BSc CSIT (TU) Science Network and System Administration (BSc CSIT, CSC412) Question Paper 2080 Nepal

Responsibilities of a System Administrator

A system administrator (sysadmin) is responsible for installing, configuring, securing, maintaining and supporting an organization's IT systems (servers, network services, storage and user accounts) so that they remain reliable, secure and available.

Core Responsibilities

• Installation & configuration of operating systems, services (DNS, web, mail, database) and application software.
• User & account management — creating/removing accounts, groups, permissions and enforcing the principle of least privilege.
• Security — patching, firewalls, intrusion detection, antivirus, access control and incident response.
• Backup & recovery — designing and testing backup/restore procedures and disaster recovery plans.
• Performance monitoring & tuning — CPU, memory, disk and network monitoring, capacity planning.
• Troubleshooting & support — diagnosing failures and providing helpdesk support to users.
• Automation — writing scripts (shell, Python) for repetitive administrative tasks.

Policies

Policies are formal rules that govern how IT resources are used and managed. Important ones include:

• Acceptable Use Policy (AUP) — what users may and may not do.
• Password / authentication policy — complexity, rotation, MFA.
• Backup & retention policy — what is backed up, how often, how long it is kept.
• Security / patching policy — update cadence and access control.
• Privacy & data-protection policy.

Policies create consistency, accountability and a legal/compliance baseline.

Documentation

Documentation records the configuration and procedures of every system. Good documentation:

• Describes network diagrams, IP plans, server roles and credentials (stored securely).
• Records change history (who changed what, when and why).
• Enables knowledge transfer and faster troubleshooting, and reduces dependence on any single person ("bus factor").

Importance of Standard Operating Procedures (SOPs)

SOPs are step-by-step written instructions for routine tasks (e.g., adding a user, taking a backup, rebooting a server, responding to an outage). Their importance:

• Consistency — every administrator performs the task the same correct way.
• Reduced errors & downtime — less chance of mistakes under pressure.
• Faster onboarding & training of new staff.
• Auditability & compliance — procedures can be reviewed and verified.
• Business continuity — work continues even when the usual person is unavailable.

Conclusion

A system administrator combines technical operations with strong governance. Well-defined policies, documentation and SOPs transform ad-hoc administration into a repeatable, secure and auditable practice that keeps the organization's services reliable.

Web Server

A web server is software (running on a host machine) that accepts HTTP/HTTPS requests from clients (browsers) and returns web resources such as HTML pages, images, or dynamically generated content. Examples: Apache HTTP Server and Nginx.

Architecture of Apache vs Nginx

Nginx uses an event-driven model where a small number of worker processes use an event loop (epoll/kqueue) to multiplex thousands of connections, giving low memory use under high load. Apache traditionally spawns a worker per connection, which is simpler but heavier.

Virtual Hosting

Virtual hosting lets a single server host multiple websites/domains. Types:

• Name-based virtual hosting — multiple domains share one IP; the server selects the site using the HTTP Host: header (most common).
• IP-based virtual hosting — each site has its own IP address.
• Port-based — different sites on different ports.

Example (Nginx name-based):

server {
    listen 80;
    server_name example.com;
    root /var/www/example;
}
server {
    listen 80;
    server_name test.com;
    root /var/www/test;
}

HTTPS Configuration using SSL/TLS

HTTPS = HTTP over TLS (SSL), providing encryption, integrity and server authentication. Steps:

1. Obtain a certificate — generate a key + CSR and get a certificate from a CA (e.g. Let's Encrypt), or self-sign for testing.
2. Configure the server to listen on port 443 and point to the certificate and private key.
3. The TLS handshake then negotiates a cipher, validates the certificate, and establishes a session key.

Example (Nginx):

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate     /etc/ssl/example.crt;
    ssl_certificate_key /etc/ssl/example.key;
    ssl_protocols TLSv1.2 TLSv1.3;
}

Redirect HTTP to HTTPS so all traffic is encrypted.

Conclusion

Apache and Nginx serve web content using different concurrency models; virtual hosting allows many sites per server, and SSL/TLS secures traffic by enabling encrypted, authenticated HTTPS connections.

Backup and Recovery

Backup is the process of copying data to a separate location so it can be restored after loss, corruption, deletion, hardware failure, ransomware or disaster. Recovery is the process of restoring that data to a working state. Together they ensure data availability and business continuity.

Types of Backup

• Full backup — copies all selected data; simplest restore but slow and storage-heavy.
• Incremental backup — copies only data changed since the last backup of any kind; fast and small, but restore needs the full + every increment.
• Differential backup — copies data changed since the last full backup; restore needs only full + latest differential.

Backup Media

• Magnetic tape (LTO) — cheap, high-capacity, good for long-term/offsite archival.
• Hard disk / SSD / NAS — fast random access, used for nearline backups.
• Optical media (DVD/Blu-ray) — small-scale archival.
• Cloud storage (e.g. AWS S3, object storage) — offsite, scalable, pay-per-use.

Scheduling

Backups are scheduled to balance protection against system load:

• Daily incremental/differential backups (e.g. overnight via cron).
• Weekly full backups.
• Monthly/quarterly archives retained long-term.
• Defined RPO (Recovery Point Objective — how much data loss is tolerable) and RTO (Recovery Time Objective — how fast recovery must happen).

Backup Strategy for a Small Organization

1. Follow the 3-2-1 rule: keep 3 copies of data on 2 different media, with 1 copy offsite (e.g. cloud).
2. Schedule: weekly full backup (e.g. Sunday night) + daily incremental backups via cron/rsync.
3. Media: local NAS/external disk for fast restore + encrypted cloud storage for offsite copy.
4. Security: encrypt backups and restrict access.
5. Retention: keep daily backups for 1 month, weekly for 3 months, monthly archives for 1 year.
6. Testing: periodically perform test restores to verify backups are usable.
7. Documentation: record the procedure in an SOP and log every backup.

Example cron entry for a nightly rsync backup:

0 2 * * * rsync -a --delete /data/ /mnt/backup/data/

Conclusion

A sound backup strategy combines the right backup type, media and schedule with offsite copies, encryption and regular restore testing to guarantee recovery when data is lost.

/etc/resolv.conf is the Linux/Unix configuration file used by the DNS resolver library to translate hostnames into IP addresses. It specifies:

• nameserver — the IP address(es) of the DNS servers to query (e.g. nameserver 8.8.8.8).
• search — domain suffixes appended to unqualified hostnames.
• domain — the local domain name.
• options — resolver behaviour such as timeout and attempts.

Example:

nameserver 8.8.8.8
nameserver 1.1.1.1
search example.com

When an application looks up a name, the resolver reads this file to decide which DNS server to contact and how to complete short names.

LDAP Authentication Process

LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and authenticating against a centralized directory service (e.g. OpenLDAP, Active Directory) that stores users, groups and credentials.

Steps

1. Connect — the client opens a connection to the LDAP server (port 389, or 636 for LDAPS/TLS).
2. Bind (authenticate the search account) — the client performs an initial bind, often anonymous or with a service account, to gain permission to search.
3. Search — the directory is searched (by uid, cn, or email) to find the Distinguished Name (DN) of the user attempting to log in.
4. Re-bind with user credentials — the client performs a second bind using the found user DN and the password supplied at login.
5. Verification — if the bind succeeds, the password is correct and the user is authenticated; if it fails, authentication is rejected.
6. Authorization (optional) — group memberships/attributes are read to decide what the user may access.
7. Unbind — the connection is closed.

Key Points

• Use LDAPS or StartTLS so credentials are not sent in plaintext.
• Provides centralized, single source of identity used by many services (SSH, web apps, mail), enabling single sign-on style management.

Thus LDAP authentication is essentially a bind operation: the directory confirms identity by checking that the supplied password successfully binds to the user's DN.

Process vs Thread

A process is an independent program in execution with its own address space and resources. A thread is the smallest unit of execution that runs within a process and shares that process's resources.

Summary: Processes provide isolation and protection but are heavier; threads enable concurrency within a process with low overhead but require synchronization (locks/mutexes) because they share memory. A single process can contain multiple threads (multithreading).

RAID 10 (RAID 1+0)

RAID 10 is a nested RAID level that combines mirroring (RAID 1) and striping (RAID 0). Disks are first arranged into mirrored pairs (RAID 1), and data is then striped (RAID 0) across those mirror sets, giving both redundancy and performance.

• Requires a minimum of 4 drives (and an even number).
• Usable capacity = 50% of total raw capacity (the other half is the mirror).

How it works (4-disk example)

Data blocks are striped across two mirror pairs; each pair holds two identical copies:

Mirror pair 1: Disk1 = Disk2 (copy)
Mirror pair 2: Disk3 = Disk4 (copy)
Stripes are written across pair1 and pair2.

Advantages

• High performance — striping gives fast parallel reads and writes; faster than RAID 5/6 because there is no parity calculation.
• Fault tolerance — can survive a disk failure in each mirror set; can tolerate multiple disk failures as long as both disks of one mirror don't fail together.
• Fast rebuild — recovery just copies from the surviving mirror (no parity recomputation).
• Good for write-intensive workloads such as databases.

Disadvantage

• High cost / low usable capacity — 50% of storage is used for mirroring.

Conclusion: RAID 10 is ideal where both speed and reliability are required (e.g., transactional databases), at the cost of usable capacity.

Port Forwarding

Port forwarding (also called port mapping) is a networking technique, usually configured on a router/firewall performing NAT, that redirects traffic arriving on a specific external IP address and port to a specific internal host and port on a private network.

How it works

When an external client sends a packet to the router's public IP on, say, port 8080, the router rewrites the destination to an internal host (e.g. 192.168.1.10:80) and forwards it, allowing devices behind NAT to be reached from outside.

Internet ──> Router public_IP:8080 ──> 192.168.1.10:80 (internal web server)

Uses

• Exposing an internal web/SSH/game/FTP server to the Internet.
• Remote access to internal services (e.g., RDP, IP cameras).
• SSH local/remote tunneling (ssh -L, ssh -R).

Note

Because it opens an internal service to external access, port forwarding must be combined with firewall rules and strong authentication for security.

Role of a VPN

A VPN (Virtual Private Network) creates a secure, encrypted tunnel over a public network (the Internet), allowing remote users or sites to communicate as if they were on the same private network.

Roles / Functions

• Confidentiality — encrypts traffic (e.g., via IPsec, OpenVPN, WireGuard) so it cannot be read if intercepted.
• Secure remote access — lets employees safely access internal resources from outside the office.
• Site-to-site connectivity — securely links branch offices over the Internet instead of costly leased lines.
• Authentication & integrity — verifies endpoints and ensures data is not tampered with.
• Privacy / anonymity — hides the user's real IP address and location.
• Bypass restrictions — can access region-restricted or filtered resources.

Types

• Remote-access VPN — individual user to network.
• Site-to-site VPN — network to network.

Conclusion

A VPN's primary role is to provide secure, private and authenticated communication over an untrusted public network, protecting data and enabling safe remote and inter-site connectivity.

Shell Script

A shell script is a plain-text file containing a sequence of shell commands (e.g., Bash) that are executed by the shell interpreter as a program. It is used to automate repetitive tasks such as backups, user creation, log rotation and system administration, and supports variables, loops, conditionals and functions.

Key Features

• Begins with a shebang (#!/bin/bash) specifying the interpreter.
• Must be made executable: chmod +x script.sh.
• Run with ./script.sh.

Simple Example

A script that greets the user and lists the current directory:

#!/bin/bash
# A simple shell script
echo "Hello, $USER!"
echo "Today is $(date)"
echo "Files in current directory:"
ls -l

Example with a loop:

#!/bin/bash
for i in 1 2 3; do
    echo "Number: $i"
done

Conclusion

Shell scripts let administrators combine commands into reusable, automated programs, saving time and reducing manual errors.

systemctl vs service

Both commands manage system services (daemons), but they belong to different init systems.

service

• The older, SysV-init command (with backward compatibility).
• Controls scripts in /etc/init.d/.
• Syntax: service <name> <action>, e.g. service apache2 restart.
• Limited features: mainly start/stop/restart/status; does not manage boot-time enabling directly (that needed chkconfig/update-rc.d).

systemctl

• The modern command for systemd, the default init system on most current Linux distributions.
• Manages units (services, sockets, timers, targets) defined in /etc/systemd/system/ and /lib/systemd/system/.
• Syntax: systemctl <action> <name>, e.g. systemctl restart apache2.
• Richer features: enable/disable for boot startup, dependency handling, logging via journalctl, status with detailed state.

Comparison

Examples:

service nginx status        # old style
systemctl status nginx      # systemd
systemctl enable nginx      # start on boot

Summary: service is the legacy SysV-init wrapper, while systemctl is the native, more powerful systemd tool. On modern systems service often just forwards calls to systemctl.

Short Notes on Network Monitoring Protocols

Network monitoring protocols let administrators collect data about device status, performance and availability to detect faults and tune performance.

1. SNMP (Simple Network Management Protocol)

The most widely used monitoring protocol. A manager (NMS) polls agents running on devices (routers, switches, servers). Data is organized in a MIB (Management Information Base) addressed by OIDs. Supports GET, SET, and asynchronous traps (alerts). Uses UDP ports 161/162. SNMPv3 adds authentication and encryption.

2. ICMP (Internet Control Message Protocol)

Used by tools like ping and traceroute to test reachability, measure round-trip latency and packet loss, and report errors.

3. NetFlow / sFlow / IPFIX

Flow-based protocols that export statistics about traffic flows (source/destination, ports, bytes) for bandwidth analysis and traffic accounting.

4. Syslog

A standard for devices to send log/event messages to a central log server (UDP/TCP port 514) for monitoring and auditing.

5. WMI / RMON

WMI monitors Windows hosts; RMON extends SNMP for remote, flow-level monitoring of LAN segments.

Summary

SNMP (device metrics & traps), ICMP (reachability/latency), NetFlow/sFlow/IPFIX (traffic flows) and Syslog (event logging) are the core protocols that together provide complete network visibility.