lOMoARcPSD|35588227

Contents
Block 1 - Operating System Fundamentals & Networking 5
Unit 1 - Graphical User Interface 5
GUI – Page 6 5
3 Common GUI – Page 7 5
3D GUI – Page 11 5
3 Components of development environment of GUI – Page 11-12 CYP2 5
X Windows – Page 24-27 CYP3 6
Unit 2 – Introduction to Operating System 7
Virtual Machine – Page 41-42 7
Difference between Virtual Machine Multiprogramming and Conventional Multiprogramming –
Page 42 7
Virtual Machine Multiprogramming – Page 42 – 43 7
Uses and Advantages of Virtual Machine – Page 43 7
Classification of Advanced OS – Page 47 7
Distributed Operating System – Page 48 8
Advantages of Distributed Systems – Pages 48-49 8
Microkernel OS – Page 52 8
Multithreading – Page 52 9
Symmetric Multiprocessing OS – Page 52 9
Difference between multithreading and symmetric multiprocessing – Pages 52-53 9
Unit 3 – Introduction to Networking Concept 10
Computer Network – Page 55 10
5 Network Topologies with Diagrams – Page 57 10
Structure of Bus Topology – Page 57 10
Structure of Star Topology – Page 58 10
Functionalities of seven layers of OSI Reference Model – Page 59 10
Definition of Protocol – Page 60 11
Difference between CSMA/CD and Token Passing access methods – Page 62-63 11
Avoiding collision on CSMA/CD network – Pages 62-63 11
Unguided Transmission Media – Page 72 11
Guided Transmission Media – Page 72 12
Optical Fiber – Page 74 12
Advantages of Optical Fiber – Page 74-75 12
 lOMoARcPSD|35588227

Repeater – Page 7612

Uses of Repeater – Page 76 13
Unit 4 – Internetworking: Concept, Architecture and Protocols 14
Packet Switching – Page 89 14
2 Approaches of Packet Switching – Page 89 14
FTP Explanation – Page 95-97 14
TELNET Explanation – Page 95, 97-98 14
Domain Name System (DNS) – Page 100 – 101 15
Design Goals of DNS – Page 101-102 15
Design Principles of DNS – Page 102-103 15
DNS Architecture – Page 103 16
DNS Zones – Page 103 16
SNMP – Page 104-105 16
Diagram of SNMP Architecture – Page 105 17
Block 2 – Linux Operating System 18
Unit 1 – Introduction to Linux Operating System 18
Abstract Model of Virtual Memory in Linux with Diagram – Pages 8-10 18
Use of Virtual Memory in Linux – Page 10 18
States of a Process in Linux – Page 11 19
Unit 2 – Linux Command and Utilities 20
Purpose of /bin – Page 37 20
Purpose of /dev – Page 37 20
Purpose of /etc – Page 37-38 20
Purpose of /lib - Page 38 20
Purpose of /sbin – Page 38 20
Purpose of /tmp – Page 38 20
Purpose of /usr/bin – Page 38 20
Unit 3 – Linux Utilities and Editor 21
Unit 4 – User to User Communication 22
Configure Linux Machine as NFS Server – Pages 88-90 22
Unit 5 – Unix System Administration 23
Backups and Restoration – Pages 113-114 23
Block 3 – Windows 2000 24
Unit 1 – Windows 2000 Networking 24
3 File Systems supported by Windows 2000 – Page 11 24
 lOMoARcPSD|35588227

File Replication Service – Page 12 24

Unit 2 – Managing Windows 2000 Server 25
Unit 3 – Advanced Windows 2000 Networking 26
Trust Relationships between Domains – Page 36 26
Group Account Administration in Windows 2000 – Page 38 26
Group Policy Objects – Page 39 26
Unit 4 – Windows XP Networking 27
EFS Services – Page 51-52 27
Sharing of Network Resources in Windows XP – Page 52-58 27
Sharing of Drives in Windows XP – Pages 55-58 27
Block 4 – Security and Management 28
Unit 1 – Security Concepts 28
Security Goals of computer systems – Page 6 28
Major Security Threats – Page 9 28
Difference between Vulnerability and Threat – Pages 9-10 CYP3 28
Vulnerability – Page 10 29
Difference between ‘Mandatory Access Control’ and ‘Discretionary Access Control’ in Windows
2000 – Page 11 29
Process of Intrusion Detection – Pages 18-19 29
Unit 2 – Computer Security 30
“Hardening” in Windows 2000 – Page 24, CYP1 30
Computer Viruses – Page 28 30
Firewalls – Page 30 30
Advantages of Firewall – Page 30-31 30
Limitations of firewall – Page 32 31
Packet Filtering - Page 32 31
Limitations of Packet Filtering – Page 33 31
Stateful Packet Filtering Firewall – Page 33-34 31
RAID and its levels – Page 35 – 36 32
Unit 3 – Security and Management – I 33
Functions of Primary domain controller – Page 53 33
BDC – Page 53-54 33
Registry Management in Windows NT – Page 55-57 33
Components of a Registry – Page 56 33
Security Features in Windows 2000 – Page 58 34
 lOMoARcPSD|35588227

Active Directory – Page 58 CYP3 34

Unit 4 – Security and Management – II 35
Security Services provided by IPsec – Page 81 35
Features of IPsec – Page 81 35
2 IPsec components in Windows 2000 – Page 81 35
Implementation Options of IPsec – Page 81-82 35
EFS Services – Pages 82-83 CYP3 36

Block 1 - Operating System Fundamentals & Networking

Unit 1 - Graphical User Interface
GUI – Page 6
 With the introduction of the Macintosh in 1984, Apple Computer popularized the user interface
as it is known today.
 Apple’s user interface is now commonly referred to as Graphical User Interface or GUI
 The GUI has become associated with a common feature set available in a number of product
offerings.
 These features include:
o Secondary user-input devices: usually a pointing device and typically a mouse
o Point and shoot functionality with screen menus
o Icons that represent files, directories, applications, etc.
o Dialog boxes, buttons, sliders, check boxes, and many other graphical metaphors

3 Common GUI – Page 7

 Macintosh Toolbox
o The Macintosh GUI is called the Toolbox.
o The toolbox consists of a collection of utilities to manipulate Macintosh’s resources.
 Microsoft Windows
o MS Windows is the most popular GUI for IBM personal computers.
 X-Window
o The X Windows is supported by an X Consortium of primarily UNIX-based hardware and
software vendors as a standard base for user interfaces across UNIX product lines.

3D GUI – Page 11
 The desktop metaphor GUI is 2D because its visual elements are two-dimensional: they lie in the
xy plane, are defined in 2D coordinates, are flat and contain only planar regions (areas).
 In a 3D GUI, the visual elements are genuinely three-dimensional: they are situated in xyz space,
are defined in terms of 3D coordinates, need not be flat and may contain spatial regions
(volumes).
 The design considerations for a 3D GUI appear more complex than for a 2D GUI.
 3D GUIs offer considerably more scope for metaphors than 2D GUIs.
 There are many metaphors which could be based on our physical 3D environment, including the
obvious extension of the desktop metaphor into a 3D office metaphor.
 lOMoARcPSD|35588227

 Various prototypes have been developed to design the same elements in the 3D GUI as in the 2D
desktop GUI: windows, icons, menus, a cursor, etc.

3 Components of development environment of GUI – Page 11-12 CYP2

 A windowing system
o It allows programs to display multiple applications at the same time.
o Windowing systems include the programming tools for building movable and resizable
windows, menus, dialog boxes, and other items on the display.
o Some GUIs like Macintosh contain proprietary windowing systems while some use
common window systems such as X-window or simple X
 An imaging model
o It defines how fonts and graphics are created on the screen
o Imaging models handle, for example, typeface and size in a word processor and lines in a
drawing program.
o This component has token on increasing sophistication as applications incorporate
complex curves, color, shading and dimension.
 An application program interface (API)
o The API is a set of programming language functions that allow the programmer to
specify how the actual application will control the menus, scroll bars and icons that
appear on the screen.
o Like windowing models, APIs align with particular GUIs.
 A set of tools and frameworks for creating interfaces and developing integrated applications

X Windows – Page 24-27 CYP3

 The name X, as well as part of the initial design, was derived from an earlier window system
called W developed at Stanford University.
 The X Window system does not define any particular style of interface but rather provides a
mechanism for supporting many styles.
 The X architecture is based on the premise that an application can run one computer, while the
graphical presentation of the application’s output and responses from the user can occur on
another computer.
 As such, X provides a flexible set of primitive window operations but carefully avoids dictating
the look and feel of any particular application.
 An interface supporting X can theoretically use any X-Window display.
 The application program sends the calls to the X-Window Library, which packages the requests as
X packets and sends calls to the X-Window server.
 The server decodes the X packets and displays them on the screen.

Unit 2 – Introduction to Operating System

Virtual Machine – Page 41-42
 Virtual machine is a concept which creates the illusion of a real machine.
 It is created by a virtual machine operating system that makes a single real machine appear to be
several real machines.
 From the user’s viewpoint, a virtual machine can be made to appear very similar to an existing
real machine or they can be entirely different.
 An important aspect of this technique is that each user can run the operating system of his own
choice.
 lOMoARcPSD|35588227

Difference between Virtual Machine Multiprogramming and Conventional

Multiprogramming – Page 42
 In conventional multiprogramming, processes are allocated a portion of real machine resources.
The same machine resources are distributed among several processes.
 In the virtual multiprogramming system, a single real machine gives the illusion of several virtual
machines, each having its own virtual processor, storage and I/O devices possibly with much
larger capacities.

Virtual Machine Multiprogramming – Page 42 – 43

 In the virtual multiprogramming system, a single real machine gives the illusion of several virtual
machines, each having its own virtual processor, storage and I/O devices possibly with much
larger capacities.
 Virtual machines are created by sharing the resources of the physical computer.
 CPU scheduling can be used to share the CPU and make it appear that users have their own
processor.
 Users can run their virtual machines any software desired.

Uses and Advantages of Virtual Machine – Page 43

 Concurrent running of dissimilar operating systems by different users
 Elimination of certain conversion problems
 Software development
o Programs can be developed and debugged for machine configurations that is different
from those of host
 Security and Privacy
o The high degree of separation between independent virtual machines aids in ensuring
privacy and security

Classification of Advanced OS – Page 47

 Architecture driven systems
o Network OS
o Distributed OS
o Multiprocessor OS
 Application driven systems
o Database OS
o Real-time OS
o Multimedia OS

Distributed Operating System – Page 48

 Distributed operating systems are operating systems for a network of autonomous computers
connected by a communication network.
 A distributed OS controls and manages the hardware and software resources of a distributed
system such that its users view the entire system as a powerful monolithic computer system.
 When a program is executed in a distributed system, the user is not aware of where the program
is executed or of the locations of the resources accessed.
 The basic issues in the design of a distributed OS are the same as in a traditional OS.
 However, several idiosyncrasies of a distributed system, namely, the lack of both shared memory
and a physical global clock, and unpredictable communication delays, makes the design of
distributed operating systems much more difficult.
 lOMoARcPSD|35588227

Advantages of Distributed Systems – Pages 48-49

 Resource Sharing
o Resource sharing has been the main motivation for distributed systems
 Reliability
o One aspect of reliability is availability of a resource despite failures in a system.
o A distributed environment can offer enhanced availability of resources through
redundancy of resources and communication paths.
o E.g., availability of a disk resource can be increased by having two or more disks located
at different sites in the system.
 Communication
o Communication between users at different locations is greatly facilitated using a
distributed system.
o There are two important aspects to communication.
 First, user have unique ids in a distributed system which ensure privacy and
authentication
 Second, use of a distributed system also implies the continued availability of
communication when users migrate to different sites of a system
 Incremental Growth
o Distributed systems are capable of incremental growth, i.e., the capabilities of a system
can be enhanced at a price proportional to the nature and size of the enhancement
o A major advantage of this feature is that enhancements need not be planned in
advance.

Microkernel OS – Page 52
 A microkernel architecture assigns only a few essential functions to the kernel, including address
space, inter-process communication (IPC), and basic scheduling services.
 Other OS services are provided by processes, sometimes called servers, that run in user mode
and are treated like any other applications by the microkernel.
 The microkernel approach simplifies implementation, provides flexibility, and is well suited to a
distributed environment.

Multithreading – Page 52
 Multithreading is a technique in which a process executing an application is divided into threads
that can run concurrently.
 A thread is a dispatchable unit of work which includes a processor context and its own data area
for a stack. It executes sequentially and is interruptible.
 A process is a collection of one or more threads and associated system resources.
 Multithreading is useful for applications that perform a number of essentially independent tasks
that do not need to be serialized
 E.g., a database server that listens for and processes numerous client requests

Symmetric Multiprocessing OS – Page 52

 Symmetric Multiprocessing (SMP) refers to a computer hardware architecture and also to the
operating system behaviour that reflects that architecture.
 A symmetric multiprocessor can be defined as a standalone computer system with the following
characteristics:
o There are multiple processors
 lOMoARcPSD|35588227

o These processors share the same main memory and I/O facilities, interconnected by a
communications bus or other internal connection scheme
o All processors can perform the same functions
 The OS of an SMP schedules processes or threads across all of the processors

Difference between multithreading and symmetric multiprocessing – Pages 52-53

Multithreading Symmetric Multiprocessing
1) Can be used on a single processor and 1) Can only be used on a multi-processor architecture
multi-processor architecture
2) Useful for structuring applications and 2) Useful for no-threaded processes, because several
kernel processes processes can run in parallel

Unit 3 – Introduction to Networking Concept

Computer Network – Page 55
 A network can consist of 2 computers connected together or it can consist of many Local Area
Networks (LANs) connected together to form a Wide Area Network (WAN) across a continent.
 In simple terms it is an interconnected set of some objects.
 A computer network is an interconnected set of autonomous computers.
 Autonomous means each of them can function independent of others, i.e., each computer has
individual processors.
 Two or more computers are connected together by a medium and are sharing resources.
 By using a computer network, people can send and receive back information more quickly.

5 Network Topologies with Diagrams – Page 57

 The Bus Topology
 The Ring Topology
 Star Topology
 Mesh topology
 Combined topologies:
o Star Bus topology
o Star Ring topology

Structure of Bus Topology – Page 57

 In the bus topology, there is a single bus that carries all the data to the entire network.
 A bus is a single continuous communication cable to which all the computers are connected.
 A cable or bus runs throughout the office to which all the workstations are connected.
 The bus topology is also known as linear by.

Structure of Star Topology – Page 58

 In the star topology all the stations are connected to a central computer or hub creating a star
configuration.
 The devices are not directly linked to each other.
 Messages pass from the nodes to the hub, where they are processed or passed along to another
node.
 The hub controls the traffic on the network.

Functionalities of seven layers of OSI Reference Model – Page 59

 lOMoARcPSD|35588227

 The upper layers of the OSI model deal with the application issues and generally are
implemented only in software.
 The highest layer, the application layer, is closest to the end user.
 Both users and application layer processes interact with software applications that contain a
communications component.
 The upper layers are:
o Application
o Presentation
o Session
 The lower layers of the OSI model handle data transport issues.
 The physical layer and the data link layer are implemented in hardware and software.
 The lowest layer, the physical layer, is closest to the physical network medium and is responsible
for actually placing information on the medium.
 The lower layers are:
o Transport
o Network
o Data link
o Physical

Definition of Protocol – Page 60

 A communication protocol is a set of conventions or rules that must be adhered to by both
communicating parties to ensure that information being exchanged between two parties is
received and interpreted correctly.
 Without a protocol, two devices may be connected but not communicating, just as a person
speaking Hindi cannot be understood by a person who speaks only Tamil.
 A protocol defines the following three aspects of communication:
o Syntax
o Semantics
o Timing

Difference between CSMA/CD and Token Passing access methods – Page 62-63
CSMA/CD Token Passing
1) Networks using this are Ethernet 1) Networks using this are Token Ring and
FDDI
2) In these networks, network devices content for the 2) In these networks, a special network
network media. packet called a token us passed around the
network from device to device.
3) When a device has data to send, it first listens to 3) When a device has data to send, it must
see if any other device is currently using the network. wait until it has the token and then send its
If not, it starts sending its data. data.

Avoiding collision on CSMA/CD network – Pages 62-63

 For CSMA/CD (Carrier senses multiple accesses collision detect) networks, switches segment the
network into multiple collision domains.
 This reduces the number of devices per network segment that must contend for the media.
 By creating smaller collision domains, the performance of a network can be increased
significantly without requiring addressing changes.
 lOMoARcPSD|35588227

Unguided Transmission Media – Page 72

 Unguided transmission media also called wireless communication consists of a means for the
data signals to travel but nothing to guide them along a specific path.
 The data signals, not bound to a cabling media transport electromagnetic waves without using a
physical conductor and are therefore often called unbound media.
 Unguided media are commonly used for broadcast type communication.
 E.g., sea water, free space.
 Commonly used for WAN application

Guided Transmission Media – Page 72

 Guided transmission uses a cabling system that guides the data signals along a specific path.
 The data signals are bound by the cabling system.
 Guided media is also known as bound media.
 Guided media are commonly used for point-to-point connection
 Commonly used for LAN application
 4 Types of guided media:
o Open Wire
o Twisted Pair
o Coaxial Cable
o Optical Fiber

Optical Fiber – Page 74

 Optical fiber consists of thin glass fibers that can carry information frequencies in the visible light
spectrum and beyond.
 The typical optical fiber consists of narrow strand of glass called the core.
 Around the core is a concentric layer of glass called the cladding.
 Coating the cladding is a protective coating made of plastic called the Jacket.
 Optical fibers work on the principle that the core refracts the light and the cladding reflects the
light.

Advantages of Optical Fiber – Page 74-75

 Noise immunity: because of fiber-optic transmission uses light rather than electricity, noise is not
a factor
 Security
 Large due to BW (bandwidth)
 No corrosion
 Longer distances than copper wire
 Smaller and lighter than copper wire
 Faster transmission rate

Repeater – Page 76
 Repeaters, also called regenerators, are physical hardware devices.
 They connect two network segments and broadcast packets between them, thus extending your
network beyond the maximum length of your cable segment.
 They have the primary function to regenerate the electrical signal:
o Reshaping the waveform
o Amplifying the waveform
o Retiming the signal, to avoid collision on the network
 lOMoARcPSD|35588227

 Since signal is a factor in the maximum length of a segment, repeater can regenerate (or amplify)
the weak signals so that they can travel additional cable lengths.
 A repeater has intelligence, so that it takes a weak signal from one cable segment, regenerates it
and passes it on to the next segment.

Uses of Repeater – Page 76

 The purpose of a repeater is to extend the LAN segment beyond its physical limits,
 Typically, repeaters are used to connect two physically close buildings together (when they are
too far apart to just extend the segment).
 They can be used to connect floors of a building that would normally surpass the maximum
allowable segment length.

How is Repeater used

Need of different network topologies

Unit 4 – Internetworking: Concept, Architecture and Protocols

Packet Switching – Page 89
 Packet switching involves breaking up of messages into smaller components called packets.
 Packets often range in size from about 128 bytes to over 4096 bytes.
 Each packet contains source and destination information, and is treated as an individual
message.
 These mini-messages are received and routed through optimal routes by various nodes on a
wide area network.
 E.g., a file to be transmitted between two machines may be broken into many packets that are
sent across the network one at a time.

2 Approaches of Packet Switching – Page 89

 In the datagram approach, each packet is treated independently and may follow a different path
through the network.
 Packets may be re-ordered, dropped or delivered in the wrong sequence.
 The communication protocols will have to provide error recovery and sequencing of packets at
destination.
 In the virtual circuit approach, a fixed logical path through the network from sender to
destination is established before any packets are sent.
 This path remains unchanged for the duration of the connection or session.
 Although no resources are reserved along the path, packets are buffered at intermediate nodes
awaiting transmission.

FTP Explanation – Page 95-97

 File Transfer Protocol (FTP) allows the transfer of copies of files between one node and another.
 It is the one of the oldest application layers and was created before the TCP/IP protocol suite.
 FTP is a client-server protocol where an FTP client accesses an FTP server.
 FTP client authenticates itself with a username and a password.
 After successful authentication, the client can download (“get”) and upload (“put”) files and list
files.
 When transferring files, FTP respects the ownership and access privileges of files.
 lOMoARcPSD|35588227

 FTP employs TCP as its transport protocol which ensures a reliable transfer of data.
 2 connections are established for each FTP session: Control Connection (Port 21) and Data
Connection (Port 20)

TELNET Explanation – Page 95, 97-98

 Telnet is a remote login protocol for executing commands on a remote host.
 It runs in a client-server mode and uses TCP protocol for data transmission.
 Recently, the use of telnet in public networks has been discouraged since it does not offer good
protection against third parties that can observer (“snoop”) traffic between a telnet client and a
telnet server.
 At the client, typed characters are transmitted to the server, and the telnet server interprets
these characters as if the user had typed them in the command line utility of the remote
machine. If the sent command results in an output, the output is sent to the telnet client, which
displays it on its monitor
 The telnet server uses the well-known TCP port 23.

Domain Name System (DNS) – Page 100 – 101

 The IP address is a 32 bit integer. If somebody wants to send a message it is necessary to include
the destination address, but people to prefer to assign machines pronounceable, easily
remembered names (host names).
 For this reason, the Domain Name System is used.
 DNS maps a name to an IP address and conversely an address to a name.
 The DNS is a distributed database used by TCP/IP applications to map between hostnames and IP
addresses, and to provide electronic mail routing information.
 The system accesses the DNS through a resolver.
 The resolver gets the hostname and returns the IP address or gets an IP address and looks up a
hostname.

Design Goals of DNS – Page 101-102

 Distributed ownership: Since the internet has distributed ownership; the ownership of name
space should also be of distributed nature.
 Have no obvious size limits for names, name components, data associated with a name, etc.
 DNS protocol should be independent of the network topology
 OS/Architecture independent

Design Principles of DNS – Page 102-103

 Hierarchy
o The names space can be represented as a tree with the root label as a null string.
o The name of each node (except root) has to be up to 63 characters.
o The domain name of any node in the tree is the list of labels, starting from that node to
the root, using a period (“.”) to separate the labels.
o The labels are the individual sections of a name.
o Thus, the domain name “ignou.ac.in” contains three labels: “ignou”, “ac”, and “in.”
o Here, the top level domain is “in”, the second level domain is “ac.in”, and the lowest
level domain is “ignou.ac.in.”
o Diagram on Page 102
 Caching
o When a name server receives information about a mapping, it caches that information.
o Thus, a later query for the same mapping can use the cached result.
 lOMoARcPSD|35588227

o The DNS uses the caching for optimizing search cost

o Caching is required otherwise there will be:
 Long time for lookup
 Congestion at the root server

DNS Architecture – Page 103

 Name Servers are server programs, which hold information about the domain tree’s structure
and set information.
 A name server may cache structure or set information about any part of the domain tree, but in
general a particular name server has complete information about a subset of the domain space,
and pointers to other name servers that can be used to lead to information from any part of the
domain tree.
 Resolvers are programs that extract information from name servers in response to client
requests.
 Resolvers must be able to access at least one name server and use that name server’s
information to answer a query directly.

DNS Zones – Page 103

 The zone is a sub-tree of the DNS that is administered separately.
 Whenever, a new system is installed in a zone, the DNS administrator for the zone allocates a
name and an IP address for the new system and enters these into the name server’s database.
 Within a zone DNS service for subsidiary zones may be delegated along with a subsidiary
domain.
 A name server can support multiple zones.
 Zones are contiguous regions of the name space, where each can be forked into sub zones.
 Each of these sub zones can have its independent management.
 Diagram on Page 103

SNMP – Page 104-105

 SNMP is the simple network management protocol.
 It is used by network management frameworks to manage and monitor network devices, such as
hubs and routers.
 Network management means to ensure that network is up and running, taking corrective
measures and performing maintenance activities.
 It uses UDP ports 161 and 162.
 lOMoARcPSD|35588227

 Network management system consists of two primary elements: a manager and agents
o The manager is the console through which the network administrator performs network
management functions.
o Agents are the entities that interface to the actual device being managed.

Diagram of SNMP Architecture – Page 105

 Diagram on Page 105
 A typical agent usually
o Implements full SNMP protocol
o Stores and retrieves management data as defined by the Management Information Base
o Can signal an asynchronous event to the manager
 A typical manager usually:
o Implements full SNMP protocol
o Able to
 Query agents
 Get response from agents
 Set variables in agents
 Acknowledge asynchronous events from agents

Block 2 – Linux Operating System

Unit 1 – Introduction to Linux Operating System
Abstract Model of Virtual Memory in Linux with Diagram – Pages 8-10
 The processor is always accessing memory either to fetch instructions or to fetch and store data.
 In a virtual memory system, all of these addresses are virtual addresses and not physical
addresses.
 lOMoARcPSD|35588227

 These virtual addresses are converted into physical addresses by the processor through a
mapping scheme using a set of tables maintained by the operating system.
 Virtual and physical memories are divided into handy sized chunks called pages which are all of
the same size.
 Each of these pages is given a unique number, the frame number (FN).
 In this paged model, a virtual address comprises two parts: virtual page frame number (VPFN)
and offset within the frame.
 Each time the processor encounters a virtual address, it must extract the virtual page number
and the offset.
 The processor must translate the virtual page frame number into a physical one (address of
RAM) and then access the location at the correct offset into that physical page.
 To do this, the processor uses page tables.
 Diagram on Page 9

Memory Management in Linux – Page 10

Use of Virtual Memory in Linux – Page 10

 Linux makes use of three-level page table structure, consisting of the following types of tables:
o Page Directory:
 An active process has a single page directory which is the size of one page.
 Each entry in the page directory points to one page of the page middle directory.
o Page Middle Directory
 The page middle directory may span multiple pages.
 Each entry in the page directory points to one page in the page table.
o Page Table
 The page table may also span multiple pages.
 Each page table entry refers to one virtual page of the process.
 To use this three-level page table structure, a virtual address in Linux is viewed as
consisting of four fields.
 The leftmost field is used as an index into the page directory.
 The next field serves as an index into the page middle directory.
 The third field serves as an index into the page table.
 The fourth field gives the offset within the selected page of memory.
 lOMoARcPSD|35588227

States of a Process in Linux – Page 11

 As a process executes, it changes its state according to its circumstances.
 Running
o The process is either running or it is ready to run.
 Waiting
o The process is waiting for an event or for a resource.
o There are 2 types of waiting processes: interruptible and uninterruptible
o Interruptible can be interrupted by signals whereas uninterruptible are waiting on
hardware conditions and cannot be interrupted under any circumstances.
 Stopped
o The process has been stopped, usually by receiving a signal.
o A process that is being debugged can be in a stopped state.
 Zombie
o This is a halted process, which, for some reason still has a task-struct data structure in
the task vector
o It is a dead process.

Unit 2 – Linux Command and Utilities

Purpose of /bin – Page 37
 The /bin directory contains some of the Linux system commands and utilities.
 These include commands like ls, pwd, etc.

Purpose of /dev – Page 37

 The /dev directory contains device special files concerned with hardware devices like printers,
mice, audio devices, storage devices such as floppy drives and CD-ROM drives and so on.

Purpose of /etc – Page 37-38

 The /etc directory has several miscellaneous files and directories.
 It contains many files and commands that reserved for the use of the system administrator.
 Many of the system defaults are set up using these files.
 Ordinary users cannot execute these commands or use these files.
 E.g., /etc/issue, /etc/group, /etc/passwd, /etc/shadow

Purpose of /lib - Page 38

 The /lib directory contains system libraries that are used with compilers and shared libraries that
are needed at run time for executing commands and running executables.

Purpose of /sbin – Page 38

 The /sbin contains some standalone commands and utilities used during installation.
 These are of interest to system administrators and those who need to install and maintain the
system.

Purpose of /tmp – Page 38

 The /tmp directory contains temporary work files that might be created by utilities and
commands when they run.
 It provides work space to such commands.
 This directory is cleared out periodically on many installations.

Purpose of /usr/bin – Page 38

 lOMoARcPSD|35588227

 The directory /usr/bin contains useful and important command utilities for users.
 There is no sharp distinction between the commands in /bin and here, though.

Unit 3 – Linux Utilities and Editor

Unit 4 – User to User Communication
Configure Linux Machine as NFS Server – Pages 88-90
 Linux comes with a tool to help you construct an NFS configuration file. This is the Network
Configuration Tool.
 This can be started by issuing the following command as root
o redhat-config-nfs
 The tool both reads from and writes to the configuration file, /etc/exports.
 The main window: Picture on Page 89
 To share a directory, click on the Add button.
 This brings up a window which has three tabs:
 The “Basic” tab
o It allows you to specify a directory and whether you want to allow read-write or read
only access to others on it
o You also have to specify the hosts which are allowed access on that directory
 The “General Options” tab has 5 options:
o If you want to allow ordinary users to start the NFS service, you have to allow the service
to be started on ports higher than 1024
o Allow insecure file locking
o Disable sub-tree checking
o Force synchronization of writes immediately
o Disable synchronization of write options where the server first writes out to disk the
changes caused by a request before replying to it
 The “User Access” tab has the following options:
o You can allow the superuser of a client machine root privileges on your machine. This is
a big security risk.
o You can map all the users on the client to the anonymous user on your machine. You can
set the user id and group id of the anonymous user.

Unit 5 – Unix System Administration

Backups and Restoration – Pages 113-114
 It is useful for every user to be able to backup data and know how to restore it if needed.
 Backups can be classified into full backups, incremental backups, and differential backups.
 A full backup is a complete backup of an installation or a part of its file system.
 A full backup is easy to restore from, but given today’s large disk capacities, the amount of time
needed is non-trivial.
 So, full backups can be taken at periodic intervals combined with daily incremental backups here
only the files that have changed since last backup are copied.
 But, it can be difficult to locate a needed file in an incremental backup.
 In differential backup, you backup all files that have changed since the last full backup.
 The tar command allows you take a backup of all or selected files in a directory hierarchy onto
tape, floppy disk or the hard disk itself.
 lOMoARcPSD|35588227

 To take a backup of all files under /home/khanz

o tar cvbf 40/dev/rmt0/home/khanz
 To restore:
o tar x khanz.tar

Block 3 – Windows 2000

Unit 1 – Windows 2000 Networking
3 File Systems supported by Windows 2000 – Page 11
 Windows 2000 provides read and write support for NTFS, FAT 16, and FAT 32 file systems.
 FAT is designed for small disks and simple folder structure.
 The major advantage of FAT 32 over FAT 16 is larger partition sizes.

File Replication Service – Page 12

 File Replication Service (FRS) is a file service features supported by Windows 2000.
 It is so configured that it automatically starts on all domain controllers and manually on all
standalone sectors.
 Its automatic file replication service is responsible for the copying and maintenance of files
across network.
 Two kinds of replication are possible:
o Intrasite Replication
o Intersite Replication
 Sites are subnets comprising well-connected computers.
 Any portion of the network, subnet, is a site.

Unit 2 – Managing Windows 2000 Server

Unit 3 – Advanced Windows 2000 Networking
Trust Relationships between Domains – Page 36
 A trust relationship refers to link between two domains, where one domain is referred to as the
trusting domain and other as the trusted domain.
 Trusting domain lets the trusted domain log on.
 User accounts and groups that are defined for a trusted domain can access trusting domain
resource even though these accounts are not present in trusting domain directory database.

Group Account Administration in Windows 2000 – Page 38

 User accounts are collected together. Such collections are called as groups.
 The grouping simplifies administration as new access permissions are assigned to a group rather
than to individual accounts.
 All user accounts belonging to that group have access privileges.
 Users can belong to multiple groups.
 Windows 2000 has 4 built-in groups:
o Global groups
o Domain Local groups
 lOMoARcPSD|35588227

o Local groups
o System groups
 Active Directory Users and Computers Snap-in are used to create a user group in a domain

Group Policy Objects – Page 39

 Group Policy Objects (GPO) contain configuration settings for group policies.
 Information is stored in two ways in a GPO:
o In containers
o In Templates
 Creation of GPOs takes place before group policies.
 Group policies can be modified using:
o Group Policy snap-in or
o Using Active Directory Users and templates snap-in
 Only administrators, creator owner or a user with access to GPO can edit a group policy.

Unit 4 – Windows XP Networking

EFS Services – Page 51-52
 Windows XP Professional lets the user encrypt any of the files or folders using EFS (Encrypting
File System).
 The user can still use that file or folder but no one else will be able to access it, if that file is not
shared.
 To encrypt a file or folder:
o Right click the file and chose properties
o On the General tab, click the Advanced option.
o In the Advanced Attributes dialog box, select Encrypt contents to secure data and click
OK.

Sharing of Network Resources in Windows XP – Page 52-58

 Sharing Files
o By default, Windows XP computer that do not belong to a domain use a new feature
called Simple File Sharing.
o Sharing a file with simple file sharing enables others users to have read only access to
the file. Full control can also be given to other users.
 Sharing Folders
o To share a folder with Simple File Sharing enabled, you first need to ensure that the
folder does not currently reside in a private folder
o To share a folder, follow these steps:
 Right click on the folder. Choose sharing and security.
 On the sharing tab, select share this folder on the network; give a name for the
folder in the share name box.

Sharing of Drives in Windows XP – Pages 55-58

 To share a drive:
o Right click the drive that you wish to share
o Choose sharing and security.
o Then, click on the relevant text
 lOMoARcPSD|35588227

Block 4 – Security and Management

Unit 1 – Security Concepts
Security Goals of computer systems – Page 6
 Integrity
o Data integrity in computer security deals with the knowledge that data has not been
modified.
o Integrity and accuracy are not same.
o E.g., if data is entered incorrectly, it will remain incorrect.
o So, it is possible to have data integrity without data accuracy.
 Confidentiality
o Confidentiality means preventing unauthorized access.
o It ensures that only the authorized person accesses the computer system.
o Data confidentiality cannot be enforced unless data integrity is present.
o The following could require data confidentiality: credit card files, medical records,
personnel data, R&D data, etc.
 Availability
o There is no point in making the computer system so secure that no users can access the
data they need to perform their jobs effectively.
o A computer system is available if:
 The response time is acceptable
 There is a fair allocation of resources
 Fault tolerance exists
 It is user friendly
 Concurrency control and deadlock management exists

Major Security Threats – Page 9

 Interruption: A asset of the system becomes lost, unavailable, or unusable.
o Malicious destruction of hardware device
o Deletion of program or data file
 Interception: Some unauthorized entity can gain access to a computer asset.
o Illicit copying of program or data files
o Wiretapping to obtain data
 Modification: Some unauthorized party tampers with the computer asset.
o Change in values in the database
o Alter a program
 Fabrication
o Some unauthorized part creates a fabrication of counterfeit object of a system

Difference between Vulnerability and Threat – Pages 9-10 CYP3

 A threat is a set of instances that has the capability of causing a loss or harm to the computer
system. A threat can be accidental or deliberate.
 Vulnerability is a weakness in the system (hardware, software, or data). This weakness may be
exploited by threats causing loss or damage to the system.

Vulnerability – Page 10
 Vulnerability does not cause harm until it is exploited.
 lOMoARcPSD|35588227

 It can be a weakness in a) procedures, b) design, and c) implementation

Difference between ‘Mandatory Access Control’ and ‘Discretionary Access Control’ in

Windows 2000 – Page 11
 Mandatory Access Control (MAC) is an access control policy that supports a system with highly
secret or sensitive information. Government agencies typically use a MAC.
 Discretionary Access Control (DAC) is an access control policy that uses the identity of the user
or group that they belong to allow authorized access.
 It is discretionary in that the administrator can control who has access, to what and what type of
access will they have, such as create or write, read, update, or delete.

Process of Intrusion Detection – Pages 18-19

 Intrusion Detection (ID) is the art of detecting inappropriate, incorrect, or anomalous activity.
 The most common approaches to ID are statistical anomaly detection or pattern-matching
detection.
o Some rule based systems rely on preset rules.
o While, anomaly-based systems generate their own baseline overtime by building a
database of recorded network usage. When network usage moves outside the
developed pattern, the IDS sounds an alarm.
 In addition, IDS can either be host or network based or a combination.
o A host based IDS is installed on and looks for potential malicious authority on a specific
computer.
o A network based IDS records network traffic and scans for suspicious activity using
sensors and agents installed throughout a network often through a tap off of a hub or a
switch.

Unit 2 – Computer Security

“Hardening” in Windows 2000 – Page 24, CYP1
 The strategy for hardening Windows 2000 security are:
 Hardening operating system and applications
o Install latest patches or updates
 Hardening File System
o Convert file systems to NTFS
 Hardening Local Security Policies
 Hardening Services
o Remove programs and services that are not required
 Hardening Default Accounts
o Change default configuration of administrator and guest account
 Hardening Network Services
o Install intrusion detection system / firewall
 Deal with Malicious Codes
o Install an antivirus solution
 Installing firewall, fault tolerant system, backup, and UPS

Computer Viruses – Page 28

 A computer virus is a sequence of code that is inserted into other executable code, so that hen
the regular program is run, the viral code is also executed.
 Viruses modify other programs on a computer, inserting copies of them.
 lOMoARcPSD|35588227

 Different types of Viruses:

o Boot sector virus
o File infectors
o Macro viruses
o Multipartite viruses
o Polymorphic viruses

Firewalls – Page 30
 An intermediate system can be plugged between the private LAN (trusted network) and the
public network (untrusted network).
 All traffic in and out of the trusted network can be enforced to pass through this intermediate
system.
 This intermediate system is known as firewall.
 It is a collection of hardware, software security policy

Advantages of Firewall – Page 30-31

 Advantages
 Protection from vulnerable services
 Controlled access to site system
 Concentrated security
 Enhanced privacy
 Logging statistics on network use or misuse
 Policy enforcement

Limitations of firewall – Page 32

 Restricted access to desirable services
 Large potential back door
 Little protection from insider attack
 Other issues:
o Firewall does not provide protection against users downloading virus-infected programs
o Firewall, if compromised, will be a disaster

Packet Filtering - Page 32

 In a packet filtering firewall, the firewall examines five characteristics of a packet.
o Source IP address
o Source port
o Destination IP address
o IP protocol (UDP or TCP)
 Based upon the rules configured into the firewall, the packet will be allowed through, rejected,
or dropped.
 If the firewall rejects a packet, it sends a message back to the sender letting him know that the
packet was rejected.
 Packet filtering firewalls operate on Layer 3 of the OSI model.

Limitations of Packet Filtering – Page 33

 Packet filtering rules are complex to specify and difficult to test thoroughly.
 Exception to packet filtering rules sometimes can be unmanageable.
 Some packet filtering routers do not filter on the TCP/UDP source port which can open holes in
the filtering scheme.
 lOMoARcPSD|35588227

 If the fragmentation of IP packet occurs, only the first fragment keeps the TCP/UDP header
information of the original packet, which is necessary to make the filtering decision.

Stateful Packet Filtering Firewall – Page 33-34

 An improved form of the packet filtering firewall is the packet filtering firewall with a stateful
inspection engine.
 With this enhancement, the firewall ‘remembers’ conversations between systems.
 It is then necessary to fully examine only the first packet of a conversation.
 A stateful inspection peeks into the payload of data of the IP packets and takes out the required
information on which the filtering can be done.
 A stateful inspection maintains the state information about the past IP packets.
 State information:
o Communication information from all layers in the packet
o Communication derived from previous communications
o Application derived stated from other applications

RAID and its levels – Page 35 – 36

 The term RAID (Redundant Array of Independent Disks) is used to describe a collection of disk
drives (disk array), which can:
o Collectively act as a single storage system
o Tolerate the failure of a drive without losing data
o Function independently of each other
 Levels of RAID:
o Level 0 – Stripping without parity
 Disk striping is a technique where data is divided into 64K blocks and spread in a
fixed order among all the disks in the array
 If any partition in the set fails, all data is lost
o Level 1 – Mirroring / Duplexing
 Mirroring requires two hard disks and a single disk controller. Data is written
simultaneously to both partitions/disks.
 Duplexing is simply a mirrored pair with additional disk controller on the second
drive.
o Level 2 – Striping with ECC (Error Correction Code)
o Level 3 – Striping with a dedicated parity disk
o Level 4 – Independent data disks with shared parity disk
o Level 5 – Independent data disks with distributed parity block (stripping with parity)
 Striping with parity is the most common strategy for new fault tolerance
designs.
 Parity information is written across all disks.
 The data and the parity information are managed so that the two are always on
different disk.
 If a single drive fails, enough information is kept across the remaining disks to
allow the data to be completely reconstructed.
o Level 6 – Second parity

Unit 3 – Security and Management – I

Functions of Primary domain controller – Page 53
 lOMoARcPSD|35588227

 The first Windows NT Server in the domain is configured as a primary domain controller (PDC).
 The User Manager for Domain utility is used to maintain user and group information for the
domain using the domain security database on the primary controller.

BDC – Page 53-54

 The backup domain controllers (BDC) are the other servers after one server has been configured
as PDC.
 BDC stores a copy of the database on the PDC, which is updated periodically to distribute
changes made to the main database on the PDC.
 BDC have many advantages
o If the PDC stops function due to a hardware failure, one the BDC can be promoted to the
primary role. Such arrangement provides fault tolerance in the network.
o When a user logs on to a domain, the logon request can be handled by any PDC or BDC.
This provides an automatic mechanism for load distribution and improves logon
performance and it is highly useful in domains with large number of users.

Registry Management in Windows NT – Page 55-57

 In Windows NT, the configuration of the operating system is stored in what is known as the
Registry.
 The registry consists of values, keys, subtree, and hive.
 Regedit.exe and regedit32.exe are the two utilities that can be used to manage the Registry.
 While regedit.exe provides the ability to view the entire Registry in a single tree, Regedit32.exe
on the other hand, allows for managing of individual keys.
 Removing Registry Access
o The first step to secure Registry is to prevent unauthorized users from accessing it.
o Only members of the Administrators group should have Full Control on Regedit.exe and
Regedit32.exe.
 Managing Individual Keys
o In registry, you can secure the individual areas of the registry as necessary.
o This option is available in regedit32.exe which permits you to selectively secure the
various keys by using the Security Permissions option.
 Audit registry access
o You need to make sure that the auditing of the critical components of registry is turned
on.
o This option will help in tracking who accessed the registry, from where, and when.

Components of a Registry – Page 56

 Values
o These contain the information that is stored as a part of the registry
 Keys (and Sub keys)
o These contain the actual subkeys and values
 Subtree
o These are the highest-level keys of the registry.
o There are five subtrees in Windows
 Hive
o These are a set of keys, subkeys, and values of the registry
o Each one is stored in its own file in the %systemroot%\System32\Config

Security Features in Windows 2000 – Page 58

 lOMoARcPSD|35588227

 In Windows 2000, you can create a workgroup for multiple machines to share resources with
one another. The workgroup is referred to as peer-to-peer networking, since every machine is
equal.
 In Windows 2000, a local security database is a list of authorized user accounts and resource
access data located on each local computer.

Active Directory – Page 58 CYP3

 Active directory is the grouping of the computers who share a central directory database.
 This directory database contains user accounts, security information, service information, and
more for the entire domain.
 Active directory may start out as a small listing and grow to hold thousands of millions of object
listings.
 It contains several critical components:
o Logical in nature:
 Domains
 Forests
 Trees
 Organisational Units (OU)
o Physical in nature:
 Domain Controllers
 Sites
 The physical IP subnets of the network
 The functionality of Active Directory separate the logical from the physical network
structure.

Unit 4 – Security and Management – II

Security Services provided by IPsec – Page 81
 Data Confidentiality
o The IPSec sender can encrypt packets before transmitting them across a network.
 Data Integrity
o The receiver can authenticate packets sent by the IPSec sender to ensure that the data
has not been altered during transmission.
 Data Origin Authentication
o The IPSec receiver can authenticate the source of the IPSsec packets sent.
o This service is dependent upon the data integrity service.
 Anti-Replay
o The IPSec receiver can detect and reject the replayed packet

Features of IPsec – Page 81

 Two high level features of IPSec are the Authentication Header (AH) and the Encapsulated
Security Protocol (ESP).
 AH is used to provide data communication with both integrity checking and source
authentication.
 ESP is used provide confidentiality.
 When using IPSec, both the sender and the receiver (and only those two) know the security key.
 IPSec is able to secure communications with multiple protocol, including TCP, UDP, and ICMP.

2 IPsec components in Windows 2000 – Page 81

 lOMoARcPSD|35588227

 The Windows 2000 implementation of IPSec uses three components:

o IPSec Policy Agent Service
o Internet Key Exchange (IKE)
o Security Associations (SA)
 The IPSec policy agent service gets the IPSec policy as configured in Active Directory, or the
registry, and provides that information to IKE.
 Every Windows 2000 machine runs the IPSec policy agent service, and the policy is pulled when
the system starts as Active Directory settings are applied.
 The IKE manages Security Associations (SA) and creates and manages the actual authentications
keys that are used to secure the communication.

Implementation Options of IPsec – Page 81-82

 In Windows 2000, there are two options for IPSec implementation, Transport Mode, and L2TP
Tunnel Mode.
 Transport is designed for securing the communication, between nodes on an internal network.
 L2TP Tunnel Mode is designed for securing the communication between two networks.

EFS Services – Pages 82-83 CYP3

 EFS (Encrypting File System) works directly with NTFS and data can only be encrypted on an NTFS
partition.
 EFS can encrypt any temp files created along with the original, and the keys are stored in the
kernel using non-paged memory, so they are never vulnerable to attackers.