Upload
carol-stanley
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
AgendaAgenda
Operating System Operating System UNIX (standard UNIX)UNIX (standard UNIX) Window (2000)Window (2000) Manage WindowManage Window
Operating System (OS)Operating System (OS)
Computer consists of Hardware and OSComputer consists of Hardware and OS What is OS?What is OS?
• ManagerManager• OS manages users, access rights and user OS manages users, access rights and user interaction.interaction.• OS manages resources OS manages resources
Files, directoriesFiles, directories DevicesDevices Processes Processes Memory Memory I/OI/O
Operating System (OS)Operating System (OS)
To understand OS ~= wTo understand OS ~= whathat and how and how managemanage• ProcessProcess• Memory Memory • I/OI/O• File SystemFile System• SecuritySecurity
Operating System (OS)Operating System (OS)
How manageHow manage• User interaction : command, GUIUser interaction : command, GUI• Device controllers : busDevice controllers : bus• Interrupts Interrupts • Tables : fdTables : fd• Signals, messages : systemSignals, messages : system
UNIX - InterfacesUNIX - Interfaces
Users
Standard Utility Program
Standard library
OS
Hardware
User mode
Kernel mode
UNIX-User interactionUNIX-User interaction
User interactionUser interaction• Shell : Command programming Shell : Command programming
language language providing an interface to the providing an interface to the
Unix OS.Unix OS.ModifiableModifiable
• compilercompiler• Kernel : Core of the OS.Kernel : Core of the OS.
Invoked by system callInvoked by system call
UNIX - KernelUNIX - Kernel
System callsSystem calls Interrupts and trapsInterrupts and traps
Terminal handlingTerminal handling SocketsSockets File File namingnaming
MappinMappingg
Signal Signal handlehandle
PreocesPreocess s
creation creation and and
terminaterminationtion
Raw ttyRaw tty Cooked Cooked ttytty
Network protocolNetwork protocol File File systemsystem
Virtual Virtual memormemor
yy
Line Line disciplindisciplin
eses
RoutingRouting Buffer Buffer cachecache
Character devicesCharacter devices Network device Network device driversdrivers
Disk device driverDisk device driver
HardwareHardware
UNIX – DeviceUNIX – Device
Device ControlDevice Control• Abstraction of the physical devicesAbstraction of the physical devices• Input : keyboard, mouse, CD-ROMInput : keyboard, mouse, CD-ROM• Output : Screen, printersOutput : Screen, printers• I/O : disk, tape, networkI/O : disk, tape, network
CommandsCommands• Lp, ioctl, sockio, streamio, tarLp, ioctl, sockio, streamio, tar
UNIX – processUNIX – process
Abstraction of running programAbstraction of running program Address space that contains data, Address space that contains data,
instruction, hardware resources.instruction, hardware resources.• Running, ready, block statusRunning, ready, block status• Interrupt from input (vector) – current Interrupt from input (vector) – current
process's info pushed to stack – process's info pushed to stack – hardware access the address to be hardware access the address to be assigned for interrupt device – after assigned for interrupt device – after process done, one of the processes in process done, one of the processes in the ready status is scheduled.the ready status is scheduled.
UNIX – processUNIX – process
Process tableProcess table• Process status, program counter, stack Process status, program counter, stack
pointer, PIDpointer, PID• Scheduling parameters : process Scheduling parameters : process
priority, CPU running time, -> decide priority, CPU running time, -> decide next processnext process
• Memory info : how to find the process Memory info : how to find the process not in the memory (ready or block)not in the memory (ready or block)
• Signals : mask signal, effective signalSignals : mask signal, effective signal
UNIX – processUNIX – process
Kernel process start a series of Kernel process start a series of processes processes
-Daemons (started at system -Daemons (started at system booting)booting)
• ttymon watches various terminals for ttymon watches various terminals for loginlogin
• ttymon starts new process for user shellttymon starts new process for user shell• CommandCommand
ps, exit, kill, fork, wait, bg, fg, signal, sigset, ps, exit, kill, fork, wait, bg, fg, signal, sigset, alarmalarm
UNIX – File SystemUNIX – File System
Hierarchical File SystemHierarchical File System
sbin homevar usr tmp
etc kernel
spool
dev
/
tmp user2user1sbinbin
System binary
Device file Data of sa
Binary file System files
UNIX – File SystemUNIX – File System
CommandCommand• mkdir, link, mount, cd, rmdir, cp, mv, rmmkdir, link, mount, cd, rmdir, cp, mv, rm• Create/open, close, read/write, pipeCreate/open, close, read/write, pipe
NFS (Network File System)NFS (Network File System)
UNIXUNIX - Security - Security
UNIX UNIX is designed for multi-user is designed for multi-user systemsystem• UID (user ID) , GID (group ID)UID (user ID) , GID (group ID)
each process, file, and foldereach process, file, and folder File and folder permission 9 bitFile and folder permission 9 bit
• SETUIDSETUID Set on the program by superuser (root)Set on the program by superuser (root)
• chmod, setuid, setgidchmod, setuid, setgid owner, superuserowner, superuser
UNIX - SecurityUNIX - Security
Login is program with SETUID rootLogin is program with SETUID root• Login asks the username and passwordLogin asks the username and password• Hash function h (username) Hash function h (username) • Call setuid and setgid system callCall setuid and setgid system call• Open keyboard (fd 0), screen (fd 1), Open keyboard (fd 0), screen (fd 1),
screen error (fd 2), start user shell (UID), screen error (fd 2), start user shell (UID), and terminateand terminate
• All processes forked by shell inherit the All processes forked by shell inherit the UIDUID
Windows – OS StructureWindows – OS Structure
Operating System StructureOperating System Structure
Hardware
Kernel
Obj ConfigProcessMemorySecurityCache Power
System Service
System Interface
Win32 program Win32 subsystem
HAL
Windows – OS StructureWindows – OS Structure
Kernel modeKernel mode• HAL : present rest OS with abstract HAL : present rest OS with abstract
hardware device hardware device (winnt/system32/hal.dll) (winnt/system32/hal.dll)
ex) map device address to ex) map device address to logical logical system address system address (bus) (bus)
interrupt service set the interrupt service set the priority on priority on the device the device
Windows – OS StructureWindows – OS Structure
• Kernel : present complete hardware Kernel : present complete hardware independencyindependency
ex) save the CPU register,ex) save the CPU register,
flush CPU tableflush CPU table• System service : accept windows system System service : accept windows system
callscalls
Windows – OS StructureWindows – OS Structure
User mode : provide each user User mode : provide each user process with system call interfaceprocess with system call interface• Environment Subsystems ~= win32 API Environment Subsystems ~= win32 API
(application programming interface)(application programming interface)• System Interface : DLL (dynamic link System Interface : DLL (dynamic link
libraries)libraries)• Service processesService processes
Window - ManageWindow - Manage
InterruptInterrupt Direct Direct
memorymemory
accessaccess I/OI/O MemoryMemory
Window - RegistryWindow - Registry
RegistryRegistry• Don’t change if Don’t change if
you have a plan you have a plan to use machine to use machine againagain..
• Directory (key)Directory (key)• Entry : name, type, Entry : name, type,
valuevalue
Window - RegistryWindow - Registry
• All the win32 application include All the win32 application include win32API functions win32API functions
( RegCreateKeyEx, _Delete_, _Open_, ( RegCreateKeyEx, _Delete_, _Open_, etc)etc)
• All the registry file is in the All the registry file is in the winnt/system32/confgwinnt/system32/confg
• Some file can not open, but if you Some file can not open, but if you succeed opening file (?), you can see the succeed opening file (?), you can see the file start “regf…” file start “regf…”
WindowsWindows Booting Booting
• Boot sector : first sector of the partition Boot sector : first sector of the partition having the bootable OS and has ntldrhaving the bootable OS and has ntldr
• ntldr look up boot.ini file to get the info ntldr look up boot.ini file to get the info on configuration on configuration
• ntoskrnl.exe, and bootvid.dll are loaded.ntoskrnl.exe, and bootvid.dll are loaded.• Finally ntldr load all the drives needed Finally ntldr load all the drives needed
to finish booting ( like mouse, keyboard) to finish booting ( like mouse, keyboard) and load smass.exeand load smass.exe
• winlogin.exe, winlogin.exe,
Windows - SecurityWindows - Security
Winlogin.exe create lass.exe Winlogin.exe create lass.exe (authentication manager) and (authentication manager) and services.exe (look in registry and services.exe (look in registry and start services)start services)
Services : Printer server, File server, Services : Printer server, File server, Telnet Daemon, DNS Telnet Daemon, DNS
resolver,resolver, Event logger, Plug-and-Event logger, Plug-and-
play play manager manager
Windows - SecurityWindows - Security
User SID (security ID)User SID (security ID) Process has access token Process has access token
HeaderExpiration time
Groups Default CACL
User SID
Group SID
Restricted SID
Privilege
Windows - SecurityWindows - Security Security descriptorSecurity descriptor
ImplementationImplementation• Winlogon.exe give initial process access tokenWinlogon.exe give initial process access token
lass.exe decides success of login and lookup registry to get lass.exe decides success of login and lookup registry to get correct user profile and start services.exe with access correct user profile and start services.exe with access tokentoken
• Subsequent processes inherit parent’s access token.Subsequent processes inherit parent’s access token.• Thread usually inherit the process’s access token.Thread usually inherit the process’s access token.
Owner’s SID
Group SIDDACLSACL
Deny access ListSystem Access Control List
Manage WindowsManage Windows
Why have to protect windows?Why have to protect windows?• Bugs : Bugs : Every software contains bugs Every software contains bugs • Intruders : CIntruders : Crackers find a vulnerability rackers find a vulnerability
in the in the OSOS and exploit it to break into and exploit it to break into and and controlcontrol
• Virus InfectionsVirus Infections : : antivirus softwareantivirus software• Violation of your privacyViolation of your privacy : : spywarespyware
((software to collect data about you and software to collect data about you and secretly send it homesecretly send it home))
Manage WindowsManage Windows
How to protect windowsHow to protect windows• Service packService pack• Windows updateWindows update• Installing Hotfixes Installing Hotfixes • Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer • Virus protectionVirus protection• Firewall protectionFirewall protection• Malicious Script Protection Malicious Script Protection
Manage WindowsManage Windows
Service packsService packs• contain hundreds of bug and security contain hundreds of bug and security
fixes and enable you to apply these fixes and enable you to apply these fixes in one fell swoopfixes in one fell swoop
• Check the service pack version and Check the service pack version and download the newest versiondownload the newest version
Windows UpdateWindows Update• Updates are being released constantlyUpdates are being released constantly• http://http://windowsupdate.microsoft.comwindowsupdate.microsoft.com//
Manage WindowsManage Windows
Installing hotfixsInstalling hotfixs• additional patchesadditional patches• subscribe to Microsoft's Security Bulletin - subscribe to Microsoft's Security Bulletin -
http://www.microsoft.com/http://www.microsoft.com/technet/security/bulletin/notify.asptechnet/security/bulletin/notify.asp - or the - or the CERT Advisory Mailing List - CERT Advisory Mailing List - http://http://www.cert.org/contact_cert/certmaillist.htmlwww.cert.org/contact_cert/certmaillist.html. . You will receive regular e-mail notifications You will receive regular e-mail notifications about vulnerabilities and fixes you might need about vulnerabilities and fixes you might need to apply to your system. to apply to your system.
Manage WindowsManage Windows
Microsoft Baseline Microsoft Baseline Security Analyzer Security Analyzer • MBSA allows you to MBSA allows you to
check your Windows check your Windows NT4, 2000, or XP NT4, 2000, or XP installation for a installation for a number of security number of security issues, i.e. Windows issues, i.e. Windows vulnerabilities, weak vulnerabilities, weak passwords, IIS passwords, IIS vulnerabilities, SQL vulnerabilities, SQL vulnerabilities, and vulnerabilities, and missing hotfixesmissing hotfixes
Manage WindowsManage Windows
Virus protectionVirus protection• Anti-virus program : known virus , update Anti-virus program : known virus , update
virus definitionvirus definition• Common sense Common sense
unknown virusunknown virus DON'T OPEN ATTACHMENTS FROM UNKNOWN DON'T OPEN ATTACHMENTS FROM UNKNOWN
SOURCES! SOURCES! DELETE IT!DELETE IT! e-mail with an attachment from a person you e-mail with an attachment from a person you
know but didn't expect it - DO NOT OPEN IT - know but didn't expect it - DO NOT OPEN IT - DELETE IT! DELETE IT!
Manage WindowsManage Windows
Firewall Protection Firewall Protection • Internet connetion : exposed to worldInternet connetion : exposed to world• DSL or cable modem with static IPDSL or cable modem with static IP• FFind out how vulnerable your machine isind out how vulnerable your machine is• http://http://grc.com/default.htmgrc.com/default.htm
click on click on Shield's UP!Shield's UP!. . • Do Do Test My Shields!Test My Shields! and and Probe My Ports!Probe My Ports!.. CCheck for obvious vulnerabilities of your PCheck for obvious vulnerabilities of your PC.. Chances are you have a number of open and/or Chances are you have a number of open and/or
visible ports that can make your machine a visible ports that can make your machine a target for crackerstarget for crackers
Manage WindowsManage Windows
• Firewall Firewall protectprotectss machine by closing these machine by closing these security holes.security holes.
• Firewall software monitors your Internet Firewall software monitors your Internet connection and filters all traffic to keep connection and filters all traffic to keep undesired traffic out and only allow legitimate undesired traffic out and only allow legitimate traffic through.traffic through.
• recommend is ZoneLab's Zone Alarmrecommend is ZoneLab's Zone Alarm• http://http://www.zonelabs.comwww.zonelabs.com. . • After installing Zone Alarm, and perform After installing Zone Alarm, and perform
another Shields UP! test and Port Probe. another Shields UP! test and Port Probe.
Manage WindowsManage Windows
Spyware ProtectionSpyware Protection
• What is SpywareWhat is Spyware come in form of software installed on your machine come in form of software installed on your machine
with or without your knowledgewith or without your knowledge tracks and collects data about you and your tracks and collects data about you and your
computer and sends it back to a central database for computer and sends it back to a central database for processing and analyzingprocessing and analyzing
Lavasoft's Ad-aware Lavasoft's Ad-aware http://http://www.lavasoftusa.comwww.lavasoftusa.com//. . After installing this software you can scan your entire After installing this software you can scan your entire
system including hard drives and registry for any system including hard drives and registry for any traces of spywaretraces of spyware..
Manage WindowsManage Windows
Malicious Script ProtectionMalicious Script Protection • A lot of e-mail viruses are scripts.A lot of e-mail viruses are scripts.• In order to functionIn order to function,, they need to be executed. they need to be executed. • PPrevent you from accidentally launching a revent you from accidentally launching a
malicious script that was not caught by your malicious script that was not caught by your antivirus software by installing script antivirus software by installing script monitoring software monitoring software
• AnalogX's Script Defender AnalogX's Script Defender http://http://www.analogx.com/contents/download/system/swww.analogx.com/contents/download/system/sdefend.htmdefend.htm
Manage WindowsManage Windows EmailEmail
• If possible, set the format as plain /text :If possible, set the format as plain /text :HTML mail is a HTML mail is a potential risk and allows for snooping and malicious potential risk and allows for snooping and malicious code infection code infection
• Disable to running ActiveX , scriptDisable to running ActiveX , script• ActiveX applets (or "controls" as they are called) are ActiveX applets (or "controls" as they are called) are
downloadable programs that are run by your system. downloadable programs that are run by your system. Unlike the normal EXE files, ActiveX can be run Unlike the normal EXE files, ActiveX can be run transparently in your Internet Explorer to perform any transparently in your Internet Explorer to perform any action such as erasing files or stealing your passwords.action such as erasing files or stealing your passwords.
• Do not open EXE, BAT, VBS, and SCR type attachments Do not open EXE, BAT, VBS, and SCR type attachments everever
• Consider using a plain text (non-HTML) e-mail reader Consider using a plain text (non-HTML) e-mail reader such as such as EudoraEudora or or The Bat!The Bat!
• DOC file can be opened up in like WordPad to view the DOC file can be opened up in like WordPad to view the text contents without the risk of a macro virus infection. text contents without the risk of a macro virus infection.
Manage WindowsManage Windows
Perform frequent data backups. Perform frequent data backups. Disable file sharing. Disable file sharing. Create an emergency boot disk.Create an emergency boot disk.