Sri Lanka Institute of

Information technology

Evaluating the Features of

Various Operating Systems
Module : IE2022 - Secure Operating Systems
Assignment : Group Project
Batch : Y2.S2.CS.WD.01.01
Group :
Date :

Name Student ID

1. Wijesinghe H. C. IT 22898302

2. Dissanayake A. M. A. R. K. IT 22370464

3. Vindinu E J IT22897626

4. Silva S Y N IT22282040

1
Student ID : IT 22898302
Name : Wijesinghe H. C.

How OS share resources among users fairly, efficiently, and safely.

Operating systems (OSs) play a vital role in the world of computing by managing hardware resources and
providing a foundation for various software applications. One of the most critical aspects of OS design is
resource management, ensuring that resources are shared among users fairly, efficiently, and safely. Fairness,
efficiency, and safety are fundamental principles that guide the design and functionality of these OSs, each
tailored to the unique needs and use cases they serve.
OS can be divided into three distinct OS categories: Client OS (Mac OS), Server OS (Linux), and Mobile OS
(Android). These categories cater to various computing environments, and their resource management
techniques are intricately designed to strike a balance between these core principles. Mac OS prioritizes a
responsive user experience, Linux excels in multi-user server environments, and Android is optimized for the
constraints of mobile devices, all while striving to ensure fairness, efficiency, and safety in resource sharing.

Client OS – Mac OS

Mac OS, developed by Apple Inc., primarily serves as a client operating system, designed for personal
computers and laptops. It faces the challenge of managing resources in a way that provides a responsive and
user-friendly experience. Mac OS achieves this by employing a combination of resource-sharing techniques:

Time-sharing: Mac OS uses a time-sharing mechanism, a fundamental principle of multitasking operating

systems. This mechanism ensures that CPU time is distributed fairly among different processes and
applications running on the system. Rather than allowing a single application to monopolize the CPU, Mac
OS divides the available processing power equitably, giving each task its time in the spotlight. This approach
enhances fairness, preventing any one application from causing sluggishness in the overall system and
facilitating a more balanced and responsive user experience.

Memory management: Memory is a critical resource, and Mac OS uses a sophisticated approach to enhance
both efficiency and safety. Virtual memory techniques, enable Mac OS to manage memory effectively. These
techniques allow multiple applications to run concurrently, each believing it has access to the entire memory
space. In reality, Mac OS partitions the physical memory, preventing memory conflicts and potential crashes.
This not only optimizes resource usage but also reinforces system safety and stability.

I/O Management: Input and output (I/O) resources, including file access and peripheral devices, are managed
efficiently in Mac OS to ensure a responsive user experience. Resource allocation algorithms are carefully
utilized to balance the various needs of multiple applications. This intricate management ensures that no
single application can disrupt the overall system's stability. The result is a system that can efficiently
accommodate various I/O operations, maintaining overall performance and responsiveness.

2
App Sandboxing: Mac OS's commitment to safety and security is demonstrated by its use of app sandboxing.
Each application, when executed, operates within a highly restricted environment, isolated from other parts of
the system. This encapsulation ensures that applications are prevented from accessing resources or data they
shouldn't. This not only enhances the safety of the system but also fortifies data privacy, which is increasingly
vital in today's interconnected digital landscape.

User and Permissions Management: Mac OS provides user and permissions management to guarantee
safety and security. Users have their own accounts and restricted access to certain system resources. File
permissions and access control lists (ACLs) are used to determine what actions can be performed on files and
directories, ensuring data safety.

Server OS – Linux

Linux, as a server operating system, is designed for a vastly different set of requirements. Its primary focus is
to efficiently allocate resources to multiple users and applications while maintaining system stability and
security. Linux achieves this through the following methods:

User Isolation: In Linux resource management, robust user isolation stands out as a cornerstone. Linux goes
to great lengths to ensure that each user enjoys their own segregated environment with a dedicated user ID and
home directory. These dedicated user spaces are like a personal fortress within the broader system, creating
strict boundaries that prevent interference with other users or applications. This approach safeguards data
privacy and system safety, ensuring that user activities remain isolated from one another, mitigating the risk of
unintended interactions or security breaches.

Scheduling Policies: Linux uses scheduling techniques and priority levels to ensure fairness in CPU resource
allocation. The Completely Fair Scheduler (CFS) is one such scheduler that strives to allocate CPU time fairly
among processes based on their priority. Real-time scheduling techniques also exist for critical applications.

Virtualization: The power of virtualization technology within Linux cannot be overstated. It empowers
administrators to create isolated virtual machines (VMs) and containers, each serving as a self-contained
computing environment. These isolated realms provide strong safety guarantees by preventing interactions
between VMs and containers, which is essential for multi-tenant environments. Moreover, it allows for fine-
grained resource allocation within each isolated context, reinforcing resource management control and
offering robust security and privacy assurances.

Resource Quotas & Disk Quotas: Linux augments its resource management capabilities with resource
quotas and disk quotas. Utilizing features like cgroups (control groups), Linux empowers system
administrators to establish precise resource and disk space boundaries for processes and users. This fine-
grained control mechanism serves as a safeguard, effectively preventing the activities of any single user or
process from imperiling the performance or safety of the overarching server. This level of control ensures that

3
resource allocation remains within predefined limits, eliminating the risk of resource exhaustion and system
instability.

Security and isolation: Linux's commitment to security and isolation is unwavering. Mandatory access
control (SELinux) is one of its standout features, imposing rigid control over processes' capabilities and access
to system resources. Additionally, virtualization technologies create isolated environments for different
services and users, a crucial element in maintaining system safety and reliability. By emphasizing security and
isolation, Linux guarantees that the system remains a fortified fortress, resilient against external threats and
internal vulnerabilities, and continually safeguarding data and resources.

Mobile OS – Android

Android, a mobile operating system, is tailored to the constraints and requirements of smartphones and tablets.
It faces the challenge of optimizing resource usage while maintaining a smooth user experience. Android
addresses these challenges with the following approaches:

Process Management: Android emphasizes process management to prioritize foreground applications,

ensuring that the application currently in use receives the lion's share of resources, including CPU time and
memory. This approach guarantees a smooth and responsive user experience.

App Sandboxing: App sandboxing is a fundamental approach in Android to ensure the safety and security of
the system. Each Android app is confined within its own sandboxed environment, known as the Android
Application Sandbox. This means that an app operates in isolation, separate from other apps and system
components. It cannot access data or resources of other apps, and its permissions are strictly controlled. This
isolation is instrumental in safeguarding the user's data, preventing malicious apps from compromising the
overall system, and maintaining a robust security posture for the Android platform.

Background Process Limitations: Android prioritizes the user experience by implementing limitations on
background processes. While background apps still have a place in the ecosystem for tasks like notifications
and updates, Android restricts the resources available to them. This ensures that background apps do not
consume excessive CPU cycles or memory, which would otherwise slow down the device or quickly drain the
battery. By placing these limitations, Android guarantees that foreground applications, the ones currently in
use, receive the lion's share of resources, delivering a smooth and responsive user experience.

Permission Management: Android's permission management system empowers users with control over
which resources and data an app can access. When an app requests specific permissions, Android prompts the
user to grant or deny these requests. This user-centric approach allows individuals to make informed decisions
about the data and resources they are willing to share with an app. This not only enhances user safety and data
privacy but also puts users in the driver's seat, ensuring they maintain control over their devices and personal
information.

4
Virtualization and Containerization: Android has evolved to incorporate virtualization and containerization
technologies to create isolated environments for specific applications or work profiles. For instance, Android
Virtual Devices (AVDs) enable developers to create self-contained testing environments, while Android for
Work allows businesses to establish secure, partitioned workspaces on employees' devices. These isolated
environments enhance resource allocation control, ensuring that critical applications or work profiles receive
the resources they need without interference from other apps. Furthermore, this supports a clear separation of
personal and work-related data, reinforcing the safety and confidentiality of sensitive corporate information.

Power efficiency: Mobile devices have limited battery life. Android optimizes resource allocation by
considering power consumption. This includes dynamically adjusting the performance of the CPU and other
components to conserve power while ensuring efficient resource utilization. A one to achieve maximum
power utilization is to restrict background processes to minimize battery drain while ensuring foreground
applications receive the necessary resources for responsiveness.

5
Student ID : IT 22370464
Name : Dissanayake A. M. A. R. K.

How an OS Support Many Devices Simultaneously

An operating system supports many devices simultaneously through a combination of hardware by using
abstraction and device drivers.
Layer of abstraction isolates software applications from the underlying hardware. This allows developers to
write programs that interacts with a consistent interface rather than hardware-specific details. This enables
Operating systems to communicate with different hardware components efficiently.
Device drivers act as intermediary between the OS and specific hardware components. It translates high-level
OS commands into low-level instructions that the hardware can understand. This allows operating systems to
adapt to different hardware configurations.

Client OS – Windows

Windows, designed by Microsoft serves as both client and server operating systems. When it comes to the
client side, it supports different types of devices with various hardware configurations. It supports laptops,
desktops and, all-in-one computers with different kind of memories, motherboards, processors, storage
devices, displays and even more. Windows OS has achieved this through a combination of key features:

1. Hardware abstraction layer: Windows uses a hardware abstract layer in order to isolate the Operating
System from hardware devices. This allows the operating system to remain consistent over different
hardware combinations, making it compatible with a diverse range of devices.

2. Unified Interface: Term “unified interface” refers to a standardized way for softwares and programs to
interact with various hardware combinations, without considering specific details of those hardware
components. This provides a common set of functions and protocols to follow, making it easier for
developers to create software that work among different hardware configurations.

3. Compatibility Layers: Compatibility layers are frameworks which designed to ensure backward
compatibility and enable older software or applications to run on modern operating systems or hardware
that might not natively support them. These layer act as intermediary by using technologies like
emulation, API translate and virtualization to translate and emulate the functions and behaviors of older
software so that they can function properly in a different environment.

4. Driver Update Mechanisms: Windows provides drivers updates regularly and releases software and
hardware patches to improve compatibility, stability and performance. By doing so, you can be sure that
the operating system can maintain compatibility with older hardware components while also being able to
adapt to changes in those components.

6
5. Plug and Play: Windows has a Plug and Play system that automatically detects and configures new
hardware when it's connected to the system. This makes the process of adding and removing hardware
components easier and more user-friendly. Plug and Play systems can,
- Detect new hardware devices that connected to the system.
- Identify capabilities of the newly connected device.
- Automatically install relevant drivers, if they are not already installed.
- Configure operating system to support that device.
- Allocate system resources for that device.

6. Device Drivers: Windows includes a large library of device drivers that act as intermediaries between the
OS and hardware components. These drivers allow the operating system work with a wide variety of
devices.

Server OS – Linux

Linux is a widely used operating system in server computer. Server computer can be configured with various
hardware components and servers are used many different situations, like web hosting, database management,
cloud computing and network services. Linux operating system manages to operate with these conditions,
while providing stability and security by following some key attributes.

1. Being open-source: Linux is an open-source operating system. Anyone is allowed to view, modify and
distribute the source code. This makes it possible for Linux to run on different hardware configurations
effortlessly.

2. Kernel Modules: Linux has a modular kernel by default. This allows for loading and unloading kernel
modules dynamically and to remain relatively small and lightweight. When a new device is added or
changed, it can load the module with relative device drivers without needing to recompile the entire
kernel.

3. Multiple Architecture Support: Linux is designed to support wide range of hardware architectures. It
supports ARM, MIPS, PowerPC, and many other architectures other than traditional x86 and x64
architecture. This allows Linux to run in mobile devices, desktops, servers, and even in supercomputers.

4. Udev: Udev is a device management system in Linux. It dynamically manages device nodes in the /dev
directory. It assigns a unique identifier to each device and responds to the actions performed like
connecting and disconnecting. This helps to manage devices without conflicting device names and
configurations.

5. Sysfs and Procfs: Sysfs and Procfs are virtual filesystems that expose system and kernel information to
user space. Sysfs provides information about devices and their attributes, while Procfs offers a window
into the kernel's runtime information. This makes it easier to query and configure hardware and kernel
settings.

6. Customizability: Linux is a highly customizable operating system. Anyone with a proper knowledge can
configure the kernel and system parameters to optimize performance and configure the operating system
for specific scenarios. This flexibility allows Linux to adapt to diverse requirements.

7
Mobile OS – Android

Android is a mobile operating system developed by Google. Android is based on the Linux kernel and it’s
also open source like Linux. It is one of the most widely used operating systems in smartphones and tablets. It
is also used in various other devices like, smartwatches and televisions. Android operating system achieved
these characteristics through some key elements.

1. Being open-source: Android is an open source operating system like Linux. Its source code is freely
available for modification and customization. Developers can modify and enhance the source code to
create custom ROMs and specialized operating systems.

2. Fragmentation: This refers to the existence of a wide variety of devices running different versions of the
Android operating system. Having different versions of the Android OS in different devices, supporting
devices with variety of screen resolution sizes and, supporting many carriers and regions are some
examples for fragmentation.

3. Machine Learning and AI: Android operating system uses machine learning and AI to enhance user
experience, such as analyzing the usage patterns and improve the battery life, analyzing the light
conditions and adjusting screen brightness and automatically closing unused apps for a long time.

4. Accessibility Features: Android includes a wide range of accessibility features. Display Magnification,
Live Transcribe, Voice Access and Shortcut Options are some of them. It also includes some specific
features for users with disabilities to access and use the platform effectively.

5. Google Play Services: Google Play Services provides a unified set of services and APIs that work across
Android devices. This includes location services, push notifications, authentication, and many more.
These services are accessible to both users and developers, making it easier to use and develop apps.

6. APIs and SDKs: Android provides a comprehensive set of APIs (Application Programming Interfaces)
and SDKs (Software Development Kits) that developers can use to develop apps. This allows developers
to build apps to work on variety of devices.

8
Student ID : IT 22897626

Name : Vindinu E. J.

Resource Allocation - Windows Operating Systems

Resource allocation in Windows operating systems is a critical aspect of managing user access, ensuring
security, and optimizing system performance. This report delves into the key mechanisms and features used in
Windows for resource allocation and management, as well as the benefits it offers.
Resource Allocation Mechanisms in Windows
User Accounts
Windows allows the creation of user accounts, each with its own set of permissions and access rights. User
accounts can be tailored to individual users or groups, offering different levels of privilege and resource
access.
User Groups
Simplifying resource allocation, Windows supports user groups. Permissions and access rights can be defined
for groups, allowing users to be easily added or removed from these groups as needed.
File and Folder Permissions
Granular control over file and folder access is achieved through permissions. These permissions determine
who can read, write, modify, or delete files and folders, ensuring that resources are used in a controlled
manner.
Shared Resources
Windows facilitates resource sharing through file and printer sharing across networks. Access to shared
resources can be precisely managed, specifying which users have access rights.
Quotas
To prevent users from overusing disk space, administrators can set disk quotas for individuals or groups. Disk
quotas restrict the amount of disk space a user can consume, maintaining fair resource allocation.
Group Policies
Group Policies are employed to configure security settings, manage user preferences, and control various
settings for groups of users and computers. This feature ensures uniform resource allocation and security
across an organization.
Task Scheduler
Task Scheduler allows administrators to schedule tasks to run at specific times or in response to certain
events. System resources can be allocated to tasks based on their priority.
Active Directory
In domain environments, Windows relies on Active Directory for centralized user and resource management.
This includes the management of group policies and resource allocation settings at the domain level.

9
Resource Monitor
Windows provides tools like Resource Monitor for tracking and monitoring resource usage by users and
processes. This helps in identifying resource-intensive applications and processes.
Virtualization
Enterprise environments employ virtualization technologies such as Hyper-V and VMware to allocate specific
CPU, memory, and storage resources to virtual machines, ensuring efficient resource usage.
Practical Use of Resource Allocation Features
The choice of resource allocation features depends on the specific needs and environment. Here are some
practical tips:

1. User Accounts and User Groups: Use these to control resource access for different users or groups of
users.
2. File and Folder Permissions: Secure sensitive files and folders by defining who can access, modify, or
delete them.
3. Shared Resources: Enable file and printer sharing for network users, while controlling access to
shared resources.
4. Quotas: Implement disk quotas to prevent users from consuming excessive disk space.
5. Group Policies: Set group policies to ensure consistent resource allocation and security settings.
6. Task Scheduler: Use Task Scheduler to allocate system resources based on task priorities.
7. Active Directory: In a domain environment, leverage Active Directory for centralized management of
resource allocation settings.
8. Resource Monitor: Monitor resource usage to optimize system performance and identify resource-
hungry applications.
9. Virtualization: In enterprise settings, virtualization technologies allocate resources efficiently to
virtual machines.

Benefits of Resource Allocation

Resource allocation offers various advantages, including:

1. Improved Security: By controlling access to resources, resource allocation enhances security and
reduces the risk of unauthorized access.
2. Enhanced Performance: Efficient resource allocation leads to improved system and application
performance.
3. Cost Reduction: Preventing users from wasteful resource consumption reduces IT costs.

Resource allocation in Windows is crucial for maintaining system integrity, ensuring security, and optimizing
resource usage. When utilized effectively, it contributes to a well-managed and high-performing IT
environment.

Resource Allocation - Unix server Operating Systems

Resource allocation in Unix server operating systems is a crucial aspect of system administration. Unix-like
operating systems, including various flavors of Linux and BSD, are widely used on servers due to their robust
resource management capabilities. Here's an overview of how resource allocation works in Unix server
operating systems:

10
1. User and Group Accounts:

● Unix systems manage resource allocation through user and group accounts.
● Each user is assigned a unique user ID (UID), and users with similar resource needs are grouped
together.
● User accounts and groups help in setting resource limits and permissions for processes and files.

2. Process Prioritization:

● Unix systems allocate CPU time to processes based on priority.

● The "nice" command allows users to adjust process priority, with higher values indicating lower
priority.
● This helps in sharing CPU resources fairly among running processes.

3. Process Control:

● Unix systems provide tools for controlling processes, including starting, stopping, and pausing.
● Utilities like "kill" are used to terminate processes that misbehave or consume excessive resources.

4. Memory Management:

● Memory allocation in Unix servers is a critical part of resource management.

● The operating system's kernel is responsible for dividing physical memory among active processes.
● Techniques like virtual memory and paging are employed to manage memory efficiently.
● Unix allows setting limits on memory usage per user or group to prevent one process from consuming
all available memory.

5. Disk Space Allocation:

● Disk quotas are used to restrict the amount of disk space available to users and groups.
● Users are prevented from filling up disks and impacting the performance of the server.

6. I/O Scheduling:

● Disk I/O operations are managed using I/O schedulers to maintain system responsiveness.
● Fair queuing and prioritization mechanisms ensure that I/O requests from different processes are
handled fairly.

7. Network Resource Allocation:

● Unix servers manage network resources, including bandwidth and socket limits.
● Tools like "tc" (traffic control) are used to allocate network resources effectively.

8. File and Directory Permissions:

11
 ● Unix servers employ file permissions to control resource access.
● Access control lists (ACLs) and file ownership determine who can read, write, or execute files and
directories.

9. Cgroups (Control Groups):

● Cgroups, also known as control groups, are a feature in Unix-based systems (particularly Linux) for
controlling and monitoring resource allocation of a collection of processes.
● Cgroups allow setting limits on CPU, memory, and other resources for groups of processes, ensuring
fairness and preventing resource hogging.

10. Virtualization:

● Unix servers often use virtualization technologies like KVM and Docker to allocate resources to
virtual machines (VMs) and containers.
● VMs and containers can be assigned specific CPU, memory, and storage resources.

Resource allocation in Unix server operating systems is critical to ensuring fair, efficient, and secure resource
utilization, making these systems suitable for hosting various services and applications. The flexibility and
fine-grained control over resource allocation contribute to the reliability and stability of Unix servers.

Resource allocation - Android operating systems

Resource allocation in Android operating systems is an essential aspect of ensuring smooth and efficient
operation on mobile devices. Android, based on a modified Linux kernel, utilizes resource allocation
strategies to manage system resources effectively. Here's an overview of how resource allocation works in
Android OS:
1. Process Scheduling:

● Android employs a process scheduler to allocate CPU time to running applications.

● The Completely Fair Scheduler (CFS) is a commonly used process scheduling algorithm to ensure
fairness among applications. It distributes CPU resources proportionally, allowing each application to
run efficiently.

2. Application Priority:

● Android assigns priorities to applications based on their state and importance.

● The Activity Manager adjusts the priority of apps in the background to ensure foreground apps
receive the most resources.

3. Memory Management:

● Android's memory management is designed to ensure that applications have adequate memory to run
smoothly.
● It uses techniques like low memory killer (LMK) to terminate background applications when memory
is scarce.
● Android can also use swap space to handle memory requirements more effectively.

12
4. I/O Scheduling:

● Android employs I/O schedulers to prioritize read and write operations to storage, ensuring smooth
performance.
● The deadline and CFQ (Completely Fair Queuing) I/O schedulers are commonly used in Android for
this purpose.

5. Battery Optimization:

● Resource allocation extends to battery management, as Android devices are power-constrained.

● Android manages CPU frequency, screen brightness, and network connectivity to optimize battery life
while ensuring a responsive user experience.

6. Background Execution Limits:

● Android enforces background execution limits to restrict resource consumption by apps running in the
background.
● Background Execution Limits, introduced in recent Android versions, prevent background apps from
consuming CPU cycles unnecessarily.

7. Network Resource Management:

● Android allocates network resources efficiently.

● Quality of Service (QoS) and network scheduling help ensure that network resources are allocated
fairly among different apps and services.

8. GPU Allocation:

● Android's Hardware Composer (HWC) allocates GPU resources to different applications to ensure
smooth rendering and graphics performance.
● GPU allocation is vital for high-quality graphics in games and applications.

9. Security Mechanisms:

● Android's resource allocation is also influenced by security considerations.

● Each app runs in its own sandboxed environment, and security mechanisms like SELinux (Security-
Enhanced Linux) ensure that apps cannot access unauthorized resources.

10. Multitasking Management:

● Android supports multitasking, allowing multiple applications to run simultaneously.

● The recent apps screen and task switcher provide a way to manage and allocate resources effectively.

Resource allocation in Android aims to balance the efficient utilization of system resources with a responsive
and user-friendly experience. It plays a critical role in ensuring that Android devices provide a consistent and
reliable performance across a wide range of applications and use cases.

13
Student ID : IT 22282040
Name : Silva S. Y. N.

The level of security some OS provide.

Client: Windows

❖ Security aspects

1. Security Baselines

Explanation:
Security baselines are like a recommended rulebook made by Microsoft for keeping Windows computers
safe.
They help start the process of making Windows devices secure.

Benefits:
Standardization: Makes sure that all computers in a group follow the same security rules.
Expert Guidance: Uses advice from experts at Microsoft and others to keep things safe.
Compliance: Helps meet the rules and standards that say how computers should be secured.

2. Privileged Access Security Levels

➢ Levels in Detail
i. Basic Assurance : Does basic things to keep important accounts safe.
ii. Enhanced Assurance : Adds extra protection, making it harder for bad guys to cause trouble.
iii. Defender for Cloud Investment : Needs extra tools from Microsoft Defender for Cloud to be even safer.

➢ Implementation
Lets groups organize and control who gets access to really important stuff based on how sensitive it is.

3. Security Options
➢ Components
i. Best Practices : Shows the best ways to set up security for computers.
ii. Location-Based Settings: Changes how security works based on where the computer is.
iii. Security Considerations: Gives deep info about what happens when you change different security
settings.

➢ Customization

Lets groups change security rules to fit their needs better.

14
4. Protection and Configuration Levels (Microsoft Intune)

Minimum : Says the basic things every computer should do to stay safe.
Enhanced : Adds more safety measures on top of the basics.
High : The safest level, but needs a bigger setup.
Scope : Focuses on keeping things safe, deciding who can access what, and using advanced tools from
Microsoft Intune.

5. Network Security LAN Manager Authentication Level

➢ Authentication Protocols
i. LM (LAN Manager) : An old way to check if a computer is allowed to join a network, not very safe.
ii. NTLM (New Technology LAN Manager) : Safer than LM, but still has some problems.
iii. Kerberos: A modern and much safer way for computers to talk to each other.
➢ Considerations
Picking Kerberos is better for making sure network conversations are secure.

6. Access Control

➢ Authorization Mechanisms
i. Discretionary Access Control (DAC): Lets the owner of something decide who can use it.
ii. Mandatory Access Control (MAC): Decides who can do what based on big rules set for the whole
system.
iii. Role-Based Access Control (RBAC): Decides who can do what based on the jobs people have.

❖ Some aspects of windows security for clients

1. Account Lockouts
This is like a security guard for your computer account. If someone tries to guess your password too many
times and gets it wrong, the account locks up. They can't try again for a while, keeping your account safe.
2. BitLocker

15
Think of BitLocker as a superhero cape for your computer. It wraps a special lock around all your important
stuff. Even if someone grabs your computer, they can't peek inside without a secret key.
3. Kerberos Authentication
Imagine computers having a secret handshake. That's Kerberos! It ensures when your computer talks to
another, they both know it's the real deal, not a sneaky imposter trying to get in.
4. Legacy Authentication (NTLM)
Picture old doors needing a specific old key. Legacy Authentication is that key for older computer programs,
letting them work safely.
5. Permissions, Access Control, and Auditing
These are like bouncers at a party. They check who's allowed (permissions), make sure you're on the guest
list (access control), and keep an eye on everyone (auditing).
6. Secure Boot and UEFI
It's like having a locked gate at your computer's entrance. Only the good stuff gets in when your computer
starts, keeping out sneaky bad software.
7. Smart Card Logon
Imagine having a special ID card for your computer. Only with that card, you can log in. It adds extra
security, needing both a password and this special card.
8. TPM (Trusted Platform Module)
This is like a secret bodyguard for your computer's secrets. It keeps important things locked up, only letting
them out if it's sure you're in charge.
9. Windows Firewall with Advanced Security (WFAS)
It's like a superhero shield around your computer. This shield decides who comes in and who stays out,
making sure only good things get through.
10.Microsoft Defender Antivirus
Imagine a superhero guard watching for bad guys (viruses). Defender Antivirus stops them before they can
harm your computer.

11. Controlled Folder Access

Think of it as a guard dog for your important folders. Only the right people or programs are allowed in, and
it barks at anything suspicious.
12. Windows Defender Firewall
This is like a smart gate for your computer network. It decides who can come in, ensuring only trusted
friends can connect.
13. Windows Defender SmartScreen
Imagine a super detective for your computer, checking websites and downloads for trickery. If it finds
anything fishy, it warns you to stay away.
14. Exploit Protection Mitigations

16
It's like having a guardian angel for your computer programs. Exploit Protection helps protect them from
tricky moves by bad guys.
15. Device Security
Think of it as a menu of security options for your computer. You get to pick and choose how to keep your
device safe.
16. Family Options
It's like a special remote control for parents to set rules for kids using the computer. Parents decide what's
safe and what's not.
17. Zero Trust Security Model
It's like making sure everyone proves they're safe before they're allowed in. Nobody gets a free pass, even if
they seem friendly.
18. Application Isolation and Controls
Imagine different rooms for different apps on your computer. If one misbehaves, it doesn't cause trouble for
the others.
19. Code Integrity
This is like having a bodyguard for your computer's programs. It ensures only the trustworthy ones get to
run, keeping out any sneaky impostors.
20. Privacy Controls
It's like having curtains for your computer. You decide who gets to see what, giving you control over your
private space.
21. Least-Privilege Principles
It's like giving people only the access they need for their job, not more. Picture an office where everyone has
their own key but can only go where they need to go.

Server: Linux
1. Security Patching and Updates

❖ Importance: Regularly applying security patches and updates is crucial to address known
vulnerabilities and bugs in the system.
❖ Implementation:
· Set up automated processes to regularly check for and apply updates.
· Subscribe to security mailing lists to stay informed about the latest vulnerabilities.

2. Physical Security:

❖ Importance: Physical security is the foundation of overall system security, preventing unauthorized
access to hardware.
❖ Implementation:
· Configure BIOS settings to prevent booting from external devices.
· Set BIOS and GRUB passwords to protect system settings.

17
 · Implement multi-layered physical security measures, including locks, security cameras, and
access control systems.

3. Password Management:

❖ Importance: Strong and unique passwords, along with additional authentication factors, enhance
user account security.
❖ Implementation:
· Enforce password policies that include complexity requirements.
· Generate and use SSH key pairs for secure authentication.
· Implement two-factor authentication for an extra layer of security.

4. System Updates and Audits:

❖ Importance: Regular updates and audits ensure that the system is protected against the latest security
threats.
❖ Implementation:
· Conduct regular security audits to identify and address vulnerabilities.
· Keep the operating system, applications, and libraries up-to-date.

5. Firewall Configuration:

❖ Importance: Firewalls control incoming and outgoing network traffic, preventing unauthorized
access.
❖ Implementation:
· Filter unused ports to reduce the attack surface.
· Use tools like iptables or ufw to configure and manage the firewall.

6. Encryption:

❖ Importance: Encryption safeguards data, both in transit and at rest, protecting it from unauthorized
access.
❖ Implementation:
· Apply full disk encryption using tools like LUKS to protect data at rest.
· Use protocols like SSL/TLS for encrypting data in transit.

7. Intrusion Detection:

❖ Importance: Intrusion detection tools help monitor and detect unauthorized changes to the system.
❖ Implementation:
· Use integrity checking tools like AIDE to monitor file changes.
· Employ rootkit detection tools such as rootkit hunter to identify potential security threats.

8. Authentication with Kerberos:

18
 ❖ Importance: Kerberos authentication enhances network security by preventing eavesdropping and
unauthorized access.
❖ Implementation:
· Implement Kerberos for secure authentication and encrypted communication.
· Use it to prevent man-in-the-middle attacks on the network.

9. Additional Measures:

· Regularly review and update security policies.

· Conduct security training for users to raise awareness.
· Perform penetration testing to identify and address potential vulnerabilities.
· Monitor logs and implement centralized log management for easier analysis.

Mobile OS: Android

App Sandbox
· Each app is like a person playing in a sandbox.
· They can't interfere with each other or mess with the phone's main system.
App Signing
· Android checks that apps are real and haven't been changed.
· You only get apps from trusted places.
Authentication
· Special keys and codes keep your important stuff safe.
· Only the right person can get in.
Biometrics
· Fancy tech like fingerprints or face scans make sure it's really you.
· Only strong tech is allowed.
Encryption
· Your secrets are stored in a special, locked box.
· Even if someone tries to peek, they can't understand what's inside.
Security-Enhanced Linux
· An extra guard that watches everything, even the really powerful stuff.
· It makes sure nothing misbehaves.
OS Defense
· Android comes with top-notch security already built-in.

19
 · It's like having a strong fence around your phone.
App Safety Defense
· App makers can add extra locks to their apps.
· This makes apps as safe as possible.
Research and Analysis
· There's a team always looking for problems and fixing them.
· They tell everyone about the issues and what they did.
Always On Protection
· Android is always watching out for new dangers.
· Smart tech learns to stop bad things before they happen.
Secure Boot
· When the phone starts, it makes sure everything is safe and unchanged.
· It's like checking the door is locked every time you leave.
Security Updates
· The security team fixes problems they find or that people tell them about.
· They keep your phone safe with regular updates.
Reporting Issues
· Anyone who finds a problem can tell the security team.
· They want to know so they can fix it fast.
Testing
· Before your phone gets to you, it goes through special tests to find any issues.
· This helps catch problems early.

20