Week 9, 10 and 11

Question 1

What is a distributed system? and what are the reasons for having one?

Answer 1

loosely coupled processors connected by a communication network

reasons

• resource sharing
• computation speedup
• reliability
• communication

Question 2

What is the difference between Network Operating systems vs Distributed operating systems?

Answer 2

network: users are aware of network, users are aware of local vs remote resources

Distributed: Users are not aware of network, data migration, computation migration, process migration

Question 3

Def: Data Migration

Answer 3

network file systems (in distributed operating systems)

Question 4

Def: computation migration

Answer 4

remote procedure call, stored procedures in databases (in distributed os)

Question 5

Def: Process Migration

Answer 5

Load Balancing,computation speedup, clusters (distributed OS)

Question 6

Network topology:

fully connected vs partially connected

Answer 6

fully: expensive, but every node direct to other nodes
Part: variety of possible connections, combinations possible

Question 7

LAN vs WAN networks

Answer 7

LAN: Local Area Networks
- high speed, high cost , Ethernet, short distance
WAN: Wide Area Network
- Long Distance, Internet, provate networks, routers, slow

Question 8

Def: Service

Answer 8

software entity running on one or more machines providing a particular function (file access)

Question 9

Def: Server

Answer 9

a machine running the service software

Question 10

Def: Client

Answer 10

process that can invoke a service

Question 11

Def: Client interface

Answer 11

operations on the service available to clients

Question 12

Def: peer to peer

Answer 12

when machines are both a server and a client

Question 13

what is Distributed file systems transparency?

Answer 13

remote and local disks look the same

Question 14

Def: Location Transparency
Def: Location Independece

Answer 14

trans: (static) name does not reveal location - share files
indep: (stronger, dynamic) name does not change in location changes, file migration - shares space

• separate naming hierarchy from storage hierarchy

Question 15

What are the three approaches to file naming?

Answer 15

1. host + location
2. Attach remote directories to local directories
3. total integration (global name structure spans all files)

Question 16

what are stateful connections?

Answer 16

connections between client and server is persistent, server keeps track of all clients

Question 17

Def: stateless

Answer 17

each operations is a separate request

Question 18

What are the three meanings of security?

Answer 18

1. Protection and Authentication (users only access information they have privileges for)
2. System Integrity (prevent execution of code by outsiders)
3. Information Security (statistical attacks)

Question 19

What are the four security levels?

Answer 19

Physical
Human
Network
OS

Question 20

What are statistical attacks?

Answer 20

individual pieces of information reveal nothing, collectively they reveal private information, statistics databases

Question 21

What is buffer overflow?

Answer 21

The most common attack, exploit bug as security hole

1. Write binary code into buffer, ending with a value that overwrites the return address and points into the buffer
2. Subroutine returns into the stack instead of to calling program protection -> don’t allow stack space to be executable!! don’t put buffers on the stack!

Question 22

what is ARM?

Answer 22

the return address is stored in the link register. If you do not call any other functions from the function, then leave it alone. Since any calls to a function will use the link register you have to save it on the stack, so still vulnerable

Question 23

when you check the size of the buffer on the stack what does it tell you?

Answer 23

• subtration is unsigned
• if stmt comparison is signed
• offset > 2^31, then failure
• file needs only be a bit longer than 1024 chars - small file
• should have used seek (seek changes the file read position)

Question 24

What is the canary value?

Answer 24

protection against stack overflow

• random value put on stack before local variables
• check before return
• if not the same, then has been modified by a stack overflow attack

Question 25

What is ARP poisoning?

Answer 25

a type of attack in which a malicious attacker sends falsified ARP (Address Resolution Protocol) messages over a local area network.

Question 26

How do you protect yourself against ARP Poisoning?

Answer 26

• don’t user replies you did not ask for

- if MACs changes unexpectedly, log changes, so a record available

Question 27

What is pharming?

Answer 27

a cyber attack intended to redirect a website’s traffic to another, fake site. (can be conducted by either changing the hosts file of a victim’s computer or by exploitation of vulnerability in DNS server software.

Question 28

What are variants?

Answer 28

function pointers in the head within range of a global buffer (simple overwrite)

Question 29

What if the buffer is in the heap (after pointers)?

Answer 29

• unused memory is kept in bins based on size of block

- each bin is represented by a double linked list

Question 30

What are Race conditions?

Answer 30

programs that fun with administrator priviledges - make a security check before doing an action (! Don’t execute something the user can change between the check and do)

Question 31

Def: worms

Answer 31

Automated program that breaks into another system and creates copy of the new system

Question 32

What is the distinction between work and virus?

Answer 32

the vector. Virus needs a human action, worm contains code to attach the next machine

Question 33

What are botnets?

Answer 33

A botnet is a number of Internet- connected devices. Botnets can be used to perform distributed denial-of-service attack, steal data, send spam etc.

Question 34

What is an intrusion>

Answer 34

signature based detection (virus, multiple login attempts)

anomaly based detection (something not normal)

Question 35

What are Root Kits?

Answer 35

Root kit is software to hide the evidence of system modification (often used by viruses and worms to disguise activities)

initial vulnerability is used to gain access, root kit is used to maintain access to compromised system

Question 36

Describe Couter-Intelligence Operations

Answer 36

after detecting malware, you provide a simulated environment (including new operator), replace systems it has access to, with fake systems with fake information

user root kit technique to hide the anti malware software from the malware