Plate Association Linux Record Frameworks Linux Document Framework Chain of importance General Security Data Linux Docum.

Uploaded on:
A hard plate drive (HDD, likewise ordinarily abbreviated to hard commute and earlier ... O/S or hard circle bunches them as groups. Low level organizing (starting and end focuses) ...
Slide 1

Plate Organization Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli

Slide 2

Disk Organizations

Slide 3

What is a hard circle? A hard circle drive ( HDD , additionally generally abbreviated to hard drive and in the past known as a settled circle ) is a digitally encoded non unstable capacity gadget which stores information on quickly pivoting platters with attractive surfaces. In the least complex of structures , they give PCs the capacity to recall things when the force goes out.

Slide 4

Hard plate substance

Slide 5

How hard circle works? Sectors(256,512) and Tracks O/S or hard circle bunches them as groups Low level designing (starting and end focuses) High level arranging File stockpiling plan Order of segment and tracks After HLF platters are prepared to peruse/compose A division A track

Slide 6

data Organization of Disks... 1. Situating the head to the segment Sector is under the head Low speed perusing High situating speed High speed perusing Low situating speed

Slide 7

data Organization of Disks... Situating of the segment is under the head The measure of time went to position the area under the head is the same inside and outside. But since of having less parts inside the measure of time went to position the area is moderately less.

Slide 8

data Organization of Disks... Situating the Sector under the head.. For all intents and purposes %5-10 lesser. Result practically speaking Outside of the plate is constantly Faster.

Slide 9

SCSI versus IDE... SCSI Better driver electronic Better enhanced segments Much speedier head move. Label Sorting.. The most imperative component that lessens the quest time for the area. information High Databus speed.. Much quicker exchange More gadget to the same databus - RAID SCSI Systems, are basic for Applications that need High Speed

Slide 10

Linux File Systems

Slide 11

Linux EXT2 File area informations are scattered througout the circle. The pointer to the record (inode) and document data are kept close. To begin with area to demonstrate inode table is called SUPERBLOCK. Superblock is continued the circle with 3-4 duplicates. Benefits can be given to each of User, Group, Others. Backs Hard/Symbolic Link. On-the-fly Compress, permanent records versus..

Slide 12

Linux EXT2 - Metadata

Slide 13

EXT3 It is basicly the same as EXT2 however included diary property. EXT2 FS, can be effectively changed over to EXT3: tune2fs - j/dev/hda5 ... Diary is continued a document. Framework can be utilized as EXT2 as a part of instance of a diary blunder.

Slide 14

Reiser-FS Metadata Journal. Record System Information On Demand, 3. Partu DATA Journal Support Balanced B* tree. Elite. 2 G File in registries without loss of execution.. It can hold little documents in one square. Namesys Compatibility

Slide 15

SGI-XFS Enterprise is a document framework for frameworks. Numerous additional properties. Record framework reinforcement, POSIX 1003.1e ACL, Extended Attributes versus versus versus 64 Bit .. No restriction for the not so distant future.. DMAPI for Hierarchical Data Storing..

Slide 16

SGI XFS don\'t go for the most noteworthy execution. POSIX 1003.6 Compatibility, ACL, MAC, Audit.. Solid, extendible FS.. %100 information misfortune free Journal.. More than one Storing unit.. On abnormal state applications ensured level Adequate execution..

Slide 17

Ext2 KB/sec 4K Blocs 1000 500 1K Blocs 50 100 % Fullness rate

Slide 18

ReiserFS KB/sec 1000 500 50 100 % Fullness rate

Slide 19

ReiserFS (mount - o notail) KB/sec 2000 1000 50 100 % Fullness rate

Slide 20

XFS KB/sec 1000 500 50 100 % Fullness rate

Slide 21

 Small however numerous documents.  Particion immensity  Large documents  Kernel I/O component  Programs plate access.. WHY ? Any entrance strategy isn\'t reasonable for inevitably.. ? ?

Slide 22

Real Life... Projects may achieve altogether different spots in the meantime.. There are no lined Requests on the framework.. Nobody can recognize what the projects will need on the following step..

Slide 23

Real Life... It is a framework which substantiated itself. Adequently effective if 4K pieces are utilized Ext2FS Can diary with ext3. Totality of the circle or defragmentation doesn\'t impact speed.

Slide 24

Real Life... Good on execution Relatively little however for some records.. ReiserFS Not so trustworty. Reiser4 goes ahead September/November 2002..

Slide 25

Real Life... Great on execution Optimal execution is pointed. XFS Look solid, can have intriguing clashes .. excluded in Kernel code.. SGI ? Guarantees alot with configuration targets

Slide 26

For individuals who don\'t care for science... We tried 3 distinct frameworks. 486 DX2 32 MB RAM, 4.3 GB HDD CEL 433 128 MB RAM, 8.4 GB HDD PIII 1000, 512 MB RAM, 40 GB HDD..

Slide 27

For individuals who don\'t care for arithmetic... On Desktop... 486 DX2 32 MB RAM, 4.3 GB HDD XFS slowest, Reiser FS normal, Ext2 great.. XFS and Ext2 never got down, Reiser FS :(( CEL 433 128 MB RAM, 8.4 GB HDD XFS slowest, ReiserFS quick, Ext2 normal XFS and Ext2 never got down, Reiser FS :(( PIII 1000, 512 MB RAM, 40 GB HDD.. XFS - ReiserFS same, Ext2 :(( XFS and Ext2 never got down, Reiser FS :((

Slide 28

For individuals who don\'t care for science... We set up a system (Always been there...) 22 PIII 64..128 MB RAM, 6.4..20 GB HDD Windows 98 and Mandrake 8.0 PIII 1000 CPU 512/1024 MB RAM 2x40 GB SoftRAID0 HDD Suse 7.1, Linux 2.4.18 Kernel Apache 1.3, Samba 2.2.3a Sendmail + ipop3d 23 GB MP3 15 GB ISO Image.. 3 100 Mbit Ethernet

Slide 29

For individuals who don\'t care for arithmetic... With Windows 98 : Using Explorer, gushing music.. Replicated ISO\'s to the plate.. We sent CD\'s to the primary machine with FTP.. With Linux: Watched cuts through NFS. Got ISO\'s through FTP. Downloaded MP3\'s with Konqueror. On each machine we ran STMP and POP3 with 150 procedures..

Slide 30

For individuals who don\'t care for arithmetic... Execution For Web Server: ReiserFS -> Very great XFS -> Good ext2 -> Good ext3 -> normal.. FTP/SMB/NFS: ReiserFS -> Good XFS -> Very great ext2 -> Acceptable. ext3 -> Acceptable.

Slide 31

For individuals who don\'t care for science... Soundness: ReiserFS: Make no less than two UPS avaible. Keep in mind to move down. Can go down without sortege. XFS: Don\'t inexorably pay for UPS. Again don\'t disregard go down. Didn\'t go down without sortege. Couldn\'t be spared with Journal. EXT2/EXT3: Having UPS is something worth being thankful for. Again don\'t disregard back uping. Didn\'t go down without sortege.

Slide 32

For individuals who don\'t care for arithmetic... General proposal: For small,desktops ext2/ext3.. Bigger machines, servers XFS.. For individuals who need to be quick and incensed, ReiserFS For ReiserFs you ought to hold up Raiser 4..

Slide 33

Understanding The Linux File System Hierarchy

Slide 38

Mounting a gadget on the document framework Sample.tar.z – index.html – Makefile – binutils- – vsftpd_2.0.3-1.deb

Slide 39

General Security Informations

Slide 40

Cert/CC Incidents Reported Throughout the Years

Slide 41

Internal Threat Elements Ignorant and unconcious use Bad planned activities ~ % 80 External Threat Elements Attacks that are pointed Attacks that are free ~ % 20 Threat Types

Slide 42

Internal Threat Elements Ignorent and Unconcious Usage Unplugging of the Server by the cleaner Database erasure by an uneducated worker Bad Intended Actions A terminated representative changing the corporate site A representative who runs a "Sniffer" under the system and perusing E-Mails An official offering an arrangement for a created item to the opponents

Slide 43

External Threat Elements Attacks that are pointed An aggressor changing the corporate site An assailant changing corporate bookkeeping enrolls Multiple aggressors getting to the corporate web server and stolling it for administration Attacks that are free Virus Attacks (Melissa, CIH – Chernobyl, Vote) Worm Attackers (Code Red, Nimda) Trojan Back Doors (Netbus, Subseven, Black Orifice)

Slide 44

Attacker Types Professional Criminals Young era assailants Corporate workers Industry and Technology spies Outside Government Administrations

Slide 45

Quality of assault and the advancement of assailants capacities (CERT/CC)

Slide 46

Quality of Attackes and Their Guessed Numbers Hundreds Thousands Tens of Thousans Millions Carnegie Mellon University (1998-1999-2000) Very Dangerous Predator Mid-Level Entry Level

Slide 47

Attacker Motivation Financial Benefits Rivalry Advantage Political Economical/Commercial Desire to Gain Extra Resources Personal Anger or Revenge Curiosity or Desire to Learn Reckless Behavior

Slide 48

Systems That Are on a Network And Have Potential Risks Web Server that is left on the approximate organization E-Mail server that permit Relay Client that has a place with the secretary Router Internet Client that has a place with the head Security Wall Security Wall that dismisses partitioned packeges Other Networks Router that can channel source or Spoof Local Network

Slide 49

Spoofing Basicly it can be characterized as misdirecting the source. Typically it is utilized to increase additional rights from the targer, occupying the blame to other people\'s/companies obligation, shroud itself or mastermind scattered assaults. It can be utilized as a part of different conventions, verifiying frameworks , applying uncommon procedures.

Slide 50

Spoofing Tecniques MAC Spoofing can be made through changing of MAC addresses psically or with the adjustments in the ethernet packeges ARP Spoofing can be made through deluding the coordinating of ARP convention packeges and IP/MAC addresses IP Spoofing can be made through changing the source IP address in IP packeges DNS Spoofing can be mama

View more...