Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Securit - PowerPoint PPT Presentation

slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Securit PowerPoint Presentation
Download Presentation
Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Securit

play fullscreen
1 / 60
Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Securit
456 Views
Download Presentation
benjamin
Download Presentation

Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Securit

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Disk OrganisationLinux File SystemsLinux File System HierarchyGeneral Security InformationLinux File System SecurityYiğit Cansın HekimciCan Dereli

  2. Disk Organisations

  3. What is a hard disk? A hard disk drive (HDD, also commonly shortened to hard drive and formerly known as a fixed disk) is a digitally encoded non volatile storage device which stores data on rapidly rotating platters with magnetic surfaces. In the simplest of forms , they give computers the ability to remember things when the power goes out.

  4. Hard disk contents

  5. How hard disk works? • Sectors(256,512) and Tracks • O/S or hard disk groups them as clusters • Low level formatting (beginning and end points) • High level formatting • File storage scheme • Order of sector and tracks • After HLF platters are ready to read/write A sector A track

  6. information Organization of Disks... 1. Positioning the head to the sector • Sector is under • the head Low speed reading High positioning speed High speed reading Low positioning speed

  7. information Organization of Disks... • Positioning of the • sector is under the • head The amount of time passed to position the sector under the head is the same inside and outside. But because of having less sectors inside the amount of time passed to position the sector is relatively less.

  8. information Organization of Disks... • Positioning the • Sector under the • head.. Practically %5-10 lesser. Result in practice Outside of the disk is always Faster.

  9. SCSI vs. IDE... SCSI Better driver electronic Better optimized sectors Much faster head move. Tag Sorting.. The most important factor that reduces the search time for the sector. data High Databus speed.. Much faster transfer More device to the same databus - RAID SCSI Systems, are indispensable for Applications that need High Speed

  10. Linux File Systems

  11. Linux EXT2 File location informations are scattered througout the disk. The pointer to the file (inode) and file info are kept close. First location to show inode table is called SUPERBLOCK. Superblock is kept on the disk with 3-4 copies. Privileges can be given to each of User, Group, Others. Backs Hard/Symbolic Link. On-the-fly Compress, immutable files vs..

  12. Linux EXT2 - Metadata

  13. EXT3 It is basicly the same as EXT2 but added journal property. EXT2 FS, can be easily converted to EXT3: tune2fs -j /dev/hda5 ... Journal is kept on a file. System can be used as EXT2 in case of a journal error.

  14. Reiser-FS Metadata Journal. File System Information On Demand, 3. Partu DATA Journal Support Balanced B* tree. High Performance. 2 G File in directories without loss of performance.. It can hold small files in one block. Namesys Compatibility

  15. SGI-XFS Enterprise is a file system for systems. Many extra properties. File system backup, POSIX 1003.1e ACL, Extended Attributes vs. vs. vs. 64 Bit .. No limit for the near future.. DMAPI for Hierarchical Data Storing..

  16. SGI-XFS XFS don’t aim for the highest performance. POSIX 1003.6 Compatibility, ACL, MAC, Audit.. Strong, extendible FS.. %100 data loss free Journal.. More than one Storing unit.. On high level applications guaranteed level Adequate performance..

  17. Ext2 KB/sec 4K Blocs 1000 500 1K Blocs 50 100 % Fullness rate

  18. ReiserFS KB/sec 1000 500 50 100 % Fullness rate

  19. ReiserFS (mount -o notail) KB/sec 2000 1000 50 100 % Fullness rate

  20. XFS KB/sec 1000 500 50 100 % Fullness rate

  21. Small but many files.  Particion vastness  Large files  Kernel I/O mechanism  Programs disk access.. WHY ? Any access method isn’t suitable for every time.. ? ?

  22. Real Life... Programs may reach very different places at the same time.. There are no queued Requests on the system.. No one can know what the programs will want on the next step..

  23. Real Life... It is a system which proved itself. Adequently efficient if 4K blocks are used Ext2FS Can journal with ext3. Fullness of the disk or defragmentation doesn’t effect speed.

  24. Real Life... Very good on performance Relatively small but for many files.. ReiserFS Not so trustworty. Reiser4 comes on September/November 2002..

  25. Real Life... Good on performance Optimal performance is aimed. XFS Look strong, can have interesting conflicts .. not included in Kernel code.. SGI ? Promises alot with design targets

  26. For people who don’t like mathematics... We tested 3 different systems. 486 DX2 32 MB RAM, 4.3 GB HDD CEL 433 128 MB RAM, 8.4 GB HDD PIII 1000, 512 MB RAM, 40 GB HDD..

  27. For people who don’t like mathematics... On Desktop... 486 DX2 32 MB RAM, 4.3 GB HDD XFS slowest, Reiser FS average, Ext2 good.. XFS and Ext2 never got down, Reiser FS :(( CEL 433 128 MB RAM, 8.4 GB HDD XFS slowest, ReiserFS fast, Ext2 average XFS and Ext2 never got down, Reiser FS :(( PIII 1000, 512 MB RAM, 40 GB HDD.. XFS - ReiserFS same, Ext2 :(( XFS and Ext2 never got down, Reiser FS :((

  28. For people who don’t like mathematics... We set up a network (Always been there...) 22 PIII 64..128 MB RAM, 6.4..20 GB HDD Windows 98 and Mandrake 8.0 PIII 1000 CPU 512/1024 MB RAM 2x40 GB SoftRAID0 HDD Suse 7.1, Linux 2.4.18 Kernel Apache 1.3, Samba 2.2.3a Sendmail + ipop3d 23 GB MP3 15 GB ISO Image.. 3 100 Mbit Ethernet

  29. For people who don’t like mathematics... With Windows 98 : Using Explorer, streaming music.. Copied ISO’s to the disk.. We sent CD’s to the main machine with FTP.. With Linux: Watched clips through NFS. Got ISO’s through FTP. Downloaded MP3’s with Konqueror. On every machine we ran STMP and POP3 with 150 processes..

  30. For people who don’t like mathematics... Performance For Web Server: ReiserFS -> Very good XFS -> Good ext2 -> Good ext3 -> average.. FTP/SMB/NFS: ReiserFS -> Good XFS -> Very good ext2 -> Acceptable. ext3 -> Acceptable.

  31. For people who don’t like mathematics... Stability: ReiserFS: Make at least two UPS avaible. Don’t forget to back up. Can go down without sortege. XFS: Don’t necessarily pay for UPS. Again don’t neglect back up. Didn’t go down without sortege. Could not be saved with Journal. EXT2/EXT3: Having UPS is a good thing. Again don’t neglect back uping. Didn’t go down without sortege.

  32. For people who don’t like mathematics... General recommendation: For small,desktops ext2/ext3.. Larger machines, servers XFS.. For people who want to be fast and furious, ReiserFS For ReiserFs you should wait Raiser 4..

  33. Understanding The Linux File System Hierarchy

  34. Mounting a device on the file system Sample.tar.z – index.html – Makefile – binutils-2.15.92.0.2-5. – vsftpd_2.0.3-1.deb

  35. General Security Informations

  36. Cert/CC Incidents Reported Throughout the Years

  37. Internal Threat Elements Ignorant and unconcious usage Bad intended actions ~ % 80 External Threat Elements Attacks that are aimed Attacks that are loose ~ % 20 Threat Types

  38. Internal Threat Elements • Ignorent and Unconcious Usage • Unplugging of the Server by the cleaner • Database deletion by an uneducated employee • Bad Intended Actions • A fired employee changing the corporate web site • An employee who runs a “Sniffer” under the network and reading E-Mails • An executive selling a plan for a developed product to the rivals

  39. External Threat Elements • Attacks that are aimed • An attacker changing the corporate web site • An attacker changing corporate accounting registers • Multiple attackers accessing the corporate web server and stolling it for service • Attacks that are loose • Virus Attacks (Melissa, CIH – Chernobyl, Vote) • Worm Attackers (Code Red, Nimda) • Trojan Back Doors (Netbus, Subseven, Black Orifice)

  40. Attacker Types • Professional Criminals • Young generation attackers • Corporate employees • Industry and Technology spies • Outside Government Administrations

  41. Quality of attack and the evolution of attackers abilities (CERT/CC)

  42. Quality of Attackes and Their Guessed Numbers Hundreds Thousands Tens of Thousans Millions Carnegie Mellon University (1998-1999-2000) Very Dangerous Predator Mid-Level Entry Level

  43. Attacker Motivation • Financial Benefits • Rivalry Advantage • Political • Economical/Commercial • Desire to Gain Extra Resources • Personal Anger or Revenge • Curiosity or Desire to Learn • Reckless Behaviour

  44. Systems That Are on a Network And Have Potential Risks Web Server that is left on the conjectural corporation E-Mail server that allow Relay Client that belongs to the secretary Router Internet Client that belongs to the administrator Security Wall Security Wall that neglects divided packeges Other Networks Router that can channel source or Spoof Local Network

  45. Spoofing • Basicly it can be defined as misleading the source. • Usually it is used to gain extra rights from the targer, diverting the guilt to other people’s/corporations responsibility, hide itself or arrange disorganized attacks. • It can be used in various protocols, verifiying systems , applying special processes.

  46. Spoofing Tecniques • MAC Spoofing can be made through changing of MAC addresses psically or with the changes in the ethernet packeges • ARP Spoofing can be made through misleading the matching of ARP protocol packeges and IP/MAC addresses • IP Spoofing can be made through changing the source IP address in IP packeges • DNS Spoofing can be made through taking over DNS servers or sending fake replies to the requests • Identity diversion can be made through copying cookies that are taken from Web server • It can be done in finger print systems with previously gotten finger print