Page 227 - DCAP403_Operating System
P. 227
Operating System
Notes can implement security rules. For example, one of the security rules inside the company might
be:
Out of the 500 computers inside this company, only one of them is permitted to receive public
FTP traffic. Allow FTP connections only to that one computer and prevent them on all others.
A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In
addition, the company can control how employees connect to Web sites, whether files are allowed
to leave the company over the network and so on. A firewall gives a company tremendous control
over how people use the network.
Firewalls use one or more of three methods to control traffi c flowing in and out of the network:
1. Packet fi ltering: Packets (small chunks of data) are analyzed against a set of fi lters.
Packets that make it through the filters are sent to the requesting system and all others are
discarded.
2. Proxy service: Information from the Internet is retrieved by the firewall and then sent to the
requesting system and vice versa.
3. Stateful inspection: A newer method that doesn’t examine the contents of each packet but
instead compares certain key parts of the packet to a database of trusted information.
Information traveling from inside the firewall to the outside is monitored for specifi c defi ning
characteristics, then incoming information is compared to these characteristics. If the comparison
yields a reasonable match, the information is allowed through.
Otherwise it is discarded. There are many creative ways that unscrupulous people use to access
or abuse unprotected computers:
1. Remote login: When someone is able to connect to your computer and control it in some
form. This can range from being able to view or access your files to actually running
programs on your computer.
2. Application backdoors: Some programs have special features that allow for remote access.
Others contain bugs that provide a backdoor, or hidden access, that provides some level of
control of the program.
3. SMTP session hijacking: SMTP is the most common method of sending e-mail over the
Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk
e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail
through the SMTP server of an unsuspecting host, making the actual sender of the spam
difficult to trace.
4. Operating system bugs: Like applications, some operating systems have backdoors. Others
provide remote access with insufficient security controls or have bugs that an experienced
hacker can take advantage of.
5. Denial of service: You have probably heard this phrase used in news reports on the attacks
on major Web sites. This type of attack is nearly impossible to counter. What happens is
that the hacker sends a request to the server to connect to it. When the server responds with
an acknowledgement and tries to establish a session, it cannot fi nd the system that made
the request. By inundating a server with these unanswerable session requests, a hacker
causes the server to slow to a crawl or eventually crash.
6. E-mail bombs: An e-mail bomb is usually a personal attack. Someone sends you the same
e-mail hundreds or thousands of times until your e-mail system cannot accept any more
messages.
7. Macros: To simplify complicated procedures, many applications allow you to create a
script of commands that the application can run. This script is known as a macro. Hackers
220 LOVELY PROFESSIONAL UNIVERSITY
