Distributed Systems
Download
Report
Transcript Distributed Systems
Distributed Systems
A Project for IST110 by Group 1
Professor Day
About This Presentation
All Important Definitions will be red.
Technical Facts will be in purple.
“Helpful hints” will be in blue.
Opportunities for Research will be in silver.
Distributed Computing
Distributed computing: the
process of aggregating the
power of several computing
entities to collaboratively run a
single computational task in a
transparent and coherent way,
so that they appear as a single,
large, accessible "storehouse"
of shared hardware, software,
data, and other things.
There are many
different kinds of
Distributed Systems,
but this presentation
will forcus primarily
on a Local Area
Network.
www.microsoft.com/technet/prodtechnol/visio/visio2002/plan/glossary.mspx
http://en.wikipedia.org/wiki/Distributed_system/ (no longer available)
LAN
Other similar types of
distrubed systems
include MAN’s and
WAN’s.
Acronym: Local Area Network
Definition: A group of computers, connected
through a network, that enables users to
coordinate their activities and to share
resources.
Technical
Specifications:
Maximum distance not more than a few km’s
Ownership by a single organization
Transmission speed of at least several Mbps (tens to
hundreds are economical)
Network Operating System
Abbreviation: NOS
Definition: Any operating system that includes
special functions for connecting computers and
devices into a local area network.1 However, the
term network operating system is generally
reserved for software that enhances a basic
operating system by adding networking features
Examples:
Novell Netware
Artisoft’s LANtastic
Microsoft Windows Server
1www.webopedia.com
Network Issues
Transparency
Scalability
Software Interface
Network Security (Intro) (in depth)
Transparency
Definition: A condition where an operating
system allows a user to access resources
without knowing if they are local or remote.
In other words, the entire network (and its
resources) appears to the user as one
large computer.
Most of the time, this comes in the form of
working with files located on another
machine as if they were local files.
Scalability
Definition: The ability for a network to expand or
upgrade to handle increased demand by the
enterprise.
Main system components should NOT need to
be changed when the scale of the system
changes.
Networks need to be designed with scalability in
mind.
Examples: Being able to add new user terminals or
adding processors to computers to handle a higher
amount of data.
Software Interface
Definition: Software that allows a user to
interact with a system and to allow them to
communicate with other devices within a
network.
http://www.personal.psu.edu/faculty/m/e/mes121/lec1b%20CL (no longer available)
Network Security
Computer security is the process of preventing
and detecting unauthorized use of your
computer. Prevention measures help you to stop
unauthorized users (also known as "intruders")
from accessing any part of your computer
system. Detection helps you to determine
whether or not someone attempted to break into
your system, if they were successful, and what
they may have done.
This topic will be addressed in-depth later in the
presentation (see here – slide 22)
Connections
Packets
Socket
Endpoint
Protocol
Ports
Packets
Packets: All information sent or received on a network is broken into
small pieces for transmission. These small pieces of information are
called packets.
Packets consist of three parts: a header, payload, and trailer.
The header contains the destination and source of the packet, and
some other important data for identification purposes.
The payload is the data itself. This is also known as the body of the
packet.
The trailer, or footer, include data that signals the end of the packet.
Some packets have error checking tools included in the trailer as
well.
CRC, or Cyclic Redundancy Check, is the most common form of error
checking. CRC takes the sum of all the “1” bits in the payload and
stores the result as a hexadecimal number in the trailer. The receiving
device adds all the “1” bits in the payload it received and compares the
result to the value stored in the trailer. If the values do not match, the
receiving device knows something went wrong and sends a request to
the originating device to resend the packet.
Sockets
Socket: A software object that connects an application to
a network protocol.
In UNIX, for example, a program can send and receive
TCP/IP messages by opening a socket and reading and
writing data to and from the socket.
A socket simplifies program development because the
programmer need only worry about manipulating the
socket and can rely on the operating system to actually
transport messages across the network correctly.
Endpoint
Endpoint: The place where a service
connects to a network.
Any single network interaction involves
two endpoints: one to provide a service,
and the other to consume it.
Protocols
Protocol: An agreed-upon format for transmitting data
between two devices.
The protocol determines the following:
The type of error checking to be used
Data compression method, if any
How the sending device will indicate that it has finished sending a
message
How the receiving device will indicate that it has received a message
There are a variety of standard protocols from which
programmers can choose. Each has particular advantages
and disadvantages: some are simpler than others, some are
more reliable, and some are faster.
Protocols only effect user’s in that the computer or device
must support the correct protocols to communicate with
other devices.
The protocol can be implemented either in hardware or in
software.
Ports
Ports: Software communication channels
represented by numeric values.
Different networking protocols operate on
different port numbers.
An oversimplified comparison would be
television – where each channel would be
a port, and the TV show would be the
data.
Information About The Upcoming
Sections
The Software and Hardware Requirements
Sections will be using the term “Home
Environment” to indicate a small-time, nonbusiness use of personal computers and a
personal network with four or less computers.
Because the larger privately used home networks
are very similar to small business networks, they
are being grouped into “Small-Business
Environment”.
Software Requirements
Software Environment Comparison
Home Environment
Requires
Operating System (with an
integrated NOS)
Network Browser
Internet Browser
Standard Home Security
Most of the time, all of
those items are included
in the operating system.
Upgrades or alternatives
are available, but not
required.
Small-Business Environment
Requires
Operating System
NOS
Additional Security
Hardware (next slide)
Security Applications
Additional
Authentication/Authorization Procedures
Network Browser
Internet Browser
Enterprise-specific
Software
Hardware Requirements
Hardware Environment
Comparison
Small-Business Environment
Home Environment
Requires
Personal Computer
Standard NIC
Internet Connection Method
Requires
Possible Extra
Processors/processing Power
High-Speed, Network-Specific
NIC
Security Hardware
Possible server
Bionic Security
Security Hardware to Prevent
Physical Theft
Extra-high processing power
Super-fast network
connection
Possible Routers
Possible Multipliers
Possible special, secured
location for server
Network Security
An Introduction to Network Security is
available here (slide 10 of this presentation).
This Section:
Interception
Interruption
Modification
Fabrication
Data Interception
Data Interception: unauthorized interception of data.
Every data packet has a path or route it will travel to reach
it’s final destination. This path is determined by special
computers called ISP gateways or routers. These routes are
chosen depending on link availability and the network load.
They can change a few times a day. All data packets must
pass through the ISP gateway, which is where the weakness
lies. This is the single point where all packets will pass.
Even when sending the same information, the packet never
travels the same path - but will always enter the ISP
gateway. After that, its route is almost impossible to predict.
This passage through the ISP gateway allows for easy
access to the information being sent. The only solution is
encryption. Encryption is discussed later in the presentation.
However, even on a private network, there are still risks.
Internal network systems are easily tapped into, as are
telephone systems.
http://www.blackmagic.com/ses/bruceg/progmgt.html
Interruption
Interruption: Any delay or disruption of
normal operations.
Often caused by viruses and the virus
removal process.
Interruption time, or computer down time,
can cause serious loss of staff hours and
productivity – and therefore is a very
serious issue.
http://www.blackmagic.com/ses/bruceg/progmgt.html
Modification
Modification: Tampering with any illegally
obtained information.
For example: If an intruder obtained
electronic bills of how much an enterprise
owed a vendor, they could modify
numbers and cause a complete
accounting meltdown.
http://www.blackmagic.com/ses/bruceg/progmgt.html
Fabrication
Fabrication: Modification of data in a way to
benefit the intruder or to cause problems for the
victim.
It can involve skillfully adding data or objects to
the computing system such as transactions or
additional files on a database.
Examples:
accessing a university data base to change the grade
received in a class.
planting compromising email messages that could
benefit a sexual harassment lawsuit.
http://www.blackmagic.com/ses/bruceg/progmgt.html
Security Mechanisms
Encryption
Authentication
Authorization
Auditing
Encryption
Encryption: The process of coding data in a way that
only it can only be decided with a specific key.
Most computers use either symmetric-key encryption or
public-key encryption.
Symmetric-key: each computer has a code used to encrypt a
packet before it is sent. It requires all computers that are
“communicating” to have the code.
Public-Key: In this system there are two keys. One key is a
private key known by your computer alone and the other is a
public key which is known by other computers you will
communicate with. In order to communicate and decode a
message the computer must use a public key and its own private
key.
http://computer.howstuffworks.com/encryption.htm
Authentication
Authentication: Determining whether something or someone is what
they claim to be.
Commonly done through the use of logon passwords.
The logon procedure is used to gain access to an operating system. A
user registers with a unique chosen name and password. With each
access to the computer, the user must know their password. With a
correct password, the computer assumes that the user is who they
claim to be.
The critical fault in the logon procedure is that knowledge of the
password is assumed to guarantee that the user is authentic. This is not
always the case.
Many internet business opt for a more secure system or authentication.
The most commonly used form for internet authentication is Digital
Certificates.
A Digital Certificate (DC) is used by a Certificate Authority (CA). A common
certificate authority is VeriSign. When a user receives a digital certificate
from a website, they check with the CA to make sure it’s a valid certificate.
This is a form of a Public-Key Infrastructure (more about Public-Key
Infrastructures here – slide 30).
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211621,00.html
Authorization
Authorization: The process of granting someone
permission to do or have something.
In multi-user computer systems, a system administrator
defines for the system which users are allowed access to
the system and what privileges of use (such as access to
which file directories, hours of access, amount of
allocated storage space, and so forth).
Assuming that someone has logged in to a computer
operating system or application, the system or
application may want to identify what resources the user
can be given during this session.
Thus, authorization is sometimes seen as both the
preliminary setting up of permissions by a system
administrator and the actual checking of the permission
values that have been set up when a user is getting
access.
http://searchappsecurity.techtarget.com/sDefinition/0,,sid92_gci211622,00.html
Auditing
Audit: An examination of systems, programming
and datacenter procedures in order to determine
the efficiency of computer operations.
There are hundreds of security uses for auditing
as well as business uses.
Auditing can be done from an internal source, or
a completely external source (such as an Audit
Specialty Company).
Auditing is an extremely wide classification of
thousands of actual security procedures. If you
want to know more information,
http://www.isect.com/html/ca_faq.html is a good
site to get started at.
The End.
For More Information on
Computer Auditing:
http://www.isect.com/html/ca_faq.
html