Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
UNDERSTANDING OPERATING SYSTEMS UNDERSTANDING OPERATING SYSTEMS LEARN HOW MODERN OPERATING SYSTEMS WORK. Have you ever wondered what’s under the hood of a modern operating system? How does it work? How can I make it better? What components are vulnerable to attacks? All of these questions and more can be answered in our O/S Fundamentals class. This class gives you a firm understanding of the latest Operating Systems used worldwide as well as advanced information that will help you immensely in our Malware and Exploitation courses. Starting with the Microsoft O/S we teach registry management, memory management, process management, API usage, dynamically linked libraries and much more. All week long we compare and contrast these components to alternative operating systems such as: Solaris, Unix, Linux, and Mac OS. After attending this course students will be fully equipped with the fundamentals of Operating System elements and how they are all interconnected. ATTENDING STUDENTS WILL LEARN: • User and Group Credentials and Light Security Topics • File Management, Memory Management, Process Management • Networking Management • Command Shell Tools and Techniques • Processor Fundamentals and Sharing • Windows API, Windows Registry, and Dynamically Linked Libraries • Unix / Linux Shared Objects WHO SHOULD ATTEND: • CNO Analyst who have just started a CNO career • Exploitation Analysts needing operating system knowledge before attending exploitation courses • Novice Malware Analysts requiring a thorough understanding of how operating systems work COURSE DETAILS: • • • • 5 Days M-F 70% Labs, 30% Lecture teaching style Laptops are provided during the class Student will receive a link to download student materials after the course PREREQUISITES: • Attending students should have a thorough understanding of Microsoft Windows • Experience with VMWare software although not required would be beneficial COURSES THAT FOLLOW OPERATING SYSTEM FUNDAMENTALS: • Operating System Intrusion Analysis • Windows Internals DAY 1 AGENDA OPERATING SYSTEMS OVERVIEW • • • • • • • • • Definition Roles and Objectives – Layers of Computer Systems – OS Services – User Interface – Resource Management Basic Concepts – Interrupts – Input and Output Synchronous Asynchronous – Storage Mediums – Caching Evolution – Serial Processing – Simple Batch Systems – Multi-programmed Batch Systems – Time-Sharing Systems Kernel Designs – Kernel Definition and Responsibilities – Monolithic Design – Microkernel Design – Mode Bit (User vs. Kernel Mode) – Context Switching Achievements – Memory Management Schemes – Execution Contexts – Information Protection and Security – Scheduling and Resource Management – Modular Structures Modern O/S’s – Multi-threading – Symmetric Multi-Processing – Distributed OS – Object Oriented Designs – Windows OS – Architecture – Layout – Unix OS – Architecture – Layout PROCESSES AND THREADS • Process Creation and Termination Events • Process Models and States – Two State, Five State, Seven State Models – Blocked and Ready Queues – Suspended Processes • Processes and Resources – Process Image – Process Control Block • Context Switching • Process Control • OS Execution • Process versus Thread • Threading Benefits • Thread Operations – User Level Threads – Kernel Level Threads • Thread Implementation DAY 2 AGENDA PROCESSOR SCHEDULING • • • • • • • Reasons for Processor Scheduling – Response Time – Throughput – Processor Efficiency Types of Scheduling – Short Term Scheduling – Medium Term Scheduling – Long Term Scheduling Scheduling Models – Preemptive – Non-Preemptive Scheduling Algorithms – FCFS First Come First Served – Round Robin – Shortest Process Next – Shortest Remaining Time – Highest Response Ratio Next – Feedback – Fair Share Scheduling Traditional Windows Scheduling Traditional Unix Scheduling Multiprocessor Scheduling PROCESSOR DEADLOCK • • • • • Deadlock Definition – Consumable versus Reusable Resources Conditions for Deadlock – Mutual Exclusion – Hold and Wait – No Preemption – Circular Wait Deadlock Prevention – Indirect Method – Direct Method Deadlock Avoidance – Process Initiation Denial – Resource Allocation Denial Deadlock Detection INPUT / OUTPUT • • • • • • • I/O Devices – Human Readable – Machine Readable – Communication I/O Techniques – Programmed IO (PIO) – Interrupt Driven IO – Direct Memory Access (DMA) OS Design Issues for I/O I/O Buffering – Block Oriented versus Stream Oriented – Buffer Types Disk Scheduling – First-In-First-Out – Shortest-Service-Time-First – SCAN, C-SCAN policies RAID – Raid 0, 1, 2,3,4,5,6,10, 50, and 0+1 Disk Cache DAY 3 AGENDA MEMORY MANAGEMENT • • • • • • • • • • • • • • Memory Management Overview – Real versus Virtual Memory – Why do Memory Management – Memory Management Requirements Relocation Protection Sharing Logical Organization Physical Organization – Address Binding – MMU – Relocation Register – Dynamic Loading – Dynamic Linking – Overlays – Memory Fragmentation Memory Management Techniques – Fixed Partitioning – Dynamic Partitioning – Buddy System – Simple Paging – Simple Segmentation – Virtual Memory Swapping Replacement Policies – Optimal – Least Recently Used – FIFO – Clock Policy Translation Look-Aside Buffer Page Size Theory Page Cleaning Policies Unix Memory Management – Linux Page Directory – Clock Policy – 2 Handed Clock Policy Windows Memory Management – Paging – Available – Reserved – Committed DAY 4 AGENDA FILE MANAGEMENT SYSTEMS • File Types and Hierarchy (Record, Field, Data, Text) • File Operations – Copy, Move, List, Print, Load, Store, etc • File Directories • Logical View versus Physical View • File Access Methods – Sequential versus Random Access – Indexed Access • Physical File Storage – Contiguous – Non-contiguous • Linked • Indexed – Microsoft Dos FAT 12, 16, 32 – Microsoft NTFS – Unix I-Nodes • Free Space Management – Bit Map Method – Linked List Method • Secondary Storage – Tape – CD-Rom and DVD-Rom • Tree Structures – Acyaclic Directory Structures – Cycles • Hard Links versus Soft Links in Unix • Network File Access – FTP – NetBios / SMB – CIFS, SAMBA – NFS • Unix file protection bits – Owner, Group, Everyone protection bit masks Security and Protection • Password Protection – Unix Shadow File – Windows SAM File DAY 5 AGENDA DAY 4 AGENDA CONTINUED • Threats to the OS – Trojan Horse, Back Doors, Worms, Viruses, • Buffer Overflows, Boot Sector Viruses, Worms Cryptography add-ons • Unix Security – Inet-D – NIS – NIS+ – PAM’s • Windows XP Security – User Accounts – Security Tokens – Executive Security Reference Monitor – Networking Domains • Windows Vista Security – Services Hardening – Windows Defender – IE 7, 8 – Vista Firewall – Network Access Protection – Consent Prompting – Trusted Computing Module Support – Bit-Locker STUDENT PRACTICAL DEMONSTRATION: Students are given 47 tasks to complete using the knowledge, skills, and abilities taught from the 4 days of class. Areas challenged in Windows, Linux, Unix, and MAC include: • • • • Process and Thread Management Input / Output statistics Memory Management observation and research File and Directory Operations using the Command Shell • Reviewing Disk Allocation • User and Group Administration COURSE LABS Day 1 – Observing the User Mode / Kernel Mode Switch – VMWare and Operating System Familiarization – Observing Threads in Microsoft Word – Viewing and Modifying Processes and Threads in Win dows, Linux, Solaris and Mac OS Day 2 – Processor Scheduling Worksheet – Visualizing Process Starvation – Adjusting Process Priorities in Windows and Linux – Observing Processor Deadlock – Simulating Processor Deadlock and Manual Intervention – Windows System Information Tool – Input / Output Worksheet Day 3 Day 4 – Visually Observing Windows Memory Mapping – Windows Pre-Fetch Lab – Windows and Linux Page Fault Monitoring – Watching Windows Memory Management in Action – Watching Linux Memory Management in Action – File and Directory Operations through the Command Shell (Windows and Unix) – Windows Alternate Data Streams – Dumping the Windows NTFS Master File Table – Observing and Navigating Windows Hard Disk Clusters – Linux I-Nodes – Windows and Unix User / Group Administration www.focal-point.com Toll free: (800)-969-7770