MCS-022 Operating System Concepts and Networking Management

__________________________________________________________________________

Course Code : MCS-022

Course Title : Operating System Concepts and Networking
Management
Assignment Number : MCA (2)/022/Assign/09
___________________________________________________________________________

Question 1:
(a) What is an IP address? How is it configured? Write all the steps.
(b) List and explain the various features of Bridges with the help of a diagram.

Answer (a) IP address structure and classification

A typical IPv4 address

Address Classes
In the original Internet routing scheme developed in the 1970s, sites were assigned addresses from one of
three classes: Class A, Class B and Class C. The address classes differ in size and number. Class A
addresses are the largest, but there are few of them. Class Cs are the smallest, but they are numerous.
Classes D and E are also defined, but not used in normal operation.
To say that class-based IP addressing in still used would be true only in the loosest sense. Many addressing
designs are still class-based, but an increasing number can only be explained using the more general
concept of CIDR, which is backwards compatible with address classes.
Suffice it to say that at one point in time, you could request the Internet NIC to assign you a class A, B or C
address. To get the larger class B addresses, you might have to supply some justification, but only the class
A was really tough to get. In any case, NIC would set the network bits, or n-bits, to some unique value and
inform the local network engineer. It would then be up to the engineer to assign each of his hosts an IP
address starting with the assigned n-bits, followed by host bits, or h-bits, to make the address unique.

Internet routing used to work like this: A router receiving an IP packet extracted its Destination Address,
which was classified (literally) by examining its first one to four bits. Once the address's class had been
determined, it was broken down into network and host bits. Routers ignored the host bits, and only needed
to match the network bits to find a route to the network. Once a packet reached its target network, its host
field was examined for final delivery.

Summary of IP Address Classes

Class A - 0nnnnnnn hhhhhhhh hhhhhhhh hhhhhhhh
· First bit 0; 7 network bits; 24 host bits
· Initial byte: 0 - 127
· 126 Class As exist (0 and 127 are reserved)
· 16,777,214 hosts on each Class A

Class B - 10nnnnnn nnnnnnnn hhhhhhhh hhhhhhhh

· First two bits 10; 14 network bits; 16 host bits
· Initial byte: 128 - 191
· 16,384 Class Bs exist
· 65,532 hosts on each Class B

Class C - 110nnnnn nnnnnnnn nnnnnnnn hhhhhhhh

· First three bits 110; 21 network bits; 8 host bits
· Initial byte: 192 - 223
· 2,097,152 Class Cs exist
· 254 hosts on each Class C

Class D - 1110mmmm mmmmmmmm mmmmmmmm mmmmmmmm

· First four bits 1110; 28 multicast address bits
· Initial byte: 224 - 247
· Class Ds are multicast addresses -

Class E - 1111rrrr rrrrrrrr rrrrrrrr rrrrrrrr

· First four bits 1111; 28 reserved address bits
· Initial byte: 248 - 255
· Reserved for experimental use

b) Answer: A DNS server is any computer registered to join the Domain Name System. A DNS server
runs special-purpose networking software, features a public IP address, and contains a database of network
names and addresses for other Internet hosts.
DNS Root Servers
DNS servers communicate with each other using private network protocols. All DNS servers are organized
in a hierarchy. At the top level of the hierarchy, so-called root servers store the complete database of
Internet domain names and their corresponding IP addresses. The Internet employs 13 root servers that
have become somewhat famous for their special role. Maintained by various independent agencies, the
servers are aptly named A, B, C and so on up to M. Ten of these servers reside in the United States, one in
Japan, one in London, UK and one in Stockholm, Sweden.
DNS resolution
Resolution occurs when a client queries a name server to obtain the IP address with which it wants to
connect. If a name server in the local domain cannot resolve a client's request, it queries other servers to
locate a server that can.
There are two types of resolution:
· by iteration
· by recursion

Iterative queries
By default, a name server queries ``iteratively'' (or non-recursively). This means that it queries several
name servers in turn until it finds an answer. It starts by consulting a known name server within the domain
hierarchy that contains the destination machine. If it does not already know of a suitable server to ask, it
first asks a server in the root domain. Each server responds by referring to a name server in the domain
name hierarchy that is closer to the one containing the destination machine. The local server then repeats its
query to the name server whose name and IP address it has just been given. In this way, the local server
traverses the domain name space until it reaches a name server for the domain that contains the destination
machine. This name server
should be able to provide the IP address of the destination machine. ``Obtaining an IP address by iterative
query'' illustrates how a client in the domain reseau.co.fr might obtain the IP address of the remote host
missouri.rivers.mynet.com.

Obtaining an IP address by iterative query

The steps taken to resolve missouri.rivers.mynet.com to its IP address are:
1. The local client asks the local name server for the IP address of
missouri.rivers.mynet.com.
2. The local name server does not know the IP address of Missouri .rivers
.mynet.com . It also does not know the IP address of the name servers for
rivers.mynet.com or mynet.com so it asks a root name server for the IP address of
missouri.rivers.mynet.com.
3. The root name server does not know the IP address of Missouri .rivers .mynet.com, but it
does know the IP address of the name server for mynet .com so it tells this to the local name
server.
4. The local name server asks mynet.com's name server for the IP address of
issouri.rivers.mynet.com.
5. mynet.com's name server does not know the IP address of Missouri .rivers.mynet.com, but
it does know the IP address of the name server for rivers.mynet.com so it tells this to the local
me server.
6. The local name server asks rivers.mynet.com's name server for the IP address of
missouri.rivers.mynet.com.
7. rivers.mynet.com's name server is authoritative for its zone so it can supply the IP
address of missouri.rivers.mynet.com
c) A real-time operating system (RTOS) is an operating system that guarantees a certain capability within
a specified time constraint. For example, an operating system might be designed to ensure that a certain
object was available for a robot on an assembly line. In what is usually called a "hard" real-time operating
system, if the calculation could not be performed for making the object available at the designated time, the
operating system would terminate with a failure. In a "soft" real-time operating system, the assembly line
would continue to function but the production output might be lower as objects failed to appear at their
designated time, causing the robot to be temporarily unproductive. Some real-time operating systems are
created for a special application and others are more general purpose. Some existing general purpose
operating systems claim to be a real-time operating systems. To some extent, almost any general purpose
operating system such as Microsoft's Windows 2000 or IBM's OS/390 can be evaluated for its real-time
operating system qualities. That is, even if an operating system doesn't qualify, it may have characteristics
that enable it to be considered as a solution to a particular real-time application problem. In general, real-
time operating systems are said to require:
· multitasking
· Process threads that can be prioritized
· A sufficient number of interrupt levels

Real-time operating systems are often required in small embedded operating systems that are packaged as
part of microdevices. Some kernels can be considered to meet the requirements of a real-time operating
system. However, since other components, such as device drivers, are also usually needed for a particular
solution, a real-time operating system is usually larger than just the kernel.

The key difference between general-computing operating systems and real-time operating
systems is the need for " deterministic " timing behavior in the real-time operating systems. Formally,
"deterministic" timing means that operating system services consume only known and expected amounts of
time. In theory, these service times could be expressed as mathematical formulas. These formulas must be
strictly algebraic and not include any random timing components. Random elements in service times could
cause random delays in application software and could then make the application randomly miss real-time
deadlines – a scenario clearly unacceptable for a real-time embedded system. Many non-real-time operating
systems also provide similar kernel services.

General-computing non-real-time operating systems are often quite non-deterministic.

Their services can inject random delays into application software and thus cause slow responsiveness of an
application at unexpected times. If you ask the developer of a nonreal- time operating system for the
algebraic formula describing the timing behavior of one of its services (such as sending a message from
task to task), you will invariably not get an algebraic formula. Instead the developer of the non-real-time
operating system (such as Windows, Unix or Linux) will just give you a puzzled look. Deterministic
timing behavior was simply not a design goal for these general-computing operating systems.

On the other hand, real-time operating systems often go a step beyond basic determinism. For most kernel
services, these operating systems offer constant load-independent timing:
In other words, the algebraic formula is as simple as: T(message_send) = constant , irrespective of the
length of the message to be sent, or other factors such as the numbers of tasks and queues and messages
being managed by the RTOS.

Question 3:
(i) How do you share files, folders and drive in Window XP? Why is sharing an entire drive
is not recommended ?

Answer (I).
To share files on your computer with other computers on a network, you need to:

• Share a folder on your computer. This will make all of the files in the folder available to all
the computers on your network (you can’t share individual files).
• Set up user accounts on your computer for everyone who needs to connect to your shared folder. If any
of the accounts are Limited User accounts (unless an account is a Computer Administrator account, it is a
Limited User account), follow the steps in Set permissions for files and folders to enable them to open
your files.

To access shared files that are on another computer on your network, you need to:
• Connect to the shared folder from other computers on the network. This procedure is described
in Map a network drive.
Note: By default, file permissions only allow your user account and administrators on your local computer
to open your files, regardless of whether a person is sitting at your keyboard or at another computer. It may
help to keep these three things in mind when setting up file sharing:
• Files have user permission settings.
• Every computer has its own user database.
• Some accounts are administrator accounts and some aren’t.

Configure your computer to share files

To share a folder on your computer so that files stored in the folder can be accessed
from other computers on your home network

1. Log on to your computer as an administrator. For more information, see Access the
administrator account from the Welcome screen.
2. Click Start, and then click My Documents.
Tip: If you want to share your entire My Documents folder, open My Documents, and then click the Up
button on the toolbar. You can then select the My Documents folder.

4. If you see a message that reads, As a security measure, Windows has disabled remote access to this
computer, click the Network Setup Wizard link. Then follow the instructions in How to set up your
computer for home networking. On the File and printer sharing page of the Network Setup Wizard, be
sure to select Turn on

5. If you want to be able to edit your files from any computer on your network (instead of just being able to
open them without saving any changes), select the Allow network users to change my files check box.

7. Click OK.
Windows Explorer will show a hand holding the folder icon, indicating that the folder is now shared.
(ii) Describe the role of the primary and backup domain controller in enhancing security in
windows 2000.

Answer.
A Primary Domain Controller (PDC) is a server computer in a pre- Windows 2000 NT server Domain. A
domain is a concept used in NT server operating systems whereby a user may be granted access to a
number of computer resources with the use of a single username and password combination.Such domains
have at least a Primary Domain Controller, and will often have one or more Backup Domain Controllers
(BDCs). The PDC has the master copy of the user
accounts database which it can access and modify. The BDC computers have a copy of this database, but
these copies are read-only. The PDC will replicate its account database to the BDCs on a regular basis. The
BDCs exist in order to provide a backup to the PDC, and can also be used to authenticate users logging on
to the network. If a PDC should fail, one of the BDCs can then be promoted to take its place. The PDC will
usually be the first domain controller that was created unless it was replaced by a promoted BDC.

Backup Domain Controller (BDC) is a computer that has a copy of the user accounts database. Unlike the
accounts database on the Primary Domain Controller (PDC), the BDC database is a read only copy. When
changes are made to the master accounts database on the PDC, the PDC pushes the updates down to the
BDCs. Most domains will have at least one BDC, often there are several BDCs in a domain. These domains
exist to provide fault tolerance. If the PDC fails, then it can be replaced by a BDC. In such circumstances,
an administrator promotes a BDC to be the new PDC. BDCs can also authenticate user logon requests - and
take some of the authentication load from the PDC.

Use of the Legacy Client is not recommended in secure environments. Installing the Legacy Client on the
domain controller is not recommended because many Legacy Client accounts require local Administrator
rights, which become domain admins on a domain controller.

Account and password creation

When installing Legacy Clients with Client Push Installation, Client Configuration Manager (CCM) creates
this domain account to run the CCM boot loader service on client computers that are domain controllers.
This account is made unique by including the domain controller name in the account name. For enhanced
security, SMS randomly generates and encrypts the passwords for these accounts. This account is
automatically deleted after the client is set up.

Account location
Because the client is a domain controller, the account is created in the domain that the client belongs to.
You will have one account for each domain controller in the domain running the Legacy Client. The
accounts include the server name in the account name to keep them unique.

Account maintenance
Do not change the passwords, account names, or permissions for this account. If you change the account
manually, the related processes do not run successfully, and you run the risk of causing account lockouts by
forcing the accounts out of synchronization.

Security best practices

Resolve problems that prevent temporary accounts from being deleted because it would prevent the
SMS#_dc from being deleted after installation is completed.

Shared folders is a term used for IMAP folders that can be accessed simultaneously by many users. Kolab
allows to specify a variety of access rights for such folders so that you can easily specify which users can
read, write or modify the messages held in the IMAP folder.
Since a shared folder can also hold groupware resources (like events, tasks, addresses, notes, etc.) instead
of plain mail they are an ideal tool for team organization and communication.

(iii) What are the shared folders in windows and why are they used?
Answer.
1. Open "My Network Places" from the Start Menu or from the left pane of Windows Explorer (under
Desktop, below My Documents and My Computer).
2. Open the "Entire Network" item listed in the left pane of My Network Places.
3. Open the "Microsoft Windows Network" item.
4. Next, open the new item that appears showing the computer's workgroup (or domain) name.
5. Finally, click on the new item that appears showing the computer's name.
6. In the right pane, any non-administrative Windows shares set on this computer will appear. If
no items appear, no folders have been set for sharing.
Folders shown in this window link to the actual shared folders. Opening any of these shares will reveal
the contents of the actual folder. Note that renaming or deleting files from this linked location is not
permitted. Note also that this method reveals the contents but does not reveal the actual location of the
shared folders on the hard drive.
7. To find the actual location of file shares on Windows XP or Windows 2000, and also to view
administrative shares, open a command prompt. To open a command prompt, click the Start
Menu, choose the Accessories option, then choose Command Prompt. Alternatively, click the
Start Menu, choose the Run option, then type 'cmd' in the Run window that opens.
8. Type the command 'net share' and press Enter in the command prompt window. The 'net share' command
shows the name and location of each shared folder on that computer. Share names that end with a dollar
sign ($) are administrative shares. Several administrative shares are created automatically by Windows;
these should not be modified.

(iv) Write the purpose of VPN and name some VPN protocols supported in windows
2000.
Answer.
VPN Protocols
The term "VPN" has taken on many different meanings in recent years. VPNC has a white paper about
VPN technologies that describes many of the terms used in the VPN market today. In specific, it
differentiates between secure VPNs and trusted VPNs, which are two very different technologies.
For secure VPNs, the technologies that VPNC supports are
· IPsec with encryption
· L2TP inside of IPsec
· SSL with encryption
For trusted VPNs, the technologies that VPNC supports are:
· MPLS with constrained distribution of routing information through BGP ("layer 3 VPNs")
· Transport of layer 2 frames over MPLS ("layer 2 VPNs")
IPsec is the most dominant protocol for secure VPNs. SSL gateways for remote-access users are also
popular for secure VPNs. L2TP running under IPsec has a much smaller but significant deployment. For
trusted VPNs, the market is split on the two MPLS-based protocols. Companies want to do their own
routing thend to use layer 2 VPNs; companies that want to outsource their routing tend to use layer 3
VPNs.

The various VPN protocols are defined by a large number of standards and recommendations that are
codified by the Internet Engineering Task Force (IETF). There are many flavors of IETF standards,
recommendations, statements of common practice, and so on. Some of the protocols used in IPsec are full
IETF standards; however, the others are often useful and stable enough to be treated as standard by people
writing IPsec software. Neither of the trusted VPN technologes are IETF standards yet, although there is a
great deal of work being done on them to get them to become standards.

RFCs
The IETF codifies the decisions it comes to in documents called "Requests For Comments". These are
almost universally called by their acronym "RFCs". Many RFCs are the standards on which the Internet is
formed.
The level of standardization that an RFC reaches is determined not only by "how good" the RFC is, but by
how widely it is implemented and tested. Some RFCs are not solid standards, but they nonetheless
document technologies that are of great value to the Internet and thus should be used as guidelines for
implementing VPNs.
For the purpose of defining VPNs, any protocol that has become an IETF Request For Comments (RFC)
document can be treated as somewhat of a standard. Certainly, any IPsec-related RFC that has been deemed
to be on the IETF "standards track" should
certainly be considered a standard.

Internet Drafts
Before a document becomes an RFC, it starts out as an Internet Draft (often called "IDs" or "I-Ds"). IDs are
rough drafts, and are sometimes created for no other benefit than to tell the Internet world what the author
is thinking. On the other hand, there is often very good information in some IDs, particularly those that
cover revisions to current standards.
Some Internet Drafts go along for years, but are then dropped or abandoned; others get on a fast track to
becoming RFCs, although this is rare. Internet Drafts are given names when they first appear; if they
become RFCs, the I-D name disappears and an RFC number is assigned.
It should be emphasized here that it is unwise to make any programming decisions based
on information in Internet Drafts. Most IDs go through many rounds of revisions, and some rounds make
wholesale changes in the protocols described in a draft. Further, many IDs are simply abandoned after
discussion reveals major flaws in the reasoning that lead to the draft.
That being said, it is worthwhile to know which IDs pertain to areas of interest. The following is a list of
the IDs that are related to Internet mail. Some of these drafts will likely become RFCs in the months or
years to come, possibly with heavy revision; some will be merged with other drafts; others will be
abandoned.

++Protocol listings
The relevant IETF Working Groups for the protocols used by secure VPNs and trusted VPNs are:
· Profiling Use of PKI in IPsec Working Group
· Transport Layer Security Working Group
· Layer 2 Virtual Private Networks (l2vpn) Working Group
· Layer 3 Virtual Private Networks (l2vpn) Working Group
· Pseudo Wire Emulation Edge to Edge (pwe3) Working Group

Note that the IPsec Working Group was disbanded in April, 2005.
The documents are arranged by the general categories they apply to. These categories are:
For secure VPNs:
· General IPsec
· ESP and AH (encryption and authentication headers)
· Key exchange (ISAKMP, IKE, and others)
· Cryptographic algorithms
· IPsec policy handling
· Remote access
· SSL and TLS
For trusted VPNs:
· General MPLS
· MPLS constrained by BGP routing
· Transport of layer 2 frames over MPLS

Question 4:
(i) What is a Instruction Detection system (IDS)?

Answer (I).
Security risks have grown dramatically for Internet service providers because entire infrastructures are
based on open standards systems. As a result, ISPs need to be able to quickly and accurately detect
unauthorized changes and respond accordingly, in order to maximize security and minimize downtime.

Intrusion Detection Systems (IDS) remain relatively youthful, but in terms of development they are
growing at an extraordinary rate.

Generally speaking, there are four different categories of intrusion detection systems— network instruction
detection, system integrity verifiers, log file monitors, and deception systems.
Network intrusion detection systems (NIDS) monitor packets traversing the system in an attempt to
discover anomalies, indicating that an intruder trying to break into a system, or worse—launch a distributed
denial of service (DDoS) attack. NIDSs look for frequent connection requests to different ports to reveal
port scans.

System integrity verifiers (SIV) monitor system files in an attempt to discover when an intruder changes
the files—leaving behind a backdoor. A SIV may be capable of detecting changes in critical files, but these
systems usually don't generate real-time alerts to network intruders. Log file monitors (LFM) simply
monitor log files generated across network services. LFMs also look for patterns and anomalies in log files
that suggest an intruder is attacking the network.
The sole purpose of a deception system—known in the industry as decoys, fly traps and
honeypots—is to lure an unsuspecting intruder into a network through well-known security holes and trap
the intruder.
Whether you need a simple intrusion alert system and network anomaly reports, or need to defend your
network against DDoS attacks, smurfing, ping floods and the like, it's a imperative that you prepare a line
of defense today or risk having your business be exploited by some script kiddie tomorrow.

With the rapid increase in the number of LAN connections to the world's largest computer network
(the Internet), new security techniques should be used to protect local networks against intrusion from
the Internet. Basically, we need to prevent destruction of data by intruders, maintain the privacy of local
information, and prevent unauthorized use of computing resources. To improve network security, network
connections to the Internet, in general, do not take place transparently. Instead, firewall servers are used to
protect the systems connected to the local network against assaults from the Internet. But, there is a price to
pay, usually, because the firewall server results in a bottleneck for assaults from the Internet into the LAN
as well as for allowed communication between the LAN and the Internet.

Security protection methods are basically concerned with ensuring network's efficiency and effectiveness.
With successful security implementations, risks can be reduced but not eliminated. There are several
protection methods to ensure confidentiality, integrity and continuity. The dominating security protection
method in the mainframe computing environment is the Access Control. It consists primarily of functions
related to:
1. Access Mediation via connection control establishment,
2. Identification by means of Logon-Ids,
3. Authentication by means of Passwords,
4. Deferent levels of authorization controlled by Access Privileges,
5. Monitoring and enforcement,
6. Disaster recovery programs to respond to incidents,
7. Logging to record traffic and usage of services.

Protection With Firewalls

The best line of defense is an up-to-date and constantly maintained firewall. A firewall/proxy server is a
mechanism that is used to protect a trusted network, such as an organization's internal network, from an
untrusted network, typically the Internet, or any other untrusted network [second]. Firewall/Proxy servers
provide the most reliable method to control outbound access and to protect networks against unauthorized
intrusions. It checks addresses and characteristics of messages to make sure that they follow authorization
rules. All messages that are verified to be legitimate are allowed to flow through the firewall, while others
are blocked. The majority of firewalls are used between internal networks and the Internet, but they can be
used in any internet, such as a company's wide area network [second]. The design decision sets the general
attitude of the firewall whether to provide a higher degree of service or a higher degree of security. To
protect the firewall server itself, no users should be allowed to login on the firewall
server [sixth].

(ii) What are the two general methods of implementing network security by firewalls?

Answer
Firewall Concepts
A firewall is a trusted system that is placed between a trusted internal network and another un trusted
external network. The firewall system implements a policy that defines what information should be allowed
to pass through. In general firewalls have the following features and limitations [fourth]:
Features:
1. It can control the access to the protected network.
2. It can provide one central point of security.
3. It provides more privacy by hiding addresses.
4. It provides logging for security and other purposes.
5. It can notify the network administrator of security related events, so that he can take the
appropriate actions.
6. It can be integrated with authentication keys.
7. It enforces the security policy.

Limitations:
1. Restricted access to desirable services.
2. Back door access problem.
3. Inside attacks.
4. Email viruses.
5. Potential bottleneck
6.Single point of failure.
(iii) Distinguish between Symmetric and Asymmetric Cryptography?

Answer.
Symmetric cryptography uses the same secret (private) key to encrypt and decrypt its data whereas
asymmetric uses both a public and private key. Symmetric requires that the secret key be known by the
party encrypting the data and the party decrypting the data. Asymmetric allows for distribution of your
public key to anyone with which they can encrypt the data they want to send securely and then it can only
be decoded by the person having the private key. This eliminates the need of having to give someone the
secret key (as with symmetric encryption) and risk having it compromised.
The issue with asymmetric is that it is about 1000 times slower than symmetric encryption which makes it
impractical when trying to encrypt large amounts of data. Also to get the same security strength as
symmetric, asymmetric must use strong a stronger key than symmetric.In a symmetric key cryptosystem, a
single key is used to encrypt and decrypt data between two communicating hosts. In order to break the
system, an attacker must either: A) discover the key through trial-and-error, or discover the key during the
initial “key agreement.” (From Navy)

Symmetric Key Encryption Schema

Symmetric key protocols are known to be faster and stronger than their asymmetric counterparts but do
possess unique disadvantages that we will discuss later. We will now look at some common symmetric
algorithms.

Asymmetric cryptography ... provides the foundation for password-authenticated key agreement and
zero-knowledge password proof techniques. This is important in light of empirical and theoretical proof
that secure password-only authentication over a network cannot be achieved with just symmetric
cryptography and hash functions.

(iv) List different types of malicious codes and describe their features.

Answer.
viruses and other malicious code that can threaten your data and system security. We will discuss the
different types of viruses and malicious code, what they are, how they infect your computer and what
damage they can cause.

What is a Virus?
Simply put, viruses are small programs designed with (usually) malicious intent that attach themselves to
other programs or files. They are capable of copying themselves throughout a computer or computers. They
are called viruses because of the way they emulate their biological namesakes. A virus will infect healthy
programs in a host computer and then spread to other healthy hosts, infecting them as well. Just as
biological viruses range from being quite harmless to lethal, computer viruses may simply cause a harmless
message to appear on your screen occasionally, or may render your system inoperable.

Worms
A worm is a piece of code that can make fully functional copies of itself and travel through a computer
network and/or across the Internet through a number of means. A worm does not attach themselves to other
programs like traditional viruses, but creates copies of itself, which in turn create even more copies. The
computer 'worm' is so-called because of the way in which 'rogue' computer code was originally detected.
Printouts of computer memory locations would show random 'wormhole' patterns, much like that of the
patterns on worm-eaten wood. The term eventually became shortened and used to describe viruses that
could 'worm' or propagate across networks and the Internet, leaving copies of themselves as they travelled.
Worms are prolific due to the fact that most are created using simple scripting languages that can be created
with a text editor and become fully functional 'programs' under the right conditions. For example, if you
were to obtain a copy of the 'I Love You' worm and changed the files extension from vbs to txt, you could
safely open the file in Notepad and ssview the structure of the worm. This makes the vbs script worm
extremely popular among the 'script kiddy' fraternity, as it takes no (or very little) programming knowledge
to modify an existing worm and release it into the wild (when a virus is circulating in the computing
community or throughout the Internet, it is said to be 'in the wild'.)

Trojan Horses
Trojan horses are named after the wooden horse from Greek mythology in which Greek soldiers snuck into
the city of Troy. Accordingly Trojans are malicious programs that sneak into a victim computer disguised
as harmless software. Trojans may also be 'wrapped' inside another program so that when the original
innocent program is installed, the Trojan program is installed as well.
The most commonly described Trojan has a payload that will allow a user on another computer somewhere
else in the world to gain full control and access to the files on your computer. In this way, they can be used
to launch denial of service attacks such as those that brought down Yahoo! and E-bay early in 2000.

How Can a Virus, Worm or Trojan Infect Your System?

Malicious code can be spread through just about any computer medium. They can arrive on an infected
floppy disk and infect your system when a file on the disk is opened. Worse still, a floppy disk could be
inadvertently left in the computer when it is shut down. Upon reboot, if the floppy is infected with a boot
sector virus, the infection will be transmitted to your system.

The most common methods employed to spread viruses and worms are either through email
as attachments or through IRC (Internet Relay Chat). Typically, in the case of email, a message will arrive
with an attachment, the user clicks on the message and the code is executed immediately. Viruses are
capable of bringing down entire networks by clogging e-mail servers with copies of themselves. Some
viruses will repeatedly extract addresses from e-mail 'address' books and send themselves to the recipients.
Some contact lists can generate potentially thousands of messages, causing massive network bandwidth
problems. Don't think that just because your new software program is in a shrink-wrapped box it is virus-
free either. Viruses have been found on software disks distributed by major software companies, as well as
on computer systems that have come fresh from the factory. In 1995, Microsoft inadvertently released a
Compact Disc containing the 'Concept' macro virus and as late as last year, IBM shipped an undisclosed
number of Aptiva computers infected with the CIH (Chernobyl) virus.

Potential Damage
Virus infection can have a variety of effects on an infected system. Some viruses may simply take up space
on the computer hard drive until you receive 'low disk space' messages from the system. Others may pop-
up messages on a particular date or change system icons. For example, the 4K virus will pop up a message
on the screen, 'FRODO LIVES!' on the 22nd of September. The Tentacle2 virus will change your icons to
that of a purple 'monster'. Other viruses are potentially much more damaging. The CIH, or Chernobyl virus
will, if not detected and removed, overwrite files on your hard disk and destroy the BIOS information on
your computer. Chernobyl spreads easily and hides in an infected system until the 26th of a particular
month depending on which variety it is. The BIOS chip is the 'heart' of your computer. If the information
contained in this chip is overwritten by CIH, the system will become unusable, meaning the chip will have
to be replaced. However, on some systems, the chip cannot be removed, which means the entire mainboard
of the computer will have to be replaced, an expensive, time consuming process.
Question 5:
(a) Write the steps for installing a network printer in Windows 2000 and LINUX.
Answer (a).
Printer sharing between Windows and Linux
The less you need to rely on any proprietary protocol to get work done, the better off you are overall. Some
of those protocols have been real stumbling blocks — such as SMB, Microsoft’s proprietary protocol for
file and printer sharing. Linux implementations of SMB exist, but you’re probably better off without it in
the long run whenever you can manage it.
I recently set up a Linux workstation that shared out a Hewlett-Packard printer to the rest of my network —
a network that otherwise consisted entirely of Windows machines. I didn’t like the idea of setting up SMB
support on the Linux box, and instead, explored the possibility of having the Windows machines connect
directly to the shared printer as a network printing device.
To my surprise, this turned out to be pretty easy. Here are the steps to connect your Windows machines to
the shared printer:
Set up the printer on your Linux machine and share it using CUPS via port 631. The exact method for
doing this varies between distributions, so check with your distro’s documentation. The end result should
be a working printer, and a running CUPS service which you can access through your Web browser at
http://localhost:631 from the Linux system.
Using the CUPS Web interface, go to the Printers tab and make a note of the printer name,
which is typically the Description: line). You can do this from the Windows machine where you plan to set
up printer support.
In Windows, go to Control Panel | Printers and click onAdd a printer.
When prompted for a printer location, select Network printer, in the Add Printer Wizard.
When prompted for the network location, select URL and use the following URL format:
http://<hostname>:631/printers/<printername>.

For instance, if the Linux host has a DNS name of linuxbox and the printer is named LaserJet-5, you’d use
http://linuxbox:631/printers/LaserJet-5 as the URL.
When asked for a printer driver, select Generic as the manufacturer and MS Publisher Imagesetter as the
driver. In truth, any generic PostScript driver will do, but this works as well as any.
When finished with the wizard, print a test page to make sure everything is set up correctly.
In Windows Vista, the steps are almost exactly the same, but the nomenclature for some of the steps is a
little different. In the first step of the wizard, Vista will attempt to search for a printer (via SMB, which it
won’t find). Click Stop to halt the search and then click The printer that I want wasn’t listed to add a printer
manually.

In the next step of the wizard, use Select a shared printer by name when you want to supply the printer’s
URL. The rest should unfold exactly as before. Adding a printer by TCP/IP address or hostname will not
work. Finally, if you’re using a firewall product, make sure that port 631 is not being blocked. The
Microsoft firewall on the Windows machine will usually know automatically what to do, but some third-
party products may not.

If you’re managing a workgroup and using system images to deploy your desktops, you can use the
Windows con2prt utility, or a freeware substitute like AdPrintX, as a way to automate adding references to
a CUPS-managed printer. If you’re dealing with multiple CUPS-driven printing systems on the Linux side,
you may want to drop the cash for the CUPS Companion CD and its accompanying book. The CUPS
Companion CD is now offered in lieu of the commercial UNIX printing product ESP Print Pro, which is
being discontinued by the manufacturer.
(b) How does a domain differ from workgroup?
Answer . Workgroup vs. Domain:
Windows has two modes of operation - Workgroup and Domain. Depending on the environment that
your computer is in, you will be running in one of these two modes. Most home and small business
environments will be Workgroup, and most mid- to large businesses will run in domain mode. There are
different features and capabilities depending on each, and each serve a purpose
Workgroups can be best understood as a loosely connected group of computers. They rely on each other for
nothing, but they are there to share resources should the need arise. There is no centralized management
and so there is a low barrier to use. By default, Windows XP is in this mode.

Domains, on the other hand, provide centralized management and security. User access is controlled from a
separate server called a domain controller and there is a “trust” built between systems in a domain. There
are much more robust differences as well.

Workgroup
A workgroup is best understood as a peer-to-peer network. That is, each computer is sustainable on its own.
It has its own user list, it’s own access control and its own resources. In order for a user to access resources
on another workgroup computer, that exact user must be setup on the other computer.

In addition, workgroups offer little security outside of basic access control. Windows “share permissions”
are very basic and do not offer any kind of granularity for “who” can access “what”, etc.
Workgroups are more than adequate, though, for most small business and home use.

Domain
A domain is a trusted group of computers that share security, access control and have data passed down
from a centralized domain controller server or servers. Domain Controllers handle all aspects of granting
users permission to login. They are the gatekeeper. In addition, most modern domains use Active Directory
which allows and even more centralized point for software distribution, user management and computer
controls.