1

2

CONTENTS

STRUCTURE OF OS WINDOWS SECURITY CREATING USERS AND GROUPS ACHIEVING SECURITY USING ArcGIS SERVER PERMISSIONS HOTFIX PATCHES

3

STRUCTURE OF OS4

FUNCTIONS OF KERNEL

OSs provide environments in which programs run, and services for the users of the system, including:

User Interfaces - Means by which users can issue commands to the system. Program Execution - The OS must be able to load a program into RAM, run the program, and terminate the program, either normally or abnormally. I/O Operations - The OS is responsible for transferring data to and from I/O devices, including keyboards, terminals, printers, and storage devices. File-System Manipulation - In addition to raw data storage, the OS is also responsible for maintaining directory and subdirectory structures. Communications - Inter-process communications, IPC, either between processes running on the same processor, or between processes running on separate processors or separate machines.

5

CONTINUE…

Error Detection Resource Allocation - E.g. CPU cycles, main memory, storage space, and peripheral devices.

Accounting - Keeping track of system activity and resource usage.

Protection and Security - Preventing harm to the system and to resources, either through wayward internal processes or malicious outsiders.

6

User Operating-System Interface

1. Command InterpreterGets and processes the next user request, and launches the

requested programs.

2. Graphical User Interface, GUIGenerally implemented as a desktop metaphor, with file

folders, trash cans, and resource icons.

Icons represent some item on the system, and respond accordingly when the icon is activated.

7

GRAPHICAL USER INTERFACE

8

Choice of interface

Most modern systems allow individual users to select their desired interface, and to customize its operation, as well as the ability to

switch between different interfaces as needed. System administrators generally determine which interface a user starts with when they first

log in.

SYSTEM CALLS

System calls provide a means for user or application programs to call upon the services of the operating system.Generally written in C or C++, although some are written in assembly for optimal performance.

9

ILLUSTRATION OF SYSTEM CALL

10

Types of System Calls

PROCESS CONTROL: Process control system calls include end, abort, load, execute, create process, terminate process, get/set process attributes, wait for time or event, signal event, and allocate and free memory.

11

12

FILE MANAGEMENT: File management system calls include create file, delete file, open, close, read, write, reposition, get file attributes, and set file attributes.

13

DEVICE MANAGEMENT: Device management system calls include request device, release device, read, write, reposition, get/set device attributes, and logically attach or detach devices.

14

INFORMATION MAINTENANCE: Information maintenance system calls include calls to get/set the time, date, system data, and process, file, or device attributes.

15

COMMUNICATIONS: Communication system calls create/delete communication connection, send/receive messages, transfer status information, and attach/detach remote devices.

16

PROTECTION: Protection provides mechanisms for controlling which users / processes have access to which system resources.

17

18

System Programs

System programs provide OS functionality through separate applications, which are not part of the kernel or command interpreters. They are also known as system utilities or system applications. Most systems also ship with useful applications such as calculators and simple editors, ( e.g. Notepad ).

19

System programs may be divided into these categories:

File management - programs to create, delete, copy, rename, print, list, and generally manipulate files and directories.

Status information - Utilities to check on the date, time, number of users, processes running, data logging, etc.

File modification - e.g. text editors and other tools which can change file contents.

Programming-language support - E.g. Compilers, linkers, debuggers, profilers, assemblers, library archive management, interpreters for common languages, and support for make.

20

CONTINUE…

Program loading and execution - loaders, dynamic loaders, overlay loaders, etc., as well as interactive debuggers.

Communications - Programs for providing connectivity between processes and users, including mail, web browsers, remote logins, file transfers, and remote command execution.

Background services - Examples include network daemons, print servers, process schedulers, and system error monitoring services.

Most operating systems today also come complete with a set of application programs to provide additional services, such as copying files or checking the time and date.

21

Using Windows Security Center

Windows Security Center can help enhance your computer's security by checking the status of several security essentials on your computer, including firewall settings, Windows automatic updating, anti-malware software settings, Internet security settings, and User Account Control settings. If Windows detects a problem with any of these security essentials (for example, if your antivirus program is out of date), Security Center displays a notification and places a Security Center icon in the notification area. Click the notification or double-click the Security Center icon to open Security Center and get information about how to fix the problem.

22

Windows Security Center

23

Firewall

A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers. Windows checks if your computer is protected by a software firewall. If the firewall is off, Security Center will display a notification and put a Security Center icon in the notification area.

To turn on Windows Firewall1. Open Security Center by clicking the Start button , clickingControl Panel, clicking Security, and then clicking Security

Center.

2. Click Firewall, and then click Turn on now. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

24

Automatic updating

Windows can routinely check for updates for your computer and install them automatically. You can use Security Center to make sure Automatic updating is turned on. If updating is turned off, Security Center will display a notification and put a Security Center icon in the notification area.

To turn on automatic updating1. Open Security Center by clicking the Start button , clickingControl Panel, clicking Security, and then clicking Security Center

2. Click Automatic updating, and then click Turn on now. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

25

26

Malicious software protection

Malicious software (malware) protection can help protect your computer against viruses, spyware, and other security threats. Security Center checks if your computer is using up-to-date antispyware and antivirus software. If your antivirus or antispyware software is turned off or out of date, Security Center will display a notification and put a Security Center icon in the notification area.

To install or update your anti-malware software1. Open Security Center by clicking the Start button , clickingControl Panel, clicking Security, and then clicking Security Center.

2. Click Malware protection, click the button under Virus protection or Spyware and other malware protection, and then choose the option that you want.

27

Other security settings

Windows checks your Internet security settings and User Account Control settings to make sure they are set at the recommended levels. If your Internet or User Account Control settings are changed to a security level that is not recommended, Security Center will display a notification and put a Security Center icon in the notification area.

To restore Internet settings to recommended levels

1. Open Security Center by clicking the Start button , clickingControl Panel, clicking Security, and then clicking Security Center.

2. Click Other security settings.

3. Under Internet security settings, click Restore settings.

28

4. Do one of the following: To automatically reset the Internet security settings that are at risk to their default level, click Restore my Internet security settings now.

To reset the Internet security settings yourself, click I want to restore my Internet security settings myself. Click the security zone you want to change settings for, and then click Custom level.

To restore User Account Control settings to recommended levels1. Open Security Center by clicking the Start button , clickingControl Panel, clicking Security, and then clicking SecurityCenter.

2. Click Other security settings.

3. Under User Account Control, click Turn on now. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

CREATING USER IN WINDOWS

With user accounts, several people can easily share a single computer. Each person can have a separate user account with unique settings and preferences, such as a desktop background or screen saver. User accounts control which files and programs users can access and what types of changes users can make to the computer. Typically, you'll want to create standard accounts for most computer users.

29

30

Add users and groups with operating system tools

In order to assign permissions based on Windows users andgroups, you may need to add users and groups to your system.

1. To add users and groups to the local Web server, go to Start -Control Panel - Administrative Tools - Computer Management(alternatively, right-click on the My Computer icon on the Desktop,and click Manage).

In the Computer Management console, expand if necessary theSystem Tools and then Local Users and Groups.Click the Users folder to view the list of users. In Windows Vista or

Server 2008, go instead to Start – Control Panel - Administrative Tools - Server Manager. In the Server Manager, expand Configuration and then Local Users and Groups. Click

the Users folder to view the list of users.

31

2. Right-click on the Users folder and choose New User... The New User dialog opens.

3. Enter the user name, for example, walkthrough1. Enter a password and confirm it (for example, walkthrough1). You may uncheck the requirement that the user must change password at next logon. Set other options as desired, then click Create.

32

4. Add at least one other user, for example, walkthrough2. Close the New User dialog.

5. Right-click on the Groups folder in the Computer Management (or Server Manager) tree, and choose New Group... The New Group dialog opens.

6. Enter the group name, for example, WTGroup1. Optionally add a description. To add members to the group:

Under the Members area, click Add... The Select Users, Computer or Groups dialog opens. In the Select Users dialog, click the Locations... button, and in the popup dialog, select the local computer's name and click OK. Back in the Select Users dialog, under the Enter the object names to select box, type the name of the first user added above (walkthrough1).

33

Click Check Names to verify the user exists (if necessary, click the Advanced button, then Find Now to list all users; you can select the user from this list). Click OK to close the Select Users dialog and return to the Add Group dialog. The New Group dialog now lists the user you selected.

34

7. Click Create to create the new group.

8. Create one more group, for example, WTGroup2, adding the second user created above (walkthrough2). Then close the New Group dialog. You may also close the Computer Management console.

35

Configure the user and role location in ArcGISSERVER

In order to assign permissions for Web applications and services, you must first tell ArcGIS Server where your users and roles are stored. In this walkthrough, users are operating system accounts on the Web server or on the domain, and roles are Windows groups on the Web server or domain.

1. Start ArcGIS Server Manager and log in.

2. In Manager, expand the Security panel and click Settings.

3. Click the Change button (do this even if the Location already indicates Windows users and groups; the wizard performs additional essential configuration steps).

36

4. In the dialog that opens for location for Users, choose Windows users. Click Next.

37

5. In the panel for Role store location for users, click Windows groups. Click Finish. The wizard will dismiss and the Location box will read Windows Users and Groups.

Notice that security for services is set to Not Enabled. Do not enable security at this point. You will enable security in the last step in this walkthrough. Enabling security is the last step because you first need to set permissions for your Web services. Once security is enabled, only users whose roles you have permitted can access the GIS Web services.

38

View Users and Roles

When your users and roles are Windows users and groups, you may view them in Manager. To add, edit or delete users or groups, you must use Windows operating system tools.

1. In Manager, click the Security tab on the left side, then click Users. The Users panel will display a list of users on the local Web server.

39

2. If you have more users than can be displayed in a single panel, click the >> to display additional users. You can also enter part or all of a user name in the Show: box near the top of the panel and click Find to filter the list of users.

3. To view a user's group membership, click the plus symbol next to the name. The list will show the groups of which the user is a member on the local system.

4. If the computer is a member of a domain, you can view users on the domain by clicking the Domain radio button for Show users on. You can then view domain group membership for these users (the list will not show membership in local system groups).

5. View roles by clicking Roles in the Manager Security tab. In this case, the list displays Windows groups on the local Web server. If the computer is a member of a domain, you may click Domain to see groups in the domain. You can page between lists of groups or filter/search for groups as with the Users dialog.

40

6. Click the plus button next to a group to view the users who are members of the group.

41

Secure a Web application

Now you will secure a Web application by limiting access to designated roles (in this case, Windows groups). The final sections of this walkthrough will accomplish this goal.

1. Create a new Web application in Manager. The application may be simple, with just a map service and no extra tools or tasks. You may follow the Creating a Web Application Tutorial if you need to create an application. If you have installed an SSL certificate on the Web server, then when creating the application, you may want to set the application to use https (in the application wizard, use the Advanced option on the first panel). You may use an existing application, but all users of the application will be required to log in as a user in a role you permit during the walkthrough.

2. In Manager, click Applications to list the Web applications. Find the application you want to secure in the list. In the Permissionscolumn, you will notice the unlocked icon . This indicates that the application is not restricted, so that users currently are not required to log in.

42

3. Click the permissions icon , which displays the Permissionsdialog for the Web application.

4. Check the box for Enable security for this web application. This enables the lists of available and allowed roles.

5. If you wish to allow roles based on domain groups, click the Domain option under Show roles on. Otherwise click Local server to see groups on the local machine. You can add both domain and local groups as allowed roles.

6. Highlight the WTGroup1 role (or other role you added above) in the Available Roles list. Click the Add> button to add it to the list of Allowed Roles. Optionally, add other roles to the allowed list.

43

7. Click Save to save the permissions and return to the list of applications. Notice that the permissions icon changes to a locked appearance, which shows that it now requires a login to access the application.

44

8. Set the authentication method for the application using IIS Manager: (a) Open IIS Manager by going to Start - Settings - Control Panel -Administrative Tools - Internet Information Services Manager.

(b) Expand the left-hand tree of IIS Manager, under Web Sites or Sites, to find Default Web Site, then expand Default Web Site to find the Web application you just secured.

(c) On Windows XP or Server 2003:

(1) Right-click on the Web application and click Properties in the context menu. The Properties dialog opens for the application.

45

(2) In the Properties dialog, click the Directory Security tab. In this panel, under Anonymous access and authentication control, click Edit... The Authentication Methods dialog opens.

46

(3) In the Authentication Methods dialog, uncheck the Anonymous access box. Then check at least one of the methods under Authenticated access. For the demonstration purposes of this walkthrough, you may choose Basic authentication (click Yes if a warning message appears).

(4) Click OK to dismiss the Authentication Methods dialog and return to the application's Properties dialog.

47

(d) If you have installed a SSL certificate on your Web server, you can require https when using the application. This will protect the login when the authentication method is set to Basic.

(e) To require https on Windows XP or Server 2003: in the Properties dialog for the application, click the Directory Security tab. In the Secure communications area of this panel, click Edit... (if this button is disabled, then no SSL certificate is installed). In the Secure Communications dialog, click Require secure channel (SSL). Click OK to save the setting. Click OK to close the Properties dialog.

48

Permissions for files and folders

Folder permissions include Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. Each of these permissions consists of a logical group of special permissions that are listed and defined in the following sections.

49

File and folder special permissions

Special Permissions

Full Control

Modify Read &Execu-te

Listfolder contents

Read Write

Traverse Folder/Execute File

YES YES YES YES NO NO

List Folder/Read Data

YES YES YES YES YES NO

Read Attributes

YES YES YES YES YES NO

Read Extended Attributes

YES YES YES YES YES NO

Create Files/Write Data

YES YES NO NO NO YES

50

Special Permissions

Full Control

Modify Read &Execu-te

Listfolder contents

Read Write

CreateFolders/Append Data

YES YES NO NO NO YES

Write Attributes

YES YES NO NO NO YES

Write Extended Attributes

YES YES NO NO NO YES

Delete Subfolders and Files

YES NO NO NO NO NO

Delete YES YES NO NO NO NO

CONTINUE…

51

Special Permissions

Full Control

Modify Read &Execu-te

Listfolder contents

Read Write

Read Permissions

YES YES YES YES YES YES

Change Permissions

YES NO NO NO NO NO

Take Ownership

YES NO NO NO NO NO

Synchronize YES YES YES YES YES YES

CONTINUE…

HOTFIX

A hotfix is code (sometimes called a patch) that fixes a bug in a product. Users of the products may be notified by e-mail or obtain information about current hotfixes at a software vendor's Web site and download the hotfixes they wish to apply. Hotfixes are sometimes packaged as a set of fixes called a combined hotfix or a service packs.

Quick fix engineering (QFE) is a newer Microsoft term for a hotfix.

52

53

PATCH

An application that has been installed using the Microsoft Windows Installer can be upgraded by reinstalling an updated installation package (.msi file), or by applying a Windows Installer patch (an .msp file) to the application.

A Windows Installer patch (.msp file) is a self-contained package that contains the updates to the application and describes which versions of the application can receive the patch.

Patches contain at a minimum, two database transforms and can contain patch files that are stored in the cabinet file stream of the patch package.

Servicing applications by delivering a Windows Installer patch, rather than a complete installation package for the updated product can have advantages.

54

CONTINUE…

A patch can contain an entire file or only the file bits necessary to update part of the file. This can enable the user to download an upgrade patch that is much smaller than the installation package for the entire product.

An update using a patch can preserve a user customization of the application through the upgrade.

Patch takes a patch file containing a difference listing produced by diff and applies those differences to one or more original files, producing patched versions.

55

REFERENCE•http://www.cs.uic.edu/~jbell/CourseNotes/OperatingSystems/2_Structures.html• http://windows.microsoft.com/en-in/windows-vista/using-windows-security-center•http://webhelp.esri.com/arcgisserver/9.3/dotnet/index.htm#walkthrough_windows.htm• http://support.microsoft.com/kb/308419• http://en.wikipedia.org/wiki/Hotfix• http://msdn.microsoft.com/en-us/library/aa370578(v=vs.85).aspx

56

PRESENTED BY: POOJA TALREJA SIMRAN RAJPAL

UNDER GUIDANCE OF:MANOJ KAVEDIA SIR

57