170 likes | 250 Views
Lecture no 17: Name spaces. TDT4285 Planlegging og drift av IT-systemer Spring 2008 Anders Christensen, IDI. Definition.
E N D
Lecture no 17: Name spaces TDT4285 Planlegging og drift av IT-systemer Spring 2008 Anders Christensen, IDI TDT4285 Planl&drift IT-syst
Definition A name space is a set of possible identifiers that satisfy certain syntactic rules, and where each identifier refers to a unique resource. The name space is usually finite, although other limitations often restrict the number of identifiers that can simultaneously exist in the name space. TDT4285 Planl&drift IT-syst
Examples of name spaces • User names at a computer system • Phone numbers • IP-addresses on the network • Hostnames on the network • UIDs for users • URLs on the Web • Nicknames on IRC • E-mail-addresses TDT4285 Planl&drift IT-syst
Categories of name spaces • Flat. All identifiers at the same level • Hierarchic. Duplicates are permitted, as long as they exist in different branches of the hierarchy (or network) • Anarchistic (or adaptive). The result of a dynamic process where the name space is constantly changed by identities autonomously being added or subtracted. TDT4285 Planl&drift IT-syst
Sparse and Compact name spaces • Sparse name spaces. Where there are enormously many more possible names than are acturally in use. • Compact name spaces. Where a large percentage of the possible names are usually in use. Single errors may be undetectable in compact name spaces, but can be automatically catched in sparse name spaces. TDT4285 Planl&drift IT-syst
Metrics for name spaces • Diameter. How many systems (machines) use this namespace? • Thickness. How many different services use this name space. • Consistency. When the same name space is used for several systems in parallel, to what degree are the attributes interpreted the same way by all systems? TDT4285 Planl&drift IT-syst
Diameter and thickness NTNU IDI Mail Web Print Samba Norway TDT4285 Planl&drift IT-syst
Examples of name spaces • anders (user name) • 735-93681 (phone number) • 129.241.107.66 (IP-address) • furu (hostname) • 26806 (UID for user) • http://www.idi.ntnu.no/emner/tdt4285 (URL) • anchr (nickname on IRC) TDT4285 Planl&drift IT-syst
Rules of thumb • Flat name spaces scale badly, and require a central coordination authority. • Dynamic name spaces are practical, but may be chaotic and can have implications for security and overhead. • Hierarchic name spaces are very scalable, but may require a distributed database. • Plan well, because name lives for a long time. TDT4285 Planl&drift IT-syst
Five name space policies Note: there are several hybrids of these: • Formula-based. E.g pc001, pc002 etc • Theme-based. E.g january, february etc • Functional. E.g mail, skriver, backup • Anarchistic. I.e everybody chooses their own names • Random. Just choose meaningless, random identifiers. TDT4285 Planl&drift IT-syst
Case: naming the printers • Organizational. After group and department • Room-based. After room and building • Theme. After some common theme • Anarchistic. Choose whatever comes to mind • HW-based. Model specification • Serial-no. Name is unique s/n • Formula-based. Enumerate the printers TDT4285 Planl&drift IT-syst
Name space policy • Should be written • Must be part of the training • Must be enforced (by whom?) • Must specified accepted (and unacceptable) names • How are new names to be choosen • How are collisions to be handled • Operational: scope, thickness, diameter, etc TDT4285 Planl&drift IT-syst
Implications for security • Functional names may reveal information • Deviations from what’s normal may reveal information • Access to changes and additions in a name space may be an important step during a break-in attempt • All info about name spaces are important during reconnaissance and break-in attempts TDT4285 Planl&drift IT-syst
Hostnames at IDI abasolo adf-sw admiral aiG5 aicube ailife alm amble amnesix anfield anneberit ans0066 ans0070 ans0074 ans0075 ans0083 ans0095 ans0096 ans0100 ans0172 ans0176 ans0177 ans0183 ans0184 ans0190 ans0252 ans1077 ans1089 ans1098 ans1115 ans1116 ans1124 ans1145 ans1165 ans1194 ans1203 ans1222 aoc aocdev apollo apprentice april ardmore arendal artemis arvid ash ask ask ask ask astar asylum ataboy atlas atlesa august baardk bakkaun balblair barlind batseba bb-agnar bb-ahs bb-aslakr bb-birgitss bb-misje bb-sari bb-stalhane bb-sveinbra bb-trondheg bb-veres benriach bergen beta bever bikkja binky bitbucket bonmore bootle brann brisbane bromstad bruichladdich bruse bryssel buran cardhu carl carlbarks casper clustis clustis2 clynelish coleburn cork cray cubix dags dalholen dalmore daria db-gr4 delfi desember dhcp-107-240 dhcp-107-241 dhcp-107-242 dhcp-107-243 dhcp-107-244 dhcp-107-245 dhcp-107-246 dhcp-107-247 dhcp-107-248 dhcp-107-249 dhcp-107-250 dhcp-107-251 dhcp-107-252 dhcp-107-253 dhcp-107-254 dhcp-110-131 dhcp-110-132 dhcp-110-133 dhcp-110-134 dhcp-110-135 dhcp-111-181 dhcp-111-182 dhcp-111-183 dhcp-111-210 dhcp-111-211 dhcp-111-212 dhcp-111-223 dhcp-111-224 dhcp-111-225 dhcp-111-226 dhcp-111-227 dhcp-111-228 dhcp-111-235 dhcp-111-236 dhcp-111-237 dhcp-111-249 dhcp-111-250 dhcp-111-251 dhcp-111-252 dhcp-111-253 dionysus disy1 disy2 disy3 divinity docweb dogbert dotserver driftburn duchamp dusk dyndahl ecoli eden edradour eidheim eik einer ekorn.idipc elefant endless01 endless02 endless03 endless04 endless05 endless06 endless07 enolagay enyo erots eventseer evicum falk fast-vpn fautmoen februar fenris festus frodeso furu fw-kt galway gamma gibboso gigabase gill gisna gisnadal glenden glenesk glenny glenspey goldwing gran gran-110 gruva guru4 hamar hangar18 harryklein hdl hector hegg heistad helgebostad hemsedal heskey heuristic hexley hiennam hillesvaag hillesvaagii himpy hugo iccbr idi-ans-353s-h idics idivhosts ils ilya ingeborg irkutsk its222 itux itv142 itv154 itv354 jaguar jakobsli jerevan joebar josefine jsp juli kappabel kasper kaunas keegan ketilb kigali kilkenny kina kjellbra kompjuter kvitpil lade laringsrom larris lemen leporello license light lillehammer lind lind-z1 lochside loenn los luanda mac-heri macallan macroger mars marvika masscomp matros mdu4-1 melhus merkur merlin mersey mi midgard mikke millburn minix misty mmdb mobelix modesty monster morpheus mortix moss mserver mserver2 mtr mtux mug multi munkvold murmansk mutt nalle napoli nardo narvik natalon neural nidaros ninjaturtle nova2 nova3 nsep.vhosts nyeden oktober oleb olgas omikron ontario or orderud os oslo osp osp osp osp osp2 ottawa pakke palermo parma pat pat pat pat pat pat peon phoenix pil pinball pisa potomac prigogine qui radioeye02 raudeik reppe resident roma rotte.idipc rover rudsviki sandbox sari saturn scan scan scapa scapi schedule scylla search seinfeld selje sensa-em1 shade shadow shankly sigma skippy skomaker skybox slavebox slimmy smestad sofie TDT4285 Planl&drift IT-syst
Cache poisoning Loke 3. False answer Tor 1. Request Odin 5. Use of service False service Frøya 4. Real answer 2. Request Real service Trym Frøy Name server TDT4285 Planl&drift IT-syst
Procedures • Additions, changes and deletions • Backup • Revision control • Phase-outs and cleanups • Quarantine/no-reuse period • Checking for consistency TDT4285 Planl&drift IT-syst
Generic names and aliases Names often live a lot longer than you may think, so consider the following method: • Name resources according to formula or theme or randomness • Make aliases for every important function • Connect the aliases to the currently relevant resource. TDT4285 Planl&drift IT-syst