Upload
sahil-bansal
View
222
Download
0
Embed Size (px)
Citation preview
8/4/2019 os tp final
1/14
8/4/2019 os tp final
2/14
Acknowledgement
Today, I am able to present this dissertation here with a coordination of
many heads and hands. Some have supervised, some have assessed,
some have assisted and some have been supplemented.
It gives me immense pleasure to acknowledge my intentness of sharp
and decency of gratitude to Ms. Neha bhateja for sharing a plethora of
knowledge. This would not have been possible without the guidance,
constructive criticism, benevolent help and encouraging attitude. I
would like to explain my gratefulness to god with whose grace I was
able to complete this project and my cousins for helping who helped me
a lot unleashing the knowledge gained so far.
8/4/2019 os tp final
3/14
8/4/2019 os tp final
4/14
Professional
Server
Advanced Server
Datacenter Server
Windows Xp
Windows XP is an operating system that is
produced by Microsoft for the use on
personal computers, including home and
business desktops, laptops, and media
centers. It was first released in August
2001.It is the most popular version of
Windows that is based on installed user
base. The name "XP" is short form or nick
name for "eXPerience." The Windows XP is
the successor to both the Windows 2000 and
Windows Me operating system .It is the first
consumer-oriented operating system that
produced by Microsoft to be built on the
base of Windows NT kernel. Windows XP
was first released for retail sale on October
25, 2001.
File Systems
Windows XP Professional supports the
FAT16, FAT32, and NTFS file systems.
Because NTFS has all the basic capabilities
of FAT16 and FAT32, with the added
advantage of advanced storage features such
as compression, improved security, and
larger partitions and file sizes, it is the
recommended file system for
Windows Vista.
Some features that are available when youchoose NTFS:
File encryption allows you to protect
files and folders from unauthorized
access.
Permissions can be set on individual
files, as well as on folders.
Disk quotas allow you to monitor
and control the amount of disk space
used by individual users.
Better scalability allows you to use
large volumes. The maximum
volume size for NTFS is much
greater than it is for FAT.
Additionally, NTFS performance
does not degrade as volume size
increases, as it does in FAT systems.
Recovery logging of disk activities
helps restore information quickly in
the event of power failure or other
system problems.
http://en.wikipedia.org/wiki/Laptopshttp://en.wikipedia.org/wiki/Home_theater_PChttp://en.wikipedia.org/wiki/Home_theater_PChttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_Mehttp://en.wikipedia.org/wiki/Windows_NT_kernelhttp://en.wikipedia.org/wiki/Laptopshttp://en.wikipedia.org/wiki/Home_theater_PChttp://en.wikipedia.org/wiki/Home_theater_PChttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_Mehttp://en.wikipedia.org/wiki/Windows_NT_kernel8/4/2019 os tp final
5/14
When you perform a clean installation of
Windows Vista, it is recommended that you
use NTFS. If you upgrade computers that
use NTFS as the only file system, continue
to use NTFS with Windows Vista.
Multiple-Booting and File System
Compatibility
NTFS is the recommended file system for
Windows Vista. However, you might need a
different file system to multiple-boot
Windows XP Professional with an operating
system that cannot access NTFS volumes. If
you use NTFS to format a partition, only
Windows XP, Windows 2000, and
Windows NT 4.0 (with Service Pack 4) can
access the volume.
If you plan to install Windows Vista and
another operating system on the samecomputer, you must use a file system that all
operating systems installed on the computer
can access. For example, if the computer has
Windows 95 and Windows XP Professional,
you must use FAT on any partition that
Windows 95 must access. However, if the
computer has Windows NT 4.0 or
Windows XP Professional and
Windows Vista, you can use FAT or NTFS
because both operating systems can access
all those file systems. However, certain
features in the version of NTFS included
with Windows Vista are not available when
the computer runs Windows NT 4.0. For
more information about file system
compatibility and multiple booting, see
Both Windows Xp and Windows 2000, the
two operating system in contention use the
NTFS file system for storage. NTFS (New
Technology File System) is the standard file
system ofWindows NT, including its later
versions Windows 2000, Windows XP,
Windows Server 2003,Windows Server
2008, Windows Vista, and Windows 7.
NTFS supersedes the FAT file system as the
preferred file system for Microsofts
Windows operating systems. NTFS has
several improvements over FAT and HPFS
(High Performance File System) such as
improved support formetadataand the use
of advanced data structures to improve
performance, reliability, and disk space
utilization, plus additional extensions such
as security access control lists (ACL) and
file system journaling.
http://en.wikipedia.org/wiki/File_systemhttp://en.wikipedia.org/wiki/File_systemhttp://en.wikipedia.org/wiki/Windows_NThttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_XPhttp://en.wikipedia.org/wiki/Windows_Server_2003http://en.wikipedia.org/wiki/Windows_Server_2003http://en.wikipedia.org/wiki/Windows_Server_2008http://en.wikipedia.org/wiki/Windows_Server_2008http://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Windows_7http://en.wikipedia.org/wiki/File_Allocation_Tablehttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/High_Performance_File_Systemhttp://en.wikipedia.org/wiki/Metadata_(computing)http://en.wikipedia.org/wiki/Metadata_(computing)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Journaling_file_systemhttp://en.wikipedia.org/wiki/File_systemhttp://en.wikipedia.org/wiki/File_systemhttp://en.wikipedia.org/wiki/Windows_NThttp://en.wikipedia.org/wiki/Windows_2000http://en.wikipedia.org/wiki/Windows_XPhttp://en.wikipedia.org/wiki/Windows_Server_2003http://en.wikipedia.org/wiki/Windows_Server_2008http://en.wikipedia.org/wiki/Windows_Server_2008http://en.wikipedia.org/wiki/Windows_Vistahttp://en.wikipedia.org/wiki/Windows_7http://en.wikipedia.org/wiki/File_Allocation_Tablehttp://en.wikipedia.org/wiki/Microsoft_Windowshttp://en.wikipedia.org/wiki/High_Performance_File_Systemhttp://en.wikipedia.org/wiki/Metadata_(computing)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Journaling_file_system8/4/2019 os tp final
6/14
NTFS uses the following features for file
storage.->
Single Instance Storage (SIS)
Hierarchical Storage Management (HSM)
Native Structured Storage (NSS)
Microsoft Windows
While the different NTFS versions are for
the most part fully forward- andbackward-
compatible, there are technical
considerations for mounting newer NTFS
volumes in older versions of Microsoft
Windows. This affects dual-booting, and
external portable hard drives.
For example, attempting to use an NTFS
partition with "Previous Versions" (a.k.a.
Volume Shadow Copy) on an operating
system that doesn't support it, will result in
the contents of those previous versions being
lost.
bject of
mparison NTFS FAT16 FAT32
erating
tem
mpatibilit
A computer running Windows Vista, Windows
Server 2003, Windows 2000, or Windows XP
can access files on an NTFS partition. A
computer running Windows NT 4.0 with
Service Pack 4 or later can access files on the
partition, but some NTFS features, such as Disk
Quotas, are not available. Other operating
systems allow no access.
File access is available to
computers running
Microsoft MS-DOS, all
versions of Windows,
Windows NT, Windows XP,
Windows Vista, and OS/2.
File access is available
computers running Micr
Windows 95 OSR2,
Windows 98, Windows
Windows 2000, Window
and Windows Vista.
ume size Recommended minimum volume size is
approximately 10 MB.
Recommended practical maximum for volumes
is 2 terabytes. Much larger sizes are possible.
Cannot be used on floppy disks.
Volumes up to 4 GB.
Cannot be used on floppy
disks.
Volumes from 512 MB
2 terabytes.
In Windows Vista, you
format a FAT32 volume
up to 32 GB.
Cannot be used on flopp
disks.
size Maximum file size 16 terabytes minus 64 KB
(244 minus 64 KB)
Maximum file size 4 GB Maximum file size 4 GB
es perume
4,294,967,295 (232
minus 1 files) 65,536 (216
files) Approximately 4,177,92
http://en.wikipedia.org/wiki/Forward_compatibilityhttp://en.wikipedia.org/wiki/Backward_compatibilityhttp://en.wikipedia.org/wiki/Backward_compatibilityhttp://en.wikipedia.org/wiki/Volume_Shadow_Copyhttp://en.wikipedia.org/wiki/Forward_compatibilityhttp://en.wikipedia.org/wiki/Backward_compatibilityhttp://en.wikipedia.org/wiki/Backward_compatibilityhttp://en.wikipedia.org/wiki/Volume_Shadow_Copy8/4/2019 os tp final
7/14
Compatibility with FAT
Microsoft currently provides a tool
(convert.exe) to convert HPFS (only on
Windows NT 3), FAT16 and, on Windows
2000 and higher, FAT32 to NTFS, but not
the other way around.
Comparison of NTFS and FAT File
Systems shown in the table
If you also want to use MS-DOS on your
system, you must use FAT to format another
partition, which is the MS-DOS operating
system's native file system. MS-DOS does
not recognize data on NTFS or FAT32
partitions.
Understanding Windows file system in Xp
and 2000 AND Security comparisons of
file system in Windows Xp and 2000
Even though Windows permissions have
been around for a long time, I still run into
seasoned network administrators that arent
aware of the new changes that came with
Windows 2000 so long ago. WhenMicrosoft released Windows 2000, they
released a new version of NTFS, which was
versioned 5. The new NTFS permissions
were essentially the same logical control as
the older version that was available in
Windows NT, however, there were some
radical and essential changes that occurred
to control how the permissions were
inherited and configured for each file and
folder. Since NTFS permissions are
available on every file, folder, Registry key,
printer, and Active Directory object, it is
important to understand the new methods
and features that are available once you have
Windows 2000, Windows XP, or Windows
2003 Server installed to control resources.
The two editions of Xp launched tackle the
problem of file security in the following
manner using the features like :
Xp Ahead of Windows2000 :
Windows XP provides the most
dependable version of Windows everwith
the best security and privacy features
Windows has ever provided. Overall,
security has been improved in Windows XP
to help you have asafe, secure, and
private computing experience. Windows XP
is available in two editionsWindows XPHome Edition for home use, and Windows
XP Professional for businesses of all sizes.
Security features in Windows XP Home
Edition make it even safer for you to shop
http://en.wikipedia.org/wiki/High_Performance_File_Systemhttp://en.wikipedia.org/wiki/File_Allocation_Tablehttp://en.wikipedia.org/wiki/High_Performance_File_Systemhttp://en.wikipedia.org/wiki/File_Allocation_Table8/4/2019 os tp final
8/14
and browse on the Internet. Windows XP
Home Edition comes with built-in Internet
Connection Firewall software that provides
you with a resilient defense to security
threats when you're connected to the Internet
particularly if you use always-on
connections such as cable modems and
DSL.
Windows XP Professional includes all of the
security capabilities of Windows XP Home
Edition, plus other security management
features. These important new security
features will reduce your IT costs and
enhance the security of your file systems.
Windows XP Home Edition
Personalized Login
Fast User Switching
Personal Privacy
Internet Connection Firewall
Shared Documents Folder
Windows XP Professional
Corporate Security
Controlled Network Access
Simple Sharing
Blank Password Restrictions
Encrypting File System
Certificate Services
Credential Management
Fast User Switching
Personal Privacy
Internet Connection Sharing
Internet Connection Firewall
Software Restriction Policies
Internet Protocol Security
Smart Card Support
Kerberos
Encrypting File System
So far, this paper has described techniques
for protecting resources stored on acentralized network. But beyond simple
password protection, what about protecting
the data stored on a desktop or laptop
computer?
Windows 2000 Encrypting File System
(EFS) addresses this concern. For added
protection of data stored locally, EFS letsyou encrypt designated files or folders on a
local computer, so unauthorized people can't
read those files. EFS is particularly useful
for protecting data on a computer that might
be physically stolen, such as a laptop. You
8/4/2019 os tp final
9/14
can configure EFS on laptops to ensure that
all business information is encrypted in the
user's document folders.
When you enable EFS for a file or folder onan NTFS file system (NTFS) volume, the
operating system encrypts the files using the
public key and symmetric encryption
algorithms available through the CryptoAPI.
Though the underlying mechanism is
complicated, administrators and users can
take advantage of the extra security by
merely selecting a check box in
the Advanced Attributes dialog box
accessed from the File Properties dialog
box.
EFS automatically encrypts the file when it
is saved, and decrypts it when the user opens
it again. No one can read these files except
the user who encrypted the file and an
administrator with an EFS file recovery
certificate (see below). Since the encryption
mechanism is built into the file system, its
operation is transparent to the user and
extremely difficult to attack.
EFS encrypts a file using a symmetric
encryption key unique to each file. Then it
encrypts the encryption key as well, using
the public key from the file owner's EFS
certificate. Since the file owner is the only
person with access to the private key, that
person is the only one who can decrypt the
key, and therefore the file.
Encryption protects files even if someone
bypasses EFS and uses low-level diskutilities to try to read information. Even if
the file can be stolen, over the network or
physically, it cannot be decrypted without
first logging on to the network as the
appropriate user. Since it cannot be read, the
file also cannot be surreptitiously modified.
In the event of an emergency, or should anemployee leave your organization, EFS
includes a recovery mechanism that lets you
recover your company's information. When
EFS is used, a separate recovery key is
created. This is done automatically by the
system, which encrypts the original
encryption key using the public key of an
administrator's EFS file recovery certificate.
An administrator can use the private key
from that certificate to recover the file
should the need arise.
Maintaining File Confidentiality
Security features such as logon
authentication or file permissions protect
network resources from unauthorized
access. However, anyone with physical
access to a computer can install a new
8/4/2019 os tp final
10/14
operating system on that computer and
bypass the existing operating system's
security. In this way, sensitive data can be
exposed. Encrypting sensitive files through
EFS adds another layer of security. When
files are encrypted, their data is protected
even if an attacker has full access to the
computer's data storage.
Only authorized users and designated data
recovery agents can decrypt encrypted files.
Other system accounts that have permissions
for a fileeven the Take Ownership
permissioncannot open the file without
authorization. Even the administrator
account cannot open the file if that account
is not designated as a data recovery agent. If
an unauthorized user tries to open an
encrypted file, access will be denied.
Figure 6 shows where you would create
settings for EFS.
Understanding Permissions For File
Systems Security in XP and 2000
Standard Permissions :
Standard permissions are those permissions
that control a broad range of detailed
permissions. The most popular and infamous
standard permission is Full Control. This is
what everyone wants, but in reality very few
should get. Full Control allows the user that
is granted this suite of permissions to do
virtually anything to the object the
permissions are associated with. The other
standard permissions include the following:
Files:
Modify
Read & Execute
http://technet.microsoft.com/en-us/library/Bb457059.xpsec06_big(en-us,TechNet.10).gif8/4/2019 os tp final
11/14
Read
Write
Folders have the same standard permissions
as files, except there is one additional
standard permission List Folder Contents.
When you look at Registry keys, printers,
and Active Directory objects, there is a
totally different set of standard permissions
for these objects. The security tab of each
object will list the standard permissions, as
shown in Figure 1 for a typical
organizational unit (OU) within Active
Directory.
Inherited vs. Explicit Permissions
There are two variations of permissions that
you will see for any one entry (user,
computer, or group) listed on the access
control list (ACL). If we look at the root
drive, C:, you can add or modify the
permissions for any entry on the ACL. If
you create a new folder under C:, say a new
folder named Data (C:\Data), you wont be
able to modify the permissions for any
existing entries. This is because the
permissions from C: inherit down to all
subfolders and files automatically. If you
dont want the permissions from C: to
inherit down the C:\Data, but still want them
to inherit down to other subfolders below C:,
you would configure the C:\Data folder to
stop inheriting by removing the check from
the Inherit from parent the permission
entries that apply to child objects. Include
these with entries explicitly defined here,
as shown in Figure 3.
8/4/2019 os tp final
12/14
8/4/2019 os tp final
13/14
user or group SID is not on the ACL will
have the same result of No Access to the
resource, without needing to configure any
special entries on the ACL. It is only in the
rare instance that a user or group should be
explicitly denied access that you configure
Deny permissions. Denial of access to
resources by omission from the ACL is
easier to troubleshoot, manage, and
configure.
Permission PrecedenceI
hear all of the time from students and other
network administrators (even the dialog box
in Figure 4) that Deny permissions take
precedence over Allow permissions.
Unfortunately, this is not always the case.
To prove my point, lets look at a scenario
that you too can create to prove that Denypermissions dont always take precedence
over Allow permissions.
In our scenario, we are going to look at a
folder, C:\Data\HR, which contains both
public and private files. We have allowed
the C:\Data\HR folder to inherit the
permissions from C:\Data, which includes
just basic permissions from the root folder.
We have also included the HR group on the
ACL, giving the Group Allow-Read &
Execute permissions. The final explicit entry
on the ACL is for the non-HR group, which
is given Deny-Full Control.
Below the HR folder are two files:
Public.doc and Private.doc. The Public
folder just allows for normal permission
inheritance, so there are no special
permissions added to the ACL. However,
the private file has some explicit
permissions added to the ACL. Since the
Executive group needs to be able to read the
contents of the private folder, this group is
added explicitly with the Allow-Read
8/4/2019 os tp final
14/14
Bibliography
http://en.wikipedia.org/wiki/Comparison_of_file_systems
http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212120,00.html
http://technet.microsoft.com/en-us/library/bb457059.aspx
http://technet.microsoft.com/en-us/library/bb742513.aspx
http://en.wikipedia.org/wiki/Comparison_of_file_systemshttp://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212120,00.htmlhttp://technet.microsoft.com/en-us/library/bb457059.aspxhttp://technet.microsoft.com/en-us/library/bb742513.aspxhttp://en.wikipedia.org/wiki/Comparison_of_file_systemshttp://searchstorage.techtarget.com/sDefinition/0,,sid5_gci212120,00.htmlhttp://technet.microsoft.com/en-us/library/bb457059.aspxhttp://technet.microsoft.com/en-us/library/bb742513.aspx