Operating System Security Basics

User and Kernel Modes

User Mode and Kernel Mode
Drivers call routines that are exported by various kernel components.
Drivers must respond to specific calls from the OS and can respond to other system calls.

When you start a user-mode application, Windows creates a process for the application.
- Private virtual address space
- Private handle table
Each application runs in isolation and if an application crashes, the crash is limited to that one application.

All code that runs in kernel mode shares a single virtual address space.
If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the OS or another driver could be compromised.
If a kernel-mode driver crashes, the entire OS crashes.

NTS (New Technology File System)

Introduced in 1993
Most common file system for Windows end user systems
Most Windows servers use NTFS as well

FATxx (File Allocation Table)
Simple File system used since the 80s
Numbers preceding FAT refer to the number of bits used to enumerate a file system block. Ex FAT16, FAT32
~~Now mainly used for removable devices under 32 GB capacity.~~

(NOTE: FAT32 actually support upto ≤2TB storage size).

Common tasks that can be accessed using the Windows or Ctrl Key and another Key.
Time saving and helpful for tasks done regularly.

Linux has two major components:

The Kernel - It is the core of the OS. It interacts directly with the hardware. - It manages system and user input/output. Processes, files, memory, and devices. 1) The Shell - It is used to interact with the kernel. - Users input commands through the shell and the kernel performs the commands.

cd: change directory
cp: copy files or dirs
mv: move file or dirs
ls: lists info related to files and dirs
df: display file system disk space
kill: stop an executing process
rm: delete file and dirs
rmdir: remove en empty dir
cat: to see the file contents, or concatenate multiple files together
mkdir: creates new dir
ifconfig: view or configure network interfaces
locate: quickly searches for the location of files. It uses an internal database that is updated using updatedb command.
tail: View the end of a text file, by default the last 10 lines
less: Very efficient while viewing huge log files as it doesn’t need to load the full file while opening
more: Displays text, one screen at a time
nano: a basic text editor
chmod: changes privileges for a file or dir

There are three groups that can ‘own’ a file.
- User
- group
- everybody
For each group there are also three types of permissions: Read, Write, and Execute.
Read: 4(100), Write: 2(010), Execute: 1(001)

You can use the chmod command to change the permissions of a file or dir:

You can change the owner and group owner of a file with the chown command:

Various Security settings for macOS can be found in System Preferences app.

Genral Tab offers GateKeeper settings for installing apps from other AppStore, and few other settings.
FileVault Tab contains information about system and file encryption.
FireWall Tab for system level software firewall settings with basic and to advanced options.
Privacy Tab contains location services and other privacy related info and settings.

macOS comes with a hidden partition installed called macOS Recovery, it essentially replaces the installation discs that comes with new computers.
- Access it by restarting your Mac while holding the R key.
It offers following tools/options:
- Restore from the Time Machine Backup
- Reinstall macOS
- Get Help Online
- Disk Utility