7.1 Explain protection and security concept.

Sharing of program and data among us a computer system necssitataes strong emphis on protection ang security measures in an os.Both protection and security imply guarding again intrusion in an os.

However,in keeping with the convention followed in os literature,a distinction is made between two types of intrusion

7.1 Security policy and mechanism

The term security and protection are often used interchangeable.

Nevertheless, it is frequently useful to make a distinction between the general

problems involved in making sure that files are not read or modified by

unauthorized persons, which include technical, managerial, legal and political

issues on the one hand, and the specific operating system mechanism used to

provide security on the other to avoid confusion, we will use the term security to

refer to the overall problem, and the term protection mechanisms to refer to the

specific operating system mechanisms used to safeguard information in the

computer. The boundary between them is not well defined, however.

A more interesting problem is what to do about intruders. These come in

two varieties. Passive intruders just want to read files they are not authorized o

read. Active intruders are more malicious; they want to make unauthorized

changes to data.

7.2 Elobrate authentic basic.

7.21 Password

Passwords are often used to protect object in the computer system,

in the absence of more complete protection scheme. They can be considered a

special case of either keys or capabilities. For instance, a password could be

associate with each resource such as file. Whenever a request is made to use the

resource, the password must be given. If the password is correct, access isgranted. Different passwords may be associated with different access rights. For

example, different password may be used for reading, appending and updating a

file.

7.22 Artifact

A completely different approach to authorization is to check to see

if the user has some item, normally a plastic card with a magnetic stripe on it.

The card is inserted into the terminal, which then checks to see whose card it is.

This method can be combined with a password, so a user can only log in if he

1. has the card

2. knows the password

Automated cash dispensing machine usually work this way.

Another technique is signature analysis. The user sign his name with a special

pen connected to the terminal and the computer compares it to a known

specimen stored online. Even better is not to compare the signature, but compare

the pen motion made while writing it. A good forger may be able to copy the

signature, but will not have a clue as to the exact order in which the stroke were

made.

7.23 BIOMETRIC

Yet another approach is to measure physical characteristic that are

hard to forge. For example a finger print or a voiceprint reader in the

terminal could verify the users identity (it make the search go faster if the

user tells the computer who he is, rather then making the computer

compare the given fingerprint to the entire database)

Finger length analysis is surprisingly practical. When this is used

each terminal has a device. The user inserts his hand into it and the length

of all his finger is measured and check against the database

7.3 Elaborate protection concept an access control

•  Protection is concerned with keeping data safe from improper or unauthorized access and physical damage .  When faulty memory resulted in the disk data being corrupted, technicians replacing disk, after disk and the problem not going away we need decided to swap the memory as part of an error exploration.
• We can control access to files, specifying who and how can read, write, execute, delete and list files.
• Access control has a number of strategies:
• Access control list (ACL) specifies user names or groups, and types of access.
• Associate passwords and access control (read only, modify with tracked changes) per file.

System DOS

·         MS-DOS is a single-tasking operating system, which means that it can run only one program at a time. The MS-DOS user interface is a command-line interface, which means that users must type text-based commands and responses when interacting with the operating system.

·         MS-DOS treats each separate program and piece of data as an individual file. Each file has a name, which is broken down into two parts: a file name and an extension.

·         The input/output system consists of two files and a ROM (Read Only Memory) chip. While the two files are on your disks and are loaded into memory when the computer starts, they are normally hidden from your view and not available to you for changing.

·          Disk Operating System  is responsible for creating and/or deleting files in the file system and managing the input and output of data in the file system.

                                                                                                                        

WINDOWS 2000

^·          Windows 2000 unites defined roughly the user-friendliness, pug & play and USB device support of Windows 98 and the safety and stability of the Windows NT family

^·           It is a multitasking, multiprocessing operating system and supports up to 2 processors of the x86 32- bit and 64 The field of application of this operating system is suitable as a single user computer or as a client in company networks. bit architecture with SMP.

^·           Networks are supported with the protocols TCP/IP, NWLink and AppleTalk. Windows 2000 supports the data interchange in decentralised working groups and central domains. 

^·           The SFC (System File Protection) offers protection from overwrite of Windows system files. It is possible to create hardware profiles for different hardware configurations with the settings of all devices and services. 

^{WINDOWS NT}

^·          Windows NT is a Microsoft Windows personal computer operating system designed for users and businesses needing advanced capability.

^·          A new file directory approach called Active Directory that lets the administrator and other users view every file and application in the network from a single point-of-view.

^·          Dynamic Domain Name Server (DNS), which replicates changes in the network using the Active Directory Services, the Dynamic Host Configuration Protocol (DHCP), and the Windows Internet Naming Service (WINS) whenever a client is reconfigured.

^·          The ability to create, extend, or mirror a disk volume without having to shut down the system and to back up data to a variety of magnetic and optical storage media.

^·          A Distributed File System (DFS) that lets users see a distributed set of files in a single file structure across departments, divisions, or an entire enterprise.