Course Code : MCS-022

Course Title : Operating System Concepts and Networking Management

Assignment Number : MCA (II)/022/Assignment/2018-19
Maximum Marks : 100
Weightage : 25%
Last Date of Submission : 15th October, 2018 (For July Session)
15th April, 2019 (For January Session)

Question 1:
(a) Write the purpose of VPN and name the VPN technologies supported
by Windows 2000.
Ans

VPN : - Virtual Private network is an extension of private network that involves

encapsulation,encryption, authentication to link across shared or private
networks. A VPN
mimics the properties of dedicated Private network through Internet : allowing
data transfer
between two computers in a network. Corporate Offices can use two different
methods to
connect to a network over the Internet. Using dedicated lines or dial up lines VPN
uses
tunneling to transfer data in a VPN. Tunneling is a secure method of using an
internet work
infrastructure to transfer a payload.
Microsoft Windows 2000- based virtual private networking (VPN) supports
Internet-industry standards technology to provide customers with an open
interoperable
VPN solution.
Microsoft is committed to IETF (Internet Engineering Task Force) standards
track-based
technology such as Internet Protocol Security (IPSec) and Layer 2 Tunneling
Protocol
(L2TP) as well as Point-to-Point Tunneling Protocol (PPTP) a proven published
informational RFC that is supported in multiple interoperable third-party products.
(i) PPTP provides simple-to-use, lower-cost VPN Security. Unlike IPSec
technology,
PPTP is compatible with Network Address Translators (NAT) and supports both
multi-protocol and multicast environments.
It also combines standard user password authentication with strong encryption
without requiring the complexity and expense of public key infrastructure (PKI).
(ii) IPSec provides advanced security for VPN but was not designed to address
critical

IGNOUSTUDYHELPER
remote access requirments such as User Authentication and Address
Assignment.
(iii) L2TP in combination with IPSec is the only standards-track technology that
addresses these remote VPN requiring while leveraging IPSec for encryption.

(iv) Third-party IPSec –only implementations that do not use L2TP with IPSec are
using non-standard properietary technologies that can lock customers into closed
solutions.

(b) List the main contents of Password files and where are they located in Windows?
Also, explain the concept of Shadow passwords?

Ans.

Contents of password files and located in these hashes are stored in the
Windows Sam file. This file is located on your system at
C:/Windows/System32/config but is not accessible while the operating system is
booted.There are a few different options here depending on the level of access
you have to the machine you are auditing.
Shadow Password :- In the linux operating system, a shadow password file is a
system file in which encryption user password are stored so that they aren’t
available to people who try to break into the system. Ordinarily, user information,
including passwords, is kept in a system file called /etc/passwd. The password
for each user is stored in an encrypted from (Some would in call it an encoded
from since it isn’t really encrypted by the usual algorithm ) that is created and
used as follow:

1. The original password is encrypted (or encoded) by using a randomly-generated

value or encryption key between 1 and 4096 and a one-way hashing function to
arrive at the encoded password that is actually stored. Note that the stored result is
not something that you can enter as a password itself.

2. The key (referred to as the salt) is stored with the encoded password. Note the key
itself can't be used to decode the encrypted/encoded password because the
encoding is one-way. You can't decode the result back into the original password by
using the key.

3. When someone enters a password, their password is then rehashed with the salt
value and compared with the encoded password value. If they match, the user is
given access to the system.

IGNOUSTUDYHELPER
In spite of encoding the password with a randomly-generated one-way hash function,
a cracker could still break the system if they got access to the /etc/passwd file. Using an
approach known as the dictionary attack, a cracker could methodically test each
encoded password in the file against their dictionary of commonly-used passwords,
each encoded 4096 different ways (to cover all the hash possibilities). Assuming that
the system was lax in its password creation requirements and some user used one of
the many commonly-used passwords, at least one password could be discovered. In
Linux, this possibility can be foreclosed by simply moving the passwords in
the /etc/passwd file to another file, usually named /etc/shadow and making this file
readable only by those who have access to the system root directory. Using a shadow
password file requires that the Linux system installer also install the optional Shadow
Suite, which, like Linux, is open source software and available from a number of sites
on the Web.

Question 2:
(a) Compare the role and responsibilities of user mode and kernel mode of Windows
2000 system.
Ans.

User Mode vs Kernel Mode

A computer operates in two modes which are user mode and kernel mode. When the
computer is running application software, it is in user mode. After the application software
request for hardware, the computer enters kernel mode. The kernel is the core of the
computer system. Subsequently, the computer frequently switches between user mode and
kernel mode. Most critical tasks of the operating system are executing in the kernel mode.
The key difference between User Mode and Kernel Mode is that user mode is the mode in
which the applications are running and kernel mode is the privileged mode to which the
computer enters when accessing hardware resources.

CONTENTS
1. Overview and Key Difference
2. What is User Mode
3. What is Kernel Mode
4. Similarities Between User Mode and Kernel Mode
5. Side by Side Comparison – User Mode vs Kernel Mode in Tabular Form
6. Summary

User Mode

IGNOUSTUDYHELPER
When a computer application is running, it is in the user mode. Some examples are word
application, PowerPoint, reading a PDF file and browsing the internet. These are application
programs so the computer is in user mode. When the process is in user mode and requires
any hardware resource, that request is sent to the kernel. As there is a limited access to
hardware in this mode, it is known as less privileged mode, slave mode or restricted mode.

In user mode, processes get their own address space and cannot access the address
space which belongs to the kernel. So the failure of one process will not affect the operating
system. If there is an interrupt, it only affects that particular process.

Kernel Mode
A kernel is a software program which is used to access hardware components of a
computer system. Kernel works as a middleware software for hardware and application
software/user programs. Kernel mode is generally reserved for low level trusted functions of
the operating system.

When the process is executing in user mode and if that process requires hardware
resources such as RAM, printer etc, that process should send a request to the kernel.
These requests are sent through system calls. Then the computer enters Kernel Mode from
user mode. When the task is completed, the mode changes back to user mode from kernel
mode. This transition is known as “context switching”. Kernel mode is also called as system

IGNOUSTUDYHELPER
mode or privileged mode. It is not possible to run all processes in the kernel mode because
if a process fails the entire operating system might fail.

There are several types of system calls. Process control system calls create processes and
terminates processes. File management system calls read, write, create, delete, open, and
close files. Device management system calls request devices and release devices, get and
set device attributes. There are also information maintenance system calls. They can be
used to get system data, time, date. Resource required by one process might be held by
another process. Therefore, the processes should communicate using communication
system calls. Communication system calls can create and delete connections, send and
receive status information.

Difference Between User Mode and Kernel Mode

User Mode vs Kernel Mode
User Mode is a restricted mode, which the Kernel Mode is the privileged mode, which the
application programs are executing and starts computer enters when accessing hardware
out. resources.
Modes
User Mode is considered as the slave mode Kernel mode is the system mode, master
or the restricted mode. mode or the privileged mode.
Address Space
In User mode, a process gets their own In Kernel Mode, processes get single

IGNOUSTUDYHELPER
 address space. address space.
Interruptions
In User Mode, if an interrupt occurs, only one In Kernel Mode, if an interrupt occurs, the
process fails. whole operating system might fail.
Restrictions
In user mode, there are restrictions to access
In kernel mode, both user programs and
kernel programs. Cannot access them
kernel programs can be accessed.
directly.

(b) List the important components of domain name server. Also, explain how the domain
name server is configured in LINUX operating system.

Ans.

DNS COMPONENTS
The Domain Name System (DNS) was developed primarily to allow humans to use more easily
remembered character strings in place of dotted decimal or, heaven forbid, hexadecimal numbers.
You can enter a destination's numeric IP address into a browser or other application and get the
results you would expect without any contribution by the DNS. Once the system was in place,
however, it took on a number of supplemental roles that have stretched and contorted the system far
beyond the original intentions of its architects. The DNS is an essential component of Internet based
e-mail. It can serve as a repository for encryption keys and other security components. Currently, it
is undergoing expansion that will integrate IP addresses with worldwide telephone numbering.
DNS COMPONENTS:
The DNS consists of three components. The first is a “Name Space” that establishes the
syntactical rules for creating and structuring legal DNS names. The second is a “Globally
Distributed Database” implemented on a network of “Name Servers”. The third is "Resolver"
software, which understands how to formulate a DNS query and is built into practically every
Internet-capable application.
(A) Name Space:

The DNS “Name Space” is the familiar inverted tree hierarchy with a null node named "" at the
top. The child nodes of the root node are the Top Level Domains (TLDs)-.com, .net, .org, .gov,
.mil-and the country code TLDs, including .jp, .uk, .us, .ca, and so forth. Node names, known as
labels, can be as many as 63 characters long, with upper- and lower-case alphabetical letters,
numerals, and the hyphen symbol constituting the complete list of legal characters. Labels
cannot begin with a hyphen. Upper- and lower-case letters are treated equivalently. A label can
appear in multiple places within the name space, but no two nodes with the same label can

IGNOUSTUDYHELPER
have the same parent node: A node name must be unique among its siblings.
(B) Name Servers:

The second key component of the DNS is a globally connected network of “name servers”. Each
zone has a primary or master name server, which is the authoritative source for the zone's
resource records. The primary name server is the only server that can be updated by means of
local administrative activity. Secondary or slave name servers hold replicated copies of the
primary server's data in order to provide redundancy and reduce the primary server's
workload.
Furthermore, name servers generally cache data they have looked up, which can greatly speed
up subsequent queries for the same data. Name servers also have a built-in agent mechanism
that knows where to ask for data it lacks. If a name server can't find a domain within its zone, it
sends the query a step closer to the root, which will resend it yet a step closer if it can't find the
domain itself. The process repeats until it reaches a TLD, which ensures that the entire depth of
the name space will be queried if necessary.
The combination of all the DNS name servers and the architecture of the system creates a
remarkable database. There are more than 32 million domain names in the popular TLDs for
which the whois utility works. Nominum, whose chief scientist, Paul Mockapetris, invented
DNS, claims that there are more than 100 million domain names stored and that the system can
easily handle 24,000 queries per second. The database is distributed-no single computer
contains all the data. Nevertheless, data is maintained locally even though it's distributed
globally, and any device connected to the IP network can perform lookups. The update serial
number mechanism in each zone ensures a form of loose coherency on the network-if a record
is out of date, the querier knows to check a more authoritative name server.
(C) Resolver:

The third component of the DNS is the “resolver”. The resolver is a piece of software that's
implemented in the IP stack of every destination point, or "host" in IETF-speak. When a host is
configured, manually or through DHCP, it's assigned at least one default name server along with
its IP address and subnet mask. This name server is the first place that the host looks in order to
resolve a domain name into an IP address. If the domain name is in the local zone, the default
name server can handle the request. Otherwise, the default name server queries one of the
root servers. The root server responds with a list of name servers that contain data for the TLD
of the query. This response is known as a referral. The name server now queries the TLD name
server and receives a list of name servers for the second-level domain name. The process
repeats until the local name server receives the address for the domain name. The local server
then caches the record and returns the address or other DNS data to the original querier.

IGNOUSTUDYHELPER
Install Bind
Install the bind9 package using the appropriate package management utilities for your
Linux distributions.

On Debian/Ubuntu flavors, do the following:

$ sudo apt-get install bind9

On Redhat/CentOS/Fedora flavors, do the following:

# yum install bind9

All the DNS configurations are stored under /etc/bind directory. The primary
configuration is /etc/bind/named.conf which will include other needed files. The file
named /etc/bind/db.root describes the root nameservers in the world.

Configure Cache NameServer

The job of a DNS caching server is to query other DNS servers and cache the response.
Next time when the same query is given, it will provide the response from the cache. The
cache will be updated periodically.

Please note that even though you can configure bind to work as a Primary and as a
Caching server, it is not advised to do so for security reasons. Having a separate caching
server is advisable.

All we have to do to configure a Cache NameServer is to add your ISP (Internet Service
Provider)’s DNS server or any OpenDNS server to the file
/etc/bind/named.conf.options. For Example, we will use google’s public DNS servers,
8.8.8.8 and 8.8.4.4.

Uncomment and edit the following line as shown below in

/etc/bind/named.conf.options file.

forwarders {

8.8.8.8;

IGNOUSTUDYHELPER
 8.8.4.4;

};

After the above change, restart the DNS server.

$ sudo service bind9 restart

Test the Cache NameServer

You can use the dig command to test DNS services. DIG command examplesexplains
more about how to perform DNS lookups.
$ dig ubuntu.com

;; Query time: 1323 msec

Now when the second time you execute the dig, there should be an improvement in the
Query time. As you see below, it took only 3 msec the second time, as it is getting the
info from our caching DNS server.

$ dig ubuntu.com

;; Query time: 3 msec

Configure Primary/Master Nameserver

Next, we will configure bind9 to be the Primary/Master for the domain/zone
“thegeekstuff.net”.

As a first step in configuring our Primary/Master Nameserver, we should add Forward

and Reverse resolution to bind9.

IGNOUSTUDYHELPER
To add a DNS Forward and Reverse resolution to bind9, edit
/etc/bind9/named.conf.local.

zone "thegeekstuff.net" {

type master;

file "/etc/bind/db.thegeekstuff.net";

};

zone "0.42.10.in-addr.arpa" {

type master;

notify no;

file "/etc/bind/db.10";

};

Now the file /etc/bind/db.thegeekstuff.net will have the details for resolving hostname
to IP address for this domain/zone, and the file /etc/bind/db.10 will have the details for
resolving IP address to hostname.

Build the Forward Resolution for Primary/Master NameServer

Now we will add the details which is necessary for forward resolution into
/etc/bind/db.thegeekstuff.net.

First, copy /etc/bind/db.local to /etc/bind/db.thegeekstuff.net

$ sudo cp /etc/bind/db.local /etc/bind/db.thegeekstuff.net

Next, edit the /etc/bind/db.thegeekstuff.net and replace the following.

1. In the line which has SOA: localhost. – This is the FQDN of the server in charge for this
domain. I’ve installed bind9 in 10.42.0.83, whose hostname is “ns”. So replace the
“localhost.” with “ns.thegeekstuff.net.”. Make sure it end’s with a dot(.).

IGNOUSTUDYHELPER
2. In the line which has SOA: root.localhost. – This is the E-Mail address of the person who is
responsible for this server. Use dot(.) instead of @. I’ve replaced with lak.localhost.
3. In the line which has NS: localhost. – This is defining the Name server for the domain (NS).
We have to change this to the fully qualified domain name of the name server. Change it to
“ns.thegeekstuff.net.”. Make sure you have a “.” at the end.
Next, define the A record and MX record for the domain. A record is the one which
maps hostname to IP address, and MX record will tell the mailserver to use for this
domain.

Once the changes are done, the /etc/bind/db.thegeekstuff.net file will look like the
following:

$TTL 604800

@ IN SOA ns.thegeekstuff.net. lak.localhost. (

1024 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire

604800 ) ; Negative Cache TTL

@ IN NS ns.thegeekstuff.net.

thegeekstuff.net. IN MX 10 mail.thegeekstuff.net.

ns IN A 10.42.0.83

web IN A 10.42.0.80

mail IN A 10.42.0.70

Build the Reverse Resolution for Primary/Master NameServer

IGNOUSTUDYHELPER
We will add the details which are necessary for reverse resolution to the file
/etc/bind/db.10. Copy the file /etc/bind/db.127 to /etc/bind/db.10

$ sudo cp /etc/bind/db.127 /etc/bind/db.10

Next, edit the /etc/bind/db.10 file, and basically changing the same options as
/etc/bind/db.thegeekstuff.net

$TTL 604800

@ IN SOA ns.thegeekstuff.net. root.localhost. (

20 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire

604800 ) ; Negative Cache TTL

@ IN NS ns.

Next, for each A record in /etc/bind/db.thegeekstuff.net, add a PTR record.

$TTL 604800

@ IN SOA ns.thegeekstuff.net. root.thegeekstuff.net. (

20 ; Serial

604800 ; Refresh

86400 ; Retry

IGNOUSTUDYHELPER
 2419200 ; Expire

604800 ) ; Negative Cache TTL

@ IN NS ns.

83 IN PTR ns.thegeekstuff.net.

70 IN PTR mail.thegeekstuff.net.

80 IN PTR web.thegeekstuff.net.

Whenever you are modifying the file db.thegeekstuff.net and db.10, you need to
increment the “Serial” number as well. Typically admin uses DDMMYYSS for serial
numbers and when they modify, the change the serial number appropriately.

Finally, restart the bind9 service:

$ sudo service bind9 restart

Test the DNS server

Now we have configured the DNS server for our domain. We will test our DNS server by
pinging mail.thegeekstuff.net from web.thegeekstuff.net.

If the ping is success, then we have configured the DNS successfully.

You can also use nslookup and dig to test DNS servers.
On web.thegeekstuff.net server, add the following to /etc/resolv.conf

nameserver 10.42.0.83

Now ping, mail.thegeekstuff.net, which should resolve the address appropriately from
the DNS server that we just configured.

IGNOUSTUDYHELPER
$ ping mail.thegeekstuff.net

PING mail.thegeekstuff.net (10.42.0.70) 56(84) bytes of data.

64 bytes from mail.thegeekstuff.net (10.42.0.70): icmp_req=1 ttl=64 time=0.482 ms

64 bytes from mail.thegeekstuff.net (10.42.0.70): icmp_req=2 ttl=64 time=0.532 ms

Question 3:
Discuss the Users' Administration in WINDOWS 2000. What are the different types of user
groups supported by Windows 2000? Discuss the scope and limitations of each group. Also,
list the tools available in Windows2000 for user management.

Ans.

User Management and Security is one of the major differences between

Windows95/98 and the new Windows 2000, because Windows 2000 is based
on Windows NT (remember: it was first called Windows NT5, before
Microsoft renamed it for marketing purposes to Windows 2000), it has
inherited the User Mangement and Security from Windows NT4. Best
example: When a Windows95/98 system presents of startup the Network
Login-screen:

IGNOUSTUDYHELPER
you can press the ESC-key or click on the Cancel-button, Windows95/98
continues and allows to access to the computer, while on WindowsNT4 and
Windows 2000, you will be refused access :

(but there are possibilities to allow a bootup without a logon-screen in

both Windows NT4 and Windows 2000.

Lets first look at the applet for "Users and Passwords" in the Control-panel

IGNOUSTUDYHELPER
Like on Windows NT4, the installation procedure creates by default the users
"Administrator" and "Guest". If security is no issue, you can use always the
username "Administrator", otherwise you should now create new usernames
by pressing the "Add" button.

IGNOUSTUDYHELPER
Window "Add New User": Enter a Username, which is the name to use later
to identify yourself. All other fields are just "for information".

You are asked to enter a password, which you need to enter twice (to make
sure that you typed it correctly. Note: while usernames are not case-sensitive,
passwords are case-sensitive : "johannes" is not the same as "JOHANNES"
and it is not the same as "Johannes". If you work alone on the system or if
security is no issue, you can work without any passwords.

IGNOUSTUDYHELPER
Here you now need to define, which permissions the user will have. For now,
use the description provided here (for the details on these groups and their
rights/privileges , see: User Permissions). usually, you create here a
"Standard user" or a "Restricted user"

In my example, I have created "Helmig" as a "Restricted User": Member of

the group: "Users" I have also created a user "jhelmig" as "Standard User":
Member of the group: "Power Users".
Let's see now the impact of these different type of users, so I now logged in
using the new username "Helmig" as a "Restricted User", accessing in the
Control-Panel the "System" -Applet:

IGNOUSTUDYHELPER
Lets view our Hardware - Configuration in the "Device Manager" on the tab
: "Hardware" :

Lets translate this message: For each piece of hardware (a modem, a

scanner, a CD-Burner,...), which you like to connect to your system, you
need the software to talk/use this hardware. In Tech-Talk-Language, such
additional hardware is called "Device" and the software for the system to be
able to communicate to ("talk to"/"use") the hardware (the "Device") is

IGNOUSTUDYHELPER
called "Device Driver". Translation of this Message: "to be able to connect
or disconnect or configure hardware components, you need to be the
Administrator (or be a user with the same rights as the Administrator)."

Lets see this in action:

Logged in as "Regular User" (without Administrator rights)
Logged in as "Administrator"

IGNOUSTUDYHELPER
The "Administrator" has additional Menu-items, allowing to install, disable
and un-install hardware components (= "Devices").

Golden-Rule for using an Windows NT4 or Windows 2000 System:If you

try to do a certain job and you cannot find the menu-item or toolbar-button,
ask yourself: Do you have the permission to perform this job?

A "Standard User" (member of the group "Power Users" ) has more

permisisons:

IGNOUSTUDYHELPER
In "My Computer, right-click on the C-drive to get the Context/popup menu :
A "Standard User" can define a Sharing of a disk or folder.

a "Restricted user" will not have the "Sharing.." option available.

but some activities are limited to the Administrators :

IGNOUSTUDYHELPER
If you are NOT logged in as Administrator, you will need to know the
Username and password of an administrator to be able to view/add/modify
the list of Users:

You need to be an Administrator to make any change to the Properties of

your Local Area network:

IGNOUSTUDYHELPER
If your are NOT logged on as
Administrator, this warning will be displayed and

the buttons "Install", Uninstall" and "Properties" are not accessible.

For a detailed view on the rights/privileges of the different user: User

Permissions
Tools available in Windows 2000 for user management
Windows 2000, like Windows XP and Windows 2003, relies on unique user accounts to
provide security and authentication. There are multiple ways to manage these user
accounts.

IGNOUSTUDYHELPER
The Local Users And Groups console lets you create and modify user accounts and
local groups, set and modify group membership, disable accounts, and set user account
profile properties. But, Local Users And Groups isn't the only tool available for managing
user accounts and groups.

The Users And Passwords objects in the Control Panel let you add, remove, and set
properties for user accounts. You can also specify an account for Windows to log on
automatically when the system starts up, eliminating the need to log on manually.
Through the Advanced tab of the Users And Passwords applet, you can also manage
certificates and specify whether users must press [Ctrl][Alt][Delete] to initiate logon. If
this option is not selected, Windows immediately displays the logon dialog box at
startup and after the current user logs off.

In addition to these graphical methods for managing user accounts, console tools are
also available for managing users and groups. For example, the Cusrmgr.exe tool
included in the Windows 2000 Resource Kit lets you manage accounts both locally and
remotely.

Question 4:
(a) Discuss the tasks performed by LinuxConf package.
Ans.

Linuxconf is a utility that allows you to configure and control various aspects of your system,
and is capable of handling a wide range of programs and tasks. Fully documenting linuxconf
could be a separate book in its own right and certainly more than we can cover in this chapter.
So we'll focus on those areas that address common tasks such as adding new users and getting
connected to the network.

Accurately describing the location of specific screens within linuxconf is easy, but lengthy given
linuxconf's hierarchical nature. If the structure was a family tree, most of the data entry screens
are in the fourth generation. To describe the path to the screen where you would add new
users to your system, we could write this out as:

``select the Config option from the main screen, then the users accounts option off of that; on
the users accounts screen that appears, select the normal option and then select the user
accounts option.''

Rather lengthy and not immediately accessible. Given the structural similarity to a family tree,
we could write it as

``main window beget Users accounts tab, beget Normal tab...''

But that's an awful lot of begets. Instead, we'll use the following format:

IGNOUSTUDYHELPER
[Config] -> [Users accounts] -> [Normal] -> [User accounts]

It's much more concise and clear. It assumes as its base the linuxconf entry screen. The other
advantage to this approach is that it's not interface specific, so regardless of which interface
you're using, you know exactly where the information is. You're happy, we're happy, and the
trees who lobbied against lengthy descriptions are happy.

To run linuxconf you must have root access. If you are logged in as something other than root,
there are two easy ways to handle this situation. The first is to run Linuxconf by
typing linuxconf. Linuxconf will then prompt you for root's password

The other option is to use the su command to become root. In case you aren't familiar with it
yet, type su at the shell prompt and hit [Enter]. The password it asks you for is the root
account's. Once you've entered that correctly you'll have phenomenal cosmic power! Well,
complete control of your system at any rate4. Anyway, type linuxconf at the shell prompt to
begin the program. Linuxconf has the following user interfaces:

• Command line -- Linuxconf's command-line mode is handy for manipulating your

system's configuration in scripts.
• Character-Cell -- Using the same user interface style as the Red Hat Linux installation
program, the character-cell interface makes it easy to navigate your way through
linuxconf, even if you aren't running X.
• X Window-Based -- Linuxconf can take advantage of X, and give you an easy-to-use
``point and click'' tree menu interface. This form of navigation is new in Linuxconf!
Please see the Tree Menu Interface subsection of section 8.1.1.1 for more information.
This is the interface we'll use for illustrations throughout this chapter.
• Web-Based -- A web-based interface makes remote system administration a breeze. The
web interface will even play nice with the Lynx character-cell web browser!

Linuxconf will normally start in either character-cell or X mode, depending on

the DISPLAY environment variable. The first time you run linuxconf, an introductory message
will be displayed; although it is only displayed once, accessing help from the main screen will
give you the same basic information.

IGNOUSTUDYHELPER
Linuxconf has context-specific help available. For information on any specific aspect of
linuxconf, please select Help from the screen you'd like help with. Note that not all help screens
are complete at this time; as help screens are updated, they will be included in subsequent
versions of linuxconf.

Tree Menu Interface

The new version of Linuxconf comes complete with a tree menu interface.

Linuxconf Entry Screen

Finding the appropriate panel should be simple and fast! You can collapse and expand
sections by clicking on the menu item icons. Click the icon once to activate it for that
particular sub-menu. A single click will then collapse it; another single click will
expand it again.

Selected entries will appear as tabs in the right-hand panel and will remain there until
closed. This will greatly reduce the clutter of windows on your desktop that Linuxconf
has typically caused. If you end up with more tabs open than you like, just

IGNOUSTUDYHELPER
hit Cancel on the bottom of each tab to close it without making any changes,
or Accept to implement them.

Please Note: If you've grown fond of the previous X Windows interface, it's still
available. To return to it:

1. Start Linuxconf by typing linuxconf at the shell prompt

2. Enter root's password when prompted (if not already root)
3. Open [Control] -> [Control files and systems] -> [Linuxconf modules]
4. De-select the This module is active checkbox for the treemenu module.
5. Click Accept
6. Click Quit
7. Restart Linuxconf

Enabling Web-Based Linuxconf Access

For security reasons, web-based access to linuxconf is disabled by default. Before

attempting to access linuxconf with a web browser, you'll need to enable access.
Here's how to do it from the text-mode interface:

1. Start Linuxconf by typing linuxconf at the shell prompt

2. Enter root's password when prompted (if not already root)
3. Open [Config] -> [Networking] -> [Misc] -> [Linuxconf network access]
4. In the Linuxconf html access control dialog box, enter the hostname of any
computers that should be allowed access to linuxconf. This would also include
your own system, if you wish to use the web-based interface locally. Web
accesses related to linuxconf may be logged to your
system's htmlaccess.log file by selecting the check box shown.
5. Select the Accept button and press [Space]. Then select the Quit buttons on
each dialog box to back out of the menu hierarchy. When you come to a
dialog box labelled Status of the system, press [Enter] to take the default
action, which is to apply the changes you've made.

At this point, web-based access has been enabled. To test it out, go to one of the
systems that you added to the access control list. Launch your web browser, and enter
the following URL:
http://<host>:98/

IGNOUSTUDYHELPER
(Replacing <host> with your system's hostname, of course.) You should see the main
linuxconf page. Note that you will need to enter your system's root password to gain
access beyond the first page.

Adding a User Account -- Quick Reference

1. Start Linuxconf by typing linuxconf at the shell prompt

2. Enter root's password when prompted (if not already root)
3. Open [Config] -> [Users accounts] -> [Normal] -> [User accounts]
4. Select Add
5. Enter the account's login and full names
6. Enter information in other fields only as necessary
7. Select Accept
8. Enter the initial password for the account
9. Reenter the initial password for the account in the Confirmation field
10. Select Accept

Adding a User Account -- General Overview

Adding a user is one of the most basic tasks you will encounter in administering your
system. To add a user:

• Start Linuxconf by typing linuxconf at the shell prompt

• Enter root's password when prompted (if not already root)
• Open [Config] -> [Users accounts] -> [Normal] -> [User accounts] This will
open the Users accounts tab
• If you have more than 15 accounts on the system, Linuxconf will provide you
with a filter screen You can use this to select a smaller range of accounts than
the full list. To get the full list, select Accept without changing any of the
parameters. For detailed information on the various filters, select
the Help button on the Filter control screen.
• Select Add. This will open the User account creation tab

IGNOUSTUDYHELPER
 Filter Control Screen

IGNOUSTUDYHELPER
 Users Accounts Screen

IGNOUSTUDYHELPER
 User account creation

(b) Explain the advantages and disadvantages of different LAN topologies.

Ans.

BUS Topology

Advantages

• It is best-suited for small networks.

• It is easy to set up, handle, and implement.
• It costs very less.

Disadvantages

• It is not easy to isolate faults in the network nodes.

• It is suitable for networks with low traffic. High traffic increases load on the bus, and the
network efficiency drops.

IGNOUSTUDYHELPER
• The cable length is limited. This limits the number of network nodes that can be
connected.
• This network topology can perform well only for a limited number of nodes. When the
number of devices connected to the bus increases, the efficiency decreases.
• It is heavily dependent on the central bus. A fault in the bus leads to network failure.
• Each device on the network "sees" all the data being transmitted, thus posing a security
risk.

RING topology
Advantages

• In this topology, each node has the opportunity to transmit data. Thus, it is a very
organized network topology.
• The adding or removing of network nodes is easy, as the process requires changing
only two connections.
• The traffic is unidirectional and the data transmission is high-speed.
• The data being transmitted between two nodes passes through all the intermediate
nodes. A central server is not required for the management of this topology.
• In comparison to a bus, a ring is better at handling load.
• The configuration makes it easy to identify faults in network nodes.
• It is less costly than a star topology.

Disadvantages

• Data sent from one node to another has to pass through all the intermediate nodes.
This makes the transmission slower in comparison to that in a star topology. The
transmission speed drops with an increase in the number of nodes.
• The failure of a single node in the network can cause the entire network to fail.
• The movement or changes made to network nodes affect the entire network's
performance.
• There is heavy dependency on the wire connecting the network nodes in the ring.

MESH topology

Advantages

• It can handle heavy traffic, as there are dedicated paths between any two network
nodes.
• The arrangement of the network nodes is such that it is possible to transmit data from
one node to many other nodes at the same time.
• The failure of a single node does not cause the entire network to fail as there are
alternate paths for data transmission.
• Point-to-point contact between every pair of nodes, makes it easy to identify faults.

IGNOUSTUDYHELPER
 Disadvantages

• A lot of cabling is required. Thus, the costs incurred in setup and maintenance are
high.
• The arrangement wherein every network node is connected to every other node of the
network, many connections serve no major purpose. This leads to redundancy of many
network connections.
• Owing to its complexity, the administration of a mesh network is difficult.

STAR topology
Advantages

• As the analysis of traffic is easy, the topology poses lesser security risk.
• Adding or removing network nodes is easy, and can be done without affecting the
entire network.
• Due to its centralized nature, the topology offers simplicity of operation.
• It also achieves isolation of each device in the network.
• Due to the centralized nature, it is easy to detect faults in the network devices.
• Data packets do not have to pass through many nodes, like in the case of a ring
network. Thus, with the use of a high-capacity central hub, traffic load can be handled
at fairly decent speeds.

Disadvantages

• Also, the number of nodes that can be added, depends on the capacity of the central
hub.
• Network operation depends on the functioning of the central hub. Hence, central hub
failure leads to failure of the entire network.
• The setup cost is quite high.

TREE topology
Advantages

• Fault identification is easy.

• The advantages of centralization that are achieved in a star topology are inherited by
the individual star segments in a tree network.
• The tree topology is useful in cases where a star or bus cannot be implemented
individually. It is most-suited in networking multiple departments of a university or
corporation, where each unit (star segment) functions separately, and is also
connected with the main node (root node).
• Each star segment gets a dedicated link from the central bus. Thus, failing of one
segment does not affect the rest of the network.

IGNOUSTUDYHELPER
• The network can be expanded by the addition of secondary nodes. Thus, scalability is
achieved.

Disadvantages

• Owing to its size and complexity, maintenance is not easy and costs are high. Also,
configuration is difficult in comparison to that in other topologies.
• As multiple segments are connected to a central bus, the network depends heavily on
the bus. Its failure affects the entire network.
• Though it is scalable, the number of nodes that can be added depends on the capacity
of the central bus and on the cable type.

Hybrid Topology
• A hybrid topology combines two or more topologies and is meant to reap their
advantages. Obviously, the advantages and disadvantages of a hybrid topology
are a combination of the merits and demerits of the topologies used to structure
it.
Question 5:
(a) Explain the role and importance of following tools for quota management in Linux:
• quotacheck
• repquota
• quota
Ans.

quotacheck :- This command is used to check the quota implementation in partition.

c :- This option is used to create the quota files in specified partition.

u :- This option is used to check the user quota.

g :- This option is used to check the group quota.

Basically this command will check quota entries in specified partition.

If aquota.user and aquota.group files are not available in specified partition, it will
create them.

IGNOUSTUDYHELPER
We need to run above command only once for each partition where we want to
configure the disk quota.

Once necessary files are created, following command is used to sync the disk quota
database table with current disk usages.

# quotacheck -avug

In this command

a :- This option is used to check all quota enabled partitions

v :- This option is used to print real time updates as command proceeds

u :- This option is used to check user disk quota information

g :- This option is used to check group disk quota information

repquota
Creating a disk usage report entails running the repquota utility.

Output of the repquota Command

For example, the command repquota /home produces this output:

*** Report for user quotas on device /dev/mapper/VolGroup00-LogVol02

Block grace time: 7days; Inode grace time: 7days

Block limits File limits

User used soft hard grace used soft hard grace

IGNOUSTUDYHELPER
----------------------------------------------------------------------

root -- 36 0 0 4 0 0

kristin -- 540 0 0 125 0 0

testuser -- 440400 500000 550000 37418 0 0

To view the disk usage report for all (option -a) quota-enabled file systems, use the
command:
# repquota -a

While the report is easy to read, a few points should be explained. The -- displayed
after each user is a quick way to determine whether the block or inode limits have been
exceeded. If either soft limit is exceeded, a + appears in place of the corresponding -;
the first -represents the block limit, and the second represents the inode limit.
The grace columns are normally blank. If a soft limit has been exceeded, the column
contains a time specification equal to the amount of time remaining on the grace period.
If the grace period has expired, none appears in its place.

quota

Linux uses /etc/fstab configuration file to mount all partitions in file system at boot
time. This file contains all necessary information about the partition such as partition
location at disk, mount point, attributes and other control options which are required to
mount a partition. Each entry in this file has six fields.

IGNOUSTUDYHELPER
 (c) Compare the security features/mechanism of Windows2000 and Linux
operating systems.
Ans.

security features in linux :-

For the basic security features, linux has password authentication, file system
discretionary access control, and security auditing. These three fundamental
features are at the C2 level.Most commerial server-level operating
systems,including AIX (IBM),Windows NT, and solaris, have been certified to this
C2 level. By expending the basic standerd security features we have
(i) User and Group seperation
(ii) File system security
(iii) Audit trails
(iv) PAM authentication
A true statement of a UNIX/Linux system, everything is a file; if something is not
a file, it is a process. Most files are just files, called regular files; they contain
normal data, for example text files, executable files or programs input to or output
from a program and so on.While it is practically safe to say that everything you
encounter on a linux system is a file,there are some exceptions as listed below;
 Directories :- files that are lists of other files.

 Special files :- the mechanism used for input and output. Most special files are
in/dev for example USB and CD-ROM.
 Links :- a system to make a file or directory visible in multiple parts of the
system’s file tree. It is a shortcut.
 (Domain) Sockets :- a special file type, similar to TCP/IP sockets, providing
inter-process networking protected by the file system’s access control.
 Named pipes :- act more or less like sockets and from the way for processes
to communicate with each other, without using network socket semantics.

Window 2000

1. Local users and groups. All security in the Windows environment revolves around access
controls assigned to users and groups. Within this section, users and groups can be created,
edited, and otherwise managed. Accounts can be disabled and unlocked, passwords reset, and
profiles set.
2. Disk management. Without utilizing the appropriate file system, access controls cannot be
placed on files and directories. Through the use of this option, hard drives can be formatted
with NTFS. Further, the concept of disk quotas has been introduced and settings can be
implemented on a per-user basis.

IGNOUSTUDYHELPER
3. Shared folders. Once there is a defined set of users and an environment to support access
controls, those users must be granted access to resources. When creating or managing shares
through this interface, both the share-level permissions and the NTFS-level permissions for the
shared resource can be set.
4. Event viewer. Once resources are secured, monitoring ensues. In addition to the three logs
familiar to past users — System, Application, and Security — new logs have been introduced.
These new logs include DNS Server, File Replication Service, and Directory Service. Both log
settings and event viewing occur here.
5. Performance logs and alerts. While event logs require someone to physically view the logs,
this feature supports defining performance objects, performance counters, and object
instances, and setting thresholds for system services that can initiate actions when reached.
6. System information. When alerts are raised or event logs entries denote problems, this
option, formerly referred to as Windows NT Diagnostics, provides detailed system information
from device interrupts to environment variables, and is often invaluable for resolving resource
conflicts.
7. Device manager. If resource conflicts or other hardware problems are discovered, the device
manager allows the manipulation of DMA, IRQ, and other hardware settings to resolve these
issues. While this console provides access to many other functions, the benefits of
consolidation can already be seen. Similarly, the Local Security Settings console organizes those
components of Windows 2000 security that must be carefully configured to ensure system
confidentiality, integrity, and availability. These features include:
1. Password policy. In addition to the familiar password settings, two new options are
introduced, “Passwords must meet complexity requirements” and “Store passwords using
reversible encryption for all users in the domain.” These new options are discussed later.
2. Account lockout. Users of the old resource kit utility passprop.exe will be pleased to learn
the administrator account is now required to adhere to the account lockout policy for network
logons.
3. Audit policy. Some audit categories have changed their names and two new ones have been
added, “Account logon events” and “Directory service access,” which are discussed later.
4. User rights assignment. The number of user rights has increased by seven, to 34. These
seven rights include “Deny” for the four logon types (from the network, as a batch job, as a
service, and locally). New rights include “Enable computer and user accounts to be trusted for
delegation,” “Remove computer from docking station,” and “Synchronize directory service
data,” all to be discussed later.
5. Security options. The oft-daunting task of modifying the registry is somewhat eased through
this new interface that provides access to old and new security settings and which are detailed
later.
Public key policies for the Encrypting File System and IPSec policies are also configured here,
creating a powerful security management tool.
Question 6:
(a) Why is the audit view limited to specific users only in windows
2000?
Ans.

IGNOUSTUDYHELPER
New user accounts are important to audit to verify that they correspond to a legitimate
employee, contractor or application. Outside intruders often create new user accounts to
facilitate continued access to the penetrated system. Certain changes to user accounts are
important to audit since they can be a tip-off to compromised accounts. For instance, both
insider and outsider computer criminals often gain access to a system by socially engineering
the help desk to a user's password. Or a previously disabled account being re-enabled may be
suspicious depending on the history and type of the account. Group changes, especially
changes to the group's membership, are very useful to track since groups are used to control
access to resources, link security policies and control wireless and remote access all over a
Windows network. Changes to an organizational unit's Security tab usually corresponds to
delegation of administrative authority over that OU but also occurs when you change normal
user access to directory objects. Examples include delegating password reset or user account
creation authority over the NYC OU. Any change to a group policy object or changes to the
Group Policy tab of an OU, can result in wide reaching changes to the security policies applied
to the computers in that OU or changes to desktop restrictions for the user accounts in that
OU. In this article I'll focus on auditing changes to users and groups.

To track changes to users and groups you must enable "Audit account management" on your domain
controllers. The best way to do this is to enable this audit policy in the "Default Domain Controllers"
GPO which is linked to your Domain Controllers OU as seen in figure 1. "Audit account management
events" provides specific event IDs for important operations that can be performed on users and
groups.

(b) Explain the purpose and features of registry management. Also,

explain the uses of it.
Ans.

The system registry is one of the most important parts of a Windows-based computer system. Not to be
tampered with lightly, the registry is a system-defined database used by the Windows operating
system to store configuration information. Most Windows applications write data to the registry during
installation, and system components store and retrieve configuration data through the registry. The
data stored in the registry varies according to the version of Microsoft Windows.

Registry Structure: The Tree, Nodes and Keys

The data is stored in the registry in a tree structure format, for those who have never opened the
Registry Editor, you'd find its layout is similar to what you would see when you open your Windows
Explorer. Each node within the registry tree contains a key which may have both subkeys and data
entries (called values). Depending on the application you run, the application may need only the
associated key while others may need the value data set for that specific key. A hive in the registry is a

IGNOUSTUDYHELPER
group of keys, subkeys, and values in the registry that has a set of supporting files containing backups of
its data. The Windows boot process automatically retrieves data from these supporting files.

How Applications Use the Registry

Applications use the registry in several ways. They can add data to your registry by creating or opening
existing keys. When applications add to the registry, the data is sorted by computer-specific data or
user-specific data. Through this distinction applications can support multiple users and locate user
profile data. An application can close a key and write the data it contains into the registry and
applications can delete a value from a key or delete a key. Applications can also save specific data, or
parts of the system registry in a file to load that file into the registry which is common when large
amounts of data is being handled, or when multiple entries are being added to the registry.

Problems Associated With The Registry

Users can experience computer problems caused by system registry errors for several reasons. Problems
with the computer itself will usually occur because of invalid or missing keys in the Windows registry.
Some signs of trouble include computer system crashes, stalls, or even a noticeably slower operating
speed. Of course knowing what causes errors in your system registry can go a long way to avoiding
registry problems in the future. In most cases, problems with your registry occur from user actions
mainly involving the installation or removal of software and hardware on your computer. If you
frequently install or uninstall programs, delete startup programs, change hardware and do not remove
old drivers (or have corrupted hardware drivers), delete software which was not properly uninstalled, or
have installed a program with embedded spyware on your computer, then you may experience
problems with your Windows system registry.

Editing a Registry

You can edit the Registry directly by using the Registry Editor provided with the operating system.
However you must take great care because causing errors in the Registry could disable your
computer. You should not edit registry data that does not belong to your application unless it is
absolutely necessary. If there is an error in the registry, your system may not function properly. If this
happens, you can restore the registry to the state it was in when you last started the computer
successfully. Editing a registry can be a difficult task and you should read through the help files for your
specific Windows operating system before giving any further thought to editing the registry yourself.

Registry Backup and Restore

Some versions of Windows operating systems such as Windows 98, will create a backup of your system
registry for you every day provided your computer was rebooted during that calendar day.
Unfortunately, the problems you may wish to fix with a registry restore may be included in the most
recent backup, so it is advisable to start making your own registry backups instead of relying on those
generated by Windows. It is important to note that the process for backing up and restoring a registry

IGNOUSTUDYHELPER
will differ between versions of Windows, and you should search the Microsoft Web site for exact
instructions pertaining to your version of Windows.

Windows ME and Windows XP make system restore a bit easier as both have a System Restore feature
that securely stores data that can later be used to put your system back to a previous state when it was
known to function correctly.

If your last restore point had problems — for example a virus or worm, you'll face the probability that
this information will also be restored to your system. It is important to remember that achieving a good
system registry restore is dependant on you having taken the proactive steps to creating a good, usable
backup to restore from. It is also important to read help files and search the Microsoft online
Knowledgebase for registry backup and restore information for the version of windows you are running.

Registry Cleaner and Restore Utilities

For many, the process of cleaning and restoring a system registry is made easy with the use of third-
party software utilities. A simple Google Web search for registry cleaning utilities will provide you with a
plethora of results. For the most part, all registry repair and cleaner utilities provide you with an easy
way to create registry backups, clean out your registry, and repair problems with your Windows system
registry — some will provide additional features, but those are the basics to look for. Once you have
installed your registry cleaner of choice, you will then set-up the basic options offered by the software
(such as directories to store logs, backups, choose between automatic repair or to see the checklist of
problems and confirm repair of each item. The cleaner utility will check areas storing information
related to custom controls, software locations, shared DLLs, Startup programs, add/remove programs,
and more.

You will have an option to create a system registry backup from the current state before making any
changes to your Windows system registry as recommended by the cleaning utility. It is very important to
create this backup, just incase something goes wrong when problems in the registry are repaired.

If you've make the decision to use a registry cleaning and repair utility to fix existing problems with your
Windows System registry, you'll find you don't necessarily have to clean your registry frequently. But
since you have the utility on your system creating registry backups is easily done with just a few clicks
and can save you from total reformats and loss or corruption of your system in the future.

Question 7:
Write a shell script that searches the file contents in a directory and its sub-directories for a
text string given by the user. It list all such file names having that given string and store in
a temp file “example_dir”

Ans.

Shell script Program

#bin/bashread-p”Enter a filename:”filename

IGNOUSTUDYHELPER
if

[[

-f $ example dir]]

then echo “The file $ example dir exists.”read –p

“Enter the you word want to find:”

Word

grep “$word”

“$example dir”

else echo “The file $filename does not exist “.

fi

SUCCESS=0

E_NOARGS=65

If [-z”$1”]

then

echo”Usage:basename

$0’rpm-file”

exist $E_NOARGS

fi

#Begin code block.

echo

echo”Archive Description:”

rpm-qpi $ 1 # Query descri....

IGNOUSTUDYHELPER
echo

echo”Archive Listing:”

rpm-qpl $ 1 # Query listing

echo

rpm-i—test $ 1 # Query whether rpm file can be installed.

If [“$?” – eq $ SUCCESS]

Then

echo “$1 can be installed.”

else

echo “$1 cannot be installed.”

Fi

echo #End code block.

}> “$1.test” #Redirects output of everything in block of file.

echo “Result of rpm test in file $1.test”

#See rpm main page for explanation of options.

exit 0.

exits = $(grep-c$word$file)

if

[[$exits-gt0]];

then

echo”File does not exit”

fi

Question 8:
(a) What is backup? What are the strategies followed in Linux for backup?

Ans.

IGNOUSTUDYHELPER
Backup refers to the copying of physical or virtual files or databases to a secondary site for
preservation in case of equipment failure or other catastrophe. The process of backing up data
is pivotal to a successful disaster recovery (DR) plan.

In the ancient past, backup strategies were all about setting up a list of tapes, and determining
which ones should be used when for full backups, incremental backups, and such, with some
evaluation of how quickly tapes degrade such that they need to be turfed out.

That perspective is not "obsolete," but what with disk drives getting cheap and big vastly faster
than tape drives, it is common for people not to even have tape drives, thus dictating different
approaches.

NewTLUG - Backup Strategies for Linux

Note that RAID is neither a backup strategy nor a substitute for a backup strategy.

RAID may make it less likely that you will need to resort to recovering from a backup. But it is
not a backup system.

Similarly, journalling filesystems do not represent a backup strategy.

Again, they make it less likely that you will need to recover a filesystem from a backup; their
primary advantage is in speeding up boot time when the system is shut down uncleanly.

Some journalling filesystems (typically on "commercial Unixes ) may provide links to help you
mirror filesystem contents, which very well may represent a useful part of a backup system.

But the fact that you're using a journalling filesystem does not relieve the need to backup
important data.

One approach to doing backups is to synchronize filesystems across a network.

Some good ideas may be gotten from the management of synchronization of PDAs like
the PalmComputing platform.

Good tools for this include rsync and Unison.

Relational databases tend to require specialized handling; they typically store many records in a
single file, and if the database is not shut down while a backup is being performed, the backup
can easily be made totally worthless.

Database systems often offer some custom backup scheme whereby a program is run that
generates a special backup output format in a "safe" manner.

There may be little sense in backing up software on /usr that may readily be "recovered" by
reinstalling packages from an installation CD-ROM.

IGNOUSTUDYHELPER
As a result, a useful approach to a "backup regime" may include pulling data from
an RPM or dpkg database and not bothering to backup those files that are totally managed by
the packaging system.

In addition to that, it may be useful to collect together the specific RPM RPM or dpkg files that
get installed and collect those together to make your own "package install" CD. This is likely to
be fairly compact, as packages are compressed, and means that if you have combined some
custom packages with "distribution base" packages with third party packages, all reside in one
convenient spot.

These days, most of my "backups" are handled via "Source Code Management", specifically via
having my files of interest stored in Section 1 repositories, which are more or less regularly
pushed and pulled to other hosts.

• Linux Backup HOWTO

• Linux Backups mini-FAQ
• Linux-Backup.net
• LinuxMafia.com - Backup tools
• LinuxApps - Backup Tools

Tape Archiving Using the Time Capsule File System

The purpose of this MIT project is to build a filing system to provide long term access to
research data from older computer systems, particularly where technology changes mean that
backup tapes from now-unavailable computer hardware are getting increasingly fragile.

The system they were particularly concerned about in the initial research was ITS; apparently
there has been a lot of research data archived on the ITS systems at MIT.

Back In Time

Back In Time is a backup tool that works with Section 7 and Section 8 that is reminiscent of
Apple's TimeVault backup system, that does backups via taking snapshots of specified sets of
directories.

BRU (Backup and Restore Utility)

Restoring a Debian Box

First, save package information dpkg --get-selections * > /mnt/floppy/backup.pkg.lst

Then, to restore it:

Boot a minimal Debian system using root floppies

dpkg --set-selections < /mnt/floppy/backup.pkg.lst

apt-get update

IGNOUSTUDYHELPER
apt-get dist-upgrade

apt-get upgrade

ndd - a network, dd like cloning utility.

BackupPC Home Page

BackupPC is a high-performance, enterprise-grade system for backing up Linux and WinXX PCs
and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain

Google Directory: Virtual Disk Drives

A number of companies offer "virtual disk drives," which essentially provide a way for you to
upload a set of files to their site, providing a form of backup.

There were a lot of providers of this service in 2001; many went out of business. Some have
survived: many no longer have 'free' offerings.

Briefcase at Yahoo!

This should not be your only "line of defense," but it certainly is possible to push compressed,
encrypted "tarballs" onto such servers and get a backup that is free, if not of particularly
verifiable integrity.

I would strongly urge people using these systems to:

Make sure it's not the only backup.

Compress and encrypt your data using something like PGP before uploading it.

For the "free" offerings, the terms of service usually give the host the right to use your data
however they wish to, so if you don't want them publishing your love letters, use
strong crypto tools ;

Perhaps use a couple of them for a bit more redundancy.

The amount of data that may be uploaded often tends to be limited, so you surely won't be
backing up your whole DVD collection.

I'd suggest building a backup script that takes some set of important files and makes an
encrypted tarball, ready for uploading.

(b) What encryption function is used by Windows 2000 operating system?

Ans

IGNOUSTUDYHELPER
An Encrypting File System (EFS) is a functionality of the New Technology File System (NTFS)
found on various versions of Microsoft Windows. EFS facilitates the transparent encryption and
decryption of files by making use of complex, standard cryptographic algorithms.

The cryptographic algorithms are used in EFS to provide useful security countermeasures,
whereby only the intended recipient can decipher the cryptography. EFS uses symmetric and
asymmetric keys during the encryption process, but it does not protect data transmissions.
Rather, it protects data files within systems. Even if someone has access to a certain computer,
whether authorized or not, he still cannot unlock the EFS cryptography without the secret key.

EFS is actually a transparent public key encryption technology that operates with NTFS
permissions to allow or deny user access to files and folders in various Windows operating
systems (OS), including NT (excluding NT4), 2000 and XP (excluding XP Home Edition).

Key EFS features are as follows:

• The encryption process is easy. Select the check-box in the file or folder's properties to turn on
the encryption.
• EFS offers control over who can read the files.
• Files selected for encryption are encrypted once they are closed but are automatically ready to
use once opened.
• The file's encryption feature may be removed by clearing the check-box in the file properties.

Although used by many organizations, EFS must be handled with caution and knowledge, to
avoid encrypting content that should be transparent, rather than secure. This is compounded
by the fact that it may be difficult to decrypt data content that was not meant to be encrypted
in the first place.
EFS developers remind users that once a folder is marked encrypted, all files contained in that
folder are encrypted as well, including future files transported to that particular folder.
However, a custom setting for encrypting “this file only” is available.
Encryption passwords are identity specific, so it is important for employees to avoid sharing
passwords and equally important that users remember their passwords

IGNOUSTUDYHELPER