Skip to main content

Enhancing Indoor Air Quality: A Guide to Better Health and Comfort

In today's world, where we spend a significant amount of our time indoors, the quality of the air we breathe inside our homes and workplaces is crucial for our health and well-being. Poor indoor air quality (IAQ) can lead to various health issues, including allergies, respiratory problems, and even long-term conditions. This blog post explores effective strategies for managing and improving indoor air quality. Understanding Indoor Air Pollutants Indoor air pollutants can originate from various sources: Biological Pollutants: Mold, dust mites, and pet dander. Chemical Pollutants: Volatile organic compounds (VOCs) from paints, cleaners, and furnishings. Particulate Matter: Dust, pollen, and smoke particles. Strategies for Improving Indoor Air Quality Ventilation: Natural Ventilation: Open windows and doors regularly to allow fresh air circulation. Mechanical Ventilation: Use exhaust fans in kitchens and bathrooms to remove pollutants directly at the source. Air Purifiers: HEPA Filt

System and network threads

System and Network Threats
* Most of the threats described above are termed program threats, because they attack particular programs or are carried and divided in programs. The threats in this section attack the operating system or the network itself, or leverage those systems to start their attacks.

Worms
* A worm is a process that uses the fork / spawns process to make copies of itself in order to wreak havoc on a system. Worms consume system resources, often blocking out other,legitimate processes. Worms that spread over networks can be especially problematic, as they can tie up vast amounts of network resources and bring down large-scale systems.
* One of the most well-known worms was started by Robert Morris, a graduate student at Cornell, in November 1988. Targeting Sun and VAX computers running BSD UNIX version 4, the worm spanned the Internet in a matter of a few hours, and taken enough resources to bring down many systems.
* This worm consisted of two parts:
1. A small program called a grappling hook, which was deposited on the target system through one of three endangered, and
2. The main worm program, which was converted onto the target system and absorbed by the grappling hook program.

* The three weakness exploited by the Morris Internet worm were as follows:
1. rsh (remote shell) is a utility that was in common use at that time for accessing remote systems without having to provide a password. If a user had an account on two different computers (with the same account name on both systems), then the system could be configured to allow that user to remotely link from one system to the other without having to provide a 
password. Many systems were configured so that any user (except root) on system A could access the same account on system B without providing a password.
2. finger is a utility that allows one to remotely query a user database, to find the true name and other information for a given account name on a given system. For example "fingerjoeUser@somemachine.edu" would process the finger daemon at somemachine.edu and return information regarding joeUser. Unfortunately the finger daemon (which ran with system privileges) had the buffer overflow problem, so by sending a special 536-character user name the worm was able to fork a shell on the remote system running with root benefits.
3. send mail is a routine for sending and forwarding mail that also included a 
debugging option for verifying and testing the system. The debug feature was convenient for administrators, and was often left turned on. The Morris worm exploited the debugger to mail and executes a copy of the grappling hook program on the remotesystem.
* Once in place, the worm undertook systematic attacks to find user passwords:
4. First it would check for accounts for which the account name and the 
password were the alike, such as "guest", "guest".
5. Then it would try an internal dictionary of 432 favorite password chances. (I’m sure "password", "pass", and blank passwords were all on the register.)
6. Finally it would try every word in the standard UNIX on-line dictionary to try and break into user accounts.
* Once it had gotten process to one or more user accounts, then it would attempt to use those accounts to rsh to other systems, and continue the process.
* With each new process the worm would check for already running copies of itself, and 6 out of 7 times if it found one it would stop. (The seventh was to restrict the worm from being stopped by fake copies.)
* Fortunately the same rapid network connectivity that allowed the worm to spread so quickly also quickly led to its demise - Within 24 hours remedies for stopping the worm spread through the Internet from administrator to administrator, and the worm was quickly shut down.
* There is some debate about whether Mr. Morris's actions were a harmless trick or 
research project that got out of hand or a intended and malicious attack on the Internet. However the court system sentence him, and penalized him heavy fines and court costs.
* There have since been many other worm attacks, including the W32.Sobig.F@mm attack which infected hundreds of thousands of computers and an estimated 1 in 17 e-mails in August 2003. This worm made find difficult by varying the subject line of the infection-carrying mail message, including "Thank You!", "Your details", and "Re: Approved".

Port Scanning
* Port Scanning is technically not an attack, but rather a search for weakness to attack. The basic idea is to systematically attempt to connect to every known (or common or possible) network port on some remote machine, and to attempt to make contact. Once it is determined that a specific computer is listening to a particular port, then the next step is to determine what daemon is listening, and whether or not it is a version 
containing a known security flaw that can be utilized.
* Because port scanning is easily find and traced, it is usually launched from zombie systems, i.e. before hacked systems that are being used without the knowledge or permission of their rightful owner. For this reason it is important to protect "innocuous" systems and accounts as well as those that contain careful information or special benefits.
* There are also port scanners accessible that administrators can use to check their own systems, which report any weaknesses found but which do not exploit the weaknesses or cause any problems. Two such systems are nmap and nessus. The former identifies what OS is found, what firewalls are in place, and what services are listening to what ports. The latter also consists a database of known security holes, and identifies any that it finds.

Denial of Service
* Denial of Service ( DOS ) attacks do not attempt to actually process or damage systems, but only to clog them up so badly that they cannot be used for any useful work. Tight loops that repeatedly request system services are an obvious form of this attack.
* DOS attacks can also include social engineering, such as the Internet chain letters that say "send this suddenly to 10 of your friends, and then go to a certain URL", which clogs up not only the Internet mail system but also the web server to which everyone is directed. (Note: Sending a "reply all" to such a message notifying everyone that it was just a hoax also clogs up the Internet mail service, just as effectively as if you had forwarded the thing.)
* Security systems that lock accounts after a certain number of failed login attempts are subject to DOS attacks which repeatedly attempt logins to all accounts with invalid passwords strictly in order to lock up all accounts.
* Sometimes DOS is not the result of deliberate maliciousness. Consider for example:
• A web site that sees a huge volume of hits as a result of a successful advertising campaign.
• CNN.com occasionally gets overwhelmed on big news days, such as Sept 11, 2001.
• CS students given their first programming assignment involving fork () 
often quickly fill up process tables or otherwise completely consume system resources. :-)
• (Please use ipcs and ipcrm when working on the inter-process communications assignment!)

Labels:

Popular posts from this blog

FIRM

          A firm is an organisation which converts inputs into outputs and it sells. Input includes the factors of production (FOP). Such as land, labour, capital and organisation. The output of the firm consists of goods and services they produce.           The firm's are also classified into categories like private sector firms, public sector firms, joint sector firms and not for profit firms. Group of firms include Universities, public libraries, hospitals, museums, churches, voluntary organisations, labour unions, professional societies etc. Firm's Objectives:            The objectives of the firm includes the following 1. Profit Maximization:           The traditional theory of firms objective is to maximize the amount of shortrun profits. The public and business community define profit as an accounting concept, it is the difference between total receipts and total profit. 2. Firm's value Maximization:           Firm's are expected to operate for a long period, the
Read more

Human Factors in Designing User-Centric Engineering Solutions

Human factors play a pivotal role in the design and development of user-centric engineering solutions. The integration of human-centered design principles ensures that technology not only meets functional requirements but also aligns seamlessly with users' needs, abilities, and preferences. This approach recognizes the diversity among users and aims to create products and systems that are intuitive, efficient, and enjoyable to use. In this exploration, we will delve into the key aspects of human factors in designing user-centric engineering solutions, examining the importance of user research, usability, accessibility, and the overall user experience. User Research: Unveiling User Needs and Behaviors At the core of human-centered design lies comprehensive user research. Understanding the target audience is fundamental to creating solutions that resonate with users. This involves studying user needs, behaviors, and preferences through various methodologies such as surveys, interview
Read more

Introduction to C Programs

INTRODUCTION The programming language ‘C’ was developed by Dennis Ritchie in the early 1970s at Bell Laboratories. Although C was first developed for writing system software, today it has become such a famous language that a various of software programs are written using this language. The main advantage of using C for programming is that it can be easily used on different types of computers. Many other programming languages such as C++ and Java are also based on C which means that you will be able to learn them easily in the future. Today, C is mostly used with the UNIX operating system. Structure of a C program A C program contains one or more functions, where a function is defined as a group of statements that perform a well-defined task.The program defines the structure of a C program. The statements in a function are written in a logical series to perform a particular task. The most important function is the main() function and is a part of every C program. Rather, the execution o
Read more