IOS110Introduction to Operating Systems using Windows

Session 6

1

Objectives:

•Disk management•Defragmentation•Disk quotas•Compression•Encryption•Linux (time permitting)

Certificate – Data containing identity information – includes owner, date create, date expires, public key, digital signature (either self-signed or signed by a Certificate of Authority, eg Verisign, Microsoft, etc.)

Decryption – the opposite of encryption – to return the encrypted data into a usable state

Encryption – a reversible means to alter data so that a third party cannot interpret its meaning. Uses a key (a number) and an algorithm to perform the encryption

Public Key Encryption – An encryption scheme that relies a one key to encrypt the data, and another (mathematically related) key to decrypt the data. The Public Key (which everyone has access to) is used to encrypt data. The Private Key (which only the owner has access to) is used to decrypt data.

3

Terminology

MMC•MMC – Microsoft Management Console•Contains snap-ins that provide functionality – such as Disk Management

Disk Management Snap-in•Allows you to perform the following tasks

• Create / Delete Primary and Extended Partitions (Basic Disks)• Create / Delete Logical drives within an Extended Partition (Basic Disks)• Format disks in any file system• View information about a disk or partition• Assign drive letters to hard drives and removable media drives• Convert Basic Disks to Dynamic Disks• Create and manage simple volumes, spanned volumes and stripped volumes

4

Disk Management

Defragmenting a disk•Guidelines

• As it is processor intensive, perform when computer usage is low. Can be scheduled

• When installing large applications, run the defragmenter first. Installation will run better, and system will run faster afterwards

• Have users analyze their disks once a month, and defragment as required. • After deleting a large number of files and folders, the disk may become very

fragmented. Analyze the system. - This is a scenario typical of busy servers.

Disk Quotas•Introduced in Win2K and NTFS 5.0•Is used to limit the amount of disk space consumed by a user•The limits are assigned on a per volume basis (user1 has 50MB on Disk1, user2 has 40MB on disk1, user1 has 100MB on disk2, user 2 has 40MB on disk two)

• You can send warning to user when they have reached a certain level• You can write an event to the event log if users attempt t exceed their quota• When quotas are enabled, WinXP collects statistics on all users on the volume• A user checking properties on a volume will see their remaining quota available• An administrator using the Quota Entries dialogue will see an icon representing

the status of the quota:– Red Dot (with exclamation mark) – user exceeded quota– Yellow Triangle (with exclamation mark) – user within warning level– White dialogue bubble (with arrow) – user OK 5

Disk Management

Characteristics of Disk Quotas•Any action a user takes is charged against their quota, including:

• taking ownership of files and folders• installing applications• copying or saving new files

•Disk quota is charged based on a file's uncompressed size•Freespace reported to an application is based on the user's quota•Quotas are tracked independently for NTFS volume – even if the volume spans several physical disks•Volume / Partition must be formatted NTFS 5.0 to use quotas (NTFS with WinNT does not support quotas)•Only administrator can enable quotas, however users can view quota settings

Guidelines for Using Quotas•Use the Administrator Account to install applications, avoids your personal account being charged •If using quotas only to monitor disk usage, disable the feature that denies disk space to users exceeding their quota•Set restrictive limits for all user accounts. Monitor disk usage. Increase quota for those users that require more space•Set disk quotas on all shared volumes that a user can access, including public folders and net work servers to ensure appropriate use of space by users•Provide warnings to users when they exceed quotas or warning levels•If a user no longer uses a volume, remove their quota entries after moving or transferring ownership of their files to another.

6

Disk Management

Disk Compression•Available on NTFS•A means to store more data on a disk, then could otherwise be stored.

Rules for Copying and Moving a File in a Compressed Folder•Copying within an NTFS Volume

• Copy inherits the attributes of the destination– If the destination folder is not compressed, a compressed file will be stored

uncompressed•Moving within an NTFS Volume

• Move retains CURRENT compression state– A compressed file will stay compressed regardless of the destination folder

being compressed or not– An uncompressed file will stay uncompressed

•Moving or copying to another NTFS volume• Both inherit the attributes of the destination

– See copy above.– In this context, a move is a Copy followed by a Delete. Therefore, the

behaviour is that of a copy•Copying or moving to a FAT/FAT32 partition results in a loss of compression•Storing ZIP files in a compressed folder is a waste of CPU resource (and can be a waste of space, as files compressed several times begin to grow in size•Frequently used files and binary (application) files should not be compressed

7

Disk Management

Encryption•EFS – Encrypting File System supported on NTFS•Public key based encrypting system•Used only for storing files – NOT for transmission (need SSL)•Features

• Once set, the encrypt/decrypt process takes place automatically• Public key cryptography is considered secure (lets not open that debate!)• If the private key is unavailable (employee has left), the files can still be

retrieved using a Recovery Agent – typically the administrator• Temporary files are also encrypted – provided they are on an NTFS volume –

don't set the %temp% or %tmp% system variables to point to non-NTFS volumes

• Files are never copied to the paging file•Encryption and Compression are mutually exclusive – you can enable one but not both features on a target

Recovery of an Encrypted File•Three methods:

• Data recovery agents• Export and Import of EFS recovery keys• Windows Backup

8

Disk Management

Data Recovery Agents•The owner or DRA can decrypt a file by clearing the Encrypt checkbox•File remains decrypted until explicitly re-encrypted•In Win2K the local administrator can act as default DRA, if the Certificate is not available then EFS is disabled.•In WinXP there is no default DRA – and it is still possible to encrypt files•In a domain environment EFS can access any DRA Certificate in the domain and cache them locally for recovering encrypted files

Exporting and Importing Recovery Agent Certificates•This requires pre-planning•Using a utility called cipher.exe you can create two files:

• XXXXX.cer – Security Certificate• XXXXX.pfx – Certificate and Private Key file that is password protected using

the password supplied when running cipher.exe•These files can be stored on a floppy and used in the case that the user's certificate or private key is lost or corrupted

9

Disk Management

Windows Backup•In WinXP Pro you can use the Backup program to back up encrypted files. They will remain encrypted, even if store on non-NFTS media.•If recovery of these files is necessary, restore the files to a computer with a default DRA and the recovery certificate is present (or imported)•Restore the files to decrypt

10

Disk Management

Mounting a Volume•Traditionally, partitions available to the operating system were provided a letter of the alphabet as a name and means of identifying them. A: and B: are used for the floppy disks, C: to Z: for all else•As of Win2K it now possible to use a label to access a volume:

• An empty folder must be created on an NTFS partition, with the name you wish for the volume

• Using Disk Management create the partition, and link it to the folder, instead of providing a letter.

• FAT partitions can be mounted to the NTFS file system as well•Volumes can also be dismounted.

11

Disk Management

Linux(time permitting)

BackgroundLINUX is a free version of UNIX, written primarily by Linus Torvalds at the University of Helsinki, Finland. It was developed as a hobby.

Much of the software developed for LINUX was developed by the GNU project of the Free Software Foundation in Cambridge, Massachusetts.

GNU projectThe GNU project was formed in 1984 to to develop a complete Unix-like operating system. For details, go to www.gnu.org.

"Computer users should be free to modify programs to fit their needs, and free to share software, because helping other people is the basis of society."

13

LINUX

GNU project, continued“The term "free software" is sometimes misunderstood--it has nothing to do with price. It is about freedom. Here, therefore, is the definition of free software: a program is free software, for you, a particular user, if:

You have the freedom to run the program, for any purpose. You have the freedom to modify the program to suit your needs. (To make this freedom effective in practice, you must have access to the source code, since making changes in a program without having the source code is exceedingly difficult.) You have the freedom to redistribute copies, either gratis or for a fee. You have the freedom to distribute modified versions of the program, so that the community can benefit from your improvements.”

14

LINUX

Versions of LinuxThere are several version of LINUX available. Depending on what features and user interface you desire: Corel, Redhat, Debian, Caldera, Slackware, S.u.S.E.

If you are shopping for a version of Linux, check out their websites. Or better yet, if a free download is available, try them.

The common point to all of the version of Linux, is that they are all UNIX. Once you know UNIX, you will be able to navigate around any of the versions. The main difference will be the user interface.

15

LINUX

Installing LinuxInstalling Linux should be a straight-forward operation. However, there are differences between installing Windows and installing Linux:

file systemuser management

File systemThe file system on UNIX is different than the file systems that evolved from DOS. A brief review of both the FAT and Linux file systems follows (as they pertain to hard disks).

FAT File systemThe hard disk is broken in two possible structures:

primary partitionextended partition – which contains logical drives

16

LINUX

FAT File system, continuedThere can be no more than 4 Primary Partitions or 3 Primary and one Extended Partition on a hard disk. The Extended Partition will contain one or more Logical Drives.

In FAT, each Primary Partition and Logical Partition is assigned a letter, starting from C. (The letters A and B are reserved for the floppy diskette drives).

A drive might look like:

There is one Primary Partition and one Extended Partition with two Logical Partitions and some unallocated disk space (Free space).

17

LINUX

C:ExtendedPartition

D: E: Free space

Linux File systemIn UNIX there are no drive letters. The way disks are handled is completely different. Instead of partitions UNIX has 'mount points'. The mount point is named based on which hard disk is being referred to as well as the partition number for that hard drive.

Hard disks are named hda, hdb, hdc ...

So the first partition of the first disk is hda1.

Using the same scheme as before, hda could be laid out as:

The mount points are '/', '/opt' and 'swap'.

18

LINUX

/ExtendedPartition

/opt swap Free space

Linux File system, continuedIf you have enough spare partitions (primary and extended), you could load both Linux and your favourite version of Windows onto the same machine. As the machine boots up, it will prompt you to select which operating system you want to load.

A couple of mount points of interest:/mnt/floppy (created with the command: mount /dev/fd0)/mnt/cdrom (created with the command: mount /dev/cdrom)

Linux installationBegin by having sufficient free space on your disk drive to perform the installation. Linux will allocate the space during the install process.

When you load Linux you will have many options available to you such as development tools (compilers and CASE tools), web server (such as Apache), FTP server, TELNET daemon, and many more.

A word of caution, many of the tools and utilities that you load with the 'complete' install also leave your machine vulnerable to attack from the web.

19

LINUX

User managementAs we discussed earlier, UNIX is a multi-user system. So is Linux. By default there is one account created called 'root'.

From the root account, you can create other accounts so that each user has their own home directory and can set their own file permissions.

It would be prudent to keep the root password on paper somewhere, and create accounts for all others that will be using the system.

The reason for this is that the root account has complete access to the entire system. A slip of the finger while using the root account may have more of an impact on the system, than a user with basic privileges.

20

LINUX