This chapter is provided on an “as is” basis as part of the Apress Beta Book Program. Please note that content is liable to change before publication of the final book, and that neither the author(s) nor Apress will accept liability for any loss or damage caused by information contained.
Copyright ? 2004. For further information email support@https://www.doczj.com/doc/553539722.html,
All rights reserved. No part of this work may be reproduced in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.
Chapter 10
Securing an FTP Server
File Transfer Protocol or FTP is one of the original core protocols of the Internet and was first documented in 1971. It was designed to provide the functionality to exchanges files over the Internet and is specified in RFC 959.1 It is still currently used for a number of purposes, including running user and anonymously authenticated FTP servers for the provision of files and applications for download. For example, it is utilized by software vendors to provide updates or patches to clients. It is also used to transfer of files between disparate systems, for example many non-Unix systems also support the FTP protocol. One of the most common uses of FTP is by ISPs to provide customers with the ability to upload files to their web sites.
At first look FTP would seem to fulfill a useful and practical function. Unfortunately FTP is also inherently insecure. The only security available to most FTP sessions is a username and password combination. By default FTP transactions are conducted unencrypted and all traffic is sent in clear-text across your network. This includes the transmission of user names and passwords. This exposes you to a considerable level of risk that is difficult to mitigate with available tools.
Due to the inner workings of FTP it is not possible to use tools such as Stunnel to secure FTP traffic and we'll explain why this is so in the next section. Additionally many of the available open source and commercial FTP servers have proven to be subject to vulnerabilities. Many FTP servers are easily compromised and thus can provide a point of access for an attacker into your system. Or they have vulnerabilities that could allow Denial of Service (DoS) attacks on your systems. In addition to these other potential insecurities FTP is also vulnerable to so-called 'man-in-the-middle' attacks where your data is intercepted and then either stolen or altered and sent on. For example, this is one of the primary methods hackers use to penetrate and hack web servers. New material is uploaded to a web server via FTP. The hacker finds the IP address of the web server and sets up a sniffer to watch FTP's TCP port 21. When next you update the site it grabs your username and password and this is used to upload material of the hacker's choice to the system or to steal any valuable information, such as credit card details, from your site.
Given the weaknesses of FTP we'd recommend you not run it at all as a production server on any systems, unless you absolutely require the functionality. There are some commercial secure FTP servers available on the market. But these usually require a client that is compatible with the secure server. If you have a proprietary commercial FTP server running with encryption or enhanced authentication then generally clients other than the proprietary client designed for that server will not be able to connect or will only be able to connect to the server using standard FTP without any additional security.
1https://www.doczj.com/doc/553539722.html,/rfc/rfc0959.txt?number=959
There are some alternatives to FTP. Indeed for the process of transferring files between systems there are other mechanisms which are considerably more secure. These include sftp or scp from the OpenSSH toolkit (as we discussed in Chapter 3). Indeed if the remote systems are configured correctly then SSH can be used to upload files to remote systems such as web servers without requiring an FTP port to be open on them. We'd recommend you look at these options rather than use FTP.
If you must use FTP then in this we'll try to provide as secure as possible implementation of an FTP server. We'll show you how FTP works and how best to firewall it. Additionally we'll take you through installing a secure anonymous FTP server, a local user authenticated FTP server, and examine support for FTP over SSL/TLS. As part of this we will also demonstrate how to chroot your FTP server and mitigate the risk of DoS attacks.
How Does FTP work?
FTP has two key components - a client and a server. This chapter will focus on the server component of FTP. FTP is a stateful protocol, meaning that connections between client and server are created and kept open during an FTP session. Commands that are issued to the FTP server, for example a file upload or a directory listing, are executed consecutively. If a command arrives while another command is being executed then the new command is queued and will execute when the current command has completed.
NOTE:FTP is a TCP only protocol. There are no UDP elements to FTP.
When making an FTP connection two types of connections are initiated. A control, also called a 'command', connection and a data connection. When you connect an FTP client to an FTP server a single control connection is established by default using the TCP port 21. This connection is used for the authentication process, for sending commands and receiving response messages from the remote server. It does not do the actual sending and receiving of information or files. The sending and receiving of files is handled by the data connection. A data connection is established only when a file needs to be transferred and is closed at the end of the transfer.
There are two types of data connection, active mode connections and passive mode connections. Active connections use the PORT command and are initiated by the remote server and the client listens for the connection. Passive connections use the PASV command and the client initiates the connection to the remote server and the server listens for the data connections. When the client starts a transfer it tells the server what type of connection is wishes to make. In modern FTP clients and servers the most common connection type is passive connections.
In active mode the client connects from a random source port in the ephemeral port range (see Chapter 2) to the FTP control port 21. All commands and response codes are sent on this control connection. When you actually want to transfer a file the remote FTP server will initiate a connection from the FTP data port 20 on the server system back to a destination port in the ephemeral port range on the client. This destination port is negotiated by the port 21 control connection. Often the destination port used is one port number higher than the source port on the client. You can see an illustration of an active mode connection in Figure 10-1. Insert 4444ch10f1.tif
Figure 10-1 Active mode FTP connection
Active mode connections often have issues with firewalls. On the server-side with an active mode connection you need to have the TCP ports 20 and 21 open on your firewall. On the client side we need the range of ephemeral ports open. Often opening these ports is hard to do if your FTP client is behind a firewall. In a secure firewall configuration these ports should generally be closed. Additionally because the remote server initiates the connection many firewalls will drop the connection because they are only designed to accept established connections on specific limited ports. Finally if you are behind a firewall that uses many-to-one Network Address Translation (NAT) it is often impossible for the firewall to determine which internal IP address initiated the FTP connection. This is caused by the firewall's inability to correlate the control and data connections.
As a result of the issues active mode connections have with firewalls, passive mode connections were introduced. In passive mode the client initiates both sides of the connection. Firstly the client initiates the control connection from a random ephemeral port on the client to the destination port of 21 on the remote server. When it needs to make a data connection the client will issue the PASV command. The server will respond by opening a random ephemeral port on the server and pass this port number back to the client via the control connection. The client will then open a random ephemeral source port on the client and initiate a connection between that port and the destination remote port provided by the FTP server.
Insert 4444ch10f2.tif
Figure 10-2 Passive mode FTP connection
Passive mode connections mitigate the issue of the remote server initiating the connection to the client and being blocked by a firewall. This is because the client initiates both the control and data connections. Thus firewalls see the outgoing FTP data connection as part of an established connection. You still need to have ephemeral ports open on the server and client side of the connection. But this too can be partially mitigated because many FTP servers allow you to specify the range of ephemeral ports rather than using the entire ephemeral ports range. But you still need to open a suitable range to allow your FTP server to function.
Overall the random ephemeral port selection, for both active and passive connections, is one of the reasons why securing FTP is difficult. In order to achieve a secure connection the securing application needs to know which ports to secure. As this port choice is random, the securing application has not means of determining what port needs to be secured. Firewalling your FTP server
There is a method of further locking down your FTP connections. To this we can use iptables with a module called ip_conntrack_ftp. The ip_conntrack_ftp module uses connection state tracking to correlate and track FTP transactions. We first introduced connection state tracking in Chapter 2. Let's look at creating some iptables rules for our FTP server.
We have discussed in the How Does FTP Work? section that in order for the FTP server to function you will need a combination of the ports 20, 21 and the range of ephemeral ports open on both the client and server. This combination is partially dependant on the connection mode we are running on our FTP server. We're going to assume we are creating firewall rules for an FTP server running on interface eth0 and bound to IP Address, 192.168.0.1. We will assume we only want FTP connections into the system and we don’t want to allow outgoing FTP connections.
The first rules we are going to create are for the FTP server's control connection, which uses TCP port 21. As these rules address the control connection they are identical for active and passive mode FTP, as the control connection is required for both modes.
puppy# iptables –A INPUT –i eth0 –p tcp --dport 21 –d 192.168.0.1 –m state --state
NEW,ESTABLISHED,RELATED –j ACCEPT
puppy# iptables –A OUTPUT –o eth0 –p tcp --sport 21 –s 192.168.0.1 –m state --state
ESTABLISHED,RELATED –j ACCEPT
In the two rules we've just specified, incoming traffic on interface eth0 to IP Address
192.168.0.1 and TCP port 21 in the connection state of NEW, ESTABLISHED or RELATED is allowed to enter the host. Outgoing traffic on the same interface, IP Address and port in the connection states ESTABLISHED and RELATED is allowed to exit the host.
The control connection is not the whole story though. The FTP server also needs the data connection opened in our firewall for the server to correctly function. As we have discussed this data connection can run in two modes: active and passive. For example, the active mode connection requires a substantial port range open. To function correctly the active mode requires port 20 open on the FTP server and additionally on the server we need to accept incoming connections from the ephemeral port range on the client host. The passive mode connection requires ports in the ephemeral port range to be open on both the client and the server. Both of these models pose security risks.
To help mitigate this security risk we are going to utilize the ip_conntrack_ftp module. This module is an iptables kernel module that extends the functionality of the connection state tracking that we discussed in Chapter 2. This module is provided with most distributions and with all recent releases of iptables.
Firstly we need to load the required module like so,
puppy# insmod ip_conntrack_ftp
The module may be already loaded on your system and it will return an error message if this is the case. You need to load the module each time your system restarts. It is recommended you load this module when you start iptables.
The ip_conntrack_ftp module tracks FTP connections and watches for the use of the PORT or PASV command on port 21 which indicates that a data connection is being initiated. The module then makes note of and tracks the ports being used by the data connection. This allows iptables to correlate and track the control and data connections for a particular FTP transaction. The module allows iptables to reference the data connection as a RELATED state. Thus we can use the RELATED connection state rather than the NEW connection state in our INPUT chain. This means ports on our host only need to be open for RELATED connections not NEW connections from ephemeral ports. This reduces the risk posed by running an FTP server and allows us to more tightly firewall these connections.
We still need to approach rules for active and passive mode connections differently to address their different port requirements but now we can specify a much tighter set of iptables rules. In Example 10.1 we specify some rules for active mode data connections.
Example 10.1 Rules for active mode connections
puppy# iptables -A INPUT -i eth0 -p tcp --sport 1024: --dport 20 -d 192.168.0.1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
puppy# iptables -A OUTPUT -o eth0 -p tcp --dport 1024: --sport 20 -s 192.168.0.1 -m state --
state ESTABLISHED -j ACCEPT
The first rule in Example 10.1 allows incoming traffic from source ports higher than 1024 on interface eth0 to IP Address 192.168.0.1 and port 20 in the ESTABLISHED and RELATED states. This prevents new connections being made to this port. The only incoming connections should be the data connection portions of existing FTP connections. This increases the level of security on your host firewall. The second rule allows outgoing traffic in the ESTABLISHED and RELATED states outbound from the host to destination ports higher than 1024.
Passive mode FTP is very similar. Using the ip_conntrack_ftp module we can track the state of the connections and the port numbers used and thus can use the RELATED state for our iptables rules. Example 10.2 shows an INPUT and OUTPUT rule for passive mode connections.
Example 10.2 Rules for passive mode connections
puppy# iptables -A INPUT -i eth0 -p tcp --sport 1024: --dport 1024: -d 192.168.0.1 -m state --
state ESTABLISHED,RELATED -j ACCEPT
puppy# iptables -A OUTPUT -o eth0 -p tcp --sport 1024: --dport 1024: -s 192.168.0.1 -m state --
state ESTABLISHED -j ACCEPT
The first rule in Example 10.2 allows incoming traffic from the ephemeral ports (which we've defined as all ports greater than 1024 in our rules) to interface eth0 and IP Address
192.168.0.1. The second rule provides the same functionality for outgoing traffic.
Neither Example 10.1 nor Example 10.2 are ideal solutions. These rules leave your firewall comparatively quite open compared to the models we proposed in Chapter 2. But they are the securest possible rules we can create on a host system for an FTP server. This again highlights that there are risks involved in running an FTP server that simply cannot be mitigated.
TIP:When we look at vsftpd we'll look at refining the range of ephemeral ports that
the FTP server can use. This can further limit the range of ports you need to open on
your host.
What FTP server to use?
There are a number of FTP servers available, both commercial and open source products. We're going to look at vsftpd, which is an open source FTP server. The vsftpd package has a reputation for security and is a compact but also fully featured and well performing application. At the time of writing vsftpd had only one vulnerability listed at the Security Focus' Bugtraq2 site as opposed to multiple issues for other FTP server packages like ProFTPD and WU-FTPD. It is regularly updated and maintained. It is also widely available on most Linux distributions.
The vsftpd daemon has some good security features including:
*Can run as a non-privileged user with privilege separation.
*Supports SSL/TLS FTP transfers.
*Can chroot users into their home directories and chroot anonymous FTP
access to a particular directory.
2https://www.doczj.com/doc/553539722.html,/bid
*Can limit the FTP commands that a user can execute.
*Reduces the risk of DoS attacks with bandwidth and connection limits.
*It is coded to reduce the risk of buffer overflow attacks.
The vsftpd FTP server is both secure and high performance. It is used by a number of organizations as a result of this, including Red Hat, Debian, https://www.doczj.com/doc/553539722.html,, https://www.doczj.com/doc/553539722.html,, https://www.doczj.com/doc/553539722.html,. If you don’t use vsftpd we'd recommend you migrate to it. Especially if you are using ProFTPD and WU-FTPD, both of which have been subject to a large number of easy to exploit vulnerabilities. If you are going to take the risk of using an FTP server then we recommend you chose the safest and most secure possible server.
Installing vsftpd
Many distributions come with vsftpd and it should be available through your package management system. On a Debian system it is available as a package and we can use apt-get to install vsftpd.
kitten# apt-get install vsftpd
Or it is available as an RPM for Red Hat and Mandrake. To get the most recent version of vsftpd you can download the source package from ftp://https://www.doczj.com/doc/553539722.html,/users/cevans/.
We're going to download the source package to ensure we are using the most up to date version of the package.
puppy# wget ftp://https://www.doczj.com/doc/553539722.html,/users/cevans/vsftpd-2.0.1.tar.gz
After downloading the package, unpack the source package and change into the resulting directory. Vsftpd doesn't use a configure script but rather has a file called builddefs.h which contains the compilation variables. Example 10.3 shows the contents of this file.
Example 10.3 Initial builddefs.h
#ifndef VSF_BUILDDEFS_H
#define VSF_BUILDDEFS_H
#undef VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#undef VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */
You can enable SSL, PAM and TCP Wrappers in this file. To enable features in vsftpd you need to change each definition line for the feature you wish to enable from, #undef VSF_BUILD_SSL
to,
#define VSF_BUILD_SSL
We are going to enable SSL and PAM in vsftpd. Example 10.4 shows our final builddefs.h file.
Example 10.4 Final builddefs.h
#ifndef VSF_BUILDDEFS_H
#define VSF_BUILDDEFS_H
#undef VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#define VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */
Now you can make the vsftpd binary.
puppy$ make
This will create a binary called vsftpd in the package directory. You can then install vsftpd using the command:
puppy# make install
Vsftpd requires that you create some supporting configuration items. First you need to create a user for the vsftpd binary to run as. This allows the vsftpd binary to drop privileges and run as a normal user thus providing more security against any compromise of the vsftpd daemon. By default vsftpd runs as the user nobody. This user exists on most systems but may be being used by a number of different daemons. It is safest to create another user for the vsftpd daemon to run as. We have chosen to create a user called ftp_nopriv. You can create this user with the command in the following example.
Example 10.5 Creating the ftp_nopriv user
puppy# useradd -d /dev/null -s /sbin/nologin ftp_nopriv
You also need to create the /usr/share/empty directory.
puppy$ mkdir /usr/share/empty
This directory may already exist on some systems. It is used by vsftpd as a chroot directory when the daemon does not require file system access. You should ensure this directory is not write-able by the ftp user and remains empty of all content.
If you wish to use anonymous FTP then you need to create a user called ftp. This user needs to have a valid home directory that needs to be owned by the root user and has its permissions set to 0755. The ftp user's home directory will be the root directory for anonymous FTP access.
puppy# mkdir /var/ftp
puppy# useradd -s /sbin/nologin -d /var/ftp ftp
puppy# chown root:root /var/ftp
puppy# chmod 0755 /var/ftp
Lastly you need to copy the sample configuration file from the vsftpd package into the /etc directory.
puppy# cp vsftpd.conf /etc
In the next section we will look at modifying this configuration file.
Configuring vsftpd for anonymous FTP
The vsftpd daemon is controlled by the vsftpd.conf file. The vsftpd binary has only one command-line option, which allows you to specify the location of the vsftpd.conf configuration file.
puppy# vsftpd /etc/vsftpd.conf
If the configuration file is not specified on the command line then vsftpd defaults to the file /etc/vsftpd.conf.
TIP:Some Red Hat RPMs install the vsftpd.conf file into the directory /etc/vsftpd/
and vsftpd may look for the configuration file here.
We're going to look at a sample FTP server configuration and use that to explore the options available in vsftpd. Example 10.6 shows a very simple configuration file for a secure standalone anonymous FTP server that only allows downloads.
Example 10.6 Stand-alone anonymous server
# General Configuration
listen=YES
background=YES
listen_address=192.168.0.1
nopriv_user=ftp_nopriv
xferlog_enable=YES
# Mode and Access rights
anonymous_enable=YES
local_enable=NO
write_enable=NO
cmds_allowed=PASV,RETR,QUIT
# Security
ftpd_banner=https://www.doczj.com/doc/553539722.html, FTP Server
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# DoS
ls_recurse_enable=NO
max_clients=200
max_per_ip=4
We'll go through each of these options with a particular focus on the security and access control features of the vsftpd daemon. Each vsftpd.conf option is structured like: option=value
There should be no spaces between the option, = symbol and the value. You can add comments to your configuration file by prefixing the comment line with #.
In Example 10.6 we've divided the configuration into different sections using comments. The first comment-titled section is General Configuration which handles the setup and management of vsftpd. We'll take a look at those options first.
General Configuration
The first two options, listen and background, control how vsftpd will be run. Both options have Boolean values and you can specify either YES or NO as their value. Many vsftpd.conf options are Boolean and you must specify the YES and NO values in upper case.
The listen option runs vsftpd in stand-alone mode. This means vsftpd is run as a normal daemon rather than through the inetd or xinetd daemons. It defaults to NO. We have enabled vsftpd to run in stand-alone mode by changing this option to YES. The background option tells the vsftpd to fork to the background. It also defaults to NO. We have changed it to YES to have the vsftpd daemon run in the background.
The listen_address option allows you to bind vsftpd to a particular IP address thus controlling what interface your FTP server runs on. We have specified the IP Address of the puppy host, 192.168.0.1.
The nopriv_user option allows us to specify the user that vsftpd will run as. We have specified the ftp_nopriv user that we created as part of the installation process. This causes vsftpd to run as a non-privileged user and enhances the security of the daemon. This mitigates the risk of an attacker gaining root privileges through the daemon.
The xferlog_enable option enables a log file that records all file uploads and downloads. The log file defaults to /var/log/vsftpd.log but you can override this with the vsftpd_log_file option.
vsftpd_log_file=/var/log/transfer_log.log
Also available is the xferlog_std_format option which allows you to specify that logging should be in the xferlog format. This is the default log format used by WU-FTPD and allows you to also use a variety of statistical tools developed for this application for reporting on vsftpd. You can enable this option like so,
xferlog_std_format=YES
Alternatively you can enable the option syslog_enable to log to syslog instead, syslog_enable=YES
The syslog_enable option overrides all the other logging options and if set to YES then vsftpd will not log to any other specified log files.
Mode and Access Rights
The mode options control what type of FTP server vsftpd will run as, for example an anonymous FTP server or an FTP server that accepts local user logins. The access rights options control what capabilities are offered to anonymous or local users signed into the FTP server, for example whether uploads are enabled. In Example 10.6 we have specified an anonymous FTP server that you can only download files from the server. This is the only type of server we recommend you run.
NOTE:We will demonstrate how to build a local user FTP server with SSL/TLS in
the next section.
We enable anonymous FTP by setting the anonymous_enable option to YES. The anonymous FTP mode is vsftpd's default mode and thus YES is the default setting for this option. In anonymous FTP mode only the users anonymous and ftp can log onto the FTP server. When either of these users log in they will be prompted for a password. Vsftpd will accept any text as a password when in anonymous mode. It is usually assumed a remote user will enter an email address as this password. You can control this password to some extent using the deny_email_enable and secure_email_list_enable options. The deny_email_enable option allows you to specify a list of passwords (including both email addresses and other passwords) that if used to login will result in a login failure. You enable this option like so,
deny_email_enable=YES
By default this list of passwords is stored in the file /etc/vsftpd.banned_emails. You may need to create this file. One of the possible uses of this option is to stop automatic FTP scanning tools. Many of these tools attempt to log into your server using a default password. You can specify the default passwords these tools use in the /etc/vsftpd.banned_emails file to prevent the tools logging on.3 In Example 10.7 you can see the result of trying to log in with a banned password. For this example we have added the password,
bob@https://www.doczj.com/doc/553539722.html,, to the /etc/vsftpd.banned_emails file.
Example 10.7 Banned anonymous passwords
kitten# ftp puppy
Connected to puppy (192.168.0.1).
220 Welcome to Puppy FTP service.
Name (puppy:bob): anonymous
331 Please specify the password.
Password: bob@https://www.doczj.com/doc/553539722.html,
530 Login incorrect.
Login failed.
TIP:You can use the banned_email_file option to override the file used by
the deny_email_enable option with a different file.
The secure_email_list_enable option allows you to specify a list of passwords that will be accepted for anonymous log in. No other passwords will be accepted. This is not overly secure as these passwords are stored in plain-text. These are not as secure as traditional passwords and you should use this as a low-security restriction only. You can specify this option like so,
secure_email_list_enable=YES
By default these passwords are specified in the /etc/vsftpd.email_passwords file. You may need to create this file. You can also override this default file using the email_password_file option like so,
email_password_file=/etc/accepted_passwords
Once the ftp or anonymous user is logged into your anonymous FTP server they will only have access to the contents of the home directory of the ftp user. We created this user and specified their home directory as part of the vsftpd installation process in the Installing vsftpd section. In that section we used the /var/ftp directory.
If you wish to enable local user mode, which allows local users contained in the
/etc/passwd file to log into the FTP server, you should set the local_enable option to YES. We'll talk about that option below in the Configuring vsftpd with SSL section.
The first of the access rights options, the write_enable option, specifies whether FTP commands which are capable of writing to the file system are enabled. This includes FTP commands such as STOR or DELE.4 By default this option is set to NO. This means no files
3 Grim's Ping (https://www.doczj.com/doc/553539722.html,/) is an example of a tool that could be misused for FTP scanning and which can be stopped with this option.
4 You can see a list of most FTP commands at https://www.doczj.com/doc/553539722.html,/tips/RawFTP.htm
can be written to, renamed or deleted from your system. The vsftpd.conf man file contains a full list of the commands this option disables.
The second access right we have specified, cmds_allowed, controls the FTP commands that you are able to run on your FTP server. This is a very powerful tool for locking down your FTP server to a limited number of FTP commands. In Example 10.6 we have specified that only the commands, PASV, RETR and QUIT are allowed to run on the server. This means users can only download files and exit the server. With a limited number of FTP command enabled you can quite tightly secure your FTP server.
General Security
The general security options control a variety of security-related settings for your FTP server. The first option deals with the use of a banner for your FTP server. Like many services when you connect to an FTP server it displays a banner advertising details about the server you are connecting to. Generally the default vsftpd banner reveals little information about the server you are connecting to. You should confirm your banner does not reveal the package or version of your FTP server.
The banner is controlled by two options, the ftpd_banner option and the banner_file option. The ftpd_banner option specifies a line that will be displayed when you connect to the FTP server.
ftpd_banner=Welcome to Puppy FTP service.
The banner_file option overrides this and allows you to specify a file containing your banner.
banner_name=/etc/vsftpd_banner
Confirm the details contained in your ftpd_banner and/or the banner_file option suitably obfuscate your FTP server package and version or any details that might provide an attacker with information that could aid in an attack.
The next option, connect_from_port_20, tells PORT or active mode connections to use port 20. This is required for some FTP clients. Don't disable this without testing that all your remote clients still function correctly.
The hide_ids option hides the actual owner and group of the objects stored on your FTP server. With this option set to YES, the files will all appear to be owned by the user and group ftp. You can see this in the example on the next line.
Example 10.8 Hiding owners and groups
ftp> ls
227 Entering Passive Mode (192,168,0,1,63,131)
150 Here comes the directory listing.
drwxr-xr-x 2 ftp ftp 4096 Oct 04 06:36 pub
-rw-r--r-- 1 ftp ftp 51 Oct 05 15:05 tmp
226 Directory send OK.
The next two options, pasv_min_port and pasv_max_port, control the range of the ephemeral ports used by vsftpd. We have specified a lower range of 50000 and an upper range of 60000. This means all passive mode connections will have an ephemeral port assigned from within this port range. This should allow you to tighten your firewall rules down to only this port range rather than the entire ephemeral port range. In Example 10.9 we specify iptables rules restricting vsftpd to this ephemeral port range.
Example 10.9 Rules for passive mode connections
puppy# iptables -A INPUT -i eth0 -p tcp --sport 50000:60000 --dport 50000:60000 -d 192.168.0.1
-m state --state ESTABLISHED,RELATED -j ACCEPT
puppy# iptables -A OUTPUT -o eth0 -p tcp --sport 50000:60000 --dport 50000:60000 -s
192.168.0.1 -m state --state ESTABLISHED -j ACCEPT
You may ask "why don't I simply restrict the ephemeral port range to only one or a handful of ports?" The limitation here is that each FTP data connection requires an individual port. You can create a bottleneck on your system by limiting the ephemeral port range to a range that is too small.
Preventing Denial of Service Attacks
The last options from our example anonymous FTP server allow us to specify some limitations to the resources used by our FTP server. These limitations assist in mitigating the risk of DoS attacks against our FTP server. Setting the ls_recurse_enable option to YES allows the use of the ls –R directory listing command. This can potentially consume a large volume of resources if run from the root directory of a large site. We recommend that if you have a large number of files in multiple directories that you set this option to NO.
The next two options, max_clients and max_per_ip, specify the maximum number of clients and the maximum number of connections from a single IP Address respectively. The max_clients option specifies the maximum number of clients that can be connected simultaneously to your FTP server. Any additional clients which try to connect to the server will get the following error message,
Connected to https://www.doczj.com/doc/553539722.html,
421 There are too many connected users, please try later.
The max_per_ip option specifies the maximum number of clients who can connect from a single IP Address. Any additional clients will get the following error message, Connected to https://www.doczj.com/doc/553539722.html,
421 There are too many connections from your internet address.
Both of these options should be tuned with consideration of the load on your FTP server. Don't cause a self-induced DoS attack on your system by setting these options lower than normal operations require. We recommend setting them to at least a quarter to a third higher than your peak load.
TIP:You can also limit the data volumes transferred to and from your FTP server.
See the vsftpd.conf man page for some options which provide this capability.
Configuring vsftpd with local users
We've shown you how to create an anonymous FTP server. In this section we are going to explain how to create an FTP server that your local users can log onto.5 In doing this we'd recommend that you only allow logins from trusted local networks. You can achieve this using iptables to limit the source of any FTP connection. Unless you can absolutely avoid it, do not open up an FTP server to local user login over the Internet. This is especially true if 5 Local users are defined as those user contained in the /etc/passwd file.
the data you are hosting on your FTP server is sensitive or valuable. This may be mitigated somewhat with the use of SSL/TLS for FTP and we'll discuss that in the Adding SSL/TLS Support section.
In Example 10.10 we provide a sample stand-alone configuration for a local user FTP server. This provides the ability for your local users to log on and download files. We have also utilized PAM authentication for this server and we'll demonstrate how to configure that.
Example 10.10 Stand-alone local user FTP server
# General Configuration
listen=YES
background=YES
listen_address=192.168.0.1
nopriv_user=ftp_nopriv
xferlog_enable=YES
# Mode and Access rights
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
write_enable=YES
pam_service_name=vsftpd
# Security
ftpd_banner=https://www.doczj.com/doc/553539722.html, FTP Server
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# DoS
ls_recurse_enable=NO
max_clients=200
max_per_ip=4
Many of the options in Example 10.10 are identical to those in Example 10.6. We'll identify the changes in section and explain how they impact on the server configuration. The most obvious modification is in the Mode and Access Rights configuration. Here we have disabled any anonymous access to the server by setting the anonymous_enable option to NO. We have also enabled the option, local_enable, by setting it to YES. This allows any local user to log onto the FTP server.
TIP:You can enable anonymous and local user access on the same FTP server if
required. You would set the anonymous_enable and the local_enable options both to
YES.
When local users are signed into the FTP server they will be placed in their home directory by default. They have access to any files or directories which are available to them as a result of their ownership, permissions and group membership. For FTP purposes this is quite often a greater level of access than they really require. To reduce this access we have enabled the chroot_local_user option. This option creates a mini-chroot jail for each of your users. Local users are jailed into their home directories. This prevents them from changing directory out of their home directory and only allows them access to their home directory and any sub-
directories beneath. This prevents them from downloading or uploading files to or from any other directory.
CAUTION:There is some, small risk associated with using chroot jails for local users
if those local users have upload privileges. See the vsftpd FAQ at
ftp://https://www.doczj.com/doc/553539722.html,/users/cevans/untar/vsftpd-2.0.1/FAQ. If you are restricting
access to local users in a trusted network we believe the risk is outweighed by the
overall added security of the chroot jail.
If the chroot_local_user option is set to YES then vsftpd also allows you to not chroot specific users with the chroot_list_enable option like so,
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
You specify the list of users in the file /etc/vsftpd.chroot_list that vsftpd should not chroot. When these non-chroot users login they will have access to all file and directories granted to them via their permissions and groups.
NOTE: If chroot_local_user is set to NO and the chroot_list_enable option is set
to YES. Then the file specified in the chroot_list_file becomes a list of local
users to chroot. All other local users would log on and not be confined to a
chroot jail.
We also enabled the write_enable option, setting it to YES. This allows any users logged onto your FTP server to upload files. As the users have been placed in chroot jails in their home directories they will only be able to upload files to this directory and sub-directories of their home directory.
There are some additional options you can set to govern file uploads on your FTP server. The first option is file_open_mode, which controls the permissions for any uploaded files. By default this is set to 0666 like so,
file_open_mode=0666
You can also apply an umask (as discussed in Chapter 4) to any uploaded file by specifying the local_umask option like so,
local_umask=077
The default is 077. This is quite restrictive and probably the safest option for your FTP server.
CAUTION:Be wary of allowing users to upload executable files to the FTP server.
This could be a potential route for an attack. Ensure you set your default upload
permissions and umask to prevent this.
We have also removed the cmds_allowed option, which had restricted the commands allowed to be executed on the FTP server. You could re-introduce this with a wider command set on your FTP server if there were specific FTP commands that you did not wish your local users to be able to execute.
The vsftpd can have PAM support compiled into it, as we demonstrated during the installation process. This is the best method for authenticating vsftpd with your local users. In Example 10.10 we have specified the option, pam_server_name. This allows us to specify
the PAM service name which vsftpd will use for authentication. The default PAM service name for most Debian systems is ftp and for more recent Red Hat versions, vsftpd. In Example 10.11 we show a sample vsftpd PAM service file for a Red Hat system. This file should be located in /etc/pam.d.
NOTE:We examine PAM in more detail in Chapter 1.
Example 10.11 vsftpd PAM service
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers
onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
Example 10.11 will deny login for any user specified in the /etc/vsftpd.ftpusers file. You can use this to list any users you explicitly don't want to log in via FTP, such as the root user. It will then call the system-auth PAM service to provide authentication. All users logging in will thus ultimately be authenticated against the /etc/passwd file, in addition to any further authentication or access control checks the system-auth service is configured to perform.
All other options in Example 10.10 are the same as those for our anonymous FTP server.
Adding SSL/TLS Support
The more recent versions of vsftpd come with support for SSL/TLS. The first version to do so was vsftpd version 2.0.0. In some cases this support has been back-ported to the packages available in various distributions. If this support hasn't been back-ported you may be able to compile vsftpd from source or adapt a package that already supports SSL/TLS for your distribution. For example Red Hat have introduced support to the vsftpd RPM provided with Fedora Core 3. You should be able to use this RPM on some other, earlier, versions of Red Hat or potentially on Mandrake systems. So to quickly add SSL/TLS support to vsftpd we need to: ensure vsftpd has support for SSL/TLS, create a certificate, update your vsftpd.conf file with your SSL/TLS configuration and restart the vsftpd daemon. We'll take you through all of these steps in this section.
To enable SSL/TLS you first need to compile it into vsftpd as we did in the Installing vsftpd section. You can check if your version of vsftpd is compiled with SSL/TLS using the ldd command.
puppy# ldd vsftpd
libssl.so.4 => /lib/libssl.so.4 (0x4000d000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x401ab000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x4029d000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x40311000)
…
If your vsftpd binary contains the library libssl.so.x then it has been compiled with SSL/TLS.
You will also need to create a certificate for vsftpd to use. We talk about creating certificates in Chapter 3. Follow the process described in this Chapter to create your certificate. Sign it against an existing Certificate Authority (CA) if you have created a local
CA. Or against a commercial CA if that is your preference. If you intend to use this server for customers via the Internet we'd recommend you purchase a commercial SSL certificate.
You can also quickly create a certificate using the OpenSSL make process that is provided with the OpenSSL package. This may be a simple option for FTP servers which are only accessed from internal networks. These require SSL encryption but you may not be overly concerned about needing to prove the authenticity of the FTP server certificate. Example 10.12 shows how to create such a certificate.
Example 10.12 Creating an SSL certificate
puppy# cd /usr/share/ssl/certs
puppy# make vsftpd.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 ; \
cat $PEM1 > vsftpd.pem ; \
echo "" >> vsftpd.pem ; \
cat $PEM2 >> vsftpd.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
…
This will result in a PEM file called vsftpd.pem, which contains a private key and a certificate.
You then need to define your certificate to vsftpd and specify some additional options to control your FTP over SSL/TLS. In Example 10.13 we have included the key configuration options you need to set in the vsftpd.conf file.
Example 10.13 SSL/TLS options
# SSL/TLS Options
ssl_enable=YES
rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem
ssl_tlsv1=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
The first option in Example 10.13, ssl_enable controls whether SSL/TLS is enabled for your vsftpd server. You must set this option to YES to use SSL/TLS. The next option,
rsa_cert_file allows you to specify the location of your certificate file. We've specified the PEM file we created earlier, /usr/share/ssl/certs/vsftpd.pem.
The ssl_tlsv1 option is one of a series of options controlling the enabling of particular versions of SSL. The ssl_tlsv1 option, if set to YES, then enables the use of TLS. You can also enable SSLv2 with the ssl_sslv2 option and SSLv3 with the ssl_sslv3 option respectively. We'd recommend you only use TLS, as it is generally considered the most secure of the SSL/TLS versions available.
The last two options control when SSL/TLS will be required in the FTP process. The first option, force_local_data_ssl, when set to YES requires than a SSL/TLS connection be made for all FTP data connections. The second option, force_local_logins_ssl, requires a SSL/TLS connection to be made in order for a user to login.
Also available is the allow_anon_ssl option. When this option is enabled it allows the use of SSL/TLS for anonymous connections also.
Once you have updated your vsftpd.conf file you need to restart the vsftpd daemon for the new setting to take effect.
NOTE:You will need a remote FTP client that supports SSL/TLS to use it with
vsftpd. A lot of FTP clients, including the ftp command that comes with most
Linux distributions, do not offer SSL/TLS support.
Starting and Stopping vsftpd
Starting and stopping vsftpd is performed using the vsftpd binary. The daemon will first check the validity of your vsftpd.conf then, depending on the configuration, will either run in the foreground or fork the process into the background.
puppy# vsftpd &
To stop vsftpd simply kill the daemon.
You could also start and stop vsftpd from an init script.6 We'd recommend using this approach for ease of operation.
Checkpoint
*Unless you have a real need to run an FTP server then we would
recommend that you do not run one. The inherent insecurities in FTP
server daemons and the difficulty in securing FTP traffic make FTP an
extremely risky proposition as a production service.
*If you do choose to run an FTP server then we'd recommend the vsftpd FTP
server available from https://www.doczj.com/doc/553539722.html,/. It is secure, has good
performance and contains a number of security features including support
for SSL/TLS FTP transfers.
*Ensure you adequately firewall your FTP server. You should utilize the
ip_conntrack_ftp module provided with iptables to enable FTP connection
state tracking. This provides you with the ability to limit the types of
connections made to your host. Additionally you should look at limiting
the range of ephemeral ports used by your FTP server for its data
connections.
*If you going to allow local user access to your FTP server consider limiting
the networks able to log into that server. We would recommend you only
allow access from trusted networks.
*We’d recommend placing your local users in chroot jails. The vsftpd
server allows you to chroot your local users into their home directories.
*If you are going to allow the uploading of files to your FTP server ensure
you set your umask and default upload permissions carefully to prevent the
uploading of files that could be used to compromise your host. For
example, restrict the uploading of executable files.
6 There is a Red Hat init script available at https://www.doczj.com/doc/553539722.html,/packages/builds/vsftpd/vsftpd.init that should be easy to adapt to other distributions.
*Ensure you set up resource controls on your FTP server to limit the number
of incoming connections and the number of connections from an individual
IP address. This limits the risk that your FTP server could be subject to a
DoS attack. You could also limit the data transfer volumes on your FTP
server.
*Examine the feasibility of using SSL/TLS for your FTP control and data
connections. You will need to utilize FTP clients that support SSL/TLS. Resources
Sites
vsftpd https://www.doczj.com/doc/553539722.html,/
vsftpd HOWTO https://www.doczj.com/doc/553539722.html,/
A.晶圆封装测试工序 一、 IC检测 1. 缺陷检查Defect Inspection 2. DR-SEM(Defect Review Scanning Electron Microscopy) 用来检测出晶圆上是否有瑕疵,主要是微尘粒子、刮痕、残留物等问题。此外,对已印有电路图案的图案晶圆成品而言,则需要进行深次微米范围之瑕疵检测。一般来说,图案晶圆检测系统系以白光或雷射光来照射晶圆表面。再由一或多组侦测器接收自晶圆表面绕射出来的光线,并将该影像交由高功能软件进行底层图案消除,以辨识并发现瑕疵。 3. CD-SEM(Critical Dimensioin Measurement) 对蚀刻后的图案作精确的尺寸检测。 二、 IC封装 1. 构装(Packaging) IC构装依使用材料可分为陶瓷(ceramic)及塑胶(plastic)两种,而目前商业应用上则以塑胶构装为主。以塑胶构装中打线接合为例,其步骤依序为晶片切割(die saw)、黏晶(die mount / die bond)、焊线(wire bond)、封胶(mold)、剪切/成形(trim / form)、印字(mark)、电镀(plating)及检验(inspection)等。 (1) 晶片切割(die saw) 晶片切割之目的为将前制程加工完成之晶圆上一颗颗之晶粒(die)切割分离。举例来说:以0.2微米制程技术生产,每片八寸晶圆上可制作近六百颗以上的64M微量。 欲进行晶片切割,首先必须进行晶圆黏片,而后再送至晶片切割机上进行切割。切割完后之晶粒井然有序排列于胶带上,而框架的支撐避免了胶带的皱褶与晶粒之相互碰撞。 (2) 黏晶(die mount / die bond) 黏晶之目的乃将一颗颗之晶粒置于导线架上并以银胶(epoxy)粘着固定。黏晶完成后之导线架则经由传输设备送至弹匣(magazine)内,以送至下一制程进行焊线。 (3) 焊线(wire bond) IC构装制程(Packaging)则是利用塑胶或陶瓷包装晶粒与配线以成集成电路(Integrated Circuit;简称IC),此制程的目的是为了制造出所生产的电路的保护层,避免电路受到机械性刮伤或是高温破坏。最后整个集成电路的周围会向外拉出脚架(Pin),称之为打线,作为与外界电路板连接之用。
实验1 数控车床的差不多功能与操作
指导教师:隋信举任开科等 一、实验目的 1. 掌握FANUC 0I数控车床的组成、布局及其要紧技术参数。 2. 掌握机床操作面板与操纵面板及其按钮的作用; 3. 学会工件、刀具的安装、调整及对刀,并建立工件坐标系。 二、实验仪器与设备 FANUC 0IMATE数控车床(南京第二机床厂) 棒料一根,直径50*100、95度外圆车刀一把,卡尺一把。 三、实验内容及步骤 1、打开数控仿真系统FANUC 0IMATE数控车床的组成、布局及其要紧技术参数 1)通过实物观看FANUC 0IMATE数控车床的组成、布局,明白个部分的功用
2)FANUC 0IMATE数控车床的要紧技术参数 2、打开数控车床操作面板及操纵面板,了解各键的作用FANUCoi-MATE(南京第二机床厂)系统操作面板及各键功能 键盘讲明:
名称功能讲明 复位键(RESET) 按下那个键能够使 CNC 复位或者取消报 警等。 软键依照不同的画面,软键有不同的功能。软 键功能显示在屏幕的底端。 地址和数字键按下这些键能够输入字母,数字或者其它 字符。其中(EOB)为输入(;)做为程 序段的结束符。 上档键(SHIFT)在键盘上的某些键具有两个功能。按下
?从大的方面来讲,晶圆生产包括晶棒制造和晶片制造两大步骤,它又可细分为以下几道主要工序(其中晶棒制造只包括下面的第一道工序,其余的全部属晶片制造,所以有时又统称它们为晶柱切片后处理工序): 晶棒成长--> 晶棒裁切与检测--> 外径研磨--> 切片--> 圆边--> 表层研磨--> 蚀刻--> 去疵--> 抛光--> 清洗--> 检验--> 包装 1 晶棒成长工序:它又可细分为: 1)融化(Melt Down) 将块状的高纯度复晶硅置于石英坩锅内,加热到其熔点1420°C以上,使其完全融化。 2)颈部成长(Neck Growth) 待硅融浆的温度稳定之后,将〈1.0.0〉方向的晶种慢慢插入其中,接着将晶种慢慢往上提升,使其直径缩小到一定尺寸(一般约6mm左右),维持此直径并拉长 100-200mm,以消除晶种内的晶粒排列取向差异。 3)晶冠成长(Crown Growth) 颈部成长完成后,慢慢降低提升速度和温度,使颈部直径逐渐加大到所需尺寸(如 5、6、8、12吋等)。 4)晶体成长(Body Growth) 不断调整提升速度和融炼温度,维持固定的晶棒直径,只到晶棒长度达到预定值。 5)尾部成长(Tail Growth) 1
当晶棒长度达到预定值后再逐渐加快提升速度并提高融炼温度,使晶棒直径逐渐变小,以避免因热应力造成排差和滑移等现象产生,最终使晶棒与液面完全分离。到此即得到一根完整的晶棒。 2 晶棒裁切与检测(Cutting & Inspection) 将长成的晶棒去掉直径偏小的头、尾部分,并对尺寸进行检测,以决定下步加工的工艺参数。 3 外径研磨(Su rf ace Grinding & Shaping) 由于在晶棒成长过程中,其外径尺寸和圆度均有一定偏差,其外园柱面也凹凸不平,所以必须对外径进行修整、研磨,使其尺寸、形状误差均小于允许偏差。 4 切片(Wire Saw Sl ic ing) 由于硅的硬度非常大,所以在本工序里,采用环状、其内径边缘镶嵌有钻石颗粒的薄片锯片将晶棒切割成一片片薄片。 5 圆边(Edge Profiling) 由于刚切下来的晶片外边缘很锋利,硅单晶又是脆性材料,为避免边角崩裂影响晶片强度、破坏晶片表面光洁和对后工序带来污染颗粒,必须用专用的电脑控制设备自动修整晶片边缘形状和外径尺寸。 ? 6 研磨(Lapping) 研磨的目的在于去掉切割时在晶片表面产生的锯痕和破损,使晶片表面达到所要求的光洁度。 7 蚀刻(Etching) 1
天地伟业网络视频服务器故障快速排查手册 首先感谢您选用天地伟业网络视频产品,在使用之前,请详细阅读网络视频服务器使用说明书,熟悉产品使用方法,如果遇到问题可以按照以下方法进行故障排查。 为保证系统得正常运行,我们必须保证机器达到如下要求: 说明: 现场机器最好达到建议PC的配置,并安装相应硬件最新的驱动,此配置能满足16画面显示的要求,配置越高机器运行越流畅。 1.故障现象: IP搜索器搜索不到服务器 排查步骤: 1.确认网络视频服务器是否正常上电,主机网卡及驱动是否正常,网线是否做的没问题,网络拓扑连接是否通畅; 2.直接用交叉网线直接连接主机和网络视频服务器,如仍不通,给服务器复位再测试; 3.如有备件主机和网络视频服务器都做可更换测试; 4.如仍有问题请与我们联系; 2. 故障现象: IP搜索器能够正常搜索到服务器,但是IE不能正常连接视频 排查步骤: 1.确认主机IP地址和网络视频服务器地址设置在同一网段内,如不在同一网段改为同一网段; 注意:如在不同网段必须保证此两个网段做了路由; 2.确认IE的版本,建议安装IE6.0; 3.确认正常安装显卡驱动和DirectX,建议安装最新的显卡驱动和DirectX; 4.确认开启ActiveX相关插件; 5.暂时关闭杀毒软件自带防火墙测试;如是XP系统,暂时关闭系统自带防火墙; 6.删除之前曾经连接时下载的控件,重新连接测试; 7.更换主机测试; 8.如仍然有问题,请与我们联系; 3. 故障现象: 如果IE连接视频正常,但是软件连接视频不正常 排查步骤: 1.确认软件版本是否正确;如果版本不正确,重新安装正确的版本软件; 2.确认软件中“服务器编辑信息”的“IP地址”和“服务器类型”的正确;在局域望网建议采用“主码流+UDP”方式,广域网建议采用“副码流+TCP”方式; 3.确认在软件的主界面连接了视频; 4.重启软件连接;
Excel表格的基本操作所有功能键的按键说明: F1显示“帮助”任务窗格。 按Ctrl+F1可关闭并重新打开当前任务窗格。 按Alt+F1可创建当前范围中数据的图表。 按Alt+Shift+F1可插入新的工作表。 F2编辑活动单元格并将插入点放在单元格内容的结尾。如果禁止在单元格中进行编辑,它也会将插入点移到编辑栏中。 按Shift+F2可编辑单元格批注。 F3将定义的名称粘贴到公式中。 按Shift+F3将显示“插入函数”对话框。 F4重复上一个命令或操作(如有可能)。 按Ctrl+F4可关闭选定的工作簿窗口。 F5显示“定位”对话框。 按Ctrl+F5可恢复选定工作簿窗口的窗口大校 F6切换到已拆分(“窗口”菜单,“拆分”命令)的工作表中的下一个窗格。 按Shift+F6可切换到已拆分的工作表中的上一个窗格。 如果打开了多个工作簿窗口,则按Ctrl+F6可切换到下一个工作簿窗口。 F7显示“拼写检查”对话框,以检查活动工作表或选定范围中的拼写。 如果工作簿窗口未最大化,则按Ctrl+F7可对该窗口执行“移动”命令。使用箭头键移动窗口,并在完成时按Esc。 F8打开或关闭扩展模式。在扩展模式中,“EXT”将出现在状态行中,并且按箭头键可扩展选定范围。 通过按Shift+F8,您可以使用箭头键将非邻近单元格或范围添加到单元格的选定范围。当工作簿未最大化时,按Ctrl+F8可执行“大小”命令(在工作簿窗口的“控制”菜单上。 按Alt+F8可显示用于运行、编辑或删除宏的“宏”对话框。 F9计算所有打开的工作簿中的所有工作表。 如果先按F9再按Enter(对于数组公式则按Ctrl+Shift+Enter),则会计算选定的公式部分,并将选定部分替换为计算出的值。 按Shift+F9可计算活动工作表。 按Ctrl+Alt+F9可计算所有打开的工作簿中的所有工作表,不管它们自上次计算以来是否已更改。 如果按Ctrl+Alt+Shift+F9,则会重新检查相关公式,然后计算所有打开的工作簿中的所有单元格,其中包括未标记为需要计算的单元格。 按Ctrl+F9可将工作簿窗口最小化为图标。 F10选择菜单栏或同时关闭打开的菜单和子菜单。 按Shift+F10可显示选定项目的快捷菜单。 按Alt+Shift+F10可显示智能标记的菜单或消息。如果存在多个智能标记,按该组合键可切换到下一个智能标记并显示其菜单或消息。
EasyDecoder视频解码管理软件 用户使用说明
目录 目录 (2) 1.系统说明 (5) 1.1概要 (5) 1.2功能简介与特点 (5) 1.3硬件配置 (5) 1.4软件平台与运行环境 (5) 1.5术语 (5) 1.6阅读指导 (6) 2.系统安装 (6) 2.1安装软件 (6) 3.系统主界面 (7) 4.系统运行操作 (7) 4.1进入系统/退出系统 (7) 进入系统 (8) 退出系统 (8) 4.2系统初始化 (8) 4.2.1服务器设置 (9) 4.2.1.1添加服务器 (9) 4.2.1.2智能添加服务器 (10) 4.2.1.3删除服务器 (11) 4.2.1.4修改服务器 (12) 4.2.1.5批量修改服务器 (14) 4.2.1.6反选功能 (14) 4.2.1.7检索服务器 (14) 4.2.1.8修改通道信息 (15) 4.2.2监控点管理 (15)
4.2.3解码器设置 (16) 4.2.3.1手动添加 (16) 4.2.3.2智能添加 (17) 4.2.3.3删除解码器 (17) 4.2.3.4修改解码器名称 (17) 4.2.3.5连接解码器 (18) 4.2.3.6断开解码器 (18) 4.2.3.7解码器设置 (18) 4.2.3.7.1网络设置 (19) 4.2.3.7.2DNS设置 (19) 4.2.3.7.3解码器参数设置 (20) 4.2.3.7.3.1485设置 (20) 4.2.3.7.3.2协议设置 (21) 4.2.3.7.4LOGO设置 (21) 4.2.3.7.5报警设置 (21) 4.2.4联机切换设置 (22) 4.2.4.1添加切换序列 (22) 4.2.4.2删除切换序列 (23) 4.2.4.3连接监控点 (23) 4.2.4.4停止预览 (24) 4.2.4.5打开/关闭音频 (24) 4.2.4.6开始/关闭对讲 (24) 4.2.4.7设备控制 (25) 4.2.4.8开始/停止切换 (26) 4.2.4.9显示模式设置 (26) 4.2.4.10其他 (26) 4.2.4.10.1切换不在线跳过显示 (26)
半导体制造工艺流程 N型硅:掺入V族元素--磷P、砷As、锑Sb P型硅:掺入III族元素—镓Ga、硼B PN结: 半导体元件制造过程可分为 前段(FrontEnd)制程 晶圆处理制程(WaferFabrication;简称WaferFab)、 晶圆针测制程(WaferProbe); 後段(BackEnd) 构装(Packaging)、 测试制程(InitialTestandFinalTest) 一、晶圆处理制程 晶圆处理制程之主要工作为在矽晶圆上制作电路与电子元件(如电晶体、电容体、逻辑闸等),为上述各制程中所需技术最复杂且资金投入最多的过程,以微处理器(Microprocessor)为例,其所需处理步骤可达数百道,而其所需加工机台先进且昂贵,动辄数千万一台,其所需制造环境为为一温度、湿度与含尘(Particle)均需控制的无尘室(Clean-Room),虽然详细的处理程序是随著产品种类与所使用的技术有关;不过其基本处理步骤通常是晶圆先经过适当的清洗(Cleaning)之後,接著进行氧化(Oxidation)及沈积,最後进行微影、蚀刻及离子植入等反覆步骤,以完成晶圆上电路的加工与制作。 二、晶圆针测制程 经过WaferFab之制程後,晶圆上即形成一格格的小格,我们称之为晶方或是晶粒(Die),在一般情形下,同一片晶圆上皆制作相同的晶片,但是也有可能在同一片晶圆上制作不同规格的产品;这些晶圆必须通过晶片允收测试,晶粒将会一一经过针测(Probe)仪器以测试其电气特性,而不合格的的晶粒将会被标上记号(InkDot),此程序即称之为晶圆针测制程(WaferProbe)。然後晶圆将依晶粒为单位分割成一粒粒独立的晶粒 三、IC构装制程 IC構裝製程(Packaging):利用塑膠或陶瓷包裝晶粒與配線以成積體電路目的:是為了製造出所生產的電路的保護層,避免電路受到機械性刮傷或是高溫破壞。 半导体制造工艺分类 半导体制造工艺分类 一双极型IC的基本制造工艺: A在元器件间要做电隔离区(PN结隔离、全介质隔离及PN结介质混合隔离)ECL(不掺金)(非饱和型)、TTL/DTL(饱和型)、STTL(饱和型)B在元器件间自然隔离 I2L(饱和型) 半导体制造工艺分类 二MOSIC的基本制造工艺: 根据栅工艺分类 A铝栅工艺 B硅栅工艺
win10版常用基本功能操作 来源:山东新华电脑 (一)桌面及其基本操作 回收站——在删除本地硬盘上的文件或文件夹时,Windows会将其放进回收站,而不是真正的从硬盘上删除,当删除回收站内的相应文件时,该文件才算真正的删除!当回收站充满后Windows会自动删除回收站中的文件以存放最近删除的文件或文件夹。显示桌面按钮——窗口右下角区域 开始菜单——按下win图标/Ctrl+Esc显示‘开始’菜单 (二)键盘和鼠标基本操作 1.快捷键 组合键——键名1+键名2,表示先按下?键名1?不释放,再按下?键名2?,然后同时释放。 Esc 键——全方位的取消键。大多数情况下可以通过快速按下Esc键(有时需要按几次)取消该操作。 功能键——功能键F1-F2也被定义为快捷键。 2.使用鼠标略 (三)窗口组成与操作 1.调整窗口大小 (1)使用鼠标——略(2)使用键盘 按Alt+空格键打开控制菜单,选择相应的命令,按下命令括号内的字母即可。 Aero Peek特效功能——用鼠标把窗口拉倒桌面上方边缘,当出现一个放大气泡时,松开左键,此时松开左键,窗口即可全屏显示。 2.窗口的移动 移动前必须是的移动的窗口为当前窗口,而且不是最大化。(1)使用鼠标 (2)使用键盘——按Alt+空格键打开控制菜单,选择移动,移到合适位置后按下Enter键即可。 排列和预览窗口 当用户打开多个窗口时(>=3),需要它们同时处于显示状态时,排列窗口功能会使操作变得很方便。Win10提供了层叠、堆叠、并排3种窗口排列方式。用户可以右击任务栏,选择相应窗口排列方式即可按要求排列窗口。 Win10提供了多种方式让用户切换预览多个窗口。 (1)Alt+Tab。当用户使用Aero主题时,按下Alt+Tab键后(先按下Alt再按下Tab),切换板中会显示当前打开窗口的缩略图,按住Alt不放,再按Tab就可以在窗口缩略图中进行切换。 (2)Win+Tab。(先按下Win,再按下Tab) 松开两键,再按Tab可以在当前窗口和?新建桌面?间切换/用鼠标进行你所需要操作。 按住Win不动,再按Tab可以在当前窗口和切换模式间转换 (3)通过任务栏预览窗口。把鼠标移至任务栏相应程序按钮上时,会显示其缩略图,移至缩略图部分,会显示相应窗口的预览窗口;单击其缩略图,即可切换至该窗口。 4.关闭窗口 一个窗口使用完后就应关闭,这样可以节省内存,加速Widows运行。(1)单击标题栏的?关闭按钮?。 (2)选择?文件?菜单中的?关闭?或?退出?命令。(3)Alt+F4 (4)在任务栏的项目上单击右键,选择?关闭窗口?命令。 (5)将鼠标移动到任务栏窗口上,在缩略图上单击?关闭?按钮。 (四)输入法使用
盛年不重来,一日难再晨。及时宜自勉,岁月不待人 盛年不重来,一日难再晨。及时宜自勉,岁月不待人 A.晶圆封装测试工序 一、IC检测 1. 缺陷检查Defect Inspection 2. DR-SEM(Defect Review Scanning Electro n Microscopy) 用来检测出晶圆上是否有瑕疵,主要是微尘粒子、刮痕、残留物等问题。此外,对已印有电路图案的图案晶圆成品而言,则需要进行深次微米范围之瑕疵检测。一般来说,图案晶圆检测系统系以白光或雷射光来照射晶圆表面。再由一或多组侦测器接收自晶圆表面绕射出来的光线,并将该影像交由高功能软件进行底层图案消除,以辨识并发现瑕疵。 3. CD-SEM(Critical Dime nsioi n Measureme nt) 对蚀刻后的图案作精确的尺寸检测。 二、IC封装 1. 构装(Packaging) IC构装依使用材料可分为陶瓷(ceramic )及塑胶(plastic )两种,而目前商业应用上则以塑胶构装为主。以塑胶构装中打线接合为例,其步骤依序为晶片切割( die saw)、黏晶(die mount / die bond)、焊线(wire bon d)、圭寸胶(mold )、剪切/ 成形(trim / form )、印字(mark )、电镀(plating )及检验(inspection )等。 (1) 晶片切割(die saw ) 晶片切割之目的为将前制程加工完成之晶圆上一颗颗之晶粒(die )切割分离。举例来说:以 0.2微米制程技术生产,每片八寸晶圆上可制作近六百颗以上的64M微量。 欲进行晶片切割,首先必须进行晶圆黏片,而后再送至晶片切割机上进行切割。切割完后之 晶粒井然有序排列于胶带上,而框架的支撐避免了胶带的皱褶与晶粒之相互碰撞。 (2) 黏晶(die mou nt / die bo nd ) 黏晶之目的乃将一颗颗之晶粒置于导线架上并以银胶(epoxy)粘着固定。黏晶完成后之导线 架则经由传输设备送至弹匣( magazi ne )内,以送至下一制程进行焊线。 ⑶焊线(wire bond ) IC构装制程(Packaging )则是利用塑胶或陶瓷包装晶粒与配线以成集成电路( Integrated Circuit ;简称IC),此制程的目的是为了制造出所生产的电路的保护层,避免电路受到机械
1、清洗 集成电路芯片生产的清洗包括硅片的清洗和工器具的清洗。由于半导体生产污染要求非常严格,清洗工艺需要消耗大量的高纯水;且为进行特殊过滤和纯化广泛使用化学试剂和有机溶剂。 在硅片的加工工艺中,硅片先按各自的要求放入各种药液槽进行表面化学处理,再送入清洗槽,将其表面粘附的药液清洗干净后进入下一道工序。常用的清洗方式是将硅片沉浸在液体槽内或使用液体喷雾清洗,同时为有更好的清洗效果,通常使用超声波激励和擦片措施,一般在有机溶剂清洗后立即采用无机酸将其氧化去除,最后用超纯水进行清洗,如图1 —6所示。 图1—6硅片清洗工艺示意图 工具的清洗基本米用硅片清洗同样的方法。 2、热氧化 热氧化是在800~1250C高温的氧气氛围和惰性携带气体(N2)下使硅片表面的硅氧化生成二氧化硅膜的过程,产生的二氧化硅用以作 为扩散、离子注入的阻挡层,或介质隔离层。典型的热氧化化学反应为:
Si + O2f SiO2 3、扩散 扩散是在硅表面掺入纯杂质原子的过程。通常是使用乙硼烷(B2H6)作为N —源和磷烷(PH3)作为P+源。工艺生产过程中通常 分为沉积源和驱赶两步,典型的化学反应为: 2PH3 f 2P + 3H2 4、离子注入 离子注入也是一种给硅片掺杂的过程。它的基本原理是把掺杂物质(原子)离子化后,在数千到数百万伏特电压的电场下得到加速,以较高的能量注入到硅片表面或其它薄膜中。经高温退火后,注入离子活化,起施主或受主的作用。 5、光刻 光刻包括涂胶、曝光、显影等过程。涂胶是通过硅片高速旋转在硅片表面均匀涂上光刻胶的过程;曝光是使用光刻机,并透过光掩膜版对涂胶的硅片进行光照,使部分光刻胶得到光照,另外,部分光刻胶得不到光照,从而改变光刻胶性质;显影是对曝光后的光刻胶进行去除,由于光照后的光刻胶和未被光照的光刻胶将分别溶于显影液和不溶于显影液,这样就使光刻胶上 形成了沟槽。 光刻胶 基片------------ ?涂胶后基片 1 1 1 1 ~ 显影后基片V------------- 曝光后基片 6、湿法腐蚀和等离子刻蚀
数字化公检法系统软件便携 式标准版 用户操作说明书 V7.1
目录 1.审讯中心服务器系统设置说明 (1) 1.1服务器设置 (1) 1.2审讯室设置 (2) 1.3压缩预览参数设置 (3) 1.4用户管理: (4) 1.5设备管理 (8) 1.6日志及文件 (10) 1.7系统安全管理 (10) 2.审讯中心服务器使用操作说明 (11) 2.1登录 (13) 2.2视频显示区 (14) 2.3在线信息显示区 (16) 2.4功能使用 (16) 3.审讯中心服务器各种温湿度叠加器的设置和使用 (19) 3.1温湿度叠加设置方法 (19) 3.2TC-W8667测试软件 (20) 3.3TC-W8901DC (22) 3.4YL-S018SR (23) 3.5TC-H307P (31) 4.审讯终端软件操作使用说明 (33) 4.1登录主机 (33) 4.2添加案件 (34) 4.3审讯功能 (37) 4.4笔录管理 (41) 4.5案卷查询 (43) 4.6资料回放 (43) 5.数字化公检法系统软件便携式标准版安装部分 (44) 5.1卸载旧压缩卡驱程 (44) 5.2开始安装 (44) 5.3安装加密狗驱动 (45) 5.4安装专用数据库 (46) 6.故障查找与排除 (47)
1 感谢您选用我公司数字化公检法系统软件便携式标准版产品。 数字化公检法系统软件便携式标准版是根据最高检颁布的《人民检察院讯问职务犯罪嫌疑人实行全程同步录音录像系统建设规范》文件要求。通过加强计算机技术、图像数字化技术和信息技术的应用,实现司法系统对审讯室的标准化建设,利用现有的网络对审讯的讯问和询问过程进行有效的监督和管理,实现同步录音录像,提高侦查办案、协查办案的效率,加强办案、取证过程的真实性和有效性。 1. 审讯中心服务器系统设置说明 在使用数字化公检法系统软件便携式标准版前需要先初始化系统数据和配置参数,包括服务器设置、审讯室设置、指挥终端设置、压缩预览参数、用户管理、设备管理、日志文件、系统安全管理和短信设备管理。系统设置初始化后可以投入使用,进行审讯录像、电子笔录、远程指挥等操作。 在桌面上点击 图标,显示“系统设置--用户登录”界面,输入正确的用户名密码(系统默认用户名admin ,密码1111),登录系统设置软件。 1.1 服务器设置 系统设置的第一页为【服务器设置】,如下图:
A.晶圆封装测试工序 一、IC检测 1. 缺陷检查Defect Inspection 2. DR-SEM(Defect Review Scanning Electron Microscopy) 用来检测出晶圆上是否有瑕疵,主要是微尘粒子、刮痕、残留物等问题。此外,对已印有电路图案的图案晶圆成品而言,则需要进行深次微米范围之瑕疵检测。一般来说,图案晶圆检测系统系以白光或雷射光来照射晶圆表面。再由一或多组侦测器接收自晶圆表面绕射出来的光线,并将该影像交由高功能软件进行底层图案消除,以辨识并发现瑕疵。 3. CD-SEM(Critical Dimensioin Measurement) 对蚀刻后的图案作精确的尺寸检测。 二、IC封装 1. 构装(Packaging) IC构装依使用材料可分为陶瓷(ceramic)及塑胶(plastic)两种,而目前商业应用上则以塑胶构装为主。以塑胶构装中打线接合为例,其步骤依序为晶片切割(die saw)、黏晶(die mount / die bond)、焊线(wire bond)、封胶(mold)、剪切/成形(trim / form)、印字(mark)、电镀(plating)及检验(inspection)等。 (1) 晶片切割(die saw) 晶片切割之目的为将前制程加工完成之晶圆上一颗颗之晶粒(die)切割分离。举例来说:以
0.2微米制程技术生产,每片八寸晶圆上可制作近六百颗以上的64M微量。 欲进行晶片切割,首先必须进行晶圆黏片,而后再送至晶片切割机上进行切割。切割完后之晶粒井然有序排列于胶带上,而框架的支撐避免了胶带的皱褶与晶粒之相互碰撞。 (2) 黏晶(die mount / die bond) 黏晶之目的乃将一颗颗之晶粒置于导线架上并以银胶(epoxy)粘着固定。黏晶完成后之导线架则经由传输设备送至弹匣(magazine)内,以送至下一制程进行焊线。 (3) 焊线(wire bond) IC构装制程(Packaging)则是利用塑胶或陶瓷包装晶粒与配线以成集成电路(Integrated Circuit;简称IC),此制程的目的是为了制造出所生产的电路的保护层,避免电路受到机械性刮伤或是高温破坏。最后整个集成电路的周围会向外拉出脚架(Pin),称之为打线,作为与外界电路板连接之用。 (4) 封胶(mold) 封胶之主要目的为防止湿气由外部侵入、以机械方式支持导线、內部产生热量之去除及提供能够手持之形体。其过程为将导线架置于框架上并预热,再将框架置于压模机上的构装模上,再以树脂充填并待硬化。 (5) 剪切/成形(trim / form) 剪切之目的为将导线架上构装完成之晶粒独立分开,并把不需要的连接用材料及部份凸出之树脂切除(dejunk)。成形之目的则是将外引脚压成各种预先设计好之形状,以便于装置于
网络键盘安装使用手册
目录 第一章键盘简介 (1) 1.1 功能特点 (1) 1.2 产品外观 (1) 1.3 技术指标 (1) 第二章键盘安装 (2) 2.1 放置 (2) 2.2 接口 (2) 2.3 安装 (2) 第三章键盘设置 (3) 3.1 设置 (3) 3.2 键盘开机 (3) 3.3 键盘登录 (3) 3.4 设置键盘 (4) 3.4.1网络管理 (4) 3.4.2用户管理 (4) 3.4.3 密码管理 (5) 3.4.4 设备管理 (5) 3.4.5 硬件设置 (5) 3.4.6 锁定设置 (5) 3.4.7 硬件检测 (6) 3.4.8摇杆校准 (6) 第四章矩阵控制 (8) 4.1 登录矩阵 (8) 4.2 矩阵操作界面 (8) 4.3 切换操作 (9) 4.4前端控制 (10) 4.5报警控制 (10) 4.6宏操作 (10) 4.7 越权控制 (10) 4.8 码分配器设置 (10) 4.9 锁定 (11) 4.10 列表 (11) 第五章网络升级 (12)
第一章键盘简介网络键盘配合智能网络矩阵使用,功能丰富、操作简单。 1.1 功能特点 ●中文编程操作界面 ●中文硅胶按键 ●大屏幕液晶屏幕 ●详细的矩阵及前端信息 ●以太网通讯 ●二维变速摇杆 ●使用简捷方便 1.2 产品外观 1.3 技术指标 工作温度:-10℃~50℃ 工作湿度:<90% 工作电压:DC12V 功耗:4W 以太网接口:10BaseT UDP(局域网) 外形尺寸(mm):300×160×43(长×宽×高)
第二章键盘安装 2.1 放置 键盘采用工学设计,水平放置控制台面即可。 2.2 接口 网络键盘背部有两个接口:一个为电源接口,外接DC12V电源给键盘供电;另一个为RJ45网络接口,连接智能网络矩阵。 2.3 安装 标准版本的网络键盘硬件只支持控制智能网络矩阵(控制其它监控设备需要在标准版本的硬件基础上稍作调整),所以标准版网络键盘只能将当前设备选择为矩阵。用网线将矩阵接到键盘的网络接口,接上电源,即完成了键盘和矩阵的物理连接。 注:由于智能网络矩阵内置交换机单元,所以网络键盘连接智能网络矩阵采用直通线序的标准网线。
晶圆封装测试工序和半导体制造工艺流程 A.晶圆封装测试工序 一、 IC检测 1. 缺陷检查Defect Inspection 2. DR-SEM(Defect Review Scanning Electron Microscopy) 用来检测出晶圆上是否有瑕疵,主要是微尘粒子、刮痕、残留物等问题。此外,对已印有电路图案的图案晶圆成品而言,则需要进行深次微米范围之瑕疵检测。一般来说,图案晶圆检测系统系以白光或雷射光来照射晶圆表面。再由一或多组侦测器接收自晶圆表面绕射出来的光线,并将该影像交由高功能软件进行底层图案消除,以辨识并发现瑕疵。 3. CD-SEM(Critical Dimensioin Measurement) 对蚀刻后的图案作精确的尺寸检测。 二、 IC封装 1. 构装(Packaging) IC构装依使用材料可分为陶瓷(ceramic)及塑胶(plastic)两种,而目前商业应用上则以塑胶构装为主。以塑胶构装中打线接合为例,其步骤依序为晶片切割(die saw)、黏晶(die mount / die bond)、焊线(wire bond)、封胶(mold)、剪切/成形(trim / form)、印字(mark)、电镀(plating)及检验(inspection)等。 (1) 晶片切割(die saw) 晶片切割之目的为将前制程加工完成之晶圆上一颗颗之晶粒(die)切割分离。 举例来说:以0.2微米制程技术生产,每片八寸晶圆上可制作近六百颗以上的64M 微量。
欲进行晶片切割,首先必须进行晶圆黏片,而后再送至晶片切割机上进行切割。切割完后之晶粒井然有序排列于胶带上,而框架的支撐避免了胶带的皱褶与晶粒之相互碰撞。 (2) 黏晶(die mount / die bond) 黏晶之目的乃将一颗颗之晶粒置于导线架上并以银胶(epoxy)粘着固定。黏晶完成后之导线架则经由传输设备送至弹匣(magazine)内,以送至下一制程进行焊线。 (3) 焊线(wire bond) IC构装制程(Packaging)则是利用塑胶或陶瓷包装晶粒与配线以成集成电路(Integrated Circuit;简称IC),此制程的目的是为了制造出所生产的电路的保护层,避免电路受到机械性刮伤或是高温破坏。最后整个集成电路的周围会向外拉出脚架(Pin),称之为打线,作为与外界电路板连接之用。 (4) 封胶(mold) 封胶之主要目的为防止湿气由外部侵入、以机械方式支持导线、內部产生热量之去除及提供能够手持之形体。其过程为将导线架置于框架上并预热,再将框架置于压模机上的构装模上,再以树脂充填并待硬化。 (5) 剪切/成形(trim / form) 剪切之目的为将导线架上构装完成之晶粒独立分开,并把不需要的连接用材料及部份凸出之树脂切除(dejunk)。成形之目的则是将外引脚压成各种预先设计好之形状,以便于装置于电路板上使用。剪切与成形主要由一部冲压机配上多套不同制程之模具,加上进料及出料机构所組成。 (6) 印字(mark)及电镀(plating) 印字乃将字体印于构装完的胶体之上,其目的在于注明商品之规格及制造者等资讯。
《地理信息系统基础》实验指导书 课程名称:地理信息系统基础 课程编号: 软件名称:MapInfo Professional 6.5, ORACLE 9.0 指导教师:周晓光、赵玲 实验内容: 实验一、MAPINFO地理信息系统的基本功能与基本操作 实验二、MAPINFO的空间数据录入 实验三、空间数据查询、分析与数据转换 实验四、MAPINFO 的空间数据入库(ORACLE SPATIAL)与调用 实验一、MAPINFO地理信息系统的基本功能与基本操作 实验目的: (1)熟悉桌面GIS软件MapInfo的界面环境 (2)初步掌握MapInfo主要工具、菜单命令的使用 (3)理解GIS软件应具备的基本功能 实验内容及步骤: 一、熟悉MapInfo的界面环境 1、在地图窗口打开MapInfo表 a、选择“文件>打开表”或从“快速启动”对话框中选择“打开表”,出现打开表的对话框。 b、在“文件类型”下拉列表中可以选择要打开的文件类型,可以选择打开dBASE DBF(*.dbf)文件、分界ASCII(*.txt)、Excel电子表格(*.xls)、以及栅格图像文件等。要打开MapInfo表,则在文件类型中选择MapInfo(*.tab)。 小技巧:按住Shift键,可同时打开连续的多张表, 按住Ctrl键,可同时打开不定顺序的多张表。 c、设定要打开的表名称、目录和驱动器。本实验中打开data目录下的China.tab 表、Chinahwy.tab表和Chincaps.tab表。 你会看到一个显示中国地图的窗口,该窗口叫做地图窗口。浏览屏幕上部的菜单条,将发现其中多了一个“地图”菜单。 2、在浏览窗口中查看数据 a、选择窗口>新建浏览窗口(或者单击常用工具条上的新建浏览窗口按钮 ) b、出现“浏览表对话框”,选择China表,按“确定”。
YM COSMOS 雷達功能鍵基本操作 ●通則:記憶槽中上方為A槽,下方為B槽。每5000小時或螢幕左下角之TUNE衰減則需更換磁控管。TX A(X) (Transceiver)或TX A(S):X band 或S band。 ●TRANSMIT:雷達開始發射,天線旋轉。 ●INITIALISATION:最初設定之參數。 ●MONITOR TEST: ●OWN POSITION以游標選之,週期互換。 1.OWN POSITION (NAV):本船位置。 https://www.doczj.com/doc/553539722.html,T:緯度。 b.LON:經度。 c.UTC XX:XX:XX W84格林威治時間,WG84:GPS系統規格。 2.WAY POINT:轉向點資料。 a.WPT nnn:轉向點編號。 b.T BRG nnn.n:到下一轉向點之真方位。 c.DTG nn.n NM:到下一轉向點之距離。 d.XTD(n) n.nn NM:航線左右限制之範圍。 e.TTG nn.nn:到下一轉向點之時間。 3.WIND AND DEPTH:風及水深之資料。 a.REL WIND:nnn KT,nnn°REL:相對風向及風速。 b.DEPTH nnnn M:水深。 ●HL:Heading Line,SL:Stern Line。 ●中心偏移:將游標重疊於本船中心(螢幕中心),按左鍵拖曳至想要之位置後放開;按CENTRE回螢幕中心。 ●CENTER上之MAX VIEN為中心偏移之最大位置。 自動。 ●TUNE旁之MAN:手動,AFC(AUTO FREQUENCY): ●ENH改善小目標隻回跡(特別於3nm之RANG)用於小比例尺時,會減低目標之識別能力。 ●SP:短脈波,MP:中脈波,LP:長脈波。 ●EVENT:記錄當時各船之位置及時間。 ●BRILL:改善與設定白天及晚上之面板及螢幕之亮度。 1.DAY:白天模式。 2.NIGHT1:夜晚模式1。 a.HEADING LINE:船艏線亮度。 b.EBL/VRM:電子方位線/可變距離圈亮度。 c.CURSOR:游標亮度。 d.ARPA:自動雷達測繪援助亮度。 e.TOOLS/RANGE RINGS:工具/距離圈亮度。 f.ROUTES:航路亮度。 g.HISTORY TRACKS:航跡亮度。 h.MAPS:海圖亮度。 i.MENU TEXT:清單信文亮度(?)。 j.TARGET ALARM:目標警報亮度。
天地伟业EASYVIEW V4.0T网络视频监控 软件使用手册 2010年3月
目录 目录 (2) 一、系统需求 (4) 1.1 安装需求 (4) 1.2 运行需求 (5) 二、EASYVIEW视频监控管理软件安装手册 (5) 2.1 软件安装 (5) 三、EASYVIEW视频监控管理软件使用手册 (5) 3. 1搜索器的使用说明 (6) 3.1.1 搜索设置IP地址 (6) 3.1.2 网络设备的搜索 (6) 3.1.3计算机网络设置 (7) 3.1.4 H系列服务器设备搜索 (7) 3. 2 视频浏览模块使用说明 (7) 3.2.1 监控软件EasyView登录系统 (7) 3.2.2 选取、退出软件功能模块 (8) 3.2.3 视频浏览模块使用说明 (9) 3.2.4系统功能模块使用说明 (11) 3.2.4.1 系统设置功能说明 (11) 3.2.4.1.1【设备管理】操作说明 (11) 3.2.4.1.2【用户管理】操作说明 (19) 3.2.4.1.3【用户权限管理】操作说明 (20) 3.2.4.1.4【图像设置】操作说明 (21) 3.2.4.1.5【报警设置】操作说明 (24) 3.2.4.1.6【报警联动】操作说明 (28) 3.2.4.1.7【视频遮挡设置】操作说明 (32) 3.2.4.1.8【日志管理】操作说明 (33) 3.2.4.1.9【切换设置】操作说明 (35) 3.2.4.1.10【域名注册信息设置】操作说明 (36) 3.2.4.2 抓怕浏览功能说明 (37) 3.2.4.3电子地图功能说明 (38) 3.2.5云镜控制模块使用说明 (39) 3.2.6 监控点列表模块使用说明 (40)
环波微机地震解释系统 环波微机地震解释系统
概述 简介 地震解释发展至今,一直是工作站处于垄断地位,以前由于受微机硬件的限制,无法在微机上操纵地震数据,随着微机硬件的飞速发展,在微机上处理大数据问题已经解决,因此地震解释已不再受工作站的限制,开发微机解释系统,将地球物理研究工作从工作站转移到微机是发展的必然趋势,环波微机解释系统是完全基于微机开发的地震解释系统。 主要功能 环波微机解释系统是一个综合性的地震解释系统,其主要功能是对地震剖面进行数据显示分析、剖面追踪对比、解释成图及图形的编辑输出,主要表现在以下方面:1.多维空间网格化,世界领先技术。 2.时间域转为深度域解释 3.可将各类深度域数据(如井位分层,钻井曲线,岩性柱子等)投在剖面上,方便解释层位确定,免做合成记录。 4.深度联井剖面上精确描述油藏剖面 5.时间域与深度域剖面实时转换 6.单剖面智能化和面智能化解释,准确追踪波峰,大量提高解释效率 7.动画播放,可实现同一方向剖面的连续显示,以观察构造变化趋势。 8.切任意剖面 9.剖面任意位置开窗口特征对比 10.时间切片显示 11.地震剖面多种彩色显示 12.地震剖面解释层位透明显示 13.多台微机联机解释,实现了解释系统的管理,多人联合解释与综合研究。 14.支持三维与二维工区解释。 15.测网上显示解释构造形态 16.外部解释成果加载 17.在测网中删除指定区域内的解释成果 18.解释,逆掩断层处理,构造成图一体化。 主要优点 它的优势在于: ①具备方便的二次开发环境。 ②地震剖面接收方式多元化(直接读取显示SEGY大数据量和现有纸剖面)。 ③剖面调用速度快。
天地伟业卫士系列网络摄像机 用户手册 V1.0
重要声明 一、感谢您选用由天津天地伟业数码科技有限公司出品的卫士系列网络摄像机产品。使 用本产品之前,请认真阅读本使用手册。在您开始使用此产品时,天地伟业数码科技有限公司将认为您已经阅读过本产品使用手册。 二、本手册所涵盖的内容均参考此使用手册编写时最新的消息,当涉及的内容发生改变 时,恕不另行通知。 侵犯版权警告 一、卫士系列网络摄像机产品的使用方式不得触犯或侵害国际与国内之法律和法规。一 旦因使用不当而发生触犯或侵犯国际和国家法律及法规的行为,天地伟业数码科技有限公司将不为此负担任何民事和刑事责任。 二、请注意,即使摄录的视频仅供个人使用,在某些情况下使用该摄像机复制表演、展 览或商业资产的图像,仍有可能侵犯版权或其他法律权益。
本品仅限室内(温度-20℃-60℃、湿度10%-90%)使用,电源适配器只限工作于AC 90V-264V 50/60HZ交流电源下。如在此范围之外工作,有可能引起设备工作不正常甚至损坏设备。 本产品不适合于在强磁环境下使用,如使用需采用可靠的第三方防磁设备保护。 请使用随机附件中的电源适配器,选用其他电源可能带来故障。 请勿将摄像头正对阳光或者强烈光线,有可能导致图像失真或者损坏图像传感器。 请将此器材存放于儿童及婴儿触及不到的地方,若遇意外损坏,可能导致身体损伤,如:破 损的外壳可能导致皮肤划伤,SD卡可能导致意外吞食。 请勿试图拆开或改装本指南没有说明的任何部分,请勿让器材触及、浸入水或液体。 如果外壳接触到液体或盐分空气,请用吸水软布擦干外壳。 请勿使用酒精、汽油、稀释剂、或其他易燃物质清洁或护理本器材。 请勿切割、损坏、改装电线或放置重物于电线上。 如双手潮湿,请勿接触本产品及附属电源线路。 采用壁装或吊装方式安装本产品时,请确保支架安装牢固,以免发生意外事故。 长期不使用本产品时,应切断产品的电源将产品妥善包装,并采取必要的防潮措施。