/dqweek/media/agency_attachments/JNb31gQnqJvAm0jqPxaV.png)
Follow UsNormally a computer server is ‘always on’ and is not manned. A ‘domain
controller’ is a server and may or may not be manned whereas a workstation is
usually manned. Any changes in them or even in a router or switch configuration
has an impact on the quality of service at a service provider. If a server goes
‘down’, considerable time is needed to recover using a backup. Even a
trained specia-list needs time to diagnose. When a user with a problem calls for
support, from the service provider’s computer, it is possible to monitor the
changes in the caller’s machine. Snapshot is a passive, host-based ‘change’
monitor and is a tool to tackle the problem to restore it in minutes. Calls
requesting support, which may extend to 30 minutes and more can get reduced to
five minutes.
‘Change management’ refers to the environment of compu-ters in
enterprises. Though cha-nges inside computer are invisi-ble and invariably,
hidden, ‘Snapshot’ can facilitate detec-tion of change in a system.
Essentially the snapshot is a copy of binary and bytes orga-nized in a system
hard disk.
When a computer system is ‘on’ and is behaving normally it can be
recorded. A snapshot of the hard disk by a software tool creates a record of the
disk with all the files, directories, folders, system configuration and
registers - all at a particular ‘time tick’. It is the snapshot data.
Another snapshot is taken of the system after a few hours. The new record of the
configu-ration also gets stored. The tool can initiate a ‘comparison’ bet-ween
the two snapshots. It picks out the ‘changes’–that has happened in the
interim period - as represented in the two records. It is offered as a ‘report’
to the user. By default snapshot is recorded at fixed time tick or can be
configured as needed, on demand.
Snapshot also becomes a supplement to anti-virus program. For example, a boot
sector virus, which has entered in the interim period, will record differences
between the shots. The user can spot ‘what change’ has taken place. As
another example, if just the color of the font - not the size - is changed, it
is also spotted. If a file had been compacted, there is a change - leave alone
‘zipping’ it. A detailed analysis of the two shots can detect willful or
malicious effort - which indicates the effort of a hacker. Using known ‘signature’
some intrusions can be detected too.
However, the change in a computer hard disk could be due to a ‘user
initiated’ down-load, a patch or an upgrade to the program. An application in
a network might work seam-lessly before a download. Soon after, the performance
of the network might have become lethargic. If two snapshots - before and after
the new download - are compared, the reason for deterioration can be analysed. A
change that has caused harm can be rolled back, the ‘harm’ can be arrested
and a system gets ‘treated’. It can recover from the ill effects. It is the
registry part of the hard disk that is restored.
Windows operating system has in built mechanism to create its registry. It
cannot be interfered with. The ‘reset’ but-ton on many computers reb-oots
the system, which is suffi-cient to recover from some cra-shes as ‘modem-not
respond-ing’ or when fax application or e-mail service is stalled. ‘Res-tore’
is more complex than ‘re-set’ and is possible only if the snapshot prior to
change is re-corded. This can be a supple-ment to a backup system. ‘WhatChanged’
is a product that embeds snapshot technology.
Any ‘install’ in a computer, changes the configuration. Many a time an
attempt to inv-oke a new program can prod-uce problems and a user or system
administrator may wish to remove the new program and get back to the earlier
con-figuration. Just ‘uninstalling’ the program may not be satis-factory.
Restore is a better me-thod to address the problem.
Users are advised to record a snapshot of the disk when the system or network
is ‘normal’. Whenever in doubt or as and when needed later, a shot can be
recorded and compared with the ‘normal’ configuration, to restore if need
be. Further, the modification caused by an ‘install’ can be studied at
leisure to have an insight into the system.
At times junk or unlicensed products are downloaded from the Net. The new
directory created can be monitored th-rough snapshot. A disconnec-tion, power
fluctuation or some disturbance can interrupt a download. When it is
reco-mmenced, the hard disk may not resume accepting the bits from the exact
point when the interruption took place. Sel-dom can this be reset–unless the
partial download is compl-etely erased and started afresh. Snapshot–before
interruption and after–may be a good record for further investigation.
Moreover, external, unau-thorized intrusion causes changes in any computer
and worries all users. One is eager to detect. To trace intrusion, one can
follow appropriate reports on events in a system. Change can be accidental or
intentional and can be due to internal effort or by untrust-worthy outside
source. Comp-uters are vulnerable when connected to the Net. Periodic or an ‘on
demand’ report of change helps to investigate.
Web sites are created with zeal but need to be watched constantly, lest web
sitter, domain stealer or a hacker interferes. Change mana-gement of a different
kind is useful in maintaining a web site. One is keen to keep a web site
accessible to visi-tors. The first step, here, is to monitor if the web site is
‘up’ and ‘visible’ for access. The server storing the site, necessarily,
has to be ‘on’. This can be periodically monitored.
Contents of the web pages in the site are important. Left unattended, changes
can be effected to the content by intru-ders. A tool can periodically monitor if
the contents have been disturbed. In this tech-nology, the size of the files
that create the web site–when it is normal–can be measured in bits and bytes
and stored. Periodically or at random, size of the pages can be measured. If the
new measurement mat-ches with the stored figure, it can reasonably be presumed
that the pages ‘continue’ to remain normal.