Skip to main content

PROBLEM SOLVING AND PYTHON PROGRAMMING QUIZ

1) What is the first step in problem-solving? A) Writing code B) Debugging C) Understanding the problem D) Optimizing the solution Answer: C 2) Which of these is not a step in the problem-solving process? A) Algorithm development B) Problem analysis C) Random guessing D) Testing and debugging Answer: C 3) What is an algorithm? A) A high-level programming language B) A step-by-step procedure to solve a problem C) A flowchart D) A data structure Answer: B 4) Which of these is the simplest data structure for representing a sequence of elements? A) Dictionary B) List C) Set D) Tuple Answer: B 5) What does a flowchart represent? A) Errors in a program B) A graphical representation of an algorithm C) The final solution to a problem D) A set of Python modules Answer: B 6) What is pseudocode? A) Code written in Python B) Fake code written for fun C) An informal high-level description of an algorithm D) A tool for testing code Answer: C 7) Which of the following tools is NOT commonly used in pr...

System and network threads

System and Network Threats
* Most of the threats described above are termed program threats, because they attack particular programs or are carried and divided in programs. The threats in this section attack the operating system or the network itself, or leverage those systems to start their attacks.

Worms
* A worm is a process that uses the fork / spawns process to make copies of itself in order to wreak havoc on a system. Worms consume system resources, often blocking out other,legitimate processes. Worms that spread over networks can be especially problematic, as they can tie up vast amounts of network resources and bring down large-scale systems.
* One of the most well-known worms was started by Robert Morris, a graduate student at Cornell, in November 1988. Targeting Sun and VAX computers running BSD UNIX version 4, the worm spanned the Internet in a matter of a few hours, and taken enough resources to bring down many systems.
* This worm consisted of two parts:
1. A small program called a grappling hook, which was deposited on the target system through one of three endangered, and
2. The main worm program, which was converted onto the target system and absorbed by the grappling hook program.

* The three weakness exploited by the Morris Internet worm were as follows:
1. rsh (remote shell) is a utility that was in common use at that time for accessing remote systems without having to provide a password. If a user had an account on two different computers (with the same account name on both systems), then the system could be configured to allow that user to remotely link from one system to the other without having to provide a 
password. Many systems were configured so that any user (except root) on system A could access the same account on system B without providing a password.
2. finger is a utility that allows one to remotely query a user database, to find the true name and other information for a given account name on a given system. For example "fingerjoeUser@somemachine.edu" would process the finger daemon at somemachine.edu and return information regarding joeUser. Unfortunately the finger daemon (which ran with system privileges) had the buffer overflow problem, so by sending a special 536-character user name the worm was able to fork a shell on the remote system running with root benefits.
3. send mail is a routine for sending and forwarding mail that also included a 
debugging option for verifying and testing the system. The debug feature was convenient for administrators, and was often left turned on. The Morris worm exploited the debugger to mail and executes a copy of the grappling hook program on the remotesystem.
* Once in place, the worm undertook systematic attacks to find user passwords:
4. First it would check for accounts for which the account name and the 
password were the alike, such as "guest", "guest".
5. Then it would try an internal dictionary of 432 favorite password chances. (I’m sure "password", "pass", and blank passwords were all on the register.)
6. Finally it would try every word in the standard UNIX on-line dictionary to try and break into user accounts.
* Once it had gotten process to one or more user accounts, then it would attempt to use those accounts to rsh to other systems, and continue the process.
* With each new process the worm would check for already running copies of itself, and 6 out of 7 times if it found one it would stop. (The seventh was to restrict the worm from being stopped by fake copies.)
* Fortunately the same rapid network connectivity that allowed the worm to spread so quickly also quickly led to its demise - Within 24 hours remedies for stopping the worm spread through the Internet from administrator to administrator, and the worm was quickly shut down.
* There is some debate about whether Mr. Morris's actions were a harmless trick or 
research project that got out of hand or a intended and malicious attack on the Internet. However the court system sentence him, and penalized him heavy fines and court costs.
* There have since been many other worm attacks, including the W32.Sobig.F@mm attack which infected hundreds of thousands of computers and an estimated 1 in 17 e-mails in August 2003. This worm made find difficult by varying the subject line of the infection-carrying mail message, including "Thank You!", "Your details", and "Re: Approved".

Port Scanning
* Port Scanning is technically not an attack, but rather a search for weakness to attack. The basic idea is to systematically attempt to connect to every known (or common or possible) network port on some remote machine, and to attempt to make contact. Once it is determined that a specific computer is listening to a particular port, then the next step is to determine what daemon is listening, and whether or not it is a version 
containing a known security flaw that can be utilized.
* Because port scanning is easily find and traced, it is usually launched from zombie systems, i.e. before hacked systems that are being used without the knowledge or permission of their rightful owner. For this reason it is important to protect "innocuous" systems and accounts as well as those that contain careful information or special benefits.
* There are also port scanners accessible that administrators can use to check their own systems, which report any weaknesses found but which do not exploit the weaknesses or cause any problems. Two such systems are nmap and nessus. The former identifies what OS is found, what firewalls are in place, and what services are listening to what ports. The latter also consists a database of known security holes, and identifies any that it finds.

Denial of Service
* Denial of Service ( DOS ) attacks do not attempt to actually process or damage systems, but only to clog them up so badly that they cannot be used for any useful work. Tight loops that repeatedly request system services are an obvious form of this attack.
* DOS attacks can also include social engineering, such as the Internet chain letters that say "send this suddenly to 10 of your friends, and then go to a certain URL", which clogs up not only the Internet mail system but also the web server to which everyone is directed. (Note: Sending a "reply all" to such a message notifying everyone that it was just a hoax also clogs up the Internet mail service, just as effectively as if you had forwarded the thing.)
* Security systems that lock accounts after a certain number of failed login attempts are subject to DOS attacks which repeatedly attempt logins to all accounts with invalid passwords strictly in order to lock up all accounts.
* Sometimes DOS is not the result of deliberate maliciousness. Consider for example:
• A web site that sees a huge volume of hits as a result of a successful advertising campaign.
• CNN.com occasionally gets overwhelmed on big news days, such as Sept 11, 2001.
• CS students given their first programming assignment involving fork () 
often quickly fill up process tables or otherwise completely consume system resources. :-)
• (Please use ipcs and ipcrm when working on the inter-process communications assignment!)

Labels:

Popular posts from this blog

Introduction to C Programs

INTRODUCTION The programming language ‘C’ was developed by Dennis Ritchie in the early 1970s at Bell Laboratories. Although C was first developed for writing system software, today it has become such a famous language that a various of software programs are written using this language. The main advantage of using C for programming is that it can be easily used on different types of computers. Many other programming languages such as C++ and Java are also based on C which means that you will be able to learn them easily in the future. Today, C is mostly used with the UNIX operating system. Structure of a C program A C program contains one or more functions, where a function is defined as a group of statements that perform a well-defined task.The program defines the structure of a C program. The statements in a function are written in a logical series to perform a particular task. The most important function is the main() function and is a part of every C program. Rather, the execution o...
Read more

Performance

Performance ( Optional ) * The I/O system is a main factor in overall system performance, and can place heavy loads on other main components of the system ( interrupt handling, process switching, bus contention, memory access and CPU load for device drivers just to name a few. ) * Interrupt handling can be relatively costly ( slow ), which causes programmed I/O to be faster than interrupt driven I/O when the time spent busy waiting is not excessive. * Network traffic can also loads a heavy load on the system. Consider for example the sequence of events that occur when a single character is typed in a telnet session, as shown in figure( And the fact that a similar group of events must happen in reverse to echo back the character that was typed. ) Sun uses in-kernel threads for the telnet daemon, improving the supportable number of simultaneous telnet sessions from the hundreds to the thousands.   fig: Intercomputer communications. * Rather systems use front-end processor...
Read more

Mathematics

MATHEMATICS           Mathematics is the science that deals with shapes, quantities and arrangements. Archmedes is known as the father of Mathematics (287BC-212BC). Mathematics seek and use patterns to formulates new conjuctures.They resove truth or false by using mathematical proof. Mathematics developed by counting, calculation, Measurements, Shapes and motion of physical objects.  Definition Mathematics has no general accepted definition. Until 18th century Aristotle defined mathematics as "the science of quantity". Many mathematicans take no interest in definition they simply say "Mathematics is what Mathematican do". Three leading definition of mathematics today are logicist, intutionist, and formalist. Logicist - In terms of Benjamin peirce, the definition of mathematics in terms of logic are "the science that draws necessary conclusion" and also said that " All mathematics is symbolic logic" by Mathematician Rusell. Intutionist - L.E.J.Bro...
Read more