Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
72 Cards in this Set
- Front
- Back
|
What is the difference between Internet and web? |
•The Internet provides the physical meansfor data to be transferred between computers. So the Internet consists ofhardware, such as computers, wires and cables, network cards, routers, etc. butit also consists of software, such as device drivers and communicationprotocols. The most important of these is the TCP/IP protocol suite. Thisspecifies rules for communication between computers on the Internet. |
|
|
What are web clients other than web browser? |
•Thereare web clients other than browsers, for example proxy caches, or web spiders.These do not necessarily retrieve a web resource for a user. In the case of webspiders, the resources retrieved are stored in web search engines. |
|
|
What is a protocol? |
Standardrules for data representation, signaling, authentication and error detectionrequired to send information over a communications channel |
|
|
What are some other protocols |
•IMAP(Internet Message Access Protocol) •LDAP(Lightweight Directory AccessProtocol) •SMTP(Simple Mail Transfer Protocol) •FTP(File Transfer Protocol) |
|
|
What is a network? |
•Anetwork is the connection of more than one computer to allow an exchange ofinformation. Necessary for a network are computers (sometimes referred to ashosts), cables, network hardware (eg. routers, switches or hubs) and the implementation of communicationsprotocols. |
|
|
Which info each packet contains? |
•Each packet contains data - the informationthat we wish to send between two computers - as well as information used toaddress the delivery, to ensure that information arrives in the right order,and application specific requirements. |
|
|
What is the role of TCP/IP |
–The mechanism that computers use to findeach other on the Internet –The method for establishing andterminating a connection between computers –The mechanism for ensuring that the dataexchanged is error free and that packets are received in the order they weresento |
|
|
What is TCP/IP? |
•TCP/IPis a family of related protocols that provide different, separate functions(TCP and IP themselves are specific protocols, but when we talk about TCP/IP,we generally mean the family of related functions).k |
|
|
What are three functions of TCP/IP? |
–Applications - such as web browsing, ftp,and telnet – are protocols that are part of (orspecifically, they are built on top of) TCP/IP. –Low-level functions- transmitting information on wires, ensuring it arrives - are also part ofTCP/IP. - The intermediatefunctions - breaking data into packets, assembling a packet, ensuring a packetarrives - are also functions of the TCP/IPo |
|
|
What are 4 layers and protocols of each layer? |
–Application layer (telnet, ftp, email, HTTP, etc.) •Decide what we send–Transport layer (TCP, UDP) •Either add error recovery information(TCP), or don't care (UDP)–Network (or internet) layer (IP, ICMP, IGMP) •Figure out where to send the data, and what path to sendit to destination–Link (or datalink) layer (Ethernet, Cable, Radio (GPRS),Mobile (WCDMA/EDGE)) •Figure out How to send the data from your computer tonearest router |
|
|
The basic of data communication? |
•Data originates with the application. As itpasses down each layer in the TCP/IP protocol suite, the relevant protocolattaches control information in the form of a header. •At the destination, the reverse occurs: asthe data moves up through the layers, each relevant protocol strips off andreads the associated header. App > TCP/UDP > IP > Physical header |
|
|
Examples of link hardware |
•Analogmodem / xDSL–usingthe existing copper wires of the regular telephone network•Cablemodem–usingthe same coaxial cable used to transmit cable television; shared with the localneighbourhood •Ethernet–usuallyjust twisted-pair copper cable (Unshielded Twisted Pair) •Wireless(Radio)–medium- high-speed digital connection using radio standards such as GPRS / wCDMA /EDGE. •Tseries connections–veryhigh-speed digital connections, used by ISPs and large organisations. •FDDI(Fiber Distributed Data Interface)–token-ringlike signalling;used in local optical fibrenetworks •SONET/ SDH–synchronousoptical data |
|
|
Source of latency? |
–Thereare many terminators between you and the destination –Thereare different Link-level protocols used between you and the destination;retransmitting data from a ‘slow’ (like when you use dial up) line to Ethernetis slow –Youmay not feel latency these days due to the fact that most people have Broadbando |
|
|
Features of IP |
–TheIP protocol is responsible for providing an addressing scheme –TheIP protocol is responsible for routing packets through the network –IP isunreliable (it does not guarantee delivery, but only a best effort service) –IP isconnectionless (each packet or datagram is handled independently and they canbe misordered) |
|
|
How to fund a device on the network? |
•So how do machines find each other on ashared network? •The answer - for Ethernet and many othernetwork topologies – is through using the Address Resolution Protocol (ARP). •If onemachine wishes to communicate with another on the same network, including therouter, it will first check if it knows the hardware address. •If itdoesn’t, the transmitting machine sends a broadcast message onto the networkrequesting the destination machine (ie. the machine with a particular IPaddress) to reply with its physical hardware address (the response is notbroadcast back, it is sent directly). •ARP packetswork at the same level as IP packets, but have a different structure. |
|
|
What is ICMP? |
•IP bynature is unreliable. It offers a best-effort service, but does not guaranteedelivery. It does not notify the sender if a packet is lost. •ICMP is a protocol built on top of IP that canreport simple errors, such as a network being down, or a destination host beingunknown. •ICMP does not report lost packets or otherfailures. It is designed simply to stop a sender continuing to try when thereis no prospect of success. •The Internet Group Management Protocol (IGMP)also operates at the network layer; it allows multiple devices to listen to asingle IP address for broadcasts. |
|
|
How TCP works? |
–The receiving host must acknowledge eachsegment it receives. –Ifthe source host does not receive an acknowledgement within a timeout period, itsends the segment again. –Ifthe time taken for the acknowledgement to be received is more than the timeout,the source host will send multiple copies of a segment; –ifsegments traverse different paths, they may be received out of order. –The receiving host deletes duplicates, andrearranges out-of-order segments using the sequence numbers. |
|
|
What is sliding window? |
•TCPtransfers should be smooth; –withsliding windows, the source can send a certain number of segments withoutwaiting for acknowledgements. •The destination host will acknowledgesegments as it receives them, so packets and acknowledgements will be travelingin both directions at the same time, –reducingthe overall time required. •If more than a certain number ofacknowledgements are outstanding, the source must stop and wait; –ifthe timeout is exceeded, the unacknowledged segment is sent again.?h߶z |
|
|
When to use UDP |
•UDPis used in applications where large amounts of data are sent and reliability isless important. –Eg.streaming audio or video most likely would use UDP. •UDP is used when lightweight connections arerequired, –Eg. in trivial FTP (tftp)which is used to boot diskless workstations from the network eg.DHCP/BOOTP. •UDP is also the method of choice for manybroadcast services, such as printers or other network devices reportingperiodically that they have some fault. •In all of these applications, delivery isless important and not time-critical. Listening services can receive themessage at any time, and a later copy is as useful as the first. |
|
|
Steps to retreive an HTTP resource? |
1.Map the server domain name to an IPaddress 2.Establish a TCP/IP connection to the webserver 3.Transmit a request to the server, whichincludes a request method, and any additional information 4.Receive a response from the server, suchas HTML text, an image, or other information5.Terminate the TCP/IP Connection |
|
|
When to use get and post? |
•Insummary, use the GET method if: the request is essentially finding a resourceand the form data is to help that search the result of the request has no persistent side effects, like a search the data collected on the form is small; as aguide, the total length of the field names and the actual data should be lessthan 1024 characters•• Usethe POST method if the following are true:–The result of the request will havepersistent side effects, like adding a new record –The data collected on the form is likelyto result in large a URL if implemented using the GET method –You want to send any data other thanplain ASCII –The overhead of a separate message isunimportant |
|
|
What happens after the web server recieves a request? |
1.Acceptingconnections from clients.2.AcceptingHTTP requests from clients.3.Processingrequests.4.Retrievingresources from disk.5.Preparingand sending responses.6.Loggingrequests to disk. |
|
|
What if the request requires script execution? |
–Arequest is issued by a client (using an ephemeral port) to (usually) port 80 –A webserver (usually a spare) processes a request for a software resource (how doesit know it’s not a static page?) –Theweb server invokes a script interpreter to process the contents of a scriptstored on disk –Thescript interpreter interacts with other resources - disk, network, databases,and so on - as required –Resultsof running the script are returned to the user –Theport is closed (or kept open if this is a “keep-alive” connection) |
|
|
What are two web server architecture? |
–Event-drivenarchitecture : asingle process alternates between requests. –Process-drivenarchitecture: •a newprocess is created for each request. |
|
|
Advantages and disadvantage of event driven architecture |
•Advantages –Event-drivenservers are fast and efficient. There is no overhead ofstarting/stopping/running multiple processes. A single process can alsoefficiently share data between requests. •Disadvantages –A webserver request can generally be subdivided into small amounts of work e.g.assessing the request, finding the resource, returning the data. –However,there can be significant delays at some of these steps. –Forexample, the web server has no control over the length of time a script willrun.Quite complex software is required towork around these issuesr |
|
|
Ad and DIsad of process driven architecture |
•Advantages –Theprocess-driven architecture is a simple approach that requires simple softwareto implement. •Disadvantages –Theoverhead of spawning and killing new processes is relatively high compared tothe effort required to deal with HTTP requests. –Thisis why tuning a server such as Apache for optimum performance is so important. |
|
|
7 different types of internet attack |
§Virus–A self-replicating piece of code whichattaches itself to another piece of data as a executable program or an email. •Worm –It is a standalone program and does not need to be part of anotherprogram to propagate itself. They are often designed to exploit the filetransmission capabilities found on many computers. •Trojanhorse–Appears to be a simple utility or otheruseful program, but when it is executed it also performs illegal act. •Denialof Service (DoS)–An attack is used for preventing othersfrom using a service. It is not used for stealing information. •DistributedDoS (DDoS)–A DoS attack mounted from severalmachines. •SYNflooding–Sending SYN packets to a host until itsTCP/IP port backlog limit is reach and it can’t service real client requests.It’s a form of DoS. •PasswordcrackingGuess someone’ password by using loginname, birthday, |
|
|
Common errors configuring web servers |
–Getting the file permissions wrong inyour server •Apache by default changes the executinghttpd binary owner to “nobody”. –Allowing symbolic links to be followedwithout auditing. •Symbolic links may point outside of theweb document tree. –Sharing the Document Root with the ftpdirectories •could upload a binary executable andrunning it as server-side software –Leaving Indexes on •search engines will find and index allyour secret documents. –Leaving script include files accessible•these can be analysed to determine weakpoints. JavaScript is always visible to the client; PHP should not be. |
|
|
Basic principles of web housing |
–Your web server should be physicallysecure•put it in a machine room, with controlledaccess to the environment.•The most secure communications protocolsare useless if someone can walk off with your server.•Linux can be rebooted without a password.•An NT host may be booted from a Linuxboot disk to access files. –You should use a firewall and use asecure router that supports IP packet filtering ( discussed later) –You should run an encrypted web serverfor secure traffic; “basic authentication” is not secure ( discussed later) |
|
|
4 ways to achieve access control |
–Disallowing access from certain IPaddresses or domain names –Allowing access from only certain IPaddresses or domain names –Authentication by requiring ausername/password –Encrypting documents{8O |
|
|
Base64 Authentication… |
prompt pack base64 encode send authotirzation security Part 1 page 22 |
|
|
Basic authentication drawback |
–It should be used only to limit access todocuments or scripts where security and authentication are of limitedimportance. –When the username: password istransmitted to the server from the client, it is encoded with a publicalgorithm, not encrypted. –The client remembers the username andpassword, and transmits them automatically on every request for a page in theprotected path.•This gives an attacker ample opportunityto intercept the request with snoop or sniffit. •Oncecaptured, the username and password can be decoded as easily as using the phpbase64-decode() function. •Butyou don't even need to know the plaintext username and password. Since HTTP isstateless, you can copy the Base64-encoded string and use it in your ownrequests. •Youcould even write a script that would try out all possible username/passwordcombinations. The server doesn't keep track of requests, so it can't stop youfrom doing this.q߶^ |
|
|
The SSL handshake |
1. Theclient connects to the secure web server. 2. Thesecure web server sends its certificate to the client.2a. (Optionally)the client sends its certificate to the web server. 3. Theclient sends which cipher suites it supports. 4. Theweb server selects a cipher suite. 5. Theclient validates the server’s certificate.5a. (Optionally)the web server validates the client’s certificate. 6.The client generates a session(symmetric) key based on the cipher suite chosen by the web server. 7.The client encrypts the session key withthe web server’s public key. 8.The client sends the session key to theweb server. 9.Now all communication, for this sessiononly, is encrypted with the session key |
|
|
Steps of basic authentication |
•Theclient sends a request to a page that is protected with Basic Authentication:GET/local/www/secretstuff/index.html HTTP/1.1• •Theserver replies that the client is unauthorized:HTTP/1.1 401 AuthorizationRequiredWWW-Authenticate: Basicrealm="Exam Results"• •Thebrowser asks the user for a username and password. It re-sends the request withthis information as Username:Password, Base64 encoded.GET/local/www/secretstuff/index.html HTTP/1.1Authorization: BasicbXluYW1lOm15cGFzc3dvcmQ• •ServerResponds (Given that the credentials match)HTTP/1.1 200 OK |
|
|
Advantage of digest authentication |
–The actual password need never betransmitted,• –The requested URL is included in thehash; an attacker can’t cut-and-paste the hash value for a different URL, thenonce can be timestampedand set to expire after a certain time; this limits the opportunity forcut-and-paste attacks for scripts.• –HTTP digest authentication is intended tobe an upgrade of Basic authentication for small-scale, low-security sites. Itis still not secure - the contents of the page protected by DigestAuthentication is still sent in plaintext across the Internet.q߶ |
|
|
Role of firewalls |
•Firewallscan fulfilla number of roles that we will examine: packet filtering, proxying,and network address translation (NAT).mn |
|
|
Two roles of NAT |
–Security – the outside world only knowsthe IP address of the NAT host; all packets must pass through the translationphase, and can be filtered.– –Efficient use of IP addresses – we canallocate the IP address space as we wish internally, and translate when wecommunicate with the outside world.sϿp- |
|
|
Four firewall architectures |
–Screeningrouter•providing only packet filtering. –Dual-homedgateway•all traffic passes through the bastionhost. It is configured as an IP router but may also provide proxying.This setup lacks flexibility. –Screenedhost gateway•selected (possibly all) traffic is routedby the router through the bastion host for screening. Similar to the dual-homedgateway, but permits some traffic to be routed directly. The router must besecure. –Screenedsubnet gateway•similar to a screened-host gateway, buttwo routers are involved (one on each side of the bastion host). Permitsmultiple hosts in the demilitarised zone and flexibility in routing, as well asgreater protection of the internal network if the bastion host is compromised. |
|
|
Where to place the server? |
Dual home gateway Screen hosted gateway Screen hosted gatway unsecure Screen hosted gateway + dual-homed Screen hosted gateway: web server runs alongside of the bastion Screen hosted gateway: web server runs alongside of the bastion + one external Screen subnet gateway |
|
|
Two roles of PKE |
•preventing users forging theiridentity; non-repudiation |
|
|
How to authenticate and encrypt a message (digital signature) |
1)Processthe message with a function, producing a hash value. 2)Encryptthe hash value with your private key (i.e. sign it). 3)Encryptthe whole message using the recipient's public key. 4)Sendthe encrypted message to the recipient. 5)Therecipient decrypts the message with their private key. 6)Therecipient decrypts the hash value with your public key, passes the messagethrough the same function you did, and compares their hash value with your hashvalue. 7)Ifthe calculated and received hash values are identical, the message has not beentampered with. |
|
|
Performance metric |
bps hits", response times, and errors per second. |
|
|
Ways to tune apache |
Turn off DNS lookup Use persistent connection Turn on symbolic links Turn off .htaccess file Log less Adjusting mpm mpdule |
|
|
Keep Alive Directives |
KeepAlive KeepAliveTimePut MaxKeepAliveRequest |
|
|
MPM roles |
–setting up sockets and binding ports –starting processes and threads –managing communication between the parentand child processes –monitor child processes –switch user and group |
|
|
Three major mpm |
–Prefork - unix–Worker - unix–Mpm_winnt – Windows NT |
|
|
What is prefork |
–Aparent process creates and controls a number of child processes. Eachchild process listens responds to a single connection request |
|
|
Prefork advantage |
•preforkMPM is considered robust –if afault occurs with one of the processes, then only a single request is lost.prefork is NOT EFFICIENT, so suffers from scalability problems.k_html[]&card_hint_html[]&card_front_html[]& |
|
|
Prefork and Worker Directive |
StartServer MinSpareServer MaxSpare MaxClient MaxRequestPerChild |
|
|
What is worker? |
–is a hybrid of processes and threads. –Like prefork a parent process controls anumber of child processes. –However each child process creates a setnumber of threads. •One of these threads listens forconnections, and places them in a list. The other threads read that list andrespond to the requests. |
|
|
What is winnt/ |
Does not support multiple process –creates a single parent process and asingle child process. –A child process has a set number ofthreads to respond to incoming requests. |
|
|
Winnt directives? |
ThreadsPerChild MaxRequestPerChild |
|
|
Why not set max client to infinity |
–Because each Apache process consumes abit of memory –What happens when memory runs out?•Apache starts swapping between memory andhard disk•Result = unresponsive server:false} |
|
|
Steps of web caching |
1)Checkif the data that is required for processing is in the cache: a)If itis NOT in the cacheretrieve the new data from the slowerdevice b1)If itis in the cache and fresh thenread data without accessing a slower device; e.g., data cached in the CPU cacheremoves the need for memory access. b2)If itis in the cache but not fresh ask the server for fressh ness cache hit c1) if server say yes: send the data and status = 304 Not modified slow hit c2) if server say no: retrieve the new data from the slowerdevice cache miss Ifnew data has been retrieved: a) Check if the cache is full b1) if not, add b2) If yes, use algorithm to select one to evict then check if has written to disk c1) if yes, evict then add c2) if no, write to disk, evict, then add |
|
|
Caching algorithm |
Not recently used FIFO Least recently used Second chance Clock |
|
|
Ad and disad of Not recently use |
–Advantage•Simplicity–Disadvantage•not optimal. |
|
|
How to know if a response if from cache? |
•Oneway is to use the Date header. By comparing the value of the Date header in theresponse to the current time, a client can often detect a cached response byits older date value. Another way a client can detect a cached response is theAge header, which tells how old the response pbnepipgmcpkd |
|
|
Two ways to measure cache performance |
1.Cache hit ratio – the number of requests satisfied bythe cache divided by the total number of requests Bytehit ratio – the size of requests satisfied by thecache divided by the total bytes requested |
|
|
Caching algorithm used for web |
–PerfectLeast Frequently Used – page access counts are kept for allpages, even for those that are not currently in the cache; these counts areused for eviction selection –Size-basedschemes – thesize of a resource is used in combination with the LRU characteristics todetermine the cost and benefit of evicting the resource, for example LRU-MINckground.html |
|
|
Characteristics of web data |
Ananalysis of a web server log would typically show that the most-frequentlyaccessed page is accessed roughly twice as often as the second-most frequentlyaccessed page, and so on. –Very few resources are less than 100bytes in size–Most resources are between 100 and 10,000bytes in size–Few resources are larger than 100,000bytes in sizeMJ` |
|
|
Ad and Disad of proxy cache |
- reduce traffic and increase security –However,a resource that is not stored in the proxy cache will take longer to retrievesince the proxy cache must first search its own cache and then request theresource on behalf of the user agent. |
|
|
Which document should not be cached? |
- dynamic scipt - receipt - personal info - credit card |
|
|
4 hears associated with content negotiation |
accept accept-language accpet-charset accept-encoding |
|
|
what happen when multiview is turning on |
•àlook for myfile.* fake up a type map that names all thosefiles • à Assigning the same media types andcontent-encoding • à Choose the best match to the client’srequirement |
|
|
descript load balancing transaction |
•Theclient attempts to connect with the service on the load balancer. •Theload balancer accepts the connection, and after deciding which host shouldreceive the connection, changes the destination IP (and possibly port) to matchthe service of the selected host (note that the source IP of the client is nottouched). •Thehost accepts the connection and responds back to the original source, theclient, via its default route, the load balancer. •Theload balancer intercepts the return packet from the host and now changes thesource IP (and possible port) to match the virtual server IP and port, andforwards the packet back to the client. •Theclient receives the return packet, believing that it came from the virtualserver, and continues the process.x |
|
|
Which factors affect the load balancer? |
•External events–Network traffic, traffic distribution, etc •Internal events–AS response times, AS status (down,up,…)/htmlu߶{ |
|
|
What does it mean HA? |
–Itrecovers quickly from failure– –Meantime between failure (MTBF)is typically very low (<1% of uptime, say)– –Automaticand transparent failover to a new component whenever possibleC |
|
|
What is CA? |
–It continues to appear to work even when components fail within thesystem. |
|
|
Key difference between CA and HA? |
–So inan instance where a web server drops off mid-request, another can continue doing its work and theprocess is transparent to the end user.wiki |
|
|
Two ways to measure availability |
–Mean-time-between failure (MTBF) –Mean-time-to-recovery (MMTR) BP߶ѣ |
|
|
Calcualte availability |
Availability= MTBF / (MTBF + MTTR) [P |
|
|
Factors that affect availability |
People Organization Procedure Skill Environment Infrastructure |
