Transcript WHAT ARE THE THREE "CORE/KEY SKILLS"?

COMP2221
Networks in Organisations
Richard Henson
February 2013
Week 4: Some Important
Network Operating Systems
• Objective:
 Name significant network operating systems in
developments towards today’s/tomorrows
organisational networks
 Briefly explain features of a typical network
operating system (server end & client end)
 Explain a (network) operating system architecture
in terms of a multi-layered model
What are Operating Systems?
• Bundle of Software!
many programs working together
• Used to make the computer function
control of hardware
platform to support applications
• including user interface
utilities to control the platform
• e.g. disk/file management
Software Layers and
Operating Systems
Applications
Operating system functions & user interface
os kernel
CPU, motherboard
What if the Operating System
has software faults?
• The platform becomes “unstable”!!
• Could be errors in
hardware control?
user interface?
utilities?
• What would happen to:
applications running on a poorly designed
platform?
businesses depending on such apps?
Software Faults & CWE
• Mitre: classified fault types into a Common
Weakness Enumeration (CWE)
community developed, formal list of software
weakness types
• Use of CWE:
common language for describing software
weaknesses in architecture, design, or code
6
[TSI/2012/183]
© Copyright 2003-2012
More about CWE
• Currently 810 distinct CWE entries
identified!!
more commonly encountered weaknesses
usually “repeat offenders”
• CWE provides:
standard measuring stick for software tools
targeting software weaknesses
common baseline standard for efforts to
identify, mitigate, and prevent software
weaknesses
CWE Top 25 faults (1)
Rank
ID
Name
1
CWE-79
2
CWE-89
3
CWE-120
4
5
6
7
CWE-352
CWE-285
CWE-807
CWE-22
8
9
CWE-434
CWE-78
10
11
12
13
CWE-311
CWE-798
CWE-805
CWE-98
Failure to Preserve Web Page Structure ('Cross-site
Scripting')
Improper Sanitization of Special Elements used in an
SQL Command ('SQL Injection')
Buffer Copy without Checking Size of Input ('Classic
Buffer Overflow')
Cross-Site Request Forgery (CSRF)
Improper Access Control (Authorization)
Reliance on Untrusted Inputs in a Security Decision
Improper Limitation of a Pathname to a Restricted
Directory ('Path Traversal')
Unrestricted Upload of File with Dangerous Type
Improper Sanitization of Special Elements used in an OS
Command ('OS Command Injection')
Missing Encryption of Sensitive Data
Use of Hard-coded Credentials
Buffer Access with Incorrect Length Value
Improper Control of Filename for Include/Require
Statement in PHP Program ('PHP File Inclusion') [TSI/2012/183]
© Copyright 2003-2012
CWE Top 25 faults (2)
Rank
ID
14
15
CWE-129 Improper Validation of Array Index
CWE-754 Improper Check for Unusual or Exceptional
Conditions
CWE-209 Information Exposure Through an Error Message
CWE-190 Integer Overflow or Wraparound
CWE-131 Incorrect Calculation of Buffer Size
CWE-306 Missing Authentication for Critical Function
CWE-494 Download of Code Without Integrity Check
CWE-732 Incorrect Permission Assignment for Critical
Resource
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-362 Race Condition
16
17
18
19
20
21
22
23
24
25
Name
[TSI/2012/183]
© Copyright 2003-2012
Software Weakness Mitigation
• What to do about all these faults….?
• Many concepts and practices
needed for Trustworthy Software
have existed for many years…
“Due Diligence”
Pareto 80:20
10
[TSI/2012/183]
© Copyright 2003-2012
Due Diligence
Implies software should be
reasonably trustworthy….
• what does “reasonably” mean?
Implementations vary with Audiences
and Assurance Requirements
Pareto 80:20
(favoured by TSI)
Iteratively using existing experience
Interpreting for common good
Example:
• switching on and acting on Compiler
Warning Flags…
• obviates many common “repeat
offender” weaknesses
• If only this was normal practice!!!
2011 Vulnerabilities from
Major Vendors
[TSI/2012/183]
© Copyright 2003-2012
Apps and Operating Systems
• Applications need a platform…
better designed platform…?
• easier to design trustworthy apps
• Mobile phone app vulnerabilities by malware
for platform (F-Secure, 2012):

http://www.f-secure.com/static/doc/labs_global/Research/Mobile%20Threat%20Report%20Q3%202012.pdf
Apple iOS: 1.1
Symbian: 29.8
Android: 62.8
Windows mobile: 0.6
Why the differences?
• Apps written to use operating system
(os) platform appropriately…
well designed os restricts/prevents
inappropriate use
poorly designed os allows sloppy habits
• but may have performance advantages… (!)
• e.g. Android top 25 vulnerabilities (CVE):

http://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id19997/Google-Android.html
Early Operating Systems
• Each of the early computers was
unique
 each had to have its own purpose-built
operating system
• IBM: world’s first mass produced
“mainframe”
 IBM 701 (1952)
• purchasers expected to write their the
operating system themselves!
• first “mass produced” operating system
written by General Motors: GM-NAA I/O in
1956

adopted by IBM as IBSYS
 IBM hugely successful; by 1980s,
allegedly bigger than US government (?)
First British Operating system
• Leo 3 was the first mass produced British
Computer
 94 units built 1961-1969
• full list of buyers http://www.leocomputers.org.uk/newleo3s.htm
 each had a loudspeaker connected to the
CPU… so operators could tell if it was “looping”
 had a multi-tasking operating system called
“master program”
• Some continued in service until 1981
First Minicomputer
& Operating system
• Produced by Digital Equipment Corporation
(DEC) in 1963
 called the PDP-6
• “mini” in size compared to mainframes
• huge by today's standards
 operating system called “monitor”
•
•
•
•
•
evolved into the TOPS10 (1970)
ran on the legendary PDP-10
still going until 1988
can get it even now:
http://www.inwap.com/pdp10/96license.txt
Unix
• Spin-off (1969) from project MULTICS
 First attempt at a multiuser operating system
• Consortium including Bell Labs, AT&T,

US equivalent of BT at that time
• FAILED! Too ambitious…
 Bell Labs: cut down derivation called UNICS -> UNIX
• written in assembly language by Ken Thompson
• sharing of processes also being explored in The ARPAnet
project
• Commercial Challenge:
• DEC PDP-7 minicomputer
• needed a general purpose “time sharing” operating system
for multiuser use…
• their own os “monitor” had not yet matured into TOPS-10
Thompson, Ritchie,
“B”, NB, “C” & Unix
• Thompson looking for a high-level language
to develop a time sharing os
• briefly toyed with Fortran
• worked with colleague Dennis Ritchie to create
their own higher level language – “B”, based on
BCPL
• http://cm.bell-labs.com/cm/cs/who/dmr/kbman.html
• development of B = newB (NB)
• development of NB -> C
• Unix kernel was rewritten in “C” (1973)
Development of Unix/C
• “C” compiler completed by Ritchie in 1972
• Further commercial Unix versions (for
•
•
Honeywell & IBM) released in 1973
“C” further developed during 1973-7
Full definition of language as Kernighan &
Ritchie “C” (1978)
 rapidly gained universal acclaim
• Unix still written in “C” to present day!
 32-bit processing from the outset
Open Sourceness of Unix
• AT&T not allowed to be a commercial
company
• could not sell Unix
• gave a copy away free to any developer who
wanted to use it!
• many universities contributed to its development
• Result (in 1979): Unix version 7
• still recognisable today!
Silicon Valley, TCP/IP and Unix
• University of California created The ARPAnet
(1969)
• 1975 onwards: Berkeley, north of San
Francisco
• hub for its own unique brand of Unix developments
• start of “Silicon Valley” (IT hot spot around SF)
• ARPAnet team
• developed TCP/IP
• 1980, gained approval through RFC
• operating system that would support TCP/IP arrived
in 1983…
• Berkeley Unix (v4.2) packaged with TCP/IP protocol stack
• Sun Microsystems producing the hardware…
Bell Labs Unix becomes
Commercial…
• US Dept of Justice broke up AT&T in 1984
• Bell Labs then allowed to sell their Unix source
code…
• Fortunately for SCO (Santa Cruz Operations)
they had ported Bell Unix to Intel hardware
the previous year (!)
• SCO Unix for PC became a lucrative business
market
• operating system provided security on a PC where
DOS couldn’t…
Bad days for Unix…
• Unix free by nature from outset
not so on an Intel PC, thanks to SCO!!!
Bell Labs jealously guarded the source
code…
universities lost interest
• Unix became expensive to buy… and
was still not user-friendly or easy to use
so even more expensive to own!
Linux
• From 1992 (Linus Torvalds, University of
Helsinki) made free Unix possible again!
 LINUX – based on his name…
• Took…
 Stallman’s GNU open source Unix
• which Tanenbaum had developed into MINIX…
 very stable
 secure file system
 very efficient, optimised code
 earlier versions ran on an Intel 486!
• Still Unix, still a server-end system
 for client-server networking, need client-end
software:
• e.g. Banyan VINES
Linux
• Still freely available via Internet!
• Huge range of software tools for managing
•
UNIX networks available for download
Problems (compared to Windows):
 not as easy to manage
 limited on-screen help
 limited range of good application software
 not all hardware has UNIX/LINUX driver software
Linux for Mobile
• Variety of platforms:
Symbian
Android
• If Linux is so good re trustworthiness &
security, why is Android so bad???
Operating Systems for PC
Ethernet Networks
• Original Topology (1980s, early 90s):
bus, coaxial cable & BNC connectors (!)
• DOS?
No way! not designed for:
• server end stuff
• distributed communications
• security…
Windows Server
Developments since 2000
• 2003 Server
 more improvements to active directory
 64-bit version available!
• 2008 Server
 file system enhancements
 active directory:
•
• directory tree extended
• better management tools (larger networks)
Although Bill Gates may have retired, Steve Cutler is
still with them (helped with “Azure” and now…Xbox)
 http://www.amd.com/usen/assets/content_type/DownloadableAssets/Micr
osoft_Video_Statement.wmv
Client-side Developments…
• Microsoft Domination…
 XP: finished off the evolution from Windows 95/98
 Vista: mainly a desktop change
• not universally appreciated!
• mobile devices started to have:


CPUs & operating systems (!)
user interfaces & use apps…
• Reaction to Vista…
 Apple became popular
 other “mobile” desktops became popular
• Windows 7 stopped the rot…
• Windows Mobile: good platform for apps
 but Windows client-end dominance lost for
good…
So, which Server operating
system would the larger
company use today?
•
•
•
IBM, or other “mainframe”?
 why not?
Windows 2008 very popular with finance
industry & previous IBM customers!
Unix (incl Linux) popular with previous
DEC customers
 still cheaper than Windows
 still more complicated, but suits
companies that value and develop
technologies
And the small business?
• Lot of contradictory advice
use Linux!? Windows? Apple?
Don’t bother?
• use virtualisation
• Outsource
Don’t bother with… clients? servers?
• use The Cloud
• BYOD (mostly users own smartphones)?
• Who should they listen to? Why?
And os platforms for tomorrow?
• Need to plan ahead…
crucial if involved in procurement for and
management of networks
investment could be expected to last 5
years!
next Windows/AppleOS/Unix/Linux?
others? will servers be “old hat”? Will all
clients be “dumb”?
• Time to do a little research...
History: Operating Systems
for PC Ethernet Networks
two popular client-server operating
systems emerged:
• Novell Netware


IPX/SPX protocol
not OSI compliant - proprietary & code secret
• DEC (Digital) PCSA


DECnet protocol
OSI & TCP/IP compliant - code open source
Netware - late 1980s
• Novell’s proprietary IPX/SPX network
protocol
network naming based on MAC address
• hardwired into network card during
manufacture
• Also, MHS protocol for messagehandling and email within the LAN
Novell Netware
• Cool Server stuff…
secure file system based on user, groups,
rights & inherited rights
supported mirroring, duplexing, RAID
TTS to reverse incomplete transactions
network resource names, etc. stored as a
separate bindery on each server
Other Features of Netware
• I/O optimisation:
disk caching
elevator seeking (disk accesses ordered
according to position on disk)
directory hashing
Strengths of Netware
Fast
• MAC address not IP, fewer headers, less
processing of packets
Secure
• awarded US gov Server Fault Tolerance
(SFT) grade III

when used with server duplexing
Enduring Problems
with Netware
• Only ran on Intel Platform
• Reliant on DOS/Windows at the client end
• NDS (Directory Structure) not X500 compliant
• Not directly compatible with TCP/IP
 interprocess communication based on IPX/SPX
 used MAC addresses (fixed on network card) as
unique identifiers, rather than IP addresses
• Not suitable for peer-peer networking
• Not pre-emptive in handling processes
What happened to Netware?
• V.successful in early 1990s
better sales than DEC PCSA architecture,
even though the latter was OSI compliant
(!!)
• SPX/IPX faster than TCP/IP…
70% of the PC network market
What happened to Netware
• Didn’t see what was coming (Microsoft!)…
 DEC mini computers lost market share
• everyone wanted a PC network
• main LAN rival DEC was being sold off and “asset
stripped”
• future looked bright
 BUT…
• by 1998, Novell Netware sales were sunk
• by 2000, even Oracle stopped supporting them
• only kept in business by merging with Red Hat Linux
More on DEC
(Digital Equipment)
• World’s most innovative computer
company for many years…
as already stated - first minicomputer:
• PDP-1 (Programmable Data Processor)
first UNIX/C implementation
• On PDP-5
DEC continued…
• Most successful minicomputer:
 VAX (Virtual Address eXtension)
• First virtual memory operating system
 VMS (virtual memory system) for VAX
• First commercially successful RISC chip
 alpha
• First commercial Internet domain & website
• First successful search engine: AltaVista
Organisational Networks
in 1990
• Business/finance companies:
usually IBM networks
• Science/Technology/Engineering
companies:
usually DEC networks
• Smaller companies (SME size...)
couldn’t justify/afford networks!
Where did DEC go?
• Second biggest computer company in the
world in 1990!
 over 100000 employees!
 with early 90s recession, went into decline…
• New MD in 1992, only accelerated the decline
 assets sold one by one…
• unkindest cut – alpha chip to Intel in 1997
 what was left (VMS) went to Compaq in 1998
• sold on to HP…
What happened?
• As with the downfall of IBM, Netscape
and Novell…
out-manoeuvred in business
perhaps the name Microsoft might help…
Microsoft and VMS…
• Now long enough ago to be of historical
interest…
Dave Cutler, brains behind DEC’s VMS;
• http://en.wikipedia.org/wiki/Dave_Cutler
went to work at Microsoft in 1988
• to develop “a new operating system” (NT)…
• DEC watching their mini-computers
become “dinosaurs” (1990-93)
pinned hopes on new RISC chip (alpha)
keen to get their alpha chip onto the original
Windows NT…
A tale of intellectual copyright
(and smart business)
• DEC saw NT as their big opportunity to get
into the PC server business
 expected Alpha chip platform/Windows NT to be
popular
 signed away rights to Cutler & co’s code – code
used in creating windows NT
•
• Microsoft effectively got the technologies behind VMS that
they used for NT… for free!!!!
• final insult… Intel platform preferred for servers (!)
Thanks to HP, and enthusiastic users, VMS lives (!)
 available for download at:
• http://www.openvms.compaq.com/openvms/freeware
Microsoft
& Network Operating Systems
• Whilst the US government was being defeated
in the courts by IBM…
 a deal that almost put them out of business was
pulled off by the young Bill Gates!
 story about IBM negotiations with Bill Gates
(regarding his mate Tim Paterson’s os):
• http://inventors.about.com/library/weekly/aa033099.htm
 and the tragedy of Gary Kildall (creator of CP/M,
main rival to DOS & one time business partner of
Steve Jobs)…
• http://www.businessweek.com/magazine/content/04_43/b3
905109_mz063.htm
DOS (Desktop Operating System)
• As was to be expected from a back-street
deal…
 DOS was an awful operating system…
 no way it could be satisfactorily used for even
multi-tasking, let alone networking…
 no way of
• logging in as an authenticated user…
• restricting access to resources…
 to the new (misguided?) computer generation…
• none of this mattered
 by the late 1980s Gates was the 4th richest person
in the world!
OS2, Windows,
and Windows NT
• By late 1980s, PCs being used for serious
business purposes
 IBM needed a serious operating system for the
PC…
 Microsoft worked them on OS2
 still didn’t see Gates as a rival!
• At about the same time…
 Cutler left DEC… joined Microsoft
 scope for a virtual memory operating system…
• (Windows)
Windows
• On the one hand
Microsoft were working with IBM on OS2
• One the other hand:
they were working on developing Windows
• and working with software developers to provide
applications for Windows…

users want apps, not operating systems!
• Guess which one won???
you’ve got it… Microsoft now bigger than IBM
Windows NT
• Windows… based on DOS
 virtual memory enabled multitasking
 but architecture fundamentally flawed…
• Stopgap while new “serious” operating
system being developed…
• using DEC technology…
 “New Technology” operating system quietly
released in 1993
 as a disguised front end enhancement to Windows
3.1
 known as Windows 3.11 (for workgroups)
NT Architecture
• Industry experts soon noticed that many
features were surprisingly similar to VMS…
 oddity… VMS + 1 = WNT (!!)
• But Microsoft’s customers were from a new
generation. The commercial desktop product
was still basically DOS, but Gates now
offered
 peer-peer networking and a simple network
protocol (NETBEUI)
 user-friendly graphical interface
 sharing resources on apps
 even TCP/IP compatibility…
Flexibility of Windows NT
(followed the Unix pattern)
Applications
Operating system functions & interface
Operating system kernel
hardware
Windows NT v Unix v Netware
• By 1994, three possible network
platforms:
Novell: fast, proven, scalable, well
established, but proprietary (NDS &
IPX/SPX)
Unix: robust, scalable, open source &
Internet ready but complex, & limited apps
Windows NT: neither robust nor scalable
• but Gates by now a past master at exploiting
weakness... (!)
Progressive Development of
Windows NT
Applications (Windows apps -> NT apps)
Operating system functions & interface (Windows)
os kernel (diff versions of NT available for diff CPUs)
range of CPUs, motherboards
NT version 4
• Released late 1996
Windows 95 interface & registry
many www features, incl. IIS (web server)
• Server end:
designed to support server applications
• no theoretical limit to number of users
now became a major challenge to Netware
(not TCP/IP compatible) & Unix (still not
enough apps)
main problem: not scalable
The 32-bit Windows NT
architecture
• Secure 32-bit kernel based on VMS
remains intact to present day
now enhanced to 64-bit
• (but this was supposed to happen originally
with “Windows 5”, to support DECs 64-bit
alpha-chip
• Separated kernel provided the
capability for NT, like Unix, to run on
multiple platforms
guess who didn’t like that idea!
Windows NT Architecture
• Supports pre-emptive multitasking &
multithreading
good for centralised control
• Secure file system (NTFS)
• Applications have separate address
spaces (unlike DOS/Windows… crash!)
up to 4 Gb of memory
up to 16 Eb of disk space (1Eb = 260 bytes)
NT architecture (continued)
• Server products have scope for
huge additional functionality…
offered as services
• Problems:
much code outside the kernel was
new; bugs had to be ironed out
each server had its own security
database; considerable problems for
scalability
Windows 2000
• The big one!!!
Designed to merge:
• peer-peer networking capabilities of Windows
• client-server requirements of LANs
• Microsoft technologies with Internet
technologies
Yet could still work with “DOS-based” i.e.
Windows 3.x/95/98 clients
• Microsoft’s own “history of Windows” (clientend/desktop versions):

http://www.microsoft.com/windows/winhistorydesktop
.mspx
Windows 2000 et seq…
• Scalable
Active Directory
•
•
•
•
X500 compliant directory service
even developed with aid of RFCs
multiple domains
enterprise-wide security & resource-sharing
arguably much better than NDS
• finished off Novell Netware…
Windows 2000 et seq…
• Secure… (!)
secure remote authentication
• with help from Active Directory…
Kerberos (IETF, RFCs)
PKI-ready (IETF, RFCs)
terminal services
• remote log on with minimal computing
resources
More Recent OS
Developments
• Novell survived (as a company) by:
 merging with developers of Linux
 continuing to support “legacy” Netware systems
• HP kept VMS customer base…
 once DEC alpha chip was history, developed
new Intel-based hardware platform (Integrity) to
interface with VMS kernel
• Linux (very) slowly gaining popularity…