Week 9, 10 and 11 Flashcards
What is a distributed system? and what are the reasons for having one?
loosely coupled processors connected by a communication network
reasons
- resource sharing
- computation speedup
- reliability
- communication
What is the difference between Network Operating systems vs Distributed operating systems?
network: users are aware of network, users are aware of local vs remote resources
Distributed: Users are not aware of network, data migration, computation migration, process migration
Def: Data Migration
network file systems (in distributed operating systems)
Def: computation migration
remote procedure call, stored procedures in databases (in distributed os)
Def: Process Migration
Load Balancing,computation speedup, clusters (distributed OS)
Network topology:
fully connected vs partially connected
fully: expensive, but every node direct to other nodes
Part: variety of possible connections, combinations possible
LAN vs WAN networks
LAN: Local Area Networks
- high speed, high cost , Ethernet, short distance
WAN: Wide Area Network
- Long Distance, Internet, provate networks, routers, slow
Def: Service
software entity running on one or more machines providing a particular function (file access)
Def: Server
a machine running the service software
Def: Client
process that can invoke a service
Def: Client interface
operations on the service available to clients
Def: peer to peer
when machines are both a server and a client
what is Distributed file systems transparency?
remote and local disks look the same
Def: Location Transparency
Def: Location Independece
trans: (static) name does not reveal location - share files
indep: (stronger, dynamic) name does not change in location changes, file migration - shares space
- separate naming hierarchy from storage hierarchy
What are the three approaches to file naming?
- host + location
- Attach remote directories to local directories
- total integration (global name structure spans all files)
what are stateful connections?
connections between client and server is persistent, server keeps track of all clients
Def: stateless
each operations is a separate request
What are the three meanings of security?
- Protection and Authentication (users only access information they have privileges for)
- System Integrity (prevent execution of code by outsiders)
- Information Security (statistical attacks)
What are the four security levels?
Physical
Human
Network
OS
What are statistical attacks?
individual pieces of information reveal nothing, collectively they reveal private information, statistics databases
What is buffer overflow?
The most common attack, exploit bug as security hole
- Write binary code into buffer, ending with a value that overwrites the return address and points into the buffer
- Subroutine returns into the stack instead of to calling program protection -> don’t allow stack space to be executable!! don’t put buffers on the stack!
what is ARM?
the return address is stored in the link register. If you do not call any other functions from the function, then leave it alone. Since any calls to a function will use the link register you have to save it on the stack, so still vulnerable
when you check the size of the buffer on the stack what does it tell you?
- subtration is unsigned
- if stmt comparison is signed
- offset > 2^31, then failure
- file needs only be a bit longer than 1024 chars - small file
- should have used seek (seek changes the file read position)
What is the canary value?
protection against stack overflow
- random value put on stack before local variables
- check before return
- if not the same, then has been modified by a stack overflow attack
What is ARP poisoning?
a type of attack in which a malicious attacker sends falsified ARP (Address Resolution Protocol) messages over a local area network.
How do you protect yourself against ARP Poisoning?
- don’t user replies you did not ask for
- if MACs changes unexpectedly, log changes, so a record available
What is pharming?
a cyber attack intended to redirect a website’s traffic to another, fake site. (can be conducted by either changing the hosts file of a victim’s computer or by exploitation of vulnerability in DNS server software.
What are variants?
function pointers in the head within range of a global buffer (simple overwrite)
What if the buffer is in the heap (after pointers)?
- unused memory is kept in bins based on size of block
- each bin is represented by a double linked list
What are Race conditions?
programs that fun with administrator priviledges - make a security check before doing an action (! Don’t execute something the user can change between the check and do)
Def: worms
Automated program that breaks into another system and creates copy of the new system
What is the distinction between work and virus?
the vector. Virus needs a human action, worm contains code to attach the next machine
What are botnets?
A botnet is a number of Internet- connected devices. Botnets can be used to perform distributed denial-of-service attack, steal data, send spam etc.
What is an intrusion>
signature based detection (virus, multiple login attempts)
anomaly based detection (something not normal)
What are Root Kits?
Root kit is software to hide the evidence of system modification (often used by viruses and worms to disguise activities)
initial vulnerability is used to gain access, root kit is used to maintain access to compromised system
Describe Couter-Intelligence Operations
after detecting malware, you provide a simulated environment (including new operator), replace systems it has access to, with fake systems with fake information
user root kit technique to hide the anti malware software from the malware
