1/13/99 ======= What is an operating system? It's the software that controls the hardware of the computer. Generally, it's the software that comes with the hardware. OPERATING SYSTEM CONCEPTS ========================= What is the O.S. ? - Software that controls the hardware. General purpose computers ...bios stands for basic input output system... Functionality provided for us: 1. Management of the Input and Output systems. 2. Provides file management 3. Provides user management 4. Security 5. Communications Support 6. Graphical User Interface TYPES OF OPERATING SYSTEMS ========================== Single User - means there is one user and one computer that the user operates. Multi User - supports multiple users on one machine. Multi-Tasking - one or more programs at once. Multi-Processor - More than one CPU in a machine. Multi-Threading - Like Netscape...multiple windows of a program. Real-Time computer - your car. your space shuttle. gets input and output automatically, et cetera. FILE SYSTEMS ============ Manages the storage of files on the hardware. Manages the operations on files [such as create, delete, edit] You can have several directories and subdirectories. Must control access rights or permissions. 3 mains are READ, WRITE, EXECUTE OWNER: read, write, and execute GROUP: group of people. WORLD: everyone else. SUPER USER: Complete Access to EVERYTHING. [root] Maintains the attributes. Examples: (added) time date size data type 1/20/99 ======= Process or Task Management: Process - Running Program. Task - "Bookkeeping information" - Information about a process. Whats it called? Where did it put it in memory? Considered to be ready to run: initially set for the "ready state" then moved to the "running" state" when the processor relinquishes control. states: name where is it in memory ready running blocked daemon - tasks which run in the background to handle tasks. Resource Management: Manage the allocation of resources in a multi-tasking environment. If a process does not relenqusish control to a process, the process is 'deadlocked'. It is supposed to be possible to allocate the resources so well that processes never get blocked. MultiTasking: The ability of a computer to run more than one task or program at the same time. As the number of processes goes up, the throughput (the number of things the computer can do at once) goes down. Actually, if you look at the amount of work left, the amount of work goes up...then it goes down. Thrashing: The process of the computer crashing (or the slowing down of the computer) Defined by the computer actually doing work but we're getting no energy out of it. Two methods of design: PRE-EMPETIVE: Allows for fixed time slices for each process. CO-OPERATIVE: Each program uses the processor as long as it wants. CONTEXT SWITCHING: Operating system must setup some type of structure to make sure they're all running properly. MULTIPROCESSING SYSTEMS: Means you have more than one processor in your computer. They are massively parallel. DISTRIBUTED COMPUTING: Running one program across multiple computers. MULTITHREADING: Taking one program and breaking it up into pieces, all of which can be run at one seperate time. (light-weight process, thread) 1/25/99 ======= Communications Diagram: (info) -> transmitter / receiver -> signal (pulses) - > repeaters -> receiver Problems: Attenuation - degredation of the signal itself. Thirteen TASKS we must deal with in communications: (stallings book on communication) A. Transmission (System Utilization) B. Interfacing C. Signal Generation (verbal) D. Synchronization E. Exchange Management (some type of.."over"..as if ENTER) F. Error Detection and Correction (low bird rates? huh?) G. Flow Control H. Addressing I. Routing - If a comm system is a netowrk, then when a message comes to any individual unit, there are only 2 possibilities for that network. J. Recovery - Deals with how to restore the system when it fails. (there is a difference between error correction and detection (failed messages), and recovery (failed systems). :) K. Message Formatting - Deals with agreements between the sender and receiver. (english, but lower level english) - more distinguished. L. Protection - involves seeking to insure that the sender's data is received only by the receiver. M. Systems Management - how should I react to system failures, overloads, growth, et etera? Plan for growth? 1/27/99 ======= Teams - Jay Fuller Diane Pynca (DYPINCA@YAHOO.COM) Yap S. Atchison OSI MODEL - 7 Layers, Open Systems Interconnect Model. In fact, it's a group of people who got together and came under the international standard orgnization. Decided to define the tasks for communication. Layers are important: Application layer - provides access to the user through specific programs (telnet) or through an application program through communication function calls (winsock, et cetera) Presentation - translates bits to letters on the screen (data formatting). Some piece of software is responsible for this. Additionally, security through encryption is handled through this layer. Session - Who or what is using the computer at that current time. One communications process from end to end. Error recovery can also be handled here. Transport - Provides reliable transport of end to end communications. What is sent from one side is expected to be received on the other side. Also breaks down the data in the network. Network - Provides routing information of the communications process. Data Link - Provides reliable data transfer across the physcial medium. this is across the hardware domain. Your message might actually have to be broken down into smaller pieces (frames) so a computer communication system can move your data more efficently. Physical - Stuff that we send is a "protocol data unit". As things get into transit, additional notation and information is added as required for that job to be accomplished. As the data nears it's destination, those "notes" are stripped, therefore, when the information is received, it's very similar to what was origionally sent. TYPES OF MEDIA ============== Media can be GUIDED or UNGUIDED. GUIDED - if you have like......a pipe, most of the signal is guided (through like a mouse). UN-GUIDED - like radio signals. - they go in all directions. Mediums: Copper Wire (twisted pair) Coaxial Cable Optical Fiber Unguided Media / Directed Focus? 2/1/99 ====== BANDWIDTH - information carrying capacity of the wire. Information Capacity (bps) - hertz. it __MUST__ involve the frequencies about the wire. (common misconception) These things are related by shannon's law. bandwidth COULD involve: (bandwidth) or (information capicity) shannon's law is: c = wlogz(1+s/n) 20 hertz (cycles per second) - 20,000 hertz (cycles per second) Connection Strategies ===================== There are several connection stragagies - initial: circuit switching - b a c f d e For communication to occur from a to f, there are several possible paths. One path, from a-d-e-f can be chosen and used. this curcuit becomes dedicated and cannot be used by anyone else as long as a communcates to f. message switching- the goal of message switching was to improve network performance. this strategy allows each segment of the network to be used only when the message is passing along its part of the network. This increase in the utilization of the system, however, if the message is LONG a good deal of time is spent by each node at one time to process the message. Additionally, a local buffer is required for long messages as it takes some amount of time to receive the entire message. packet switching- To improve performance over the other stragigies, packet switching was developed. (a) packets The message is divided into smaller parts called packets. each packet is trated independently of the other parts of the message. this means that each packet must have some information in it to allow it to be delivered and reasseembled into the whole message. addressing usually includes the receipent's address and the sender's return address. sequence information must be provided, to allow packets that are received out of order to be reassembled. finally, error detection and correction information must be included for each packet instead of the message as a whole. (b) routeing connection oriented -- virtual circuit. connection less - datagram. [routeing decisions aren't made anymore, et cetera - every packet can pick its own way]. internet protocol suite layers: application -> ftp, telnet, smtp, et cetera transportation -> tcp, ucp (transmission control protocol) network -> ip, icmp, igmp link -> interface and device driver. -> physical media Each of these layers provides enough functionality to build a reliable commuinications system. the application layer is interested in moving messages from host to host. The transport layer is interested in moving packets from host to host. the network layer is interested in 4 steps required. (IP protocol) host a host b application application ==message== transport transport ==packet== network network ==datagram== link link ===frame=== physical network As a message moves from one host to another, the TCP/IP communication layers have different responisiblies for moving the data. The routing function is handled using the network and link layers. in the interworld this function is handled by a gateway machine. 2/3/99 ====== (project) when working on the project - keep a mini-log of the project. keep a journal of errors, et cetera. IP addresses 2 CD-ROMS Stop by Owen's office as soon as possible. Room - FCW 5 (c) -- a gateway server machine. Desk, couple of chairs. 3 network connections. When we get there, we'd go with an IP address. 3 more classes...test time. Internet Protocol Suite: message | | application APPLICATION | | =========================================================above this is SOFTWARE D | | U O transport TRANSPORT P W N=======================================================powered by the OS (uses ip addresses) | | | | network NETWORK | | =========================================================physical (uses physical addresses) | network | link link LINK | | | | | | | | ------(NET A)---- --(NET B)----- 2. Hiarchial Address - . Decimal System 192.245.222.11 - the actual www.southalabama.edu Address has TWO parts: NETID - Identifies the network that would be useful in routing. HOSTID - Identifies the actual machine. Actually, it does not work this way because we are out of numbers. Different CLASSES of network: CLASS A - 0------7 0 (netid) host id 126 16,777,216 of these. very few of these around a "VERY LARGE NETWORK" :) IBM is 9.0.0.0 CLASS B - 10 (netid) host id AOL is 152.163.0.0 CLASS C - 0 (netid) host id 110 netid host 192.245.221.1 [generally implemented whereas they resort to the network. host id is generally individual machines or networks "on that network"] As of January, 1996 - There were 95 Class "A" networks, 5,892 class B addresses, 128,378 class "C" networks. This number is undoubtable larger today, 'specially in class C. [don't count?] CLASS D - reserved for multi-casting. sending one packet to a whole bunch of hosts. 1110 for the address. 1110. [multicasting] 224-239 [for the first digit] CLASS E - ALL RESERVED 11110 - reserved for experimental use. scheme of assigning networks.. number 4... special addresses. if you have a host id of all 0's - it means this host (serves as a place holder). 0.0.0.0 - this machine 1.1.1.1 - everyone can listen to this (broadcast system?) 255.255.255.255 - all 1's ? one address - 127.0.0.0 - this is called a loopback - it will turn it around and send it right back. question for next time? ======================= how do you figure out the address of "B" since all you know is the actual IP address? (address resolution problem) - ARP. 2/8/99 ====== ARP - Address Resolution Problem IP Address ; 192.222.222.1 also has a physical layer. ========================================== | | MACHINE A MACHINE B Direct mapping is something like: P(i)=F(Ii) [might equal .1 or something] Dynamic Binding Providing a table - if the table grew large when you want to talk to a lot of people, it creates a large problem. (broadcast to b) (b responds with address) a will send his internet AND physical address (otherwise B would be in the same boat) ============================================================ | | | MACHINE A MACHINE B MACHINE C ARCS - address resolution protocol then, when dealing with the "table", take the physical address, and store it. As this goes on...each machine actually stores the information. this is how machines carry (and create) their own DNS tables. so...... 1) cache [storing all information coming in] 2) data gathering info - all information coming through, store it. 3) annouceing your arrival - as you boot - annouce your address and ip address....everyone else receives it. there is ANOTHER problem - the REVERSE ARP -- [RARP] IP address is software only - turn the machine off, the IP address is gone. If I knew my physical address, could I do an IP lookup from my physical address? Generally to handle this, we have a primary server and a non-primary server. If the primary doesn't answer by a certain time out period, the backup server answers. sub-netting -- XXX.XXX.XXX.XXX | | | | === === netid host id XXX.XXX.XXX.XXX | | | |===host part === == internet physical net part part Example: Network is 128.10.0.0 [information comes into gateway] 128.10.2.1 128.10.2.2 128.10.2.3 ... english dept |======================================= | {g} gateway (128.10.0.0) | |====================================== cis dept 128.10.1.1 128.10.1.2 128.10.1.3 ... subnet mask - 255.255.255.0 actually means 11111111.11111111.11111111.00000000 255.255.24.64 might be 1111111.11111111.00011000.01000000 this is for additional IP addresses? [all ones MUST be on the left] The other day, we talked about the Internet Protocol as being 4 layers: IP Routing -- Unreliable - delivery is not guaranteed. (in the internet) -- packets may be lost , duplicated, delayed, or delivered out of sequence. Best-Effort - Connectionless packet delivery system. - independent of each other, and float around inside the network. At every layer, it's entirely possible that the information you sent is chopped down.......and sent to other sides.......and re-assembled. transport layer generally deals with packets. lookup datagrams. network layer - will deal with datagrams? transport network - extragrams? link 2/10 ==== Connectionless Communication means the sender and receiver are connected at one time. (slowest router is 32,000 datagrams / second on campus) IP Datagram: 0 4 8 15 19 24 34 VERS HLEN SERVICE TYPE TOTAL LENGTH IDENTIFICATION FLAGS FRAGMENT OFFSET TIME TO LIVE PROTOCOL SOURCE IP ADDRESS DESTINATION IP ADDRESS IP OPTIONS PADDING DATA MORE INFORMATION.... Total Length - describes total length of datagram in bytes. (64K?) Time to Live - Specifies time the datagram can exist on the network in seconds. (Network Layer) Precedence D T R Unused 0 1 2 3 4 5 6 7 (more or less types ignored) of transport D - no delay T - high throughput R - process me with high reliablility. IP Options - fields which set what the datagram does. Some of them include: timestamp option - record route option. as it passes through a gateway node, it not only records the address, but also the time that it went through. TRACEROUTE sets time to live to one. DATA ENCAPSULATION - data w & p transport data | | Reassembler timer - the IP layer throws all the fragmented packets away. Will send informaiton back saying I didn't get it. ;( internet copies of data | | link layer frame header / data field somewhere along the way....the data size is not going to fit into the specified path. because of this , datagrams become fragmented. because of this, they have physical restraints. 2/22/99 ======= One of the functions of the IP layer is routing. -Direct Routing -Indirect Routing Centralized Routing? - someone in the middle handles ALL of the routing Distributed Routing? - different machines around the world update routing info Static Routing? - when the tables never change. Adaptive Routing? - finding quickest, cheapest method of routing. lots of overhead to receive information. the better you wanted the decision, the more information you might have to collect. the information is not necessarily always up-to-date. All prior information is IP x 4. Currently, it's IP x 6. IETF [internet engineering task force] got together and tried to figure out how to fix the problems. Problems with current system: ============================= Address Depletion - 32 bits - 2 (32) addresses. [class a,b,c groupings] (approximately 4.3 billion addresses) you could have 500 machines. we get 65,000 class b addresses - you waste 64,500 addresses. give 2 class c addresses.......512 machines. except......people think we have a split organization or something. Address Demand - as computers and lightpoles and everything else gets hooked up to the internet, well, umm...owell :) - we need new addresses. IP protocol - version 6 - details about it: security - designed for a trusted environment co-exist - can co-exist with older versions ip version 6 - goes with: VER PRIOROTY FLOW LABEL PAYLOAD LEN NEXT H HOP LIMIT SOURCE ADDRESS - 128 BITS DESTINATION ADDRESS VER - 4 bits, says which address is supported. PRIORITY - 4 bits, added to allow more network congestion control. 0 is lowest priority, 7 is highest. 0 might be email or something, 7 would be HIGH -- like streaming or something. FLOW LABEL - 24 bit field - designed to be used with priority. moves packets expeditioally. basically setup for a single source - from a single source to a single destination. some data will be moved much faster than other data. PAYLOAD LENGTH - contains the number of bytes, minus the header's 40 bytes, that follow the header. Indicates how many bytes past the header you must read. Everyone who writes about IP 6 cautions the learners means this is NOW how much data follows. It's basically signifigant bytes past the header. (there might be other stuff past the header that is NOT data -- because of the next header field. some headers have been added for security (these are extra headers) - for example: authentication information and security headers. [these verify the packets coming in are authentic and not "hacked" ;-) ] fragmentation header hop-by-hop header (where has it been?) destination options - sends information directly to header to give additional instructions. addresses are 128 bits or about 10 (40th) IP version 4 -- 192.168.40.52 IP version 6 -- 128 bits - 7477:0000:0000:0000:0000:0AFF:1BDF:7FFF or 7477::0AFF:1BDF:7FFF (: removes series of 0's) then...um....7477:AFF:1BDF:7FFF 2/24/99 ======= There are 3 types of addresses in IP version 6- most common - unicast address - an address that corosponds to the version4 (traditional) ip address we are familiar with today. anycast - represents a group of machines ( a group of ID's ) . I have a packet, and I want to send information to the closest machine / member of that group. multicast - one SINGLE packet delivered to several destinations. IPv4 - 32 bit address. IPv6 - 128 bit address. 80 zeros....16 ones.....ip v 4 address -- complient with v4. however.......32 bits WILL NOT fit in 128 bits. Therefore, the IP4 does not work with IP6. IP layer - built on fundamental layers of unreliable, best effort, connectionless network. now...we're moving into: TCP - transmission control protocol layer. TCP---- IP----- LINK--- APP APP TCP TCP IP IP LINK----| |----LINK 3/1/99 ====== Characteristics of a reliable communications system: a. stream orientation: A ----->>>> B (data)....breaks up into bytes...(bits flowing).....(receiving machine) ....flow of data.... b. connection oriented: somehow the sender and the receiver have gotten together to establish flow at the same time. somehow 'b' is connected logically to 'a'. doesn't rely as much on a physical connection as much as a VIRTUAL connection. c. buffered transfer -- in order to have reliable trasfer. holds until information is received. d. unstructured stream -- layers that move the stream have no concept of what is IN the stream. e. full duplex communications -- you can determine to send WHEN you need to send, not "when it's your turn" - which is half duplex. TCP Layer defines a TCP segment made up of header and data portions. This segment defined the control information and data space that is sent to the IP layer for transport. Some of this data might be dupliciated, or perhaps it's in a different form. This helps insure reliable commuunications. TPC Segment: (16 bits) SOURCE PORT DESTINATION PORT SEQUENCE NUMBER ACKKNOWLEDGEMENT PORT HEADER FLAGS WINDOW LENGTH CHECKSUM URGENT POINTER OPTIONS DATA Sequence Number Field - verifies the segment data size within limits of the size that you can store. verifies you're transferring same amount of data (as in sending and receiving) Acknowledge Number - byte stream sequence number that the sender expects to receive. Header Length - length of the data field in bytes. Flag - six bits - carries control data. (there are six flags that can be turned on). Such as: ACK - (acknowledgement) URG - (urgent) - tells the tcp layer this is urgent - should be delivered ASAP FIN - (finish) - goes in the last tcp segment. this is the last one in the stream SYN - (synchronize) - makes sure the data is synchronized. Window - how many more bytes can be sent besides the ones that are already in there? method to increase transport utiliziation not by sending one packet at a time, but by sending more than one packet of information at a time. checksum - provides error correction and reliability at this level. (treats the whole segment as a series of 16 bit numbers. when whole segment has been processed, you can place the resulting answer in the checksum field. resulting answer might represent overflow....but it is done because it's relatively easy to do. if one zero changes to a one and a one changes to a zero, something still messes up :) urgent pointer - indicates the first byte of data that is not urgent. sliding window approach - allows or does not allow for new information to arrive depending on the anount of information available. (shay p 525) differences between unreliable and reliable? - unreliable just means that there is no 100% reliable chance for the data to arrive correctly. reliable, of course, means error correction can allow the communication to take place with 100% efficency. if a wire breaks under reliable model - - packets will fail, and no ACK will be returned to the sender. therefore, it's detectable. DNS SYSTEMS ============ go 192.245.222.2 advantages and disadvantages of a "flat file" dns structure: advantages -- the lookup of short names was fast in a simple table disadvantages -- as the size of the internet grew, the table became to big to easily manage. Name conflicts arose without a central authority to give out names. As the table grew in size, using a central site for the DNS lookup caused increased traffic. new way to do it: build a distributed naming system using a hiarcihal data system. local.group.site .com commercial .edu education .org non-profit organizaiton .net network provider .mil military installation .gov us government .int international organization a typical address: cis.usouthal.edu New Domains: .store - merchants .web - parties that emphazise web activities .arts - art and cultural entities .rec - recreation logical view of web servers (root server) server server server for for for .com .edu .gov | | local local server server (usouthal.edu) each name server has a name server of a machine HIGHER up in the hiarchy. how do we improve each name server? - we remember all the different addresses that come by making a local table and "cached". if a request is sent back to a fellow who was non-authoritative - gets the information from the internet. two approaches for handleing the DNS resolution "out of date" problem: a) people wipe their cache tables on some timed event. b) use the information the server included when it responded. (packet=timeout?) 3/3/99 ====== SECURITY. The oldest and most widely used type of security is passwords. They have the following information associated with them: Authentication Period: Duration: A user might be related to or works for an organization for a certain period of time. Length of association: Might only have access for a certain amount of days. Might generally have periods of time when access is allowed or is not allowed. Composition: A password is a sequence of characters drawn from a larger population of characters. LENGTH: how long SIZE OF POOL: where the password can come from? BAD CHOICES: words in a dictionary. names. duplication (tomtom) some people use their lisense plate number, social security number, et cetera. Insert special characters: wowen, w$owen ; Letter replace: babbage, 2122175; Antonyms: stoplight, godark; Length: The longer the password, the harder it is to GUESS the password. (Hoffman developed this) T(to guess a password) = A^S *r *e /2 T = safe lifetime of a password A = passcode space (set of characters password comes from) S = length of passcode R = transmission rate of the computer's communication line E = number of characters exchanged per login attempt. delay factor [+D] - calculates how much time it takes for that exchange. Part of the problem with passwords is trying to figure some kind of system that provides security for your system, but does not provide an inconvinece for your users. 3/15/99 ======= Distribution of passwords: there are many systems that create the passwords in a central authority. Some person, more or less, is in charge of creating, storing, and managing passwords. when that happens, the password must be distributed to the user. [central authentication] -- -- >> >> [user] when you enter a password, it should be entered in such a manner that casual observers should not be able to gain access to your password. secure entry is a problem becase of this. storage of passwords: there are systems which store passwords in plain text. unix stores passwords in encrypted style. transmission -- the account name and the password should be sent next to one another. currently, they are NOT encrypted. if you were on a communications line, you could simply "view" the passwords in plain text as they come by your location. THREATS ======= damage - the ability to inflict evil, threats, or other things. integrity - this threat is the malicious modification of data, messages, or programs or the memory stored in the computer. (messages are things sent outside our computer) data - if any data is changed, it's rendered unreliable. programs - if any of the program is changed, it's also considered unreliable. memory - viruses can affect this - it's like another task. how can these threats happen? ============================ 1) un-authorized access -- someone who can find a way into your system. 2) trojan horse programs and viruses -- trojan horse is something that you think it will do one thing, and it will do something else. a virus "sneaks in". 3) data might be modified in transit. potential problems =================== 1) encryption. -- to render something useless although you can see it. 2) message authentication codes -- find some way to keep these things seperate whereas a person who modified a message wouldn't be able to modify the authentication code. 3) confidentiality / disclosure -- eavesdropping under the communications systems. now its easier than ever before. packet sniffing will basically report what information is flowing through data wires. 4) someone has gained information about the configurations to gain access to the systems. masquerading - if you can learn enough about systems, you could allow YOURSELF access. This assumes a valid identity when in fact you're not. potential solutions =================== 1) encrypt information so the information is useless to ya. 2) provide additional security - with a web "proxy". 3) denial of services - attacker seeks to deny user out of the resources of the system. (memory, programs, disk space) DNS Attack - don't have to deny access to system ; just reroute information somewhere else. flooding - sending tons and tons and tons of packets which takes a picture down. using up system resources - [memory, and disk system] how do you fix these? ==================== packet filtering - prevent information from THE bogus address from coming in. contact the CERT group - this is the internet security organization - 4) authentication -- attacker is attempting to impersonate a legitimate system user. our systems were designed using a trusted environment. ip address spoofing - what do we do about ghost addresses? system authentication - how do we know the users are really the people who should be in the system? beef up password systems, and build new systems that authenticate people better. WHAT IS IP ADDRESS SPOOFING? - address corrosponds to a different machine which might actually be an "evil" machine. You accept a packet thinking it's from someone else. 3/22/99 ======= potential solution: (to authentication) involves analysis of what it means to authenticate someone as a real person. A user seeks to gain access to resources, and there has to be some system to protect those resources. This system decides to grant access or not to grant access. There are three classes of authentication classes to grant these decisisons: 1) something known by the person: password prompt, information which is unique and uniquely known by the user that can be challenged and responded to by only that user. 2) something possessed by a person. (something like a key). It authenticates the entry into the automobile. :) 3) something about the person. (biometric) - thumbprint ; voice print ; retnal scan, et cetera. -- probably the most secure method of authentication. biggest problem is the technology required to gather that information -- not reliable. other solutions to authentication: (for non-login methods) digital signatures ================== suppose you have a message you wish to send -- plain text -- and you want to send it to this user -- user creates a public decryption key. user also creates a private ENCRYPTION key that they keep to themselves. This creates "cyhpertext", or encrypted messages. when messages gets to user, he takes the decryption key which was public, he decodes the message in plain text. this also works for "secure" messages too, you have one encryption key - and make it public to everyone. Then, there's only one DECRYPTION key - which you hold. why security? ============ we're attempting to MANAGE RISK. All forms of security are in response to different levels of risk which we face in either our data, our lives, or whatever. We have to find some way to manage risk. Risk Management: What is risk? Risk can only be reduced, retained, or transferred. Risk management involves risk analysis. eventually, an organization should come up with a risk management policy (of the organization), such as : what are the objectives of the organization? what is their current strength? willingness to take a risk? -- example of pepsi one -- how smart were they to take a risk? then decide which approach to take - quantitative or qualitative? (do you know the exact numbers or do you just want high or low?) how to decide upon security: =========================== 1) assett identifcation 2) evaluation 3) threat identification 4) vunurability ifd 5) threat / vunerability merger 6) predictave analysis 7) lost cost analysis 8) safeguard analysis data and examples: 1. asset identification: customer data file - needs protecting grandma's letter - probably doesn't need protecting. 2. asset valuation: exclusive possession - if an asset has worth because you and only you possess it, the asset is very valuable. [ie, coca-cola]. cost of creation or recreation of an asset - an object costs some kind of money to create. liability - object must be protected because assets will be lost if the secrets are revealed. convertability - if you were able to compromise the object -- say if someone transferred a bank account funds......and it were intercepted ; it could wind up in a different account ; a different location. operational liability - what do you do if the master inventory file went down? what if the school's master student record file went down? not good. :) threat identification ====================== can we identify the types of threats that affect our assets? computer electronic threats -- physical -- hurricanes, et cetera 3/24/99 ======= two month "operational impact" when the server was removed. Had to get a new keycard, et cetera for the server to operate again. vunarability identification -- the assettment of the probability that a threat might occur. how vunerable am i? how much is this gonna cost me? how likely is this to occur? this could usually be measured in cost: resturant fella who got hit by lightning, $30,000 out. :) eventually, you need to merge your threat and vunerability - merge them. ===================== every vunerability must be compared to the potential threat it faces. Then you assess what could happen. asset possible threat problem (probability) ===== =============== ======= billing file hard drive failure low drive erased (by accident?) (externally?) predictive analysis =================== by looking at this kind of information, you can figure out which combination of which of these are /is most likely to occur, or to be most damanging to the organization. This is usually where you want to start work. asset possible threat problem (probability) ===== =============== ======= picnic memo loss of data low we don't really care, because after the certain date the event is for it's useless ANYWAY...[unless it's creating a template for something else] Loss Cost / Analysis ==================== look at all these vunerability costs and find out what is the most quantitative or highest cost to the organization. (if you're coca-cola, losing the coca-cola formula was the worst thing). BUSINESSES WANT AN ANNUALIZED COST. so the loss might be 100 dollars a month (for a loss of business accounting data), but it will come out to be $1200 / year. safeguard identification ======================== what can i put in place to minimize or eliminate possible threats? as a safeguard solution, there is and usually is more than one way to improve the threat or minimize security. as a consequence, there are criteria for categorizing potential safeguards that are out there. evaluation criteria: (for the solutions) 1) acceptance - will the new safeguard feature be accepted by then staff and the users which will be using the system? [if you decide one solution is to require 36 char passwords that have to be changed three times a week, is this ACCEPTABLE? hehe...whatever!] ;-) people might have up sticky notes, which DECREASED the amount of security. 2) is the security measure auditable -- can the new control be tested in its new environment, and does it leave a good trail of what has happened? [if you try to build something that will keep hackers out, wouldn't it be nice to know if it actually worked? - it'd be nice to know if you could collect data to PROVE your security is working and WHEN is it working?] (security cameras in 7-11 stores are a good example) 3) is the security method COST-EFFECTIVE? - - how much money will you spent to protect the picnic info? -- the security might cost more than it's worth. 4) growth - does the security safeguard NOW? and as the system grows? 5) is a safeguard ROBUST? - does the security measure that you're choosing rebost enough to provide security without itself having to be a secret from everyone? [example, someone bypassing the camera systems by putting a photo up or something...] management decision =================== the management must make decisions based on some kind of decision making structure. (the collective threat cost -- subtract collective security cost ==== sum of acceptable risk level) collective collective acceptable threat - security - risk cost cost level ============================================= $45,000 45,000 $150 $44,500 (cost of car) (insurence cost) (is this acceptable?) generally, i'd go out and get a better insurance policy that would pay me nearly immediately, no questions asked. now...if you choose to avoid the risk.......you generally must CHANGE the way you operate. doctors stand a risk of malpractice. so, to avoid the risk of saying -- baby birthing -- doctors simply don't do it anymore. to CONTROL the risk -- you implement controls. get into corporations, make the risk harder to take on. to limit the risk - you want to buy insurance to help cover the risk of loss. accept the risk - you keep on truckin'. ;-) don't give a damn ;) carry a rabbit's foot, thou :) how do you GET security? ==SECURITY SOLUTIONS== ======================== in the web environment, there are only two sides to protect security - on the client side, and on the server side. in CLIENT SIDE SOLUTIONS, if you go back and think about what happened back in the olden days, we had communication programs which communicated from a trusted user to a trusted host. Now, modernly, now only has the environment broadened, you're still considered a 'trusted user', but there are many many many hosts. I now have no way to know which hosts are trusted or not. trusted user - - - - - > > > > > > > trusted host additionally, in this trusted use environment, we had simple user applications that did simple things. (a few applications did a "few" functions). The currnet user doesn't want to live in that environment, so we have more complex applications that perform more functions. for the record, MORE is NOT better. ;-) basically, you should always seek the most simplistic method. cookies ======= When you attach yourself to a webserver, the webpage on that server can have some tags in it that allow the browser to store information on your local machine's hard disk called a COOKIE. The information capable of being able to store there is limited, but it does store something on your hard drive. The reason it was initially put in there was because it allows us to solve some problems that we can not solve in this web environment: first of all : it's impossible or damn near impossible for a web browser to indicate to a webserver who you are. a good example of this is site personalization. Amazon.com and other organizations have problems as well - starting with redundant information. On your local machine, the cookie can store your "intermediate info" and conitnue where you left off. Also - targeting marketing - if they can figure out what you like, they can customize marketing TO you. 3/29/99 ======= Cookies do not post a signifigant threat as much as they pose a privacy problem and kind of a nuisense. The issue and difference between privacy and security are differnet. security - talks about damange or potential intersection of data for misuse. privacy - some of that same issue, but it's personal information about you. social security number basically can be a unique identifier. what about the web and how does it find you? it can give directions to someone's house. now...what is a cookie? there are two programs that develop cookies [ie and netscape]. this is the netscape definition of a cookie: netscape will allow you to store 300 cookies. maximum cookie size can be 4,096 bytes long. in netscape, one single site can send you 20 cookies. fields: name field domain field expires field cookies can NOT get information from your hard drive encryption ========== unreachable and undecipherable unless you had the secret code. several types of ciphers: symmetric ciphers plain text -- >> encrypt --> cipher text -- >> decrypt -->>> p.t | symetric cipher | problems with ciphers: 1) key must remain safe on both ends 2) you must have secure transmission from point a to point b. common cipher methods: DES standard - data encryption standard [64 bit chucks of data and applies a 56 bit key to it] -- this produces a cipher text. idea standard - international data encrypion algorithm - in both of these approaches, if you changed only one bit - the data would look entirely different. This makes it difficult for ANY errors to allow the message readibility. biggest problem with this algorithm is the length of the key [government restricted] HASH functions ============== takes any kind of data, runs it through an algorithm, and produces a fixed-length result. data -->> hash function -->> fixed length data. advantages: this type of data is very fast to encrypt. should be and IS difficult to reverse. produces no collissions - [no possibility two pieces of data sent to the same function could produce the same output] MAC - message authentication code ================================= for messages that run in encrypted environments, there is a need to have a message authentication code running out there. if you sent a message encrypted, becuase the cipher text runs in plain view, it would be nice to know that the cipher text delivered to the receiver side was not altered during transit. the conclusion of encryption does not guerentee that. message to take additional encryption technology to insure the message is authentic. public key system of encryption =============================== generate keys -- public key - encryption key private key - decryption key step one - type message step two - encrypt using public key step three - send encrypted message which includes cipher text step four - privaate key is decrypted with private key. 3/31/99 ======= certificates -- done through a third party. certifies the person who actually placed an order. can be "trusted" through either the receiver or through the 3rd party. includes personal certificates. currently there are no security protocols on the net saying this is how this should work. there is a move to adopt standards in this area. pki - public key infrastructure - looking to find a way to standardize this information so that all software can read keys and certificates generated by third-party. third parties are basically "certificate authorities..." a big section of security -- javascript and active x security! =============================================================== javascript and activex have been developed to improve the flexibiliy and capability of the browser running on the local machine. the problem is java code (byte code) is delivered to and executed on the local machine. we don't know exactly what the code is supposed to do. we did not design it ourselves, we haven't tested it ourself, et cetera. applets -- are bought into the local machine. java security -- it supports machine independence. java uses an intermediate language called byte codes. byte code is stored on the system and dispatched to the local machine. this byte code contains the "java virtual machine". this basically reveices the byte codes and translates this into something that can run on muy machine. java provides its security by limiting what the virtual machine can do. java byte code executes in a sandbox. java.sun.com/sfaq/ -- how security works http://www.java.org.il/hostile/hostile_applet.html -- how it doesn't work. :) ACTIVE-X ========= Microsoft's counter-proposal to java applets. it's very similar to java's applets -- but this is "microsoft's version". they use a "code signing" mechanism. uses "authenticode" which is placed in your control. flaws for this whole concept are great in number. their key-length is 1024 which is pretty big to break. the biggest flaw is the issuing or "screening" of developers and code. if you're going to issue an authenticode certificate, how would you do that? basically we're dealing with the majority of folks saying "don't run activex". secure-socket layer (for a stream of data) =================== developed by netscape. data -->> encrypy -->> decrypt -->> data works very similarly to encryption technology. only problem is...um...there has to be some coordination between systems on public keys. steps: step 1 -- create a handshake between the two entities. step 2 -- do you want to have a secure socket layer transmission? ok, yes? ok, we need to have a key. each system generates random numbers. Those bits generate each key....half a key on each end...and then they are put together. a secure transmission begins. this becomes a stream ; and once the session is finished, you terminate the keys. step 3 -- terminate and discard the system. netscape and microsoft both use this. :) by the way, httpS - if for message oriented data. **test 3 start** 4/12/99 ======= Security in the internet e-commerce world is going to become more important as each day goes by. client side security are things done on the local side of the internet. applications on the server side are network oriented. here's the problem: O---O---O--- [network] connected somehow to the internet....[via a gateway, router, something...] access vs. security. what am i protecting on the inside? [private resources] data. confidential information. [public resources] web server. the delima is the more security that is actually on the system the harder it is to aceess the system, which is a direct conflict with what we want it to do. [thanks yvonne!] the way we plug machines in (rather we're in front of or behind a firewall) makes a lot of difference as to how well systems are protected. an intranet is a local area network that generally uses the tcp / ip protocol. an intranet allows you to simplify the configuration of the network. solutions to security problems for intranets ============================================= a firewall has traditionally been the solution for local area networks. advantages: if we have firewalls, they provide us with the following advantages: 1) it can manage access to the internet. 2) provides a single access or choke point. keep unauthorized users out by tracking addresses, et cetera. 3) provides a convient point for monitoring - [to see if someone is attempting to hack your system] 4) allows you to manage ip addresses. (DHCP) - dynamic host configuration protocol. 5) monitor internet usage - [how much traffic flows through there?] disadvantages: 1) it can not protect us from attacks that do not go through the firewall. someone gets a modem because it's so difficult to get access through the in-place network. 2) can not protect against traitors and bumbleing users. 3) can not protect against viruses or trojan horses that flow through the system. 4) can not protect against a data driven attack. 5) it's a single failure point. (two ways of looking at it) - if you breach the security of the firewall, you're in. OR if the device FAILS, you're cut off from the outside world. so....if security is breached, then there is no security. if the firewall fails, the link is broken. except - the two are no longer linked together. the attack ========== how does it happen? 3 steps: 1) gather information about the system. get as much as you can. there is a suite of tools called s.n.m.p - simple network management protocol. addditionally, there are a whole lot of traditional unix utilities like ping, traceroute, finger, talk, et cetera that will tell you how to get there. 2) probing for security weaknesses. there are a list of known security holes in unix, et cetera. there are tools (like satan) which was written by a security consultant that checks a unix environment for its security problems. you can find out problems with system setup. 3) accessing the system. if you gain enough information to lead to a successful attack, there are a few things that hackers might do. goals: destroy information on the system. [delete files, corrupt files,et certera] install software to gain more information use "compromised system" as a launching pad for another attack. 4/14/99 ======= packet filtering - there is all kinds of information in a packet which needs to be filtered. here is how this could work: - - - - - - - - | =========================| | | | | | |ROUTER|---->>>>>>internet O O | O | | | - - - - - - - - - security parameter solution to the problem: setup a set of filtering rules. (rules in addition to sending information along to its destination). If i were to provide security for my local system, then the THREAT is out "there" (on the net). That means the packets i would want to look at are the packets being delivered TO the router (which means I know which end they're coming in on....) so basically, i could develop a set of rules and look at the header information considering things like: a) destination addresses b) port numbers c) packet types [there are different types - tcp/ip, udp, icmp, et cetera] so...you might say something like : if incoming packet matches a pass rule ; forward the packet. if not ; discard. some packets will not match EITHER rule. [if you have conditions on BOTH sides...] - should we forward or discard? types of packet filtering - service dependent filtering : says filtering rules are applied to a different type of service. (you could open or deny ports that you're interested in). disable port 21 - there would be no FTP. disable port 23 - there would be no TELNET. then you could add address information to the rules.. service independent filtering : says not all packets are attached to something as simple as a service port number. [as a consequence, you're back to the rule where some people might get through...] so you use something besides a service type... potential attacks: (source) address spoofing. one of the most popular methods is to "imitate" the address as being from actually INSIDE your network. this is a potential problem [you could use a source address that seems to be an address you would pass ; typically on the inside] tiny fragment attacks: sending though an initial packet which is good, saying "there's more to come". If you have a non-intelligent router, you can "sneak" other BAD things through. advantages for having packet filtering: ========================================= most everyone already HAS a router. disadvantages: ============== rules are complex (takes someone with experience, knowledge, et cetera - to set it up) there is no place to test this..(except in implementation) info-article at: http://www.3com.com/nsc/500619.html proxy servers / application firewall / application server/ proxy firewall / bastian host ========================================================================================= we want to isolate our local system from the rest of the world. one way to do that is to look at the kinds of things we do (these services we do such as telnet, ftp, et cetera) works same way (diagramed) as a firewall. What is a proxy? unix has LOTS of security flaws. telnet has about 25,000 lines of code in it. how a user might use this: for security , there are some slight changes in the operation. if i make a telnet reqest, i have to request the 'right' to use the secure version of telnet. a) the first thing that would happen is you have to authenticate yourself to the application firewall. b) initiate a telnet session (or whichever service). the proxy server will then initiate the service through the internet using the proxy server's IP address as the source. advantages: (of using this approach) - and this is a widely used version of this software ========================================================================================== a. control over each service. b. you control the features of the service and limit commands (say, that you could do on telnet) -- to a secure set. c. you control the types of services allowed. [so you install whatever services you need on the proxy -- and if the service is NOT installed, you can not use it] d. supports STRONG user authenticaion. (becuase we're going to do this, you might want to add user identification. then give the user permissions) e. can support the address translation / support feature. [network address translation]. f. usage logging - who went where? to do what? g. filter rules are simpler 4/19/99 ======= disadvantages: a) user behaviors - people don't necessarily like to telnet through two people. in some instances, proxy servers require that. b) proxy servers require dedicated equipment. in the past, machines were extremely expensive. this isn't as bad a problem NOW as it used to be. c) no other uses are allowed - any additional uses are potential security breaches. CIRCUIT - LEVEL FIREWALL -- =========================== means i trust the internal users -- therefore, actual users notice nothing is going on really - but the "firewall" changes the return address to the firewall, so returning traffic is handled BY the firewall - therefore, nto accessing the internal systems. DESIGN CONSIDERATIONS: a) simple packet filter -- check the addresses of incoming and outcoming packets. b) screened host firewall - an improvement -- first level of defnese- filter stuff out. another layer handles secured. internet -->> filtering router -->> bastian host -->> intranet c) dual homed bastian host - has two network interfaces. one for the intranet, and one for the internet. internet -->> internet-sides bastian host -->> intranet bastian host -->> intranet d) screened-subnet-firewall internet -->> filtering router -->> bastian host (single or dual) -->> ANOTHER filtering router -->> intranet (demilitarized zone -- includes ROUTERS and the bastian host) virtual private networks: ========================= LAN 1 LAN 2 [mobile] [bhm] \ / internet.. LAN 1 -- intranet -->> bastian host -->> filtering router -->> ==internet== LAN 2 -- filtering router -->> bastian host -->> private internet virtual private network provides "security encrtpyion" -- encrypting everything via the internet -- at which point it is decrpyted on the other side. location of web server: IT DEPENDS. hhe A fundamental security question arises: where should the web server be located (inside or outside). The answer depends upon the desired security level. if no access is required from the inside, the sever could be placed on the outside with the router and allowed to operate there. if access is required by the intranet users, then protecting them from the outside may take precedence over the ease of access. proxy srevers can control the access. a screened-subnmet method might be used to locate these areas of the organization into a semi secure area (the dmz) and provide security elsewhere. 4/21/99 ======= Site SECURITY ============= Purpose: To formally capture / define the mechanisms that provide security. A formal written policy which informs all the players (management, staff, and users) of their rights and responsibilities. Who makes the policy? : Initially, you MUST HAVE MANAGEMENT SUPPORT. They must buy into the idea because ultimately they must support it and fund it. Some of the people who are involved might be: a. Site Security Administrator (could be webadmin, et cetera) b. IT Support Staff (develop operations, et cetera) c. Group Administrators for users (if you had finance, marketing, productions, et cetera) d. The security response team (the people who go to work when a security incident occurs) e. management -- they empower everyone ; they're the ones who say it is ok to purchase the equipment. f. representatives from the users -- people who use your system help determine policies. POLICY ISSES: ============= a) Characteristics of a security policy: a policy must be implementable. b) Policy must be enforcable: you could develop a policy that you can not enforce. for example - suppose someone logged on and you required them to do a certain activity which was in violation of the security policy. this -- would be non-enforcable. c) It must be clear and unambiguous. [anyone who reads it should be able to clearly understand the responsibilities, pentalties, rights, et cetera of the policy] d) policy element - inclides several components - 1. hardware purchasing guidelines (if all machines ahve a password in BIOS - and someon buys a machine WITHOUT a bios password, your security is breached) 2. privacy policy - needs to be clearly stated, should explain what kind of monitoring is going on - what happens with it....et cetera 3. access policy - defines the users rights and privlidges pertaining to the organizations asseets. ex - if you work in payroll, you can look at payroll. don't look at anyone else's informaiton. should also annouce this policy at logon time. 4. accountability policies - specifies the responisbilities of the system's users. included audit information, incident reporting, and penalities for violations. 5. violations reporting policy - specifies how people should report a security incident and how it is reported. 6. availability policy - need to be able to tell people what their policies are, when and where the systems will be available, state recovery issue policies, et cetera. 7. system maintainance policy - what do you do if the system goes down and you must bring people in from outside. 8. Authentication policy - establishes who the authentic users are. DEVELOPING A POLICY =================== RFC - 1244 - request for comm... "site security" handbook - available from the cert organization. when we develop a plan, a complete security policy will provide equal coverage for all areas of the system. A complete security policy will: ** provide equal coverage ** list all components that need be protected (data, machines, et cetera) ** include plans as to how a security incident is handled. ** include plans as to how the policy will be communicated to the people. the site security manager might have to stamp out security problems which came from the inside because the security policy was not made public throughout the organization. ** should establish and adopt a security policy (and model) models range from everything ON or everything OFF - everything is OFF by default, and when it's needed -- it's turned on for the individual who NEEDS it...and then turned off again. the other end of the spectrum might be ALLOW ALL. SECURITY TOOLS ============== some of the areas that security must be provided for includes: data security and privacy (confidentiality) Encryption tools, PKI (public key infrastructure) Third party certificates Authentication Systems Limiting access to systems (firewalls, packet filtering, et cetera) tool for automating reporting of problems incident handleing - tools insure systems and data are preserved immediately. determine nature and source of the problem -- not only eliminating it, but also try to insure it doesn't happen again. consult legal counsal. finally - PUNISH THE ATTACKER! haha 4/26/99 ======= REVIEW... OPERATING SYSTEMS - what they are good for...? several concepts we should know: #1 - primary function is resource management. #2 - web servers must be in a multi-tasking environment file system management, resource management, task management #3 - types of multitasking - pre-empetive or cooperative. communications - how do they talk... there are 13 of them. osi model - 7 layers guided media - copper wire - et cetera... bandwidth carrying capacity. - range of frequencies vs # of bits per sec connection stratagies. - how systems are connected together. circuit switching single dedicated path...dedicated during entire communciations sessions different packet sizes...atm switched system... advantages and disadvantages of packet switching internet protocol suite...et cetera (4 layers) --->>. communication across a path HOROZONTAL is logical | | - communication DOWN a path is PHYSICAL there are special addresses for broadcasting, et cetera address resolution problem vs rarps several solutions - caching...data capturing...et cetera... reverse arp problem - machine doesn't know ip address doesn't know it's IP address. subnetting.