UNIT-V

Syllabus
System Protection: Goals of protection, Principles and domain of protection, Access matrix,
Access control, Revocation of access rights.
System Security: Introduction, Program threats, System and network threats, Cryptography
for security, User authentication, implementing security defences, firewalling to protect
systems and networks, Computer security classification.
Case Studies: Linux, Microsoft Windows.

System Protection
Protection refers to a mechanism which controls the access of programs, processes, or
users to the resources defined by a computer system. We can take protection as a helper to
multi programming operating system, so that many users might safely share a common
logical name space such as directory or files.
Need of Protection:
 To prevent the access of unauthorized users and
 To ensure that each active programs or processes in the system uses resources
only as the stated policy,
 To improve reliability by detecting latent errors.
Protection And Security:
An implemented to prevent interference with use of files both logical and physical
 PROTECTION: Internal threads
[Internal threads of information which are internal], Provides the mechanism for
controlling the access to program user to a resource.
 SECURITY: External threads
[Firewalls, encryption deals with external threads]
Role of Protection: The role of protection is to provide a mechanism that implement
policies which defines the uses of resources in the computer system. Some policies are
defined at the time of design of the system, some are designed by management of the
system and some are defined by the users of the system to protect their own files and
programs. Every application has different policies for use of the resources and they may
change over time so protection of the system is not only concern of the designer of the
operating system. Application programmer should also design the protection mechanism to
protect their system against misuse.
Policy is different from mechanism. Mechanisms determine how something will be done
and policies determine what will be done. Policies are changed over time and place to
place. Separation of mechanism and policy is important for the flexibility of the system.

Goals of protection:

1. Provides a means to distinguish between authorized and unauthorized usage.

2. To prevent mischievously, intentional violation of an access restriction by the user.

3. To ensure that each program component which is active in a system uses system
resources only in ways consistent with stated policies. (This gives a reliable system).

4. To detect latent errors at the interfaces between the component subsystems. (This can
improve reliability). Early detection helps in preventing malfunctioning of subsystems.

5. To enforce policies governing resource usage.

A mechanism and a policy

 A mechanism tells how something should be done whereas a policy says what is to be
done.

 Policies decide what is to be done during resource usage. The policies can be fixed in
the design of the system or can be formulated by the management of the system. Also,
the protection system must provide flexibility to enforce a variety of policies. Policies
can change from time to time and from place to place.

Principles of protection:
1. The time-tested guiding principle used for protection is called the principle of least
privilege. It states that programs, users and even systems be given just enough
privileges to perform their tasks.
2. An OS following this principle implements its features, programs, system calls, and
data structures so that failure or compromise of a component does the minimum
damage and allows minimum damage to be done. Such OS has fine-grained access
control.
3. It provides mechanisms to enable privileges when they are needed and to disable them
when not needed.
4. Privileged function access has audit trails that enable programmer or systems
administrator or law-enforcement officer to trace all protection and security activities
of the system.
 5. We can create separate accounts for each user with just the privileges that the user
needs.
The computer system made up of processes and objects.
Objects can be:

 Hardware Objects: CPU, memory segments, printers, disks, etc.

 Software Objects: files, programs, semaphores, etc.

The characteristics of these objects? /Domain protection.

 Objects are abstract data types.

 Have a unique name and can each be accessed only through well-defined and
meaningful operations. The type of operation depends on the type of object.

 At any given time, a process should be able to access only those resources that it
currently requires. This is called need to know principle.

Domain of Protection:
• A computer can be viewed as a collection of processes and objects (both HW & SW).

• The need-to-know principle states that a process should only have access to those
objects it needs to accomplish its task, and furthermore only in the modes for which it
needs access and only during the time frame when it needs access.

• The modes available for a particular object may depend upon its type.

Domain Structure:
• A protection domain specifies the resources that a process may access.

• Each domain defines a set of objects and the types of operations that may be invoked
on each object.

• An access right is the ability to execute an operation on an object.

• A domain is defined as a set of < object, {access right set} > pairs, as shown below.
Note that some domains may be disjoint while others overlap.
 Fig 5.1: Domain Structure

Association between process and domain:

Processes switch from one domain to other when they have the access right to do so. It can
be of two types as follows.
 Fixed or static: In fixed association, all the access rights can be given to the processes
at the very beginning but that give rise to a lot of access rights for domain switching.
So, a way of changing the contents of the domain is found dynamically.
 Changing or dynamic: In dynamic association where a process can switch
dynamically, creating a new domain in the process, if need be.

Domains may be realized in different fashions - as users, or as processes, or as procedures.

E.g., if each user corresponds to a domain, then that domain defines the access of that user,
and changing domains involves changing user ID.

Access Matrix:
Access Matrix is a security model of protection state in computer system. It is
represented as a matrix. Access matrix is used to define the rights of each process
executing in the domain with respect to each object. The rows of matrix represent
domains and columns represent objects. Each cell of matrix represents set of access
rights which are given to the processes of domain means each entry (i, j) defines the
set of operations that a process executing in domain Di can invoke on object Oj.
 Table 5.1: Access Matrix
 According to the above matrix: there are four domains and four objects- three files (F1,
F2, F3) and one printer.
 A process executing in D1 can read files F1 and F3. A process executing in domain D4
has same rights as D1 but it can also write on files.
 Printer can be accessed by only one process executing in domain D2. The mechanism of
access matrix consists of many policies and semantic properties.
 Specifically, we must ensure that a process executing in domain Di can access only
those objects that are specified in row i.
 Policies of access matrix concerning protection involve which rights should be included
in the (i, j) th entry.
 We must also decide the domain in which each process executes. This policy is usually
decided by the operating system.
 The Users decide the contents of the access-matrix entries.
 Association between the domain and processes can be either static or dynamic.
 Access matrix provides a mechanism for defining the control for this association
between domain and processes.
 When we switch a process from one domain to another, we execute a switch operation
on an object (the domain).
 We can control domain switching by including domains among the objects of the access
matrix.
 Processes should be able to switch from one domain (Di) to another domain (Dj) if and
only is a switch right is given to access (i, j).

Table 5.2: Access Matrix domain switch

Protection in File System: In computer systems, a lot of user’s information is stored,
the objective of the operating system is to keep safe the data of the user from the improper
access to the system.
Protection can be provided in number of ways.
 For a single laptop system, we might provide protection by locking the computer in a
desk drawer or file cabinet.
 For multi-user systems, different mechanisms are used for the protection.
Types of Access:
 The files which have direct access of the any user have the need of protection.
 The files which are not accessible to other users doesn’t require any kind of protection.
 The mechanism of the protection provides the facility of the controlled access by just
limiting the types of access to the file.
 Access can be given or not given to any user depends on several factors, one of which is
the type of access required.

Several different types of operations can be controlled:

 Read: Reading from a file.
 Write: Writing or rewriting the file.
 Execute: Loading the file and after loading the execution process starts.
 Append: Writing the new information to the already existing file, editing must be end
at the end of the existing file.
 Delete: Deleting the file which is of no use and using its space for another data.
 List: List the name and attributes of the file.
Access Control:
 There are different methods used by different users to access any file.
 The most common approach to the protection problem is to make access dependent on
the identity of the user.
 File can be associated with an access-control list (ACL) specifying the user’s name and
type of access allowed to each user
Problems
 Constructing such a list may be tedious
 The directory entry now needs to be a variable size, resulting in more complicated space
management.
These problems can be resolved by combining access control list with an owner, group,
universe access control scheme.
 To condense the length of the access-control list, many systems recognize three
classifications of users in connection with each file:
 Owner: Owner is the user who has created the file.
 Group: A group is a set of members who has similar needs and they are sharing the
same file.
 Universe: In the system, all other users are under the category called universe.
 Fig 5.2: Access Control

Fig 5.3: Access permissions

Example:
OWNER ACCESS 7 R W X [1 1 1]

GROUP ACCESS 6R W X [1 1 0]

UNIVERSE ACCESS 1R W X [ 0 0 1]

R W X which indicates READ/WRITE/EXECUTE PERMISSIONS

Table 5.3: File permissions

Role-Based Access Control:

Role-Based Access Control, RBAC, assigns privileges to users, programs, or roles as

appropriate, where "privileges" refer to the right to call certain system calls, or to use
certain parameters with those calls. RBAC supports the principle of least privilege.

Fig 5.4: Role-Based Access Control privileges

Role-based access control (RBAC) is a method of restricting network access based on the
roles of individual users within an enterprise. RBAC lets employees have access rights only
to the information they need to do their jobs and prevents them from accessing information
that doesn't pertain to them. An employee's role in an organization determines the
permissions that individual is granted and ensures that lower-level employees can't access
sensitive information or perform high-level tasks. In the role-based access control data model,
roles are based on several factors, including authorization, responsibility and job competency.
As such, companies can designate whether a user is an end user, an administrator or a
specialist user. In addition, access to computer resources can be limited to specific tasks, such
as the ability to view, create or modify files. Limiting network access is important for
organizations that have many workers, employ contractors or permit access to third parties,
like customers and vendors, making it difficult to monitor network access effectively.
Companies that depend on RBAC are better able to secure their sensitive data and critical
applications.
 Benefits of RBAC

There are a number of benefits to using RBAC to restrict unnecessary network access based
on people's roles within an organization, including:

 Improving operational efficiency. With RBAC, companies can decrease the need for
paperwork and password changes when they hire new employees or switch the roles of
existing employees. RBAC lets organizations quickly add and change roles, as well as
implement them across platforms, operating systems (OSes) and applications. It also cuts
down on the potential for error when user permissions are being assigned. Additionally, with
RBAC, companies can more easily integrate third-party users into their networks by giving
them predefined roles.

 Enhancing compliance. Every organization must comply with local, state and federal
regulations. Companies generally prefer to implement RBAC systems to meet the regulatory
and statutory requirements for confidentiality and privacy because executives and IT
departments can more effectively manage how the data is accessed and used. This is
particularly important for financial institutions and healthcare companies that manage
sensitive data.

 Giving administrators increased visibility. RBAC gives network administrators and

managers more visibility and oversight into the business, while also guaranteeing that
authorized users and guests on the system are only given access to what they need to do their
jobs.

 Reducing costs. By not allowing user access to certain processes and applications,
companies may conserve or more cost-effectively use resources, such as network bandwidth,
memory and storage.

 Decreasing risk of breaches and data leakage. Implementing RBAC means restricting
access to sensitive information, thus reducing the potential for data breaches or data leakage.

Best practices for role-based access control implementations

There are a number of best practices organizations should follow for implementing RBAC,
including:

 Determine the resources for which they need to control access, if they're not already listed --
for instance, customer databases, email systems and contact management systems.
 Analyse the workforce, and establish roles that have the same access needs. However, don't
create too many roles because that would defeat the purpose of role-based access control and
create user-based access control rather than role-based access control. For instance, there
could be a basic user role that includes the access every employee need, such as to email and
the corporate intranet. Another role could be that of a customer service representative who
would have read/write access to the customer database, and yet another role could be that of a
customer database admin with full control of the customer database.

 After creating a list of roles and their access rights, align the employees to those roles, and set
their access.

 Evaluate how roles can be changed, as well as how accounts for employees who are leaving
the company can be terminated and how new employees can be registered.

 Ensure RBAC is integrated across all systems throughout the company.

 Conduct training so that the employees understand the principles of RBAC.

 Periodically conduct audits of the roles, the employees who are assigned to them and the
access that's permitted for each role. If a role is found to have unnecessary access to a certain
system, change the role, and modify the access level for those individuals who are in that
role.
 Fig 5.5: Role-Based Access Control

Revocation of Access Rights: Scheme required to locate capability in the system before
capability can be revoked.
 Reacquisition
 Back-pointers

 Indirection

 Keys

 Reacquisition: Periodically, all capabilities are deleted from each domain. If a process
wants to use a capability, it may find that that capability has been deleted. The process
may then try to reacquire the capability. If access has been revoked, the process will not
be able to reacquire the capability.

 Back-pointers: A list of pointers is maintained with each object, pointing to all

capabilities associated with that object. When revocation is required, we can follow these
pointers, changing the capabilities as necessary.
 Indirection. The capabilities point indirectly to the objects. Each capability points to a
unique entry in a global table, which in turn points to the object. We implement
revocation by searching the global table for the desired entry and deleting it. Then, when
an access is attempted, the capability is found to point to an illegal table entry.

 Keys: A key is a unique bit pattern that can be associated with a capability. This key is
defined when the capability is created, and it can be neither modified nor inspected by the
process owning the capability. A master key is associated with each object; it can be
defined or replaced with the set-key operation. When a capability is created, the current
value of the master key is associated with the capability. When the capability is exercised,
its key is compared with the master key. If the keys match, the operation is allowed to
continue; otherwise, an exception condition is raised. In key-based schemes, the
operations of defining keys, inserting them into lists, and deleting them from lists should
not be available to all users.

System Security

 Security refers to providing a protection system to computer system resources such as

CPU, memory, disk, software programs and most importantly data/information stored
in the computer system.

 If a computer program is run by an unauthorized user, then he/she may cause severe
damage to computer or data stored in it.

 So, a computer system must be protected against unauthorized access, malicious

access to system memory, viruses, worms etc.

User Authentication:

Authentication refers to identifying each user of the system and associating the
executing programs with those users. It is the responsibility of the Operating System
to create a protection system which ensures that a user who is running a particular
program is authentic. Operating Systems generally identifies/authenticates users using
following three ways
1. Username / Password − User need to enter a registered username and password
with Operating system to login into the system.

Fig 5.6: Username / Password

2. User card/key − User need to punch card in card slot, or enter key generated by
key generator in option provided by operating system to login into the system.

Fig 5.7: User card/key

3. User attribute - fingerprint/ eye retina pattern/ signature − User need to pass
his/her attribute via designated input device used by operating system to login
into the system.
 Fig 5.8: User attribute

One Time passwords:

One-time passwords provide additional security along with normal authentication. In

One-Time Password system, a unique password is required every time user tries to
login into the system. Once a one-time password is used, then it cannot be used again.
One-time password is implemented in various ways.

• Random numbers: Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets
randomly chosen.

Fig 5.9: Random numbers

• Secret key: User are provided a hardware device which can create a secret id mapped
with user id. System asks for such secret id which is to be generated every time prior
to login.
 Fig 5.10: Secret key

• Network password: Some commercial applications send one-time passwords to user

on registered mobile/ email which is required to be entered prior to login.

Fig 5.11: Network password

Program Threats: Operating system's processes and kernel do the designated task as
instructed. If a user program made these process do malicious tasks, then it is known
as Program Threats. One of the common examples of program threat is a program installed in
a computer which can store and send user credentials via network to some hacker. Following
is the list of some well-known program threats.
1. Trojan Horse: The word Trojan horse is taken from the tales of Greek mythology from
the Trojan war where solider hid inside the statue of a horse and won over the city of
Troy. So, as you can gather from the short description of this story, in computer
terminology the world Trojan horse is used to refer to those programs which appear
attractive and genuine from above, but have malicious code embedded inside them. This
code could be either a virus, a worm or both of these.
 Fig 5.12: Trojan Horse

The Trojan horse can then be used by the attacker to carry out a variety of nefarious
activities from a remote location which could include tampering with the target computer
files, stealing passwords, viewing screenshots, getting key-logging reports and so forth.
Some of the ways in which the Trojan horse program could get inside a computer is through
embedding in an otherwise genuine program, through email attachments, executable web
content such as say the ActiveX controls and so forth. One of the most notorious Trojan
horse programs of the recent times was the Love Bug which originated somewhere from
Philippines and infected innumerable computer systems around the globe. Actually, this
horse contained the worm of a program which caused the damage of nearly 6 billion US
dollars and even organizations of the likes of CIA and Pentagon had to shut down their
systems temporarily to get rid of it. Such program traps user login credentials and stores
them to send to malicious user who can later on login to computer and can access system
resources.
2. Trap Door: A trap door is kind of a secret entry point into a program that allows
anyone gain access to any system without going through the usual security access
procedures. Other definition of trap door is it is a method of bypassing normal
authentication methods. Therefore, it is also known as back door. Programmers use
Trap door legally to debug and test programs. Trap doors turns to threats when any
dishonest programmers to gain illegal access. Program development and software
update activities should be first focus of security measures. Operating system that
controls the trap doors is difficult to implement.
 Fig 5.13: Trap Door

3. Logic Bomb − Logic bomb is a situation when a program misbehaves only when certain
conditions met otherwise it works as a genuine program. It is harder to detect.

Fig 5.14: Logic Bomb

4. Virus: A computer virus is a program which can harm our device and files and infect
them for no further use. When a virus program is executed, it replicates itself by
modifying other computer programs and instead enters its own coding. This code infects a
file or program and if it spreads massively, it may ultimately result in crashing of the
device.
 Fig 5.15: Virus

Since the computer virus only hits the programming of the device, it is not visible. But there
are certain indications which can help you analyse that a device is virus-hit. Given below are
such signs which may help you identify computer viruses:

 Speed of the System – In case a virus is completely executed into your device, the time
taken to open applications may become longer and the entire system processing may start
working slowly

 Pop-up Windows – One may start getting too many pop-up windows on their screen
which may be virus affected and harm the device even more

 Self-Execution of Programs – Files or applications may start opening in the background

of the system by themselves and you may not even know about them

 Log out from Accounts – In case of a virus attack, the probability of accounts getting
hacked increase and password protected sites may also get hacked and you might get
logged out from all of them

 Crashing of the Device – In most cases, if the virus spreads in maximum files and
programs, there are chances that the entire device may crash and stop working

The first thing which you might notice in case of virus attack is the speed with which your
system shall process. And then gradually other changes can also be observed.
System Threats: System threats refers to misuse of system services and network
connections to put user in trouble. System threats can be used to launch program threats on a
complete network called as program attack. System threats creates such an environment that
operating system resources/ user files are misused. Following is the list of some well-known
system threats.

1. Worm: Worm is a process which can choked down a system performance by using
system resources to extreme levels. A Worm process generates its multiple copies where
each copy uses system resources, prevents all other processes to get required resources.
Worms’ processes can even shut down an entire network.

Fi
g 5.16: Worm

2. Port Scanning: Port scanning is a mechanism or means by which a hacker can detects
system vulnerabilities to make an attack on the system.

Fig 5.17: Port Scanning

3. Denial of Service: A denial-of-service attack (DoS attack) is a cyber-attack in which the

perpetrator seeks to make a machine or network resource unavailable to its
intended users by temporarily or indefinitely disrupting services of a host connected to
the Internet. Denial of service is typically accomplished by flooding the targeted machine
 or resource with superfluous requests in an attempt to overload systems and prevent some
or all legitimate requests from being fulfilled.

Denial of service attacks normally prevents user to make legitimate use of the system. For
example, a user may not be able to use internet if denial of service attacks browser's
content settings.

Fig 5.18: Denial of Service

Computer Security Classifications:

As per the U.S. Department of Defense Trusted Computer System's Evaluation Criteria there
are four security classifications in computer systems: A, B, C, and D. This is widely used
specifications to determine and model the security of systems and of security solutions.
Following is the brief description of each classification.

S.N. Classification Type & Description

1. Type A
Highest Level. Uses formal design specifications and verification techniques.
Grants a high degree of assurance of process security.

2. Type B
Provides mandatory protection system. Have all the properties of a class C2
 system. Attaches a sensitivity label to each object. It is of three types.
B1: Maintains the security label of each object in the system. Label is used for
making decisions to access control.
B2: Extends the sensitivity labels to each system resource, such as storage
objects, supports covert channels and auditing of events.
B3: Allows creating lists or user groups for access-control to grant access or
revoke access to a given named object.

3. Type C
Provides protection and user accountability using audit capabilities. It is of two
types.
C1: Incorporates controls so that users can protect their private information and
keep other users from accidentally reading / deleting their data. UNIX versions
are mostly Cl class.
C2: Adds an individual-level access control to the capabilities of a Cl level
system.

4. Type D
Lowest level. Minimum protection. MS-DOS, Window 3.1 fall in this category.

Table 5.4: Computer Security Classifications

Cryptography:

 Cryptography is the science to encrypt and decrypt data that enables the users to store
sensitive information or transmit it across insecure networks so that it can be read only by
the intended recipient.

 Data which can be read and understood without any special measures is called plaintext,
while the method of disguising plaintext in order to hide its substance is
called encryption.

 Encrypted plaintext is known as cipher text and process of reverting the encrypted data
back to plain text is known as decryption.
 F
ig 5.19: Cryptography

 The science of analyzing and breaking secure communication is known as

cryptanalysis. The people who perform the same also known as attackers.

 Cryptography can be either strong or weak and the strength is measured by the time
and resources it would require to recover the actual plaintext.

 Hence an appropriate decoding tool is required to decipher the strong encrypted

messages.

 There are some cryptographic techniques available with which even a billion
computers doing a billion checks a second, it is not possible to decipher the text.

 As the computing power is increasing day by day, one has to make the encryption
algorithms very strong in order to protect data and critical information from the
attackers.

Encryption: Encryption is a process which transforms the original information into an

unrecognizable form. This new form of the message is entirely different from the original
message. That's why a hacker is not able to read the data as senders use an encryption
algorithm. Encryption is usually done using key algorithms. Data is encrypted to make it safe
from stealing. However, many known companies also encrypt data to keep their trade secret
from their competitors.
 Fig 5.20: Encryption

Decryption: Decryption is a process of converting encoded/encrypted data in a form that is

readable and understood by a human or a computer. This method is performed by un-
encrypting the text manually or by using keys used to encrypt the original data.

Fig 5.21: Decryption

Usage of Encryption and Decryption:

• Helps you to protect your confidential data such as passwords and login id

• Provides confidentiality of private information

• Helps you to ensure that that the document or file has not been altered

• Encryption process also prevents plagiarism and protects IP

• Helpful for network communication (like the internet) and where a hacker can easily
access unencrypted data.

• It is an essential method as it helps you to securely protect data that you don't want
anyone else to have access.

Types of Keys
Symmetric Key: Symmetric-key encryption are algorithms which use the same
cryptographic keys for both encryption of plaintext and decryption of ciphertext.

Fig 5.22: Symmetric Key

Asymmetric Key:

Asymmetric encryption uses 2 pairs of key for encryption. Public key is available to anyone
while the secret key is only made available to the receiver of the message. This boots
security.

Fig 5.23: Asymmetric Key

Public Key:

Public key cryptography is an encryption system which is based on two pairs of keys. Public
keys are used to encrypt messages for a receiver.

Private Key:Private key may be part of a public/ private asymmetric key pair. It can be used
in asymmetric encryption as you can use the same key to encrypt and decrypt data.
 Fig 5.24: Public Key & Private Key

Firewall: A firewall can be defined as a special type of network security device or a

software program that monitors and filters incoming and outgoing network traffic based on a
defined set of security rules. It acts as a barrier between internal private networks and
external sources (such as the public Internet). The primary purpose of a firewall is to allow
non-threatening traffic and prevent malicious or unwanted data traffic for protecting the
computer from viruses and attacks. A firewall is a cybersecurity tool that filters network
traffic and helps users block malicious software from accessing the Internet in infected
computers. Almost every medium and large-scale organization has a presence on the Internet
and has an organizational network connected to it. Network partitioning at the boundary
between the outside Internet and the internal network is essential for network security.
Sometimes the inside network (intranet) is referred to as the “trusted” side and the external
Internet as the “un-trusted” side.

Fig 5.25: Firewall

A firewall system analyses network traffic based on pre-defined rules. It then filters the
traffic and prevents any such traffic coming from unreliable or suspicious sources. It only
allows incoming traffic that is configured to accept. Typically, firewalls intercept network
traffic at a computer's entry point, known as a port. Firewalls perform this task by allowing or
blocking specific data packets (units of communication transferred over a digital network)
based on pre-defined security rules. Incoming traffic is allowed only through
trusted IP addresses, or sources.

Functions of Firewall: The firewall works as a gatekeeper. It analyses every attempt coming
to gain access to our operating system and prevents traffic from unwanted or non-recognized
sources. Since the firewall acts as a barrier or filter between the computer system and other
networks (i.e., the public Internet), we can consider it as a traffic controller. Therefore, a
firewall's primary function is to secure our network and information by controlling network
traffic, preventing unwanted incoming network traffic, and validating access by assessing
network traffic for malicious things such as hackers and malware. Generally, most operating
systems (for example - Windows OS) and security software come with built-in firewall
support. Therefore, it is a good idea to ensure that those options are turned on. Additionally,
we can configure the security settings of the system to be automatically updated whenever
available.

Types of Firewalls:

Depending on their structure and functionality, there are different types of firewalls. The
following is a list of some common types of firewalls:

 Proxy Firewall
 Packet-filtering firewalls
 Stateful Multi-layer Inspection (SMLI) Firewall
 Unified threat management (UTM) firewall
 Next-generation firewall (NGFW)
 Network address translation (NAT) firewalls
Difference between a Firewall and Anti-virus:
Firewalls and anti-viruses are systems to protect devices from viruses and other types of
Trojans, but there are significant differences between them. Based on the vulnerabilities, the
main differences between firewalls and anti-viruses are tabulated below:
Attributes Firewall
Definition A firewall is defined as the
system which analyses and
filters incoming or outgoing
data packets based on pre-
defined rules.
Structure Firewalls can be hardware and
software both. The router is an
example of a physical firewall,
and a simple firewall program
on the system is an example of a
software firewall.
Implementatio Because firewalls come in the
n form of hardware and software,
a firewall can be implemented
either way.
Responsibility A firewall is usually defined as
a network controlling system. It
means that firewalls are
primarily responsible for
monitoring and filtering
network traffic.
Scalability Because the firewall supports
both types of implementations,
hardware, and software,
therefore, it is more scalable
Anti-virus
Anti-virus is defined as the special
type of software that acts as a cyber-
security mechanism. The primary
function of Anti-virus is to monitor,
detect, and remove any
apprehensive or distrustful file or
software from the device.
Anti-virus can only be used as
software. Anti-virus is a program
that is installed on the device, just
like the other programs.
Because Anti-virus comes in the
form of software, therefore, Anti-
virus can be implemented only at
the software level. There is no
possibility of implementing Anti-
virus at the hardware level.
Anti-viruses are primarily
responsible for detecting and
removing viruses from computer
systems or other devices. These
viruses can be in the form of
infected files or software.
Anti-viruses are generally
considered less-scalable than
firewalls. This is because anti-virus
can only be implemented at the
software level. They don't support
 than anti-virus. hardware-level implementation.

Threats A firewall is mainly used to Anti-virus is mainly used to scan,

prevent network related attacks. find, and remove viruses, malware,
It mainly includes external and Trojans, which can harm system
network threats? for example- files and software and share
Routing attacks and IP personal information (such as login
Spoofing. credentials, credit card details, etc.)
with hackers.

Table 5.5: Difference between a Firewall and Anti-virus

Case Study on Linux operating system

Fig 5.26: Linux operating system

The Linux open source operating system, or Linux OS, is a freely attributable, cross-
platform operating system based on Unix that can be installed on PCs, laptops, net-books,
mobile and tablet devices, video game consoles, servers, supercomputers and more.The
Linux OS is frequently packaged as a Linux distribution for both desktop and server use, and
includes the Linux kernel (the core of the operating system) as well as supporting tools and
libraries. Popular Linux OS distributions include Debian, Ubuntu, Fedora, Red Hat and
openSUSE.

Case Study on Windows Operating System:

 Fig 5.27: Windows Operating System

Windows Operating System, computer operating system (OS) developed by Microsoft

Corporation to run personal computers (PCs). Featuring the first graphical user
interface (GUI) for IBM-compatible PCs, the Windows OS soon dominated the PC market.
Approximately 90 percent of PCs run some version of Windows.

The first version of Windows, released in 1985, was simply a GUI offered as an
extension of Microsoft’s existing disk operating system, or MS-DOS. Based in part on
licensed concepts that Apple Inc. had used for its Macintosh System Software, Windows for
the first time allowed DOS users to visually navigate a virtual desktop, opening graphical
“windows” displaying the contents of electronic folders and files with the click of
a mouse button, rather than typing commands and directory paths at a text prompt.
Subsequent versions introduced greater functionality, including native Windows
File Manager, Program Manager, and Print Manager programs, and a more
dynamic interface. Microsoft also developed specialized Windows packages, including the
networkable Windows for Workgroups and the high-powered Windows NT, aimed at
businesses. The 1995 consumer release Windows 95 fully integrated Windows and DOS and
offered built-in Internet support, including the World Wide Web browser Internet Explorer.
With the 2001 release of Windows XP, Microsoft united its various Windows
packages under a single banner, offering multiple editions for consumers, businesses,
multimedia developers, and others. Windows XP abandoned the long-used Windows 95
kernel (core software code) for a more powerful code base and offered a more practical
interface and improved application and memory management. The highly successful XP
standard was succeeded in late 2006 by Windows Vista, which experienced a troubled rollout
and met with considerable marketplace resistance, quickly acquiring a reputation for being a
large, slow, and resource-consuming system. Responding to Vista’s disappointing adoption
rate, Microsoft developed Windows 7, an OS whose interface was similar to that of Vista but
was met with enthusiasm for its noticeable speed improvement and its modest system
requirements.