8/9/2019 MCS-022(22)

1/15

MCS-022 Operating System Concepts and Networking Management

__________________________________________________________________________

Course Code : MCS-022 Course Title : Operating System Concepts and Networking

Management

Assignment Number : MCA(2)/022/Assign/09

___________________________________________________________________________

Question 1:

(a) What is an IP address? How is it configured? Write all the steps.

(b) List and explain the various features of Bridges with the help of a diagram.

Answer (a) IP address structure and classification

A typical IPv4 address

Address Classes

In the original Internet routing scheme developed in the 1970s, sites were assigned addresses from one of

three classes: Class A, Class B and Class C. The address classes differ in size and number. Class Aaddresses are the largest, but there are few of them. Class Cs are the smallest, but they are numerous.Classes D and E are also defined, butnot used in normal operation.

8/9/2019 MCS-022(22)

2/15

To say that class-based IP addressing in still used would be true only in the loosest sense. Many addressingdesigns are still class-based, but an increasing number can only be explained using the more general

concept of CIDR, which is backwards compatible with address classes.Suffice it to say that at one point in time, you could request the Internet NIC to assign you a class A, B or Caddress. To get the larger class B addresses, you might have to supply some justification, but only the class

A was really tough to get. In any case, NIC would set the network bits, or n-bits, to some unique value andinform the local network engineer. It would then be up to the engineer to assign each of his hosts an IPaddressstarting with the assigned n-bits, followed by host bits, or h-bits, to make the addressunique.

Internet routing used to work like this: A router receiving an IP packet extracted its Destination Address,which was classified (literally) by examining its first one to four bits. Once the address's class had been

determined, it was broken down into network andhost bits. Routers ignored the host bits, and only neededto match the network bits to finda route to the network. Once a packet reached its target network, its hostfield wasexamined for final delivery.

Summary of IP Address Classes

Class A- 0nnnnnnn hhhhhhhh hhhhhhhh hhhhhhhh

First bit 0; 7 network bits; 24 host bits Initial byte: 0 - 127 126 Class As exist (0 and 127 are reserved)

16,777,214 hosts on each Class A

Class B- 10nnnnnn nnnnnnnn hhhhhhhh hhhhhhhh First two bits 10; 14 network bits; 16 host bits Initial byte: 128 - 191

16,384 Class Bs exist 65,532 hosts on each Class B

Class C- 110nnnnn nnnnnnnn nnnnnnnn hhhhhhhh First three bits 110; 21 network bits; 8 host bits Initial byte: 192 - 223

2,097,152 Class Cs exist

254 hosts on each Class C

Class D- 1110mmmm mmmmmmmm mmmmmmmm mmmmmmmm First four bits 1110; 28 multicast address bits Initial byte: 224 - 247

Class Ds are multicast addresses -

Class E - 1111rrrr rrrrrrrr rrrrrrrr rrrrrrrr

First four bits 1111; 28 reserved address bits Initial byte: 248 - 255 Reserved for experimental use

b) Answer: A DNS server is any computer registered to join the Domain Name System. A DNS server

runs special-purpose networking software, features a public IP address,and contains a database of networknames and addresses for other Internet hosts.

DNS Root Servers

DNS servers communicate with each other using private network protocols. All DNSservers are organized

in a hierarchy. At the top level of the hierarchy, so-called root servers store the complete database ofInternet domain names and their corresponding IPaddresses. The Internet employs 13 root servers thathave become somewhat famous for their special role. Maintained by various independent agencies, the

servers are aptlynamed A, B, C and so on up to M. Ten of these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm, Sweden.

8/9/2019 MCS-022(22)

3/15

DNS resolution

Resolution occurs when a client queries a name server to obtain the IP address with which it wants to

connect. If a name server in the local domain cannot resolve a client's request, it queries other servers tolocate a server that can.There are two types of resolution:

by iteration by recursion

Iterative queries

By default, a name server queries ``iteratively'' (or non-recursively). This means that it queries severalname servers in turn until it finds an answer. It starts by consulting aknown name server within the domain

hierarchy that contains the destination machine. If it does not already know of a suitable server to ask, itfirst asks a server in the rootdomain. Each server responds by referring to a name server in the domainnamehierarchy that is closer to the one containing the destination machine. The local serverthen repeats its

query to the name server whose name and IP address it has just been given. In this way, the local servertraverses the domain name space until it reaches a name server for the domain that contains the destinationmachine. This name server

should be able to provide the IP address of the destination machine. ``Obtaining an IPaddress by iterativequery'' illustrates how a client in the domain reseau.co.fr might obtain the IP address of the remote hostmissouri.rivers.mynet.com.

Obtaining an IP address by iterative query

The steps taken to resolve missouri.rivers.mynet.com to its IP address are:1. The local client asks the local name server for the IP address of

missouri.rivers.mynet.com.

2. The local name server does not know the IP address of Missouri .rivers.mynet.com . It also does not know the IP address of the name servers forrivers.mynet.comormynet.comso it asks a root name server for the IP address of

missouri.rivers.mynet.com.

3. The root name server does not know the IP address of Missouri .rivers.mynet.com, but it

does know the IP address of the name server for mynet .com so it tells this to the local name

server.4. The local name server asks mynet.com's name server for the IP address of

issouri.rivers.mynet.com.

5. mynet.com's name server does not know the IP address ofMissouri.rivers.mynet.com, but

it does know the IP address of the name server for rivers.mynet.com so it tells this to the localme server.

6. The local name server asksrivers.mynet.com's name server for the IP address ofmissouri.rivers.mynet.com.

7. rivers.mynet.com's name server is authoritative for its zone so it can supply the IP

address ofmissouri.rivers.mynet.com

8/9/2019 MCS-022(22)

4/15

c) A real-time operating system (RTOS) is an operating system that guarantees acertain capability within

a specified time constraint. For example, an operating system might be designed to ensure that a certainobject was available for a robot on an assembly line. In what is usually called a "hard" real-time operatingsystem, if the calculation couldnot be performed for making the object available at the designated time, the

operatingsystem would terminate with a failure. In a "soft" real -time operating system, theassembly linewould continue to function but the production output might be lower as objects failed to appear at theirdesignated time, causing the robot to be temporarily unproductive. Some real-time operating systems are

created for a special application and others are more general purpose. Some existing general purposeoperating systems claimto be a real-time operating systems. To some extent, almost any general purposeoperating system such as Microsoft's Windows 2000 or IBM's OS/390 can be evaluated for its real-time

operating system qualities. That is, even if an operating system doesn'tqualify, it may have characteristicsthat enable it to be considered as a solution to aparticular real-time application problem.In general, real-time operating systems are said to require:

multitasking Process threads that can be prioritized A sufficient number ofinterrupt levels

Real-time operating systems are often required in small embedded operating systems that are packaged aspart of microdevices. Some kernels can be considered to meet the requirements of a real-time operating

system. However, since other components, such asdevice drivers, are also usually needed for a particularsolution, a real-time operatingsystem is usually larger than just the kernel.

The key difference between general-computing operating systems and real-time operatingsystems is the need for " deterministic " timing behavior in the real-time operating systems. Formally,"deterministic" timing means that operating system services consumeonly known and expected amounts of

time. In theory, these service times could beexpressed as mathematical formulas. These formulas must bestrictly algebraic and not include any random timing components. Random elements in service times couldcauserandom delays in application software and could then make the application randomly miss real-time

deadlines a scenario clearly unacceptable for a real-time embeddedsystem. Many non-real-time operatingsystems also provide similar kernel services.

General-computing non-real-time operating systems are often quite non-deterministic.

Their services can inject random delays into application software and thus cause slow responsiveness of anapplication at unexpected times. If you ask the developer of a nonreal- time operating system for the

algebraic formula describing the timing behavior of one of its services (such as sending a message fromtask to task), you will invariably notget an algebraic formula. Instead the developer of the non-real-timeoperating system (such as Windows, Unix or Linux) will just give you a puzzled look. Deterministic

timingbehavior was simply not a design goal for these general-computing operating systems.

On the other hand, real-time operating systems often go a step beyond basic determinism. For most kernel

services, these operating systems offer constant load-independent timing:In other words, the algebraic formula is as simple as: T(message_send) = constant , irrespective of thelength of the message to be sent, or other factors such as the numbers of tasks and queues and messages

being managed by the RTOS.

Question 3:(i) How do you share files, folders and drive in Window XP? Why is sharing an entire drive

is not recommended ?

Answer (I).

To share files on your computer with other computers on a network, you need to:

Share a folder on your computer. This will make all of the files in the folder available to all

the computers on your network (you cant share individual files).

8/9/2019 MCS-022(22)

5/15

Set up user accounts on your computer for everyone who needs to connect to your shared folder. If any

of the accounts are Limited User accounts (unless an account is a Computer Administrator account, it is aLimited User account), follow the steps in Set permissions for files and folders to enable them to openyour files.

To access shared files that are on another computer on your network, you need to:

Connect to the shared folder from other computers on the network. This procedure is described

in Map a network drive.Note: By default, file permissions only allow your user account and administrators on your local computerto open your files, regardless of whether a person is sitting at yourkeyboard or at another computer. It may

help to keep these three things in mind whensetting up file sharing: Files have user permission settings. Every computer has its own user database.

Some accounts are administrator accounts and some arent.

Configure your computer to share files

To share a folder on your computer so that files stored in the folder can be accessed

from other computers on your home network

1. Log on to your computer as an administrator. For more information, see Access theadministrator account from the Welcome screen.2. ClickStart, and then clickMy Documents.

8/9/2019 MCS-022(22)

6/15

Tip: If you want to share your entire My Documents folder, open My Documents, and then click the Upbutton on the toolbar. You can then select the My Documents folder.

4. If you see a message that reads, As a security measure, Windows has disabled remote access to thiscomputer, click the Network Setup Wizard link. Then follow the instructions in How to set up your

computer for home networking. On the File and printer sharing page of the Network Setup Wizard, besure to select Turn on

5. If you want to be able to edit your files from any computer on your network (instead ofjust being able toopen them without saving any changes), select the Allow network users to change my files check box.

7. ClickOK.

8/9/2019 MCS-022(22)

7/15

Windows Explorer will show a hand holding the folder icon, indicating that the folder is now shared.(ii) Describe the role of the primary and backup domain controller in enhancing security in

windows 2000.

Answer.

A Primary Domain Controller (PDC) is a server computer in a pre- Windows 2000 NTserver Domain. A

domain is a concept used in NT server operating systems whereby a user may be granted access to anumber of computer resources with the use of a singleusername and password combination.Such domainshave at least a Primary Domain Controller, and will often have one or more Backup Domain Controllers

(BDCs). The PDC has the master copy of the useraccounts database which it can access and modify. The BDC computers have a copy ofthis database, butthese copies are read-only. The PDC will replicate its account databaseto the BDCs on a regular basis. The

BDCs exist in order to provide a backup to the PDC,and can also be used to authenticate users logging onto the network. If a PDC shouldfail, one of the BDCs can then be promoted to take its place. The PDC willusually be thefirst domain controller that was created unless it was replaced by a promoted BDC.

Backup Domain Controller (BDC) is a computer that has a copy of the user accountsdatabase. Unlike theaccounts database on the Primary Domain Controller (PDC), theBDC database is a read only copy. When

changes are made to the master accounts database on the PDC, the PDC pushes the updates down to theBDCs.Most domains will have at least one BDC, often there are several BDCs in a domain.These domainsexist to provide fault tolerance. If the PDC fails, then it can be replaced by a BDC. In such circumstances,

an administrator promotes a BDC to be the new PDC.BDCs can also authenticate user logon requests - andtake some of the authentication loadfrom the PDC.

Use of the Legacy Client is not recommended in secure environments. Installing the Legacy Client on thedomain controller is not recommended because many Legacy Clientaccounts require local Administratorrights, which become domain admins on a domaincontroller.

Account and password creationWhen installing Legacy Clients with Client Push Installation, Client ConfigurationManager (CCM) creates

this domain account to run the CCM boot loader service onclient computers that are domain controllers.This account is made unique by includingthe domain controller name in the account name. For enhancedsecurity, SMS randomly generates and encrypts the passwords for these accounts. This account is

automatically deleted after the client is set up.

Account location

8/9/2019 MCS-022(22)

8/15

Because the client is a domain controller, the account is created in the domain that the client belongs to.You will have one account for each domain controller in the domain running the Legacy Client. Theaccounts include the server name in the account name to keep them unique.

Account maintenance

Do not change the passwords, account names, or permissions for this account. If you change the accountmanually, the related processes do not run successfully, and you runthe risk of causing account lockouts byforcing the accounts out of synchronization.

Security best practices

Resolve problems that prevent temporary accounts from being deleted because it would prevent theSMS#_dc from being deleted after installation is completed.

Shared folders is a term used for IMAP folders that can be accessed simultaneously bymany users. Kolab

allows to specify a variety of access rights for such folders so that youcan easily specify which users canread, write or modify the messages held in the IMAPfolder.Since a shared folder can also hold groupware resources (like events, tasks, addresses,notes, etc.) instead

of plain mail they are an ideal tool for team organization andcommunication.

(iii) What are the shared folders in windows and why are they used?Answer.1. Open "My Network Places" from the Start Menu or from the left pane of Windows Explorer (underDesktop, below My Documents and My Computer).

2. Open the "Entire Network" item listed in the left pane of My Network Places.3. Open the "Microsoft Windows Network" item.4. Next, open the new item that appears showing the computer's workgroup (or domain) name.

5. Finally, click on the new item that appears showing the computer's name.6. In the right pane, any non-administrative Windows shares set on this computer willappear. If

no items appear, no folders have been set for sharing.

Folders shown in this window link to the actual shared folders. Opening any ofthese shares will revealthe contents of the actual folder. Note that renaming ordeleting files from this linked location is notpermitted. Note also that this methodreveals the contents but does not reveal the actual location of the

shared folders onthe hard drive.7. To find the actual location of file shares on Windows XP or Windows 2000, andalso to view

administrative shares, open a command prompt. To open a commandprompt, click the Start

Menu, choose the Accessories option, then choose CommandPrompt. Alternatively, click theStart Menu, choose the Run option, then type 'cmd'in the Run window that opens.

8. Type the command 'net share' and press Enter in the command prompt window. The'net share' command

shows the name and location of each shared folder on that computer. Share names that end with a dollarsign ($) are administrative shares. Several administrative shares are created automatically by Windows;these shouldnot be modified.

(iv) Write the purpose of VPN and name some VPN protocols supported in windows

2000.Answer.

VPN Protocols

The term "VPN" has taken on many different meanings in recent years. VPNC has a white paper aboutVPN technologies that describes many of the terms used in the VPN market today. In specific, it

differentiates between secure VPNs and trusted VPNs, whichare two very different technologies.For secure VPNs, the technologies that VPNC supports are IPsec with encryption

L2TP inside of IPsec SSL with encryption

For trusted VPNs, the technologies that VPNC supports are:

8/9/2019 MCS-022(22)

9/15

MPLS with constrained distribution of routing information through BGP ("layer 3VPNs") Transport of layer 2 frames over MPLS ("layer 2 VPNs")

IPsec is the most dominant protocol for secure VPNs. SSL gateways for remote-access users are alsopopular for secure VPNs. L2TP running under IPsec has a much smaller but significant deployment. Fortrusted VPNs, the market is split on the two MPLS-based protocols. Companies want to do their own

routing thend to use layer 2 VPNs; companies that want to outsource their routing tend to use layer 3VPNs.

The various VPN protocols are defined by a large number of standards and recommendations that arecodified by the Internet Engineering Task Force (IETF). There are many flavors of IETF standards,recommendations, statements of common practice,and so on. Some of the protocols used in IPsec are full

IETF standards; however, theothers are often useful and stable enough to be treated as standard by peoplewritingIPsec software. Neither of the trusted VPN technologes are IETF standards yet, although there is agreat deal of work being done on them to get them to become standards.

RFCs

The IETF codifies the decisions it comes to in documents called "Requests For Comments". These are

almost universally called by their acronym "RFCs". Many RFCsare the standards on which the Internet isformed.The level of standardization that an RFC reaches is determined not only by "how good" the RFC is, but by

how widely it is implemented and tested. Some RFCs are not solid standards, but they nonethelessdocument technologies that are of great value to the Internet and thus should be used as guidelines forimplementing VPNs.

For the purpose of defining VPNs, any protocol that has become an IETF Request For Comments (RFC)document can be treated as somewhat of a standard. Certainly, any IPsec-related RFC that has been deemedto be on the IETF "standards track" should

certainly be considered a standard.

Internet Drafts

Before a document becomes an RFC, it starts out as an Internet Draft (often called "IDs"or "I-Ds"). IDs arerough drafts, and are sometimes created for no other benefit than to tell the Internet world what the authoris thinking. On the other hand, there is often verygood information in some IDs, particularly those that

cover revisions to current standards.

Some Internet Drafts go along for years, but are then dropped or abandoned; others get on a fast track tobecoming RFCs, although this is rare. Internet Drafts are given names when they first appear; if they

become RFCs, the I-D name disappears and an RFCnumber is assigned.It should be emphasized here that it is unwise to make any programming decisions based

on information in Internet Drafts. Most IDs go through many rounds of revisions, andsome rounds make

wholesale changes in the protocols described in a draft. Further, many IDs are simply abandoned afterdiscussion reveals major flaws in the reasoning that leadto the draft.That being said, it is worthwhile to know which IDs pertain to areas of interest. Thefollowing is a list of

the IDs that are related to Internet mail. Some of these drafts will likely become RFCs in the months oryears to come, possibly with heavy revision; some will be merged with other drafts; others will beabandoned.

++Protocol listings

The relevant IETF Working Groups for the protocols used by secure VPNs and trustedVPNs are:

Profiling Use of PKI in IPsec Working Group Transport Layer Security Working Group Layer 2 Virtual Private Networks (l2vpn) Working Group

Layer 3 Virtual Private Networks (l2vpn) Working Group

Pseudo Wire Emulation Edge to Edge (pwe3) Working Group

Note that the IPsec Working Group was disbanded in April, 2005.

The documents are arranged by the general categories they apply to. These categories are:

For secure VPNs:

8/9/2019 MCS-022(22)

10/15

General IPsec ESP and AH (encryption and authentication headers)

Key exchange (ISAKMP, IKE, and others) Cryptographic algorithms IPsec policy handling

Remote access SSL and TLSFor trusted VPNs:

General MPLS MPLS constrained by BGP routing Transport of layer 2 frames over MPLS

Question 4:

(i) What is a Instruction Detection system (IDS)?

Answer (I).

Security risks have grown dramatically for Internet service providers because entire infrastructures are

based on open standards systems. As a result, ISPs need to be able to quickly and accurately detectunauthorized changes and respond accordingly, in order tomaximize security and minimize downtime.

Intrusion Detection Systems (IDS) remain relatively youthful, but in terms of development they aregrowing at an extraordinary rate.

Generally speaking, there are four different categories of intrusion detection systemsnetwork instructiondetection, system integrity verifiers, log file monitors, and deception systems.Network intrusion detection systems (NIDS) monitor packets traversing the system in an attempt to

discover anomalies, indicating that an intruder trying to break into a system, or worselaunch a distributeddenial of service (DDoS) attack. NIDSs look for frequent connection requests to different ports to revealport scans.

System integrity verifiers (SIV) monitor system files in an attempt to discover when an intruder changesthe filesleaving behind a backdoor. A SIV may be capable ofdetecting changes in critical files, but these

systems usually don't generate real-time alerts to network intruders. Log file monitors (LFM) simplymonitor log files generated across network services.LFMs also look for patterns and anomalies in log filesthat suggest an intruder isattacking the network.

The sole purpose of a deception systemknown in the industry as decoys, fly traps andhoneypotsis to lure an unsuspecting intruder into a network through well-known security holes and trapthe intruder.

Whether you need a simple intrusion alert system and network anomaly reports, or need to defend yournetwork against DDoS attacks, smurfing, ping floods and the like, it's aimperative that you prepare a lineof defense today or risk having your business beexploited by some script kiddie tomorrow.

With the rapid increase in the number of LAN connections to the world's largestcomputer network

(the Internet), new security techniques should be used to protectlocal networks against intrusion from

the Internet. Basically, we need to preventdestruction of data by intruders, maintain the privacy of local

information, and preventunauthorized use of computing resources. To improve network security, networkconnections to the Internet, in general, do not take place transparently. Instead, firewallservers are used to

protect the systems connected to the local network against assaults from the Internet. But, there is a price topay, usually, because the firewall server resultsin a bottleneck for assaults from the Internet into the LANas well as for allowedcommunication between the LAN and the Internet.

Security protection methods are basically concerned with ensuring network's efficiencyand effectiveness.With successful security implementations, risks can be reduced but not eliminated. There are several

protection methods to ensure confidentiality, integrity andcontinuity. The dominating security protection

8/9/2019 MCS-022(22)

11/15

method in the mainframe computingenvironment is the Access Control. It consists primarily of functionsrelated to:

1. Access Mediation via connection control establishment,

2. Identification by means of Logon-Ids,3. Authentication by means of Passwords,

4. Deferent levels of authorization controlled by Access Privileges,5. Monitoring and enforcement,6. Disaster recovery programs to respond to incidents,

7. Logging to record traffic and usage of services.

Protection With Firewalls

The best line of defense is an up-to-date and constantly maintained firewall. A firewall/proxy server is amechanism that is used to protect a trusted network, such as anorganization's internal network, from anuntrusted network, typically the Internet, or anyother untrusted network [second]. Firewall/Proxy servers

provide the most reliable method to control outbound access and to protect networks against unauthorizedintrusions. It checks addresses and characteristics of messages to make sure that theyfollow authorizationrules. All messages that are verified to be legitimate are allowed toflow through the firewall, while others

are blocked. The majority of firewalls are usedbetween internal networks and the Internet, but they can beused in any internet, such as acompany's wide area network [second]. The design decision sets the generalattitude of the firewall whether to provide a higher degree of service or a higher degree of security. To

protect the firewall server itself, no users should be allowed to login on the firewall server [sixth].

(ii) What are the two general methods of implementing network security by firewalls?

Answer

Firewall Concepts

A firewall is a trusted system that is placed between a trusted internal network and another un trusted

external network. The firewall system implements a policy that defineswhat information should be allowedto pass through. In general firewalls have thefollowing features and limitations [fourth]:Features:

1. It can control the access to the protected network.

2. It can provide one central point of security.

3. It provides more privacy by hiding addresses.4. It provides logging for security and other purposes.5. It can notify the network administrator of security related events, so that he can take the

appropriate actions.

6. It can be integrated with authentication keys.7. It enforces the security policy.

Limitations:1. Restricted access to desirable services.2. Back door access problem.

3. Inside attacks.4. Email viruses.5. Potential bottleneck

6.Single point of failure.

(iii) Distinguish between Symmetric and Asymmetric Cryptography?

Answer.

Symmetric cryptography uses the same secret (private) key to encrypt and decrypt its data whereas

asymmetric uses both a public and private key. Symmetric requires that thesecret key be known by theparty encrypting the data and the party decrypting the data. Asymmetric allows for distribution of yourpublic key to anyone with which they canencrypt the data they want to send securely and then it can only

8/9/2019 MCS-022(22)

12/15

be decoded by the personhaving the private key. This eliminates the need of having to give someone thesecret key(as with symmetric encryption) and risk having it compromised.

The issue with asymmetric is that it is about 1000 times slower than symmetricencryption which makes itimpractical when trying to encrypt large amounts of data. Also to get the same security strength assymmetric, asymmetric must use strong a strongerkey than symmetric.In a symmetric key cryptosystem, a

single key is used to encrypt anddecrypt data between two communicating hosts. In order to break thesystem, an attackermust either: A) discover the key through trial-and-error, or discover the key during theinitialkey agreement. (From Navy)

Symmetric Key Encryption Schema

Symmetric key protocols are known to be faster and stronger than their asymmetric counterparts but do

possess unique disadvantages that we will discuss later. We will now look at some common symmetricalgorithms.

Asymmetric cryptography ... provides the foundation for password-authenticated key agreement andzero-knowledge password proof techniques. This is important in light of empirical and theoretical proofthat secure password-only authentication over a network cannot be achieved with just symmetric

cryptography and hash functions.

(iv) List different types of malicious codes and describe their features.

Answer.

viruses and other malicious code that can threaten your data and system security. We will discuss thedifferent types of viruses and malicious code, what they are, how they infect your computer and whatdamage they can cause.

What is a Virus?

Simply put, viruses are small programs designed with (usually) malicious intent that attach themselves to

other programs or files. They are capable of copying themselvesthroughout a computer or computers. Theyare called viruses because of the way theyemulate their biological namesakes. A virus will infect healthyprograms in a host computer and then spread to other healthy hosts, infecting them as well. Just as

biologicalviruses range from being quite harmless to lethal, computer viruses may simply cause aharmlessmessage to appear on your screen occasionally, or may render your systeminoperable.

Worms

A worm is a piece of code that can make fully functional copies of itself and travel through a computernetwork and/or across the Internet through a number of means. Aworm does not attach themselves to other

programs like traditional viruses, but creates copies of itself, which in turn create even more copies. Thecomputer 'worm' is so-calledbecause of the way in which 'rogue' computer code was originally detected.Printouts of computer memory locations would show random 'wormhole' patterns, much like that of the

patterns on worm-eaten wood. The term eventually became shortened and used to describe viruses thatcould 'worm' or propagate across networks and the Internet, leavingcopies of themselves as they travelled.Worms are prolific due to the fact that most are created using simple scripting languages that can be created

with a text editor and become fully functional 'programs' under the right conditions. For example, if youwere to obtain a copy of the 'I Love You' worm andchanged the files extension from vbs to txt, you couldsafely open the file in Notepad and ssview the structure of the worm. This makes the vbs script worm

extremely popularamong the 'script kiddy' fraternity, as it takes no (or very little) programming knowledgeto modify an existing worm and release it into the wild (when a virus is circulating in the computingcommunity or throughout the Internet, it is said to be 'in the wild'.)

Trojan Horses

Trojan horses are named after the wooden horse from Greek mythology in which Greeksoldiers snuck into

the city of Troy. Accordingly Trojans are malicious programs thatsneak into a victim computer disguisedas harmless software. Trojans may also be 'wrapped' inside another program so that when the originalinnocent program is installed,the Trojan program is installed as well.

8/9/2019 MCS-022(22)

13/15

The most commonly described Trojan has a payload that will allow a user on another computer somewhereelse in the world to gain full control and access to the files on your computer. In this way, they can be used

to launch denial of service attacks such as thosethat brought down Yahoo! and E-bay early in 2000.

How Can a Virus, Worm or Trojan Infect Your System?

Malicious code can be spread through just about any computer medium. They can arrive on an infectedfloppy disk and infect your system when a file on the disk is opened. Worse still, a floppy disk could beinadvertently left in the computer when it is shutdown. Upon reboot, if the floppy is infected with a boot

sector virus, the infection will betransmitted to your system.

The most common methods employed to spread viruses and worms are either through email

as attachments or through IRC (Internet Relay Chat). Typically, in the case of email,a message will arrivewith an attachment, the user clicks on the message and the code is executed immediately. Viruses arecapable of bringing down entire networks by clogging e-mail servers with copies of themselves. Some

viruses will repeatedly extractaddresses from e-mail 'address' books and send themselves to the recipients.Some contact lists can generate potentially thousands of messages, causing massive network bandwidthproblems. Don't think that just because your new software program is in a shrink-wrapped box it isvirus-

free either. Viruses have been found on software disks distributed by majorsoftware companies, as well ason computer systems that have come fresh from the factory. In 1995, Microsoft inadvertently released aCompact Disc containing the 'Concept' macro virus and as late as last year, IBM shipped an undisclosed

number ofAptiva computers infected with the CIH (Chernobyl) virus.

Potential Damage

Virus infection can have a variety of effects on an infected system. Some viruses maysimply take up spaceon the computer hard drive until you receive 'low disk space'messages from the system. Others may pop-up messages on a particular date or change system icons. For example, the 4K virus will pop up a message

on the screen, 'FRODO LIVES!' on the 22nd of September. The Tentacle2 virus will change your icons tothat ofa purple 'monster'.Other viruses are potentially much more damaging. The CIH, or Chernobyl viruswill, ifnot detected and removed, overwrite files on your hard disk and destroy the BIOS information on

your computer. Chernobyl spreads easily and hides in an infected system until the 26th of a particularmonth depending on which variety it is. The BIOS chip is the 'heart' of your computer. If the informationcontained in this chip is overwritten byCIH, the system will become unusable, meaning the chip will have

to be replaced.However, on some systems, the chip cannot be removed, which means the entire mainboard

of the computer will have to be replaced, an expensive, time consuming process.

8/9/2019 MCS-022(22)

14/15

Question 5:

(a) Write the steps for installing a network printer in Windows 2000 and LINUX.

Answer (a).

Printer sharing between Windows and Linux

The less you need to rely on any proprietary protocol to get work done, the better off you are overall. Someof those protocols have been real stumbling blocks such as SMB, Microsofts proprietary protocol forfile and printer sharing. Linux implementations of SMB exist, but youre probably better off without it inthe long run whenever you can manage it.

I recently set up a Linux workstation that shared out a Hewlett-Packard printer to the rest of my network a network that otherwise consisted entirely of Windows machines. I didnt like the idea of setting up SMB

support on the Linux box, and instead, explored the possibility of having the Windows machines connect

directly to the shared printer as a network printing device.To my surprise, this turned out to be pretty easy. Here are the steps to connect your Windows machines to

the shared printer:

Set up the printer on your Linux machine and share it using CUPS via port 631. The exact method fordoing this varies between distributions, so check with your distros documentation. The end result shouldbe a working printer, and a running CUPS service which you can access through your Web browser at

http://localhost:631 from the Linux system.Using the CUPS Web interface, go to the Printers tab and make a note of the printer name,

which is typically the Description: line). You can do this from the Windows machine where you plan to set

up printer support.In Windows, go to Control Panel | Printers and click onAdd a printer.

When prompted for a printer location, select Network printer, in the Add Printer Wizard.

When prompted for the network location, select URL and use the following URL format:http://:631/printers/.

For instance, if the Linux host has a DNS name of linuxbox and the printer is named LaserJet -5, youd usehttp://linuxbox:631/printers/LaserJet-5 as the URL.When asked for a printer driver, select Generic as the manufacturer and MS Publisher Imagesetter as the

driver. In truth, any generic PostScript driver will do, but this works as well as any.

When finished with the wizard, print a test page to make sure everything is set up correctly.In Windows Vista, the steps are almost exactly the same, but the nomenclature for some of the steps is a

little different. In the first step of the wizard, Vista will attempt to search for a printer (via SMB, which itwont find). Click Stop to halt the search and then click The printer that I want wasnt listed to add a printer

manually.

In the next step of the wizard, use Select a shared printer by name when you want to supply the printersURL. The rest should unfold exactly as before. Adding a printer by TCP/IP address or hostname will not

work. Finally, if youre using a firewall product, make sure that port 631 is not being blocked. TheMicrosoft firewall on the Windows machine will usually know automatically what to do, but some third-party products may not.

If youre managing a workgroup and using system images to deploy your desktops, you can use theWindows con2prt utility, or a freeware substitute like AdPrintX, as a way to automate adding r eferences to

a CUPS-managed printer. If youre dealing with multiple CUPS-driven printing systems on the Linux side,

you may want to drop the cash for the CUPS Companion CD and its accompanying book. The CUPSCompanion CD is now offered in lieu of the commercial UNIX printing product ESP Print Pro, which is

being discontinued by the manufacturer.

8/9/2019 MCS-022(22)

15/15

(b) How does a domain differ from workgroup?Answer . Workgroup vs. Domain:

Windows has two modes of operation - Workgroup and Domain. Depending on the environment that

your computer is in, you will be running in one of these two modes. Most home and small businessenvironments will be Workgroup, and most mid- to large businesses will run in domain mode. There aredifferent features and capabilities depending on each, and each serve a purpose

Workgroups can be best understood as a loosely connected group of computers. They rely on each other for

nothing, but they are there to share resources should the need arise. There is no centralized managementand so there is a low barrier to use. By default, Windows XP is in this mode.

Domains, on the other hand, provide centralized management and security. User access is controlled from a

separate server called a domain controller and there is a trust built between systems in a domain. Thereare much more robust differences as well.

Workgroup

A workgroup is best understood as a peer-to-peer network. That is, each computer is sustainable on its own.

It has its own user list, its own access control and its own resources. In order for a user to access resourceson another workgroup computer, that exact user must be setup on the other computer.

In addition, workgroups offer little security outside of basic access control. Windows share permissionsare very basic and do not offer any kind of granularity for who can access what, etc.Workgroups are more than adequate, though, for most small business and home use.

Domain

A domain is a trusted group of computers that share security, access control and have data passed down

from a centralized domain controller server or servers. Domain Controllers handle all aspects of grantingusers permission to login. They are the gatekeeper. In addition, most modern domains use Active Directory

which allows and even more centralized point for software distribution, user management and computer

controls.