Presentation on theme: "1 15. February 2008 TDT4285 Planl&drift IT-syst Lecture no 17: Name spaces TDT4285 Planlegging og drift av IT-systemer Spring 2008 Anders Christensen,"— Presentation transcript:
1 15. February 2008 TDT4285 Planl&drift IT-syst Lecture no 17: Name spaces TDT4285 Planlegging og drift av IT-systemer Spring 2008 Anders Christensen, IDI
2 15. February 2008 TDT4285 Planl&drift IT-syst Definition A name space is a set of possible identifiers that satisfy certain syntactic rules, and where each identifier refers to a unique resource. The name space is usually finite, although other limitations often restrict the number of identifiers that can simultaneously exist in the name space.
3 15. February 2008 TDT4285 Planl&drift IT-syst Examples of name spaces User names at a computer system Phone numbers IP-addresses on the network Hostnames on the network UIDs for users URLs on the Web Nicknames on IRC -addresses
4 15. February 2008 TDT4285 Planl&drift IT-syst Categories of name spaces Flat. All identifiers at the same level Hierarchic. Duplicates are permitted, as long as they exist in different branches of the hierarchy (or network) Anarchistic (or adaptive). The result of a dynamic process where the name space is constantly changed by identities autonomously being added or subtracted.
5 15. February 2008 TDT4285 Planl&drift IT-syst Sparse and Compact name spaces Sparse name spaces. Where there are enormously many more possible names than are acturally in use. Compact name spaces. Where a large percentage of the possible names are usually in use. Single errors may be undetectable in compact name spaces, but can be automatically catched in sparse name spaces.
6 15. February 2008 TDT4285 Planl&drift IT-syst Metrics for name spaces Diameter. How many systems (machines) use this namespace? Thickness. How many different services use this name space. Consistency. When the same name space is used for several systems in parallel, to what degree are the attributes interpreted the same way by all systems?
7 15. February 2008 TDT4285 Planl&drift IT-syst Diameter and thickness IDI NTNU Norway Mail Web Print Samba
8 15. February 2008 TDT4285 Planl&drift IT-syst Examples of name spaces anders (user name) (phone number) (IP-address) furu (hostname) (UID for user) (URL) anchr (nickname on IRC)
9 15. February 2008 TDT4285 Planl&drift IT-syst Rules of thumb 1.Flat name spaces scale badly, and require a central coordination authority. 2.Dynamic name spaces are practical, but may be chaotic and can have implications for security and overhead. 3.Hierarchic name spaces are very scalable, but may require a distributed database. 4.Plan well, because name lives for a long time.
February 2008 TDT4285 Planl&drift IT-syst Five name space policies Note: there are several hybrids of these: Formula-based. E.g pc001, pc002 etc Theme-based. E.g january, february etc Functional. E.g mail, skriver, backup Anarchistic. I.e everybody chooses their own names Random. Just choose meaningless, random identifiers.
February 2008 TDT4285 Planl&drift IT-syst Case: naming the printers Organizational. After group and department Room-based. After room and building Theme. After some common theme Anarchistic. Choose whatever comes to mind HW-based. Model specification Serial-no. Name is unique s/n Formula-based. Enumerate the printers
February 2008 TDT4285 Planl&drift IT-syst Name space policy Should be written Must be part of the training Must be enforced (by whom?) Must specified accepted (and unacceptable) names How are new names to be choosen How are collisions to be handled Operational: scope, thickness, diameter, etc
February 2008 TDT4285 Planl&drift IT-syst Implications for security Functional names may reveal information Deviations from what’s normal may reveal information Access to changes and additions in a name space may be an important step during a break-in attempt All info about name spaces are important during reconnaissance and break-in attempts
February 2008 TDT4285 Planl&drift IT-syst Cache poisoning Odin Tor 1. Request Trym Name server 2. Request Loke 3. False answer 4. Real answer Frøy Frøya 5. Use of service False service Real service
February 2008 TDT4285 Planl&drift IT-syst Procedures Additions, changes and deletions Backup Revision control Phase-outs and cleanups Quarantine/no-reuse period Checking for consistency
February 2008 TDT4285 Planl&drift IT-syst Generic names and aliases Names often live a lot longer than you may think, so consider the following method: Name resources according to formula or theme or randomness Make aliases for every important function Connect the aliases to the currently relevant resource.