Assignment 4 (10 marks)
The aim of this assignment is to develop your understanding of the kinds of bizarre problems a system
administrator will have to handle. The first part depicts an organization in a bad state. Your job is to devise a
scheme to fix it.
One of the requirements of being a system administrator is to make decisions about overall structures and
procedures. Below is a typical organization. You have recently been employed by this organization as the
new chief information officer and systems administrator. Your first job is to clean up this organization’s
computing – what would you do?
When devising a response you should think about the following
1. Design of systems and network.
2. Administration and Management of systems and network.
3. Service Management.
5. Operating Procedures.
6. Disaster Recovery and,
7. Organisational requirements.
Provide a written response outlining the problems with this computing environment and why. Once you have
done this provide either technical or procedural solutions to these problems. You are basically going to
devise a computing strategy for this organization. Where possible outline potential technological solutions
you may employ to solve a particular problem. For each issue-identified outline the potential impacts it may
have on the organization and why it is important to address.
For example you may identify there is no security and decide to place a firewall into the organization to fix
this. If you do this what services would you allow in/out of your network? Is that enough? You may decide a
CISCO Pix would be a good tool to solve this problem.
Another example may be you identify the need to backup data. If that’s the case how frequently should it be,
what should you backup? Where do you plan to store backups?
The organization in question is small software house. The software house is working on innovative software,
which it plans to sell in the near future. Most code and documentation is stored on servers, which are publicly
accessible via the Internet. The organization has a considerable investment in this data (for corporate
purposes), hence its integrity and confidentially is important.
The organization has a number of staff that are responsible for the management of the server infrastructure,
however administration is somewhat lacked with many people across the organization knowing
administrative passwords. At present there isn’t a full time administrator – the administration of services and
systems seems to be the role of several developers who know ‘some stuff’. Employees of the organization
currently enjoy free, open, unrestricted access to the Internet but realistically they only need to browse
certain websites on the Internet. The management would like there to be a system in place to minimise the
cost of accessing web resources.
The organization consists of the following departments:
1. Research and Development (56 people)
2. Management (4 people)
3. Human Resources & Legal (5 people)
4. Finance (3 person)
There are no concerns with the performance of the software/ hardware – though the management is
confidant this can be improved. There are however major concerns about the potential impacts of disasters,
downtime, compromises and the potential loss of intellectual property.
The organization uses a number of servers to perform its core business. The servers are not very busy. In total
there are six servers. These servers include a CIFS (Windows File Sharing) Server (running on a Windows
NT server), Windows Active Directory Server (running on a Windows NT server), Apache Web Server
(running on Mac OS X machine), Development Server (typically accessed using telnet and ftp) (running on
Linux), Exchange Server (running on a Windows NT Server) and Oracle Server (running on a Solaris – Sun
machine). Each of these servers are, independent machines with vanilla installs of the operating system. The
servers are not running the latest operating systems nor have they been patched. These machines have
publicly accessible addresses and hence can be access from the Internet.
The servers are commodity x86 boxes or servers that have been acquired through various means i.e. the
Sparc Station was purchased from Ebay by some employee’s who wanted to learn Solaris and the Mac, well
it was purchased because there is a Mac head in the organization who really loves Mac’s.
There is no maintenance on either the hardware or software. Some of the servers are over five years old e.g.
Services and Data
The servers store the following;
1. Home directories,
3. Database objects for various development and production environments (for various departments),
4. Active Directory Meta Data Object,
5. Project Build and Information Directories,
6. Code Versioning System (CVS) Data/ Directories,
7. Corporate Finance and Personnel Data,
8. Web Page Data.
This data is stored on disks in a number of different boxes. For example the Mail Exchange server stores mail
ona internal disk. Where as the Oracle Databases are kept on the oracle servers using a number of disks. The
Oracle server also plays home to most of the corporate data. Project Build and CVS data are kept on the
development server, which web pages are kept on the web server.
Most services are only used within the organization, however the organization does have a internet presence
via its web page and mail server. Despite this some developers work from home in the evenings and access
some services e.g. CVS from there home workstation. You can assume there is no redundancy/ fail over in
the disks hence if a disk goes bad, that data is lost and the service associated with it fails.
The most important data is the organizations data (mail, web and corporate finance/ personnel data), project
builds and CVS information. The integrity of this data must always be preserved. In terms of services the
most important service are the web page, email service and CVS infrastructure.
Most of the staff in the organization knows the root/ administration passwords to the servers. Most of the
administration of the hosts is done via the network using tools such as telnet and rsh. It should be noted that
all users have accounts on every server regardless of if they are admin’s.
The administrators do a bad job of administering these machines, as disks are often filling up and there are
lots of active but unused accounts (because people leave the organization). The organization depends on the
services offered by its servers so very much for its business but there is nothing in place to monitor them.
System administration here is basically fire fighting.
External hackers have compromised some desktop machines in the past. The administrators are reasonably
confidant that the servers have no been compromised yet (this is probably sheer luck but they are unsure
about this). That said when a host is compromised; the administrators merely disable the hack and continue
to allow the machine to be used. Most compromises are noticed too late i.e. well after they have been done.
The organization does not have a firewall or any other security system in place. Currently all services offered
by the servers are accessible via the Internet. There is no email/ virus protection in this organization.
Backup and Disaster Recovery.
The organization does not have any backup or disaster recovery systems/ procedures.
Network and Physical Location.
The servers and core network infrastructure are located in common workspace as other infrastructure and
employee’s of the organisation. In addition to this the servers are on the same networks as user workstations
and there is no network security. The organization is connected to the Internet via a ADSL modem connected
to a router. The router connects to a several 10mb hubs, which provide access to the staff (there is only one
Individual Workstations & Passwords
Each employee has a desktop computer. Most of the computers are running a vanilla install of a Windows
like operating system that has not been patched since install. Employees keep corporate data on these hosts in
their home directory, which is not backed up.
In addition to this everyone has administrator privileges to their workstation. As the environment is relaxed, a
user can have accounts on other employee computers possibly using the same or different password.
The organization has no hard and fast rules about passwords; infact the most common password used is the
person’s name. These passwords are also indicative of what is used on the server machines.
Place your answer for this in a file called ass4.pdf.