyright Act, is
prohibited without written authority of North Coast TAFEnow.

Disclaimer: In compiling the information contained within, and accessed through, this document ("Information")
DET has used its best endeavours to ensure that the Information is correct and current at the time of publication but
takes no responsibility for any error, omission or defect therein. To the extent permitted by law, DET and its
employees, agents and consultants exclude all liability for any loss or damage (including indirect, special or
consequential loss or damage) arising from the use of, or reliance on, the Information whether or not caused by any
negligent act or omission. If any law prohibits the exclusion of such liability, DET limits its liability to the extent
permitted by law, to the re-supply of the Information.

Third party sites/links disclaimer: This document may contain website contains links to third party sites. DET is not
responsible for the condition or the content of those sites as they are not under DET's control. The link(s) are
provided solely for your convenience and do not indicate, expressly or impliedly, any endorsement of the site(s) or
the products or services provided there. You access those sites and use their products and services solely at your
own risk.
Contents
Getting Started .................................................................................................................................. i

About this unit .................................................................................................................................................................... i

Elements and performance criteria............................................................................................................................. i

Icon Legends....................................................................................................................................................................... ii

Topic 1 - Ensure compliance with company network and security policies ................................. 1

Review company security policies.............................................................................................................................. 1

Audit and record security access ................................................................................................................................ 6

Ensure user accounts are controlled........................................................................................................................10

Ensure secure file and resource access ...................................................................................................................14

Topic 2 - Conduct audit on system assets ..................................................................................... 16

Use appropriate tools and techniques to conduct audit on system hardware and software assets
................................................................................................................................................................................................16

Develop a system to record assets ...........................................................................................................................20

Topic 3 - Implement an antivirus solution .................................................................................... 22

Research appropriate antivirus and anti-malware solutions..........................................................................22

Implement antivirus or anti-malware solution ....................................................................................................24

Test antivirus and anti-malware solution functionality ....................................................................................25

Topic 4 - Implement systems to protect assets from threats ....................................................... 27

Determine environmental threats to data ............................................................................................................27

Document systems to protect from environmental threat.............................................................................30

Implement system to protect data from environmental threat....................................................................31

Topic 5 - Develop a backup solution ............................................................................................. 33

Investigate current backup media options ...........................................................................................................36

Implement a backup solution ....................................................................................................................................37

Demonstrate functionality of backup solution....................................................................................................39

Demonstrate restore of data from backup media ..............................................................................................39

Implement a real time backup and data sync solution ....................................................................................40

Topic 6 - Monitor network performance ....................................................................................... 43

Determine available network performance monitoring tools ...................................................................... 44

Implement network performance monitoring tools to monitor network ................................................ 48

Produce report on network performance ............................................................................................................. 50

Getting Started
About this unit
This unit describes the skills and knowledge required to lead the development of asset
protection processes, determining threats and implementing controls to mitigate risk.

It applies to individuals working as middle managers including information security

managers, network engineers and network technicians who are responsible for implementing
and managing the organisational disaster recovery and asset protection policy and
procedures.

Elements and performance criteria

Elements define the essential outcomes of a unit of competency. The Performance Criteria
specify the level of performance required to demonstrate achievement of the Element. They
are also called Essential Outcomes.

Follow this link to find the essential outcomes needed to demonstrate competency in this
Unit: https://training.gov.au/Training/Details/ICTNWK403

i|P a g e
ICTNWK403_LG_V1
TAFEnow
Icon Legends
Learning Activities

Learning activities are the tasks and exercises that assist you in gaining a
clear understanding of the content in this workbook. It is important for you
to undertake these activities, as they will enhance your learning.

Activities can be used to prepare you for assessments. Refer to the

assessments before you commence so that you are aware which activities
will assist you in completing your assessments.

Case Studies

Case studies help you to develop advanced analytical and problem-solving

skills; they allow you to explore possible options and/or solutions to
complex issues and situations and to subsequently apply this knowledge
and these newly acquired skills to your workplace and life.

Readings (Required and suggested)

The required reading is referred to throughout this Learner Guide. You will
need the required text for readings and activities.

The suggested reading is quoted in the Learner Guide, however you do not
need a copy of this text to complete the learning. The suggested reading
provides supplementary information that may assist you in completing the
unit.

Reference

A reference will refer you to a piece of information that will assist you with
understanding the information in the Learner Guide or required text.
References may be in the required text, another textbook on the internet.

Self-check

A self-check is an activity that allows you to assess your own learning

progress. It is an opportunity to determine the levels of your learning and to
identify areas for improvement.

Work Flow

Shows a logical series of processes for completing tasks.

ii | P a g e
ICTNWK403_LG_V1
TAFEnow
 iii | P a g e
ICTNWK403_LG_V1
TAFEnow
Topic 1 - Ensure compliance with
company network and security
policies
This topic will provide you with an understanding of how to review company security policies,
audit and record security access, control user accounts and ensure secure file and resource
access.

Review company security policies

A security policy aims to protect all data used and created by the company.

Breaches in security may be physical or online and occur for a variety of reasons such as:

> competing businesses looking to steal sensitive corporate information

> extortion attempts against the company by threatening the release information
publically

1|P a g e
ICTNWK403_LG_V1
TAFEnow
> disgruntled employees or attacks from within either out of malice or financial gain

> unauthorised access or vandalism by “hackers” seeking access to the system

A good security policy addresses these issues by mandating a set of rules and procedures to
follow to prevent these attacks as well as how to manage them, should they occur.

Risk management should be a key aspect any security policy. What is the likelihood of a
particular event, and what are the costs/ramifications of this event occurring?

It would be foolish to spend thousands of dollars implementing an elaborate authentication

system to prevent unauthorised access for a small company that has very little in the way of
sensitive data.

On the other hand, the cost and overhead of implementing disk and network encryption
across a large company may be worthwhile if the company has a high volume of personal and
corporate information.

The security policy may identify areas of mandatory induction and training to ensure that all
users understand their responsibilities when accessing and using the network.

Things that should be covered in any security policy include:

Data security

Data security should be the key aim of any good security policy.

Specifically, this should include strategies to protect company data from unauthorised access,
destruction or alteration.

Software solutions to ensuring data security usually involve encryption of some kind, either on
disk or while being transmitted over the network. One drawback to disk encryption is while
attackers are unable to read the data they may still be able alter or destroy the data.

Hardware data security solutions aim to minimise unauthorised access to sensitive data by
requiring the use of a physical security token or dongle. This token would be used in
conjunction with a pin or passwords to ensure only authorised personnel are accessing the
system, it would also manage which areas of the system that particular user has access to and
what permissions they have.

2|P a g e
ICTNWK403_LG_V1
TAFEnow
Figure 1 – Example of a security token: Dallas key and sensor

Source: Wikimedia Commons

Another method of ensuring data security and integrity is the implementation of a reliable
backup strategy. This way if data is destroyed or altered you will still have access to the
original data.

The security of these backups should also be considered. Backups may be encrypted and
stored off site in a secure location or simply copies of data stored on an external hard drive.
Think about who has potential access to these backups and the ramifications if they were to
fall into the wrong hands.

Obsolete hardware can also pose a threat to data security, the decommissioning of out-dated
hardware should involve a process where all data is erased or destroyed and any passwords
removed from devices such as switches and routers before they are disposed of.

For hard drives this often involves overwriting existing data, degaussing (magnetically
erasing), or in high risk scenarios, shredding of the hard drive.

Physical security

Physical security relates to restricting access to parts of the company that have the potential
to expose their data. For example, someone with physical access to a server could connect
their own hard drive and copy data to or from the server, steal corporate data or upload
viruses and backdoors. They could even go so far as removing the hard drives or stealing the
entire server.

3|P a g e
ICTNWK403_LG_V1
TAFEnow
The security policy should outline who will have access to various parts of the system, access
to the building itself as well as the procedure for signing in visitors and guests. It should
include how keys and codes will be managed and what to do in the event they are lost or
stolen.

As well as direct access to computer hardware you should consider which parts of the network
are exposed such as switches and routers. A person with physical access to a switch could
easily reconfigure it and enable features which would allow them to monitor that particular
network segment, potentially capturing passwords sent across the network.

As mentioned earlier, physical access to backups should be controlled, possibly locking them
away in a secure location or storing them off site.

Remote access

It is common these days for people to want to access their work network from home or on the
road. This has the benefit of allowing them to work from anywhere at any time but also the
added risk of opening another channel for attackers to access the network.

Security policies should outline who will have remote access and the strategies in place to
ensure data is kept secure as well as how to deal with events such as a stolen laptop. The
company may decide that only a limited amount of data is made available remotely and that
highly sensitive material can only be accessed by physically attending the workplace.

For added security, remote access connections can be encrypted and logins enhanced
through the use of two-factor authentication. An example of this is where the user must
provide a pin provided by a RSA Dongle in addition to their regular username and password.

Figure 2 – RSA SecurID token (model SID700)

Source: Wikipedia

4|P a g e
ICTNWK403_LG_V1
TAFEnow
User logon

User logins are the “keys” to any system. Users should be aware of basic password security but
management may decide to enforce other policies such as password complexity
requirements, regular password changes and possibly even restricted hours of access.

Accounts should only be created by authorised users and terminated in a timely fashion when
an employee leaves the company. Often user accounts are disabled before the employee
informed of their termination in case they become upset and attempt to destroy or steal data.

As with remote access connections, logins may be enhanced with the use of two-factor
authentication if required.

User accounts should be restricted so that each user only has access to the areas of the
network that they require, that way if their account is compromised only a portion of the
system is at risk.

LEARNING ACTIVITIES ACTIVITY 1

Security policy

Read each excerpt from an example security policy (below) and decide which category it belongs
in; Data Security, Physical Security, Remote Access or User Logon.

a “Virus checking systems approved by the Information Security Officer and Information
Services must be deployed using a multi-layered approach (desktops, servers, gateways,
etc.) that ensures all electronic files are appropriately scanned for viruses. Users are not
authorized to turn off or disable virus checking systems.”

b “Mainframe computer systems must be installed in an access-controlled area. The area in

and around the computer facility must afford protection against fire, water damage, and
other environmental hazards such as power outages and extreme temperature situations.”

c “The user must log off or secure the system when leaving it.”

5|P a g e
ICTNWK403_LG_V1
TAFEnow
 REFERENCE REFERENCE 1

You can find a variety of Security Policy Templates at San Institute –

https://www.sans.org/security-resources/policies/

Should this link be unavailable please notify TAFENow and instead search the internet for “sample IT
security policy”

Audit and record security access

Auditing and recording security access involves tracking who is accessing the system and
what actions they are performing. This could include keeping a record of all login times and
dates, which files were accessed and what time the user logged off.

It is also possible to audit failed login attempts and file access which can be a sign that
someone is attempting to access areas of the system without permission.

Auditing User Logins

Enable Logon Event Auditing

Hold the Windows Key and press R (WIN+R) to open the Run dialog

Enter gpedit.msc then click OK.

In the left pane, expand the tree to

Local Computer Policy > Computer Configuration > Windows Settings > Security
Settings > Local Policies > Audit Policy

Double-click Audit Logon Events.

To audit successful logins, select the Success check box.

To audit unsuccessful logins, select the Failure check box.

To enable auditing of both, select both check boxes.

Click OK.

6|P a g e
ICTNWK403_LG_V1
TAFEnow
View the security log in Windows 7 using the following steps.

Click Start

Right-Click on Computer

Choose Manage

The Computer Management window will open

From the tree on the left choose,

System Tools > Event Viewer > Windows Logs > Security

To view only the events where a user has logged in or out of the computer follow these steps.

Click Filter Current Log… in the menu on the left

In the Event IDs box enter the following codes which indicate logon and logoff events.
4647, 4648

Click OK

You should now only see a list of logon/logoff events. Double click on one to view more detail
including the Account Name which logged in or out.

NOTE: You may see additional entries if you have used your credentials to connect to other
computers on your network.

Auditing File Access

Auditing file access in windows is a two-step process. First you must enable Object Access
Auditing, and then you must specify which files/folders to monitor.

Enable Object Access Auditing

Hold the Windows Key and press R (WIN+R) to open the Run dialog

Enter gpedit.msc then click OK.

In the left pane, expand the tree to

Local Computer Policy > Computer Configuration > Windows Settings > Security
Settings > Local Policies > Audit Policy

7|P a g e
ICTNWK403_LG_V1
TAFEnow
 Double-click Audit object access.

To audit successful access of specified files, folders and printers, select the Success check
box.

To audit unsuccessful access to these objects, select the Failure check box.

To enable auditing of both, select both check boxes.

Click OK.

Specify which folders to monitor

After you enable auditing, you can specify the files, folders, and printers that you want audited
to do this see below:

In Windows Explorer, locate the file or folder you want to audit.

Right-click the file, folder, or printer that you want to audit, and then click Properties.

Click the Security tab, and then click Advanced.

On the Auditing tab, click Edit and then click Add.

In the Enter the object name to select box, type the name of the user or group whose
access you want to audit. You can browse the computer for names by clicking Advanced,
and then clicking Find Now in the Select User or Group dialog box.
For this activity enter the name Everyone then click OK

Select the Successful or Failed check boxes for the actions you want to audit, and then
click OK.

Click OK repeatedly to save your changes and close each window.

8|P a g e
ICTNWK403_LG_V1
TAFEnow
View the Audit Log

You can now view your chosen object access records in the Security Log by following these
steps.

Click Start

Right-Click on Computer

Choose Manage

The Computer Management window will open

From the tree on the left choose,

System Tools > Event Viewer > Windows Logs > Security

Again you can filter the Security Log to locate specific events.

See http://support.microsoft.com/kb/977519 for a comprehensive list of event IDs.

LEARNING ACTIVITIES ACTIVITY 2

Security log

View and filter the security log of your computer to identify the last 3 users who logged into your
computer and at what time

REFERENCE REFERENCE 2

The following link provides more information on Windows Security Auditing.

http://technet.microsoft.com/en-us/library/dn319078.aspx

Should this link be unavailable please notify TAFENow and instead search the internet for “Windows
Security Auditing”

9|P a g e
ICTNWK403_LG_V1
TAFEnow
Ensure user accounts are controlled
The main reason for user accounts is to verify the identity of each individual using the system.
A secondary reason is to be able to assign access to files and resources on a per-user basis.

Controlling user accounts involves the secure creation and allocation of user accounts,
responding to lost or stolen passwords and timely removal of user accounts when employees
leave the company.

Creating User Accounts

User accounts should only be created by authorized personnel and permissions assigned as
required by adding the user to the appropriate security groups. In many organizations this will
not occur until a form is processed by the new employee’s supervisor.

Usernames should follow some kind of naming convention such as firstname.lastname. Your
exact naming convention will likely depend on the size and structure of your organization.

A small organisation may decide to use the person’s first name as their username while a large
company dealing with highly-classified data may choose not to have any identifying
information in their usernames at all. E.g. TJ12345.

Passwords should be known only to the user they belong to. This is achieved by forcing a user
to change their password the first time they log in. Users are responsible for maintaining the
secrecy of their password and ensuring it is not easily guessed or susceptible to brute-force
attacks. (Brute-force attacks are when a user account is forced to log in multiple times using a
dictionary or “wordlist” in the hopes that the user’s password is contained in the list.)

The steps below describe how to create a user in Windows 7.

Creating a user in Windows 7

Click the Start Button.

Right-click on Computer and select Manage.

The Computer Management window will open.

In the tree on the left browse to

Computer Management > Local Users and Groups > Users

10 | P a g e
ICTNWK403_LG_V1
TAFEnow
 From the menu bar choose
Action > New User…

Enter a username of Alex.

Enter the user’s Full Name and a Description.

Assign the user a Password of password123.

Make sure that User must change password at next logon is ticked.
This ensures that you as the Administrator no longer know the user’s password once it has
been changed.

Click Create then Close.

The new user account has been created and can be tested by logging off and logging
back on or with the switch user option on the start menu.

Next we will add the user to a security group called Accounting which will be used later in the
unit when we assign permissions to a folder.

The steps below describe how to create a security group and add users to that group in
Windows 7.

Creating a security group in Windows 7

Click the Start Button.

Right-click on Computer and select Manage.

The Computer Management window will open.

In the tree on the left browse to

Computer Management > Local Users and Groups > Groups

From the menu bar choose

Action > New Group…

Name the group Accounting then click Add to add users to the group.

In the object names box type the name of the user we created earlier, Alex then click
Check Names. If correct the name will change and become underlined.

11 | P a g e
ICTNWK403_LG_V1
TAFEnow
 Click OK.

Click Create then Close.

The Accounting group has been created and “Alex” has been added to the group.

Stolen passwords

Accounts that have been compromised should have their password changed immediately.
Large organizations may choose to disable the users account until they can verify how the
breach occurred (was the password written down somewhere or perhaps a Trojan was
installed on the user’s computer?). Security logs may need to be reviewed to determine the
extent of the damage and the user may require disciplinary action or retraining.

The steps below describe how to reset a user password in Windows 7.

Reset a user password in Windows 7

Click the Start Button.

Right-click on Computer and select Manage.

The Computer Management window will open.

In the tree on the left browse to

Computer Management > Local Users and Groups > Users

Right-Click on the user you wish to change the password of and select Set password…

A warning will appear letting you know that that user may lose information if they have
encrypted files, click Proceed.

Enter a new Password for the user and confirm then click OK.

The user’s password has been reset.

Employee Terminations

Employees may leave a company for a variety of reasons and it is important they are removed
from the system appropriately. Some may be leaving indefinitely others may return after a
period of time.

12 | P a g e
ICTNWK403_LG_V1
TAFEnow
In either case the user account should be disabled and their files backed up in case they are
needed.

If a termination is not under the best circumstances it’s important that a user’s access is
revoked before they decide to do harm to the system, however doing so too early may alert
them to what is going on and make the whole process more difficult for everyone involved.

The following instructions describe how to disable a user account in Windows 7.

Disabling user accounts in Windows 7

Click the Start Button.

Right-click on Computer and select Manage.

The Computer Management window will open.

In the tree on the left browse to

Computer Management > Local Users and Groups > Users

Double-Click on the user you wish to disable; this will open the Properties Window for
that user.

Tick the Account is disabled check box then click OK.

The user account has been disabled.

To delete a user account you can right-click the user and select Delete but don’t do this
just yet as we will be using the account later.

LEARNING ACTIVITIES ACTIVITY 3

Passwords

a Create a new user account with a password set to ‘password’.

b Specify that this user must change their password on next logon.
c Test the user by logging off and logging back on as the newly created user.

13 | P a g e
ICTNWK403_LG_V1
TAFEnow
Ensure secure file and resource access
In windows we can ensure secure file and resource access by assigning permissions to objects
such as files, folders and even printers.

These permissions allow us to specify which groups of users can access, modify or delete
various system objects.

The instructions below describe how to set permissions on a folder in Windows 7 so that only
members of the Accounting group can access it.

Assigning folder permissions

Create a folder on your c: drive called Accounting.

Right-click the folder and select Properties.

On the Security Tab click Advanced then Change Permissions.

Un-tick the Include inheritable permissions from this objects parent check box.
(By un-ticking this box we are specifying that we want this folder to have different
permissions to its parent folder.)

Click Remove to remove all existing permission entries.

Click Add and then enter the group name Accounting.

Click Check Names. The group name should change to underlined indicating it is correct.

Click OK.

Now we need to specify what permissions we want the accounting group to have.

Tick Full Control to check all the boxes

Un-tick Delete Subfolders and files.

Un-tick Delete

These settings will allow the Accounting group to do everything except delete files.

Click OK repeatedly to save your settings and close each window.

14 | P a g e
ICTNWK403_LG_V1
TAFEnow
 Test your settings by logging in using the Alex account we created earlier.

Browse to the Accounting folder.

You should be able to create files and folders but not delete them.

To delete the folder you will need to repeat these instructions but Tick the “Delete
Subfolders and files” and “Delete” checkboxes.

LEARNING ACTIVITIES ACTIVITY 4

Folder permissions

a Create a new group called Research.

b Create a new folder on your C Drive called Research Personnel Only and configure it so
that only members of the Research group have Full Control of it.

REFERENCE REFERENCE 3

The following link provides more information on Windows File and Folder Permissions.

http://msdn.microsoft.com/en-us/library/bb727008.aspx

Should this link be unavailable please notify TAFENow and instead search the internet for “Windows File
and Folder Permissions”

15 | P a g e
ICTNWK403_LG_V1
TAFEnow
Topic 2 - Conduct audit on system
assets
This topic will provide you with an understanding of the tools used to conduct an audit on
system hardware and software assets. You will also learn how to develop a system to record
assets and develop reports for management.

Use appropriate tools and techniques to conduct

audit on system hardware and software assets
There is a variety of software available to help you audit your hardware and software assets. In
this chapter we will explore some of the free options as well as tools which come shipped with
windows.

16 | P a g e
ICTNWK403_LG_V1
TAFEnow
MSINFO32

MSINFO32.EXE is a program included with all versions of Windows since 98. It is designed to
give users a comprehensive listing of hardware, software and resources being used by your
computer. You can search for keywords and MSINFO32 also offers the option of being able to
export information to a text file.

You can run MSINFO32 by following these steps.

Hold The Windows Key and press R to open the Run Window.

Type MSINFO32 then press ENTER.

Navigate the tree on the left to view the information available. For example you can view
which programs are set to start automatically when you turn on your computer by
browsing to Software Environment > Startup Programs.

Export the selected branch by choosing File > Export… from the menu bar.

DXdiag (DirectX Diagnostic Tool)

The DirectX Diagnostic Tool reports detailed information about the Direct X components and
drivers installed on your system. If you're having trouble getting game animation or a movie
to run properly, you should run DirectX Diagnostic Tool to try to find the source of the
problem. DXdiag can also be used as a quick way to identify system, sound, display and input
devices installed in your computer.

You can run DXdiag by following these steps.

Hold The Windows Key and press R to open the Run Window.

Type DXDIAG then press ENTER.

Use the tabs at the top of the window to navigate the various screens. If a problem is found is
will be displayed in the Notes section on each tab. You can export DXdiag information to a
text file by clicking the Save All Information button.

17 | P a g e
ICTNWK403_LG_V1
TAFEnow
Microsoft Software Inventory Analyzer (MSIA)

The Microsoft Software Inventory Analyzer (MSIA) is a free tool that can help you with your
software inventory by scanning local and network computers for installed Microsoft software
products. NOTE: This program will only detect Microsoft Products.

Follow these steps to run MSIA on your computer.

Download the MSIA Installer from http://www.microsoft.com/sam/en/ca/msia.aspx

Run the installer then open the program.

If this is your first time using MSIA it is recommended you scan using the Wizard.

Click Next.

Choose Local Machine to scan your local computer then click Next.

On the Product selection screen click the double arrows >> to search for all Microsoft
products then click Next.

Choose HTML for your report format and click Next.

On the Consolidate report screen leave all boxes Un-ticked click Next.

Click Scan to scan your computer.

Make sure View Reports Now is ticked and click Finish.

A Summary Report will open in a new browser window.

E-Z Audit

E-Z Audit provides a free evaluation of their auditing tool with the option of paying for
ongoing access to features. Unfortunately exporting is not enabled in the free version.

Download and install the evaluation program from http://www.ezaudit.net.

Run the program from the E-Z Audit folder in your start menu.

Click Try to try a free demo.

18 | P a g e
ICTNWK403_LG_V1
TAFEnow
 Follow the prompts on screen to run an audit. (NOTE: It may take a minute or two before
you can view your first audit.

When it is ready your first audit should appear under the Audits Heading on the Home
Screen. Click it to view.

The audit is quite comprehensive and should give you a lot of information such as Operating
System, available hardware and software, BIOS Information and much more.

LEARNING ACTIVITIES ACTIVITY 5

Software tools

Run one or more of the following and familiarise yourself with key features of these tools:

> Run MSINFO32 and export the entire tree to a text file called MSINFO32_Audit.txt

> Run DXdiag and Save All Information to a text file called DXdiag_Audit.txt

> Install and Run the Microsoft Software Inventory Analyzer (MSIA) and scan the local computer
for ALL Microsoft products. Save the report as a text file called MSIA_Audit.txt

> Install and Run E-Z Audit. Take a screenshot of the “PC Info” section of the report and save it as
EZ_Audit.jpg or paste it into a Word document.

19 | P a g e
ICTNWK403_LG_V1
TAFEnow
Develop a system to record assets
Company assets are made up of much more than just the IT infrastructure. Although
computing equipment should be included, other tangible assets may include things like office
equipment and company vehicles.

Intangible assets such as corporate logos and branding, employee records, software licencing
information and company data should also be recorded.

In this chapter we will focus on IT assets including hardware, software and company data.

Developing a system to keep track of these assets can be difficult, particularly in a workplace
where things change often such as computers being moved from one office to another.

Some system administrators may use specialized software such as SpiceWorks

(www.spiceworks.com) to record assets but often a simple spreadsheet or database is enough,
especially for a small business.

Hardware Assets

At minimum, hardware assets should be recorded with their manufacturer, make, model and
serial number however it’s likely that you’ll want to record additional information such as:

> date purchased/End of warranty

> location (or in the case of mobile devices, the person it’s allocated to)

> additional information such as IP address and possibly even passwords (for devices such
as switches). Be aware of the security issues involved if you decide to do this.

Software Licences

Software licences should be recorded with the software name, version, licence expiry date and
serial number. Again you will likely want to record additional information such as:

> A description

> The developer and contact information

> Software category

> Date of purchase/price

> Who the licence has been allocated to

> Quantity available/in use (in the case of bulk licences)

20 | P a g e
ICTNWK403_LG_V1
TAFEnow
 REFERENCE REFERENCE 4

The following links provide example spread sheet templates for hardware and software asset
management.

http://www.vertex42.com/Files/download2/themed.php?file=asset-tracking-template.xlsx

http://www.vertex42.com/Files/download2/themed.php?file=software-inventory-tracking.xlsx

Should these links be unavailable please notify TAFENow and instead search the internet for “Computer
inventory spreadsheet templates”

LEARNING ACTIVITIES ACTIVITY 6

Tracking

a Create a spread sheet that could be used to keep track of all IT hardware they use including
servers, computers, laptops, switches and printers.
b Complete the spreadsheet for IT hardware in your home or work environment and identify
which hardware is obsolete or out of warranty and provide recommendations for
replacement hardware including costs.

21 | P a g e
ICTNWK403_LG_V1
TAFEnow
Topic 3 - Implement an antivirus
solution
Research appropriate antivirus and anti-malware
solutions
Although viruses could be considered malware (malicious software) they are often grouped
into their own category.

Malware on the other hand, can include any unwanted program such as trojans, backdoors,
exploits and adware.

While many products available today attempt to detect and clean both viruses and malware
some software packages may only focus on detecting one or the other.

Choosing the right solution is an important decision as it is not recommended that you run
multiple software packages simultaneously. Things to consider include:

22 | P a g e
ICTNWK403_LG_V1
TAFEnow
> Free vs Paid – Does the paid version offer any features you need?

> How often are virus definitions updated and is it done automatically.

> The level of customer support provided.

> Can it be centrally installed and managed?

> The “footprint” of the application or minimum hardware specs? Will your computers be
able to run effectively with this additional software?

> Which operating systems are supported?

Below are some better known anti-virus/anti-malware products available today.

AVG
http://www.avg.com

AVG offer a variety of software packages designed to protect you while online. Their free
product “AVG Antivirus FREE” claims to block viruses, spyware and other malware. The paid
version offers more features such as anti-spam and a software firewall.

Microsoft Security Essentials

http://windows.microsoft.com/en-us/windows/security-essentials-download

Microsoft Security Essentials is a free tool from Microsoft which provides real-time protection
against viruses, spyware, and other malicious software. It is updated daily and designed to
minimize impact on system performance and resources by updating only when the system is
idle.

Trend Micro
http://www.trendmicro.com.au

Trend Micro offers a range of paid products for home and business users. Their software is
available for both PC and Mac and they also offer protection for iOS and Android devices.

23 | P a g e
ICTNWK403_LG_V1
TAFEnow
 REFERENCE REFERENCE 5

Check out the following website for an independent review of lots of antivirus software products.

http://www.av-test.org/en/antivirus/home-windows/

Should this link be unavailable please notify TAFENow and instead search the internet for “choosing an
antivirus solution”

Implement antivirus or anti-malware solution

In this chapter we will detail the steps involved to install Microsoft Security Essentials. NOTE: It
is strongly recommended that you only run one antivirus package at a time on your computer
as they may conflict with each other.

Download the Microsoft Security Essentials installer from

http://windows.microsoft.com/en-us/windows/security-essentials-download

Run the installer.

On the Welcome Screen click Next to proceed with the installation.

On the Software Licence Term screen click I Accept.

Choose whether or not you wish to take part in the Customer Experience Improvement
Program then click Next. If you are unsure choose I do not want to join the program at
this time.

On the Optimize Security page, leave all settings as they are and click Next.

Click Install to begin the installation.

Click Finish to download the latest updates and scan your computer.

24 | P a g e
ICTNWK403_LG_V1
TAFEnow
Test antivirus and anti-malware solution
functionality
The EICAR Standard Anti-Virus Test File was developed by the European Institute for
Computer Antivirus Research (EICAR). It was created to allow the testing of antivirus software
without having to infect a computer with a real virus.

The file contains a string of characters which if detected by a compliant antivirus program, the
program will respond as if it had detected a live virus threat. The EICAR test file can also be
used to test if a piece of software is able to scan inside compressed archives (for example by
adding it to a .ZIP file).

The EICAR test string is

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

You can create your own EICAR test file by pasting this string into any text editor and saving
the file with a .COM extension or you can download one directly from
https://secure.eicar.org/eicar.com.txt

If your antivirus program is working correctly it should detect this file as being a harmful virus
and attempt to remove the file.

NOTE: If you have real-time protection enabled your antivirus software may delete the file
immediately after it is downloaded.

If you have Microsoft Security Essentials installed you can verify that the file was removed
successfully by following the steps below.

Double click the Microsoft Security Essentials icon in the system tray.

Click on the History Tab.

You should see the EICAR_Test_File included in the list of quarantined items.

25 | P a g e
ICTNWK403_LG_V1
TAFEnow
 LEARNING ACTIVITIES ACTIVITY 7

Anti-virus/malware

a Research and compare two anti-virus/malware products and identify the key features of
each. Decide which would be best suited for use at home.
b Choose and install an antivirus solution on your computer.
c Scan your computer and take a screen shot of the results.
d Download or create your own EICAR Test File and use it to test the antivirus solution you
installed. Take a screenshot which shows that the file was correctly identified as a virus.

REFERENCE REFERENCE 6

For more in depth information regarding viruses, antivirus software and how they work, visit the
link below.

https://www.sans.org/reading-room/whitepapers/commerical/choosing-anti-virus-software-784

Should this link be unavailable please notify TAFENow and instead search the internet for “how antivirus
software works”

26 | P a g e
ICTNWK403_LG_V1
TAFEnow
Topic 4 - Implement systems to
protect assets from threats
This topic will enable you to identify environmental threats to data, as well as document and
implement systems which will protect data from these threats.

Determine environmental threats to data

Environmental threats to data can come in many forms. Some localized such as heat and
humidity or unauthorized access, while others can be wider reaching and quite damaging on
a much larger scale such as fires, floods and even earthquakes.

27 | P a g e
ICTNWK403_LG_V1
TAFEnow
Temperature and humidity

Extremes of temperature and humidity can be damaging to servers and equipment hosting
your data. Most hardware manuals will indicate safe operating temperatures for that piece of
equipment, usually between 10 to 50 degrees Celsius.

Many data centres operate at or below 20 degrees Celsius, however companies such as
Google are attempting to raise this level by improving airflow and thus reducing the cost of
air-conditioning.

Most data centres will have environment monitoring systems which will alert administrators
when temperature or humidity falls outside of normal operating guidelines.

Fire and water

Any fire will easily do damage to computer equipment but smoke and toxic fumes can also be
harmful to equipment such as tape backups and optical drives which may not have been
directly exposed to the flames.

Data centres will often have “dry gas” sprinkler systems which will put out a fire without
spraying water throughout the entire building.

Water and electricity definitely don’t mix. Water could come from a leaking pipe or roof and
may not immediately cause the system to fail, if it’s a small leak the moisture might start to
corrode circuitry or encourage mould. In the case of a flood, all equipment could end up
submerged or even washed away completely.

Unauthorised Access

Environmental threats don’t always have to be natural occurrences. Allowing unauthorised

personnel access to servers and equipment can directly put your data at risk of being
destroyed or stolen. A proper security policy with keys, codes locks and passwords for entry
into sensitive areas should always be implemented.

28 | P a g e
ICTNWK403_LG_V1
TAFEnow
Power Management

A steady power supply is very important for computer equipment top operate correctly.
Blackouts, brownouts and power surges all have the potential to permanently damage
sensitive equipment. A backup power source is essential, even if it only lasts long enough for
equipment to be safely shut down. Most Uninterruptable Power Supplies or UPS’s have this
feature and are able to automatically shut down a server in the event of a blackout.

LEARNING ACTIVITIES ACTIVITY 8

Environmental computer threats

In approximately one page identify and describe the environmental threats to the data on your
home computer. What is the likelihood of each event occurring?

REFERENCE REFERENCE 7

For more information regarding environmental factors which may affect data visit the link below.

http://www.ferret.com.au/ODIN/PDF/Showcases/102869.pdf

Should this link be unavailable please notify TAFENow and instead search the internet for
“environmental threats to computer systems”

29 | P a g e
ICTNWK403_LG_V1
TAFEnow
Document systems to protect from
environmental threat
Documenting environmental threats is important so that new employees are aware of the
risks and also so that recurring/likely events can be monitored and an effective action plan put
in place.

Documentation should list all possible threats to your data and provide solutions to minimize
this risk and damage done should it occur.

Documentation could be a memo sent to IT staff reminding them to keep the air-conditioner
in the server room at a particular temperature, instructions regarding what to do in the event
of a fire, or something as simple as a sign that says “Authorized Personnel Only” clearly
indicating that this is a restricted area and that anyone who doesn’t belong there should be
removed.

LEARNING ACTIVITIES ACTIVITY 9

Fire risk

In approximately 500 words create a document which identifies the risk of a small electrical fire
breaking out in the server room of a small business. What are the possible causes of such a fire and
how could you minimise the chances of this from happening? What could be done to protect your
data in the event of such a fire?

30 | P a g e
ICTNWK403_LG_V1
TAFEnow
Implement system to protect data from
environmental threat
One way to protect your data from environmental threats is to use a cloud storage solution.
This way even if your server fails or there is a fire which destroys the entire building along with
any backups stored on site, your data will still be available online.

There are a number of cloud storage solutions available both free and paid. Paid services will
often offer a wider range of features such as automatic backups, security groups, advanced
logging and increased storage space.

For a home user, a free storage solution such as Google Drive, Microsoft OneDrive or Drop Box
provide more than enough features with a limited about of storage space.

The steps below describe how to install the Microsoft OneDrive Client on Windows 7 which
will give you access to 15GB of online storage. You must have a Windows Live account and
internet access to complete these steps.

Download the OneDrive Client from https://onedrive.live.com/about/en-us/download/

Run the installer and click Get Started.

Sign in with your Microsoft Account.

The installer will automatically create a OneDrive folder in your user profile. Click Next.

Choose All files and folders on my OneDrive to sync everything then click Next.

If you want to be able to access all files on this computer from anywhere, leave Let me
use OneDrive to fetch any of my files on this PC checked and click Done.

Your OneDrive folder will open and is ready to be used. Anything you save into this folder
will automatically be uploaded and stored in the cloud.

31 | P a g e
ICTNWK403_LG_V1
TAFEnow
 LEARNING ACTIVITIES ACTIVITY 10

Cloud storage

Research and choose a cloud storage solution for use at home. Install any required software and
document the steps involved.

REFERENCE REFERENCE 8

For a comparison of some popular cloud storage solutions visit the link below.

http://www.tomshardware.com/reviews/cloud-storage-provider-comparison,3905.html

Should this link be unavailable please notify TAFENow and instead search the internet for “cloud storage
comparison”

32 | P a g e
ICTNWK403_LG_V1
TAFEnow
Topic 5 - Develop a backup solution
In this topic we will look at the various types of backups available, investigate current media
backup options, implement a backup solution, demonstrate backup and restore functionality,
and implement a real time backup and data sync solution.

Determine appropriate backup type to meet

systems needs
When performing a backup there are a number of different methods to choose from, each
with their own advantages and disadvantages. Below are some of the more common options.

33 | P a g e
ICTNWK403_LG_V1
TAFEnow
Copy

A copy backup is a simple copy of your selected files. There is no indication (known as an
archive bit) to indicate that the file has been backed up. It is up to you as the administrator to
know what has or hasn’t been backed up. Copy backups may not always be able to back up
files which are currently in use by the system such as databases and executables.

Full Backup

A full backup is similar to a copy in that all files and folders you have selected will be backed
up. The difference being that an archive bit will be set to indicate that each file has been
backed up. This is very important when used in conjunction with other backup methods
discussed below.

A full backup will always backup all files selected and therefore can take a long time. It will
also use up a lot of storage space depending on how much data you are backing up.

Advantages of doing a full backup are that it is very easy to restore from a full backup and that
it is easy to manage backup versions.

Incremental Backup

An incremental backup is a backup of all files which have been changed since the last backup.
To perform an incremental backup you first need to do a full backup. From that point on each
incremental backup will only copy the files that have been changed or added since the
previous backup.

Incremental backups are very quick and take up less space than a full backup however in
order to restore from an incremental backup you first need to restore the latest full backup,
and then each incremental backup in the order they were done. This can become a problem if
any of the incremental backups are lost or destroyed.

Differential Backup

A differential backup is similar to an incremental backup except that it backs up any changes
since the last FULL backup. This means that it is slightly slower and uses a bit more space
however restores are quicker as you only need to restore your latest full backup and then the
latest differential backup.

34 | P a g e
ICTNWK403_LG_V1
TAFEnow
Folder and Drive Synchronization

The activity with cloud storage solutions such as OneDrive and Google Drive earlier in this unit
is an example of folder and drive synchronisation. Files and folders are automatically
uploaded to the cloud when they are added or changed. This type of solution is convenient
and requires little management once it is set up however there is little in the way of version
control. It will protect you if your local hard drive is destroyed or faulty but not if you
accidently delete or overwrite a file as the changes will simply be propagated to your backup
in the cloud.

It is also possible to implement a local version of folder and drive synchronisation with
software such as FreeFileSync - http://www.freefilesync.org/ . However you still have the issue
of any unwanted changes or corruption being copied over to your backup.

RAID

A redundant array of independent disks or RAID is another method of protecting your data in
case of hardware failure. A RAID can be implemented in a variety of ways (referred to as RAID
Levels e.g. RAID1, RAID5).

RAID works by distributing data across a number of drives in a way that if one drive fails it can
be replaced and the data restored using information stored across the other drives. Different
levels of RAID offer different advantages in different areas such as reliability, performance and
capacity.

Common RAID implementations are outlined below

RAID 1

RAID 1 consists of disk “mirroring”, where data is written to two or more drives identically, if
one fails the other/s can take its place and the system continues to function normally until the
faulty drive can be replaced.

RAID 5

RAID 5 implements a technique called “striping” where data is written across three or more
disks, with parity data (an error checking technique) stored on one of the drives. RAID 5 is able
to recover from the total failure of a single drive however the process of rebuilding the array
can take a long time, particularly with drives over 1TB.

35 | P a g e
ICTNWK403_LG_V1
TAFEnow
RAID 6

RAID 6 also uses striping but has the added advantage of “double distributed parity” which
means that up to two drives can fail before data is lost. RAID 6 is able to make use of drives
from different manufacturers, something that is not possible with earlier implementations of
RAID.

REFERENCE REFERENCE 9

For more information on backup types visit the link below.

http://typesofbackup.com/

Should this link be unavailable please notify TAFENow and instead search the internet for “types of
backup”

Investigate current backup media options

Depending on your backup method you may have a number of different media types to
choose from. The most common are listed below.

CD/DVD

Although optical drives are becoming less common these days, DVDs and even CDs are still a
viable option for small amounts of data. CDs are actually very reliable due to their low density
data storage and long shelf life. Optical discs are not susceptible to magnetic interference and
can even survive being submerged (provided they are not left to be damaged by mould).

USB Drives

USB drives are a cheap and convenient method of storing backups. Although limited in
capacity their low cost and small size make transport and storage of small amounts of data
simple. USB drives are notoriously bad for failing at the most inopportune times and should
not be relied on for long term or single copy backups.

36 | P a g e
ICTNWK403_LG_V1
TAFEnow
External Hard Disks/Network Storage

Easily the most cost effective solution for the majority of home users and small businesses.
External hard drives provide the capacity for just about anyone to back up their data quickly
and cheaply. Hard drives are portable and easily transported to be stored off site.

Network attached storage devices provide a central location for multiple computers to back
up their data and usually offer some kind of data redundancy or RAID system.

Tape Drives

Magnetic tape drives are some of the oldest media types used in the computing industry yet
they are still the go to solution for large amounts of data. Although slower than other media
types the sheer volume of data that can be stored continues to make magnetic tape drives a
viable backup option. Newer tape drives can write data at over 250Mb/sec and a single tape is
capable of storing 10TB of uncompressed data.

LEARNING ACTIVITIES ACTIVITY 11

Backup

Research and choose a backup solution that would suit a small real estate business that stores
approximately 1TB of company data consider the backup media type you would choose for the real
estate company, ensure that you can justify your decision.

Implement a backup solution

While there are many backup packages available, the backup solution that comes shipped
with Microsoft Windows is more than adequate for the majority of users.

The steps below describe how to configure Windows to perform an automated backup every
night in Windows 7.

NOTE: You will need to have a blank USB or external hard drive connected to the computer to
complete this activity.

Click the Start button and type Backup and Restore then press Enter.

37 | P a g e
ICTNWK403_LG_V1
TAFEnow
 The Backup and Restore control panel item will open.

Click on Set up backup.

Select your USB from the list of Backup Destinations then click Next.

On the “What do you want to back up?” screen click Let me choose then click Next.

By default Windows Backup will back up all files under each users profile (Their desktop,
Documents, Pictures etc). To save time will only back up your Documents Folder
however in a real world situation you will likely want to back up everything.

Un-tick all the boxes except for the Documents Library under your username then click
Next.

On the Review your settings screen click Change Schedule.

Change the schedule so that your backup will run daily at 7pm.

Click OK.

Verify your settings and click Save settings and run backup.

Your backup should start immediately but then run at the scheduled time in the future.

REFERENCE REFERENCE 10

For more information on Windows Backup and Restore visit the link below

http://windows.microsoft.com/en-us/windows7/products/features/backup-and-restore

Should this link be unavailable please notify TAFENow and instead search the internet for “Windows
backup and restore”

38 | P a g e
ICTNWK403_LG_V1
TAFEnow
Demonstrate functionality of backup solution
Windows Backup and Restore is a relatively simple application however there are a few
features that are worth mentioning.

You can free up backup space by deleting old unwanted backups by clicking on the Manage
Space link on the main screen.

Edit any of the settings for an existing backup by clicking the Change Settings link on the
main screen or turn off scheduled backups by clicking the Turn off schedule in the top left of
the window. You can create a new schedule at any time by clicking Turn on schedule.

Demonstrate restore of data from backup media

Restoring data using Microsoft Backup and Restore is performed by following these steps.

Click start and type Backup and Restore then press Enter to open the program.

Click Restore my files.

Click Browse for files and locate a file on your backup USB from Activity 5.3 that you want
to restore.

Click Add files. Repeat if you want to add more files.

When you are done adding files click Next.

Choose whether you want to restore the file to its original location or a new one.
Sometimes it’s safer to restore to an alternate location and then copy the files manually so
that you don’t accidently overwrite the wrong file. Choose In the following location and
specify a new folder on your C Drive.

Check Restore the files to their original subfolders to maintain the old directory
structure.

Click Restore.

You can now view your restored files or click Finish to exit.

39 | P a g e
ICTNWK403_LG_V1
TAFEnow
 LEARNING ACTIVITIES ACTIVITY 12

Backup and restore

a Perform a manual backup

b Perform a backup of your important files using Windows Backup. Schedule it so that it runs
Weekly at 9pm
c Adjust the schedule for the backup so that it runs every Sunday at 10pm
d Restore a file from the backup you created

Implement a real time backup and data sync

solution
The cloud storage Activity 13 was a simple example of a real-time data sync solution however
for a more advanced solution you would need to look at a product such as Folder Sync,
Shadowprotect, or Yadis.

Yadis is a free, real-time backup solution that allows you to synchronize files and folders on
your PC to almost any destination.

NOTE: Before starting this activity, create a new folder on your desktop called Yadis Sync
Folder. This will be the folder that we are going to monitor for synchronisation to your
backup location.

Insert a blank USB to be used as the backup location. Create another folder called Yadis Sync
Folder on the USB.

Install and configure Yadis by following the steps below.

Go to http://www.codessentials.com/

Download and run the Yadis Installer.

When installation is complete run Yadis.

Click Start to start the setup wizard.

Choose I am an expert then click Next.

40 | P a g e
ICTNWK403_LG_V1
TAFEnow
 Choose Yes to configure Yadis to start automatically with windows. Set this for all users if
other will be using this program. Click Next.

Allow Yadis to check for updates then click Next.

Uncheck Learn how to use Yadis then click Finish.

Configuring folders to sync:

On the Yadis main screen click

Tick General Task and select a Task Mode of Standard.

Click Next.

Give the task a name of Yadis Sync Folder then click Next.

Specify the Yadis Sync Folder on your Desktop as your source

Specify the Yadis Sync Folder on the USB Drive as the destination. You may receive a
warning that you have specified a removable device. Click OK.

Click Yes to backup all your files to the destination directory now (the folder will be empty
anyway).

The USB Yadis Sync Folder should now be synchronizing in real time with the one on the
desktop.

Try creating a new document in the desktop folder and then browse to the USB. You
should see it appear on the USB in a few moments.

LEARNING ACTIVITIES ACTIVITY 13

Yadis

Install and configure Yadis to synchronize a folder on your PC with a USB or external hard drive.

41 | P a g e
ICTNWK403_LG_V1
TAFEnow
Topic 6 - Monitor network
performance
In this topic we will investigate available network performance monitoring tools. Implement
network performance monitoring and produce reports.

43 | P a g e
ICTNWK403_LG_V1
TAFEnow
Determine available network performance
monitoring tools
Microsoft performance monitor

Figure 3 – Screenshot of Microsoft performance monitor

Windows performance monitor comes installed with Windows and allows you to view
performance data in real time or from a log file. It also includes a Resource Monitor which lets
you view detailed real-time information about hardware resources (CPU, disk, network, and
memory) and system resources (including handles and modules) in use by the operating
system. Also available is Microsoft Server Performance Monitor for monitoring Windows
Servers and features. This is a very powerful tool which is well worth learning.

We will investigate Performance Monitor in more detail later in the unit but the following
instructions will get you started with basic real-time monitoring.

Open Performance Monitor by clicking the Start Button and typing Performance
Monitor then pressing ENTER.

You can view real-time activity by clicking on in the tree on the

left.

44 | P a g e
ICTNWK403_LG_V1
TAFEnow
 Add counters by clicking the icon in the toolbar at the top of the window.
e.g. You can add the Processor > % Processor Time counter to monitor CPU activity.

Microsoft Message Analyser

Figure 4 – Screenshot of Microsoft analyser

Download Link

This tool has replaced Windows Network Monitor and enables you to capture, display, and
analyse protocol messaging traffic. It is also able to trace and assess system events and other
messages from Windows components.

45 | P a g e
ICTNWK403_LG_V1
TAFEnow
Windows task manager

Figure 5 – Screenshot of Windows task manager

Windows Task Manager provides a simple interface to quickly view system resources, running
programs and services as well as monitor network and disk activity. It is an extremely useful
tool which can be accessed at any time by pressing CTRL + Shift + ESC.

Windows resource monitor

Figure 6 – Screenshot of Windows resource manager

46 | P a g e
ICTNWK403_LG_V1
TAFEnow
Resource Monitor is a tool that you can use to monitor the usage of CPU, hard disk, network,
and memory in real time. It is simple to use and quickly accessible on any windows machine
by pressing CTRL + Shift + ESC then clicking the Resource Monitor button.

Wireshark

Figure 7 – Screenshot of Wireshark

https://www.wireshark.org/

Wireshark is a network protocol analyser which allows you to inspect data sent using many
different protocols. It allows you to perform live capture of data or offline inspection.

REFERENCE REFERENCE 11

For a more comprehensive list of network monitoring tools visit the link below

http://www.gfi.com/blog/the-top-20-free-network-monitoring-and-analysis-tools-for-sys-admins/

Should this link be unavailable please notify TAFENow and instead search the internet for “network
monitoring tools”

47 | P a g e
ICTNWK403_LG_V1
TAFEnow
Implement network performance monitoring
tools to monitor network
There are a number of network monitoring tools available however one of the most useful
which comes with all recent versions of Windows is the Windows Task Manager and System
Monitor.

To open Task Manager press CTRL + Shift + Esc

Clicking on the Networking Tab will show a real-time graph of current network activity for all
available network adapters. This is a quick and simple way to see if any of your network
adapters are having difficulty connecting to the network.

On the Performance Tab you will see a button for Resource Monitor.

The Resource Monitor will give you a comprehensive view of all system resources including
Network activity which can be found on the Network Tab.

Figure 8 – Screenshot of Resource monitor

The Network tab in Resource monitor displays the following information.

48 | P a g e
ICTNWK403_LG_V1
TAFEnow
Processes with network activity

This section lists all running programs currently accessing the network such as browsers and
some system services. It also shows how much data each program is sending and receiving in
real time. If you find that your internet or network connection is slow you can check to see if
one particular program is using all of the network bandwidth.

Network Activity

This section will list all applications with network activity and show what they are connected
to. If you see a process that you suspect of being a virus you can look to see which address it is
connecting to and decide if it needs to be removed. You can also see the amount of data
being transferred.

TCP Connections

Here you will see all active TCP connections, their local and remote IP addresses and which
port it being used. Again this information can be useful in identifying suspected viruses.

Listening Ports

This section will give you a list of listening ports and their associated application (such as a
web server listening on port 80). If you see a port open and listening that doesn’t belong you
may need to reconfigure your firewall or uninstall that particular program as some listening
ports can pose a security threat to your system.

LEARNING ACTIVITIES ACTIVITY 14

Network monitoring

Research a network monitoring tool that you may use as a system administrator other than those
listed. Jot down the key features it offers.

Install the network monitoring tool and undertake some network monitoring using the tool and
observing how the key features might be of benefit to you as a system administrator.

49 | P a g e
ICTNWK403_LG_V1
TAFEnow
Produce report on network performance
Windows Performance Monitor allows you to generate and analyse comprehensive reports on
almost any aspect of your system. The tool is available on any Windows system and may be all
you have available to produce a detailed report.

Performance Monitor can show you performance data in either real-time or from a log file.
Data Collector Sets can be set to run immediately or on a schedule to collect and analyse
specific aspects of your system at any given time.

Data is collected by adding “Counters” for each item you want to monitor. The number of
things which can be monitored is huge and it may be a confusing at first to decide what it is
you should be monitoring.

The steps below describe how to create a Data Collector Set which will monitor network
usage and then view the data captured using the Reports feature.

Open Performance Monitor by clicking the Start Button and typing Performance
Monitor then pressing ENTER.

Select Data Collector Sets > User Defined in the tree on the left.

Choose Action > New > Data Collector Set from the menu bar at the top of the window.

Enter a name of Network Performance and choose Create Manually (Advanced) then
click Next.

When asked for “What type of data you want to include?” choose Create Data Logs and
tick the Performance Counter check box. Click Next to continue.

Click Add and add the following counters from the Local Computer.
NOTE: When you add each counter you may need to select which network adapter you
want to monitor from the “Instances of selected object” box, otherwise ALL network
adapters will be monitored.

a Network Interface > Bytes Received/sec

b Network Interface > Bytes Sent/sec
c Network Interface > Bytes Total/sec
d Network Interface > Current Bandwidth

50 | P a g e
ICTNWK403_LG_V1
TAFEnow
 Click OK then change the Sample Interval to 1 second.
NOTE: Sampling too frequently can impact performance of your system which will affect
your results. We are using 1 second in this example to gather a lot of data quickly.

Click Next.

Leave the default location for the directory to save data and click Next.

Choose Start this data collector set now and click Finish.

The wizard will close and you data collector will start recording data as indicated by a

small “Play” icon .

Let the collector run for about 30 seconds then click the black “Stop” button on the
toolbar to stop collecting data.

In the tree on the left browse to Reports > User Defined > Network Performance

You should see a green report icon for each time you run your collector. Click on it to view
the data.

You can change the graph type by clicking the icon on the toolbar.

Save the graph as an image by Right-Clicking anywhere on the graph and choosing Save
Image As… you could then insert this graph into a word-processing document if you are
creating a professional report for management.

REFERENCE REFERENCE 12

For a more information on Windows Performance Monitor visit the link below

http://technet.microsoft.com/en-us/library/cc749249.aspx

Should this link be unavailable please notify TAFENow and instead search the internet for “Windows
Performance Monitor”

51 | P a g e
ICTNWK403_LG_V1
TAFEnow
 LEARNING ACTIVITIES ACTIVITY 15

Performance Monitor

Use Performance Monitor to create a report which shows disk activity for all drives in your
computer. Save the graph as Disk_Activity.gif.

HINT: The counters for hard disks can be found under Logical Disk in the list of counters.

52 | P a g e
ICTNWK403_LG_V1
TAFEnow