WHAT IS AN OPERATING SYSTEM?

Operating System is the most important program that runs on a computer. Every general-purpose computer must have an operating system to run other programs. Operating systems perform basic tasks, such as recognizing inputs from the input devices, sending outputs to the output methods, keeping track of files and directories on the desk, and controlling peripheral devices such as disk drives and printers. 

For large systems, the operating system has even greater responsibilities and powers. It makes sure that different programs and users running at the same time do not interfere with each other. The operating system is also responsible for security, ensuring that unauthorized users do not access the system. 

Types of Operating Systems

• Batch processing operating systems

• General purpose operating systems

• Parallel operating systems

• Distributed operating systems

• Real-time operating systems

• Embedded operating systems

To put it in the simplest of words, an operating system is a computer program written to make the computer understandable to the User who does not know the assembly level language of the computer.

Operating systems can be classified as follows: 

Multi-user                  : Allows two or more users to run programs at the same time.

Multiprocessing         : Supports running a program on more than one CPU.

Multi tasking              : Allows more than one program to run concurrently.

Multi threading         : Allows different parts of a single program to run concurrently.

Real time                    : Responds to input instantly. General-purpose operating systems, such as DOS and UNIX, are not real-time. 

Operating systems provide a software platform on top of which other programs, called application programs, can run. The application programs must be written to run on top of a particular operating system. It determines to a great extent the applications you can run. For PCs, the most popular operating systems are DOS and Windows but others are available, such as Linux. 

As a user, you normally interact with the operating system through a set of commands. The commands are accepted and executed by a part of the operating system called the command processor or command line interpreter. Graphical user Interface allows you to enter commands by pointing and clicking at objects that appear on the screen. 

OPERATING SYSTEM FUNCTIOS

•         An interface between users and hardware - an environment "architecture”

•         Allows convenient usage; Hide details of devices from application programs

•         Allows efficient usage; parallel activity, avoids wasted cycles

•         Provides information protection

•         Gives each user a set of the resources

•         Acts as a control program.

All of this leads to:

•         Memory management

•          Resource scheduling

•          Deadlock protection

COMPUTER ARCHITECTURES OF OPERATING SYSTEMS

Computer Architecture: The Definition

The coordination of abstract levels of a processor under changing forces, involving design, measurement and evaluation. It also includes the overall fundamental working principle of the internal logical structure of a computer system.

Instruction Set Architecture (ISA)

1.      The ISA is the interface between the software and hardware.

2.      It is the set of instructions that reduce the gap between high level languages and the hardware.

3.      For a processor to understand a command, it should be in binary. The ISA encodes these values.

4.      The ISA also defines the items in the computer that are available to a programmer. For example, it defines data types, registers, addressing modes, memory organization etc.

5.      Register are high speed storage for numbers that can be accessed by a processor. Data as well as instructions can be in a register.

• Operating System is the software that manages the overall operation of the computer system

• Main purpose is to support application programs

• Hide details of devices from application programs

DOS (Disk Operating System)

Originally came into use in the 1980s, with the introduction of the IBM PC, which was the first personal computer to be used by consumers and businesses. Two versions of DOS, PC DOS –released by IBM and Microsoft’s version MS-DOS were used in the 1980s.

•         Single-tasking

•         Command-driven

•         Huge number of applications written for DOS         

•         Does not require powerful processor and RAM

•         No network services & no multimedia extensions

•         Designed for the Intel 80x86 processor

Linux            

UNIX is a powerful OS originally developed by AT & T for minicomputers. The Linux operating is developed on a kernel based on Unix. It is known as one of the most secure platforms. Linux is the result of an open-source project, allowing users and developers to access the source code for free. Because it requires less hardware, Linux is capable of providing good performance even on a smaller hard disk. Large communities of users exist for this system, constantly contributing to the code and making improvements. The server-based concept of Linux has resulted in fewer home users. 

•         Open Source (more complex)

•         Multi-tasking

•         Require powerful processor and RAM

•         Has network services

•         lack of the multimedia support for the system

 

Mac OS X (Macintosh Operating System)

Mac OS X is Apple's trademark operating system software for their line of Macintosh computers. The system was based in part on UNIX and mimics its format with the administrative controls. Mac OS X software requires a low level of maintenance with fewer occurrences of computers worms, viruses and spyware. The Apple operating system does have some disadvantages, primarily in regard to software and hardware compatibility. Very easy to use this.

•         Multi-tasking

•         Very graphically oriented

•         Has network services & multimedia extensions

•         Designed for the Motorola and PowerPC Processors

•         Require powerful processor and RAM

  

Windows

The Microsoft Windows operating system is the most popular choice and currently has a stronghold over the market. The architecture of Windows NT, a line of operating systems produced and sold by Microsoft. Starting with Windows 2000, Microsoft began making 64-bit versions of windows available-before this, these operating systems only existed in 32-bit versions. This platform has made interesting advancements from version 1.0 all the way to the new Vista system. The Windows system is highly compatible and has a much larger selection of software applications. Unlike the Linux kernel, Windows is proprietary software and tends to be more expensive than others. Windows has been heavily associated with the term “insecure” as a number of security problems have made it the most targeted system. Frequently exploited by hackers and malicious code writers, it is recommended that any Windows operating system with internet access be protected by some form of security software. Although the XP version is still popular among users, support for this system will conclude in 2009 as more emphasis will be placed on developing the Vista series & 2010 Windows released.

•         GUI 

•         Multi-tasking

•         Can run DOS programs

•         Has network services & multimedia extensions

•         Requires large amounts of memory, disk space, powerful processor

•         Designed for the Intel 80X86 processors

asammathaya.ourtoolbar

Now you can download the latest Web Toolbar "asammathaya" which belongs to my newest sinhala blog by clicking following link,

http://asammathaya.ourtoolbar.com/

or clicking following Toolbar

you can directly use this as web searching and if you want to go directly to my sinhala blog "asammathaya" you can click "asammathaya" button on the left of the Toolbar. Enjoy your self my dear friends. I'l bring you another valuable My own softwares soon.

INFORMATION ASSUARANCE & SECURITY CONCEPTS ( Part 03 )

Let us take an example for someone going to rob the bank.

Take a look at a bank. When was the last time you entered a bank to see a bank teller sitting on the floor in a huge room next to a massive pile of money. Never! To get to the big money in a bank requires that you get to the bank vault, which requires that you go through multiple layers of defense. Here are some examples of the defensive layers:

•  Numerous closed-circuit cameras monitor the movements of every one in every corner of the bank.
•  But if that person don't care about the cameras, There is often a guard at the bank's entrance.( security guard is there to physically defend the bank with a gun ) Two security guards provide even more protection.
• Some banks have time-release doors. As you enter the bank, you walk into a bulletproof glass capsule. The door you entered closes, and after a few seconds the glass door to the bank opens. This means you cannot rush in and rush out. In fact, a teller can lock the doors remotely, trapping a thief as he attempts to exit.( But if both security guards get shot by masked bandits)
•  Tellers do not have access to the vault. (This is an example of least privilege, which is covered next.) Hopefully, the vault is protected by several locks, and cannot be opened without two individuals who are rarely at the bank at the same time.
•  The vault itself has multiple layers of defense, such as:

o    It opens only at certain controlled times.

o    It's made of very thick metal.

o    Multiple compartments in the vault require other access means.

There for robbers cannot get what they want very easily, because of the reason of using many security principles which are combination of above we discussed.

Of course, having all these security measures does not ensure that our bank will never be successfully robbed. Bank robberies do happen, even at banks with this much security. Nonetheless, it's pretty obvious that the sum total of all these defenses results in a far more effective security system than any one defense alone would.

Since we are essentially saying that defenses taken as a whole can be stronger than the weakest link. However, there is no difference security functionality that does not overlap. But when it comes to redundant security measures, it is indeed possible that the sum protection offered is far greater than the protection offered by any single component.

Firewalls For Networked Banking & Online Banking

A good real-world example where defense-in-depth can be useful, but is rarely applied, is in the protection of data that travel between various server components in enterprise systems. Most financial companies will throw up a corporate-wide firewall to keep intruders out. Then they'll assume that the firewall is good enough, and let their application server talk to their database in the clear. If the data are also encrypted, then the attacker won't be able to get at them without breaking the encryption, breaking onto one of the servers that stores the data in an unencrypted form. If they throw up another firewall, just around the application this time, then they can protect their selves from people who can get inside the corporate firewall. 

Now they'd have to find a flaw in some service that their application's sub-network explicitly exposes, something we're in a good position to control. Bank expects a firewall to protect bank Information System as though the firewall has been compromised.

Proxy-Based Firewalls

Problem: complex policy (Example: web server of bank) 

Solution: proxy

Design: transparent vs. classical

Limitations: attacks from within premises

Unfortunately, a great deal of software is designed and written in a way that leads to total compromise when a firewall is breached. This is not good enough today. Just because some defensive mechanism has been compromised doesn't give the right to concede defeat. This is the essence of defense in depth: at some stage bank has to defend. Don't rely on other systems to protect bank. Put up a fight because software fails, hardware fails, and people fail. People build software, people are flawed, and therefore software is flawed. Bank must assume that errors will occur that will lead to security vulnerabilities. That means the single layer of defense in front of bank will probably be compromised, so what are the plans if it is defeated? Defense in depth helps reduce the likelihood of a single point of failure in the system.

Implement layered security (ensure no single point of vulnerability). Security designs should consider a layered approach to address or protect against a specific threat or to reduce vulnerability. For example, the use of a packet-filtering router in conjunction with an application gateway and an intrusion detection system combine to increase the work-factor an attacker must expend to successfully attack the system. Adding good password controls and adequate user training improves the system's security posture even more.

The need for layered protections is especially important when commercial-off-the-shelf (COTS) products are used. Practical experience has shown that the current state-of-the-art for security quality in COTS products does not provide a high degree of protection against sophisticated attacks. It is possible to help mitigate this situation by placing several controls in series, requiring additional work by attackers to accomplish their goals.

Security architecture is a new concept to many computer users. Users are aware of security threats such as viruses, worms, spyware, and other malware. They have heard of, and most use, anti-virus programs and firewalls. Many use intrusion detection. Architectural security, though, remains a mystery to most computer users. 

The truth is, anti-virus software, firewalls, and intrusion detection are only the surface of security. They are all reactive measures that attempt to respond to active threats, rather than proactive measures that anticipate threats and try to make them harmless. These applications have a major role to play, but are not enough in themselves. There for HNB has their own Information System Department to overcome such a problems by their own.

Auditing the system: keep (and review) system logs

System logs of changes or errors are traditionally saved in by system applications. This system is not ideal, since altering logs to hide an intrusion is one of the first steps that an expert cracker makes.

However, since many attacks are by script-kiddies with little understanding of the system, a change in logs is often the first sign that a system has been compromised. Some intrusion detection programs, such as Tripwire, can automate the checking of logs and other key files.

 

     

It is safe to use eBanking. Bank provide self-service solutions with a very high level of security.

Compliance with customer three general security principles provides a level of security that meets the highest standards.

The eBanking security system is based on three general security principles.

• No unauthorized person can gain access to customer’s personal data through eBanking. This is because of the way bank identify and transmit data. 
• No unauthorized person can read data transmitted between customer’s browser and the bank. Bank protects customer data using SSL encryption.
• Data cannot be altered during transmission between customer’s browser and the bank. Only customer can carry out account transfers and similar transactions. Bank system is based on the principle that financially binding transactions are verified electronically.

Access ID, e-Safekey and ActivCard

Hatton national Bank eBanking offers three security systems: Access ID, e-Safekey and ActivCard. The systems protect communications by SSL encryption and a control device. This ensures that:

• Customer can see that you are communicating with the bank
• The bank can identify you before transmitting confidential information
• Unauthorized persons cannot access your communications

Access ID

Access ID is a security solution that consists of an eight digit User ID, a password (this is a 4 digit PIN) and a security card.

ActivCard

The ActivCard solution is based on a physical ActivCard that can generate codes according to your PIN.

e-Safekey

e-Safekey is a security software used to manage IDs, keys and passwords. It is installed on your computer.

Other features

·         Timeout Feature 

Farmers National Bank’s web sites have a timeout feature in those areas of the web sites requiring account login to access your financial information. This feature automatically logs you out of your financial services session after an extended period of inactivity on our site. Because someone else might obtain physical access to your system, it is better for privacy reasons for you to explicitly log off the financial services session after you finish accessing your personal financial information, rather than waiting for the timeout feature to occur. 

·         Cryptography 

The way the encryption process works is that first you send us a secure message from your browser. We respond by sending you a certificate that contains our "key" to lock and unlock the coded messages between us. Your browser uses this key so that the "conversations" between your browser and our server are coded in such a way that we both can encrypt and decode the conversations, preventing others from understanding them. Whenever possible, Farmers National Bank uses the strongest browser encryption technology available. Because this encryption technology is so strong, the U.S. government will generally not permit the export of browsers supporting this technology. Therefore, some of Farmers National Bank’s online financial services may not be available outside of the United States and Canada. 

 

·       Access Codes 

To obtain any financial services from the Farmers National Bank web sites, you must use your personal access codes, specifically, a User ID and a Password. No one can access the web site to find out about your personal financial dealings with Farmers National Bank unless they have both your User ID and Password. Treat both your User ID and Password with the same degree of care and secrecy as you treat your ATM personal identification number (PIN) and your other sensitive financial data. 

INFORMATION ASSUARANCE & SECURITY CONCEPTS ( Part 02 )

Layering security defenses in an application can reduce the chance of a successful attack. Incorporating redundant security mechanisms requires an attacker to circumvent each mechanism to gain access to a digital asset. For example, a software system with authentication checks may prevent an attacker that has subverted a firewall. Defending an application with multiple layers can prevent a single point of failure that compromises the security of the application

Not only that they implement many physical security principles to protect the information system and the physical equipment’s from theft and forge.

That’s why the typical bank more secure than the typical convenience store is? Because there are many redundant security measures protecting the bank, and the more measures there are, the more secure the place is.

Physical security of the bank data base

• Use CCTV cameras for watch the customer behavior.
• Security Guards and guns.
• Bulletproof walls and glasses.
• Keeping server rooms locked.
• Keeping computers locked to a wall or table.
• Keeping a combination of locks and alarms when emergency.
• Computer hardware is protected from fire damage by smoke detectors and sprinkler systems just like any other equipment.
• Prevent the loss of data by storing backup tapes in remote locations.
• Uninterruptible power supplies are a low cost investment that can save very costly equipment damage, for that Use generator and UPS.

Data integrity

• Periodically backing up data is the most important step in preventing data loss. Backups can be on removable disks, tapes, paper printouts or other computer systems.

• Virus protection is a necessity for the bank database. Therefor install Virus guards and Internet Security guards. All the computers are run on legit operating systems with virus guards.

• RAID systems are also being to ensure the integrity of data. 
•  

“RAID, acronym for Redundant Array of Independent Disks (originally Redundant Array of Inexpensive Disks), is a technology that provides increased storage functions and reliability through redundancy. This is achieved by combining multiple disk drive components into a logical unit, where data are distributed across the drives in one of several ways called "RAID levels". - Wikipedia 

Data security

•  Accounts on both multi-user machines and personal computers protected by passwords.
• Systems holding data belonging to multiple users set an owner for each file and permissions defining who is allowed to read or write to it there for Implement Authorization levels.
•  Since most security attacks are now initiated from a remote location via the network, many organizations now separate their internal networks from the internet with a firewall. Data encryption provides a second layer of security. 

“In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as cipher text)”. - Wikipedia 

•        There must always be someone able to fix a computer system by using a second password protected account called "system", "administrator", "root" or "super user" which bypasses the file permission system. 

• Email is particularly insecure, use some sort of email encryption system, such as PGP.

“Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications”

• Periodically audit trails are a means for the system administrators to find out if security has been breached and how much damage was done.