Your browser doesn't support the features required by impress.js, so you are presented with a simplified version of this presentation.
For the best experience please use the latest Chrome, Safari or Firefox browser.
CIS 527
Services, Software & Security
Services
- Programs that run in the background on an operating system
- Performs many important functions automatically
- Consumes system resources
Services Management
Service Properties
Startup Types
- Automatic - Starts at system boot
- Automatic (Delayed) - Starts shortly after system boot
- Manual - Starts only when needed
- Disabled - Will not start/run at all
Windows 10 Pseudo Accounts
- LocalSystem - system-level tasks & services
- LocalService - fewer rights than LocalSystem
- NetworkService - fewer rights than LocalService, but allows network access
Services Recovery
Recovery Options
- Take No Action
- Restart the Service
- Run a Program
- Restart the Computer
Important Services
- Computer Browser - Network file sharing
- DHCP Client & DNS Client - Network addressing
- Microsoft Antimalware Service
- Performance Logs & Alerts
- Print Spooler
- Windows Update
Service Host Process
- svchost.exe
- Process that runs a number of system services
- Helps conserve system resources (1 process instead of many)
- Targeted by malware & viruses
Linux Services - daemons
- Daemons run as background processes in Linux
- Usually started by the init process at boot
- Managed by systemd on most distros
- Process names typically end in 'd'
Starting Linux Services - init
- The init process is loaded first
- It then loads the services for a particular runlevel
- See /etc/init.d/ and /etc/rc*.d/ directories
Starting Linux Services - Upstart
- Currently in use in Ubuntu 14.04
- Allows services to be started based on events
- "greedy" loading
- Can monitor and restart services
- Very similar to Windows Service Management
Starting Linux Services - Systemd
- Implemented in Ubuntu 15.04+
- "lazy" loading
- Can monitor and restart services
- Very similar to Windows Service Management
Linux Daemon Commands
- init
- sudo /etc/init.d/apache2 start
- start, stop, reload, restart, status
- Upstart
- sudo service ufw start
- start, stop, status
Linux Daemon Commands
- Systemd
- sudo systemctl start ufw
- start, stop, reload, status
Processes
- Computer program being executed
- May contain multiple threads of execution
- Consumes resources such as memory & processing time
Task Manager
Process Information
- PID - Process ID
- Memory Usage - Process ID
- Description - Process ID
- Image Path - Process ID
- Command Line - Process ID
- Ports - Network Socket Ports
Ubuntu System Monitor
Ubuntu Processes - top
Windows Software Architecture
- Executable Image (.EXE)
- Dynamic Link Library (.DLL)
- Initialization File (.INI)
- Registry Keys
- Drivers
- Services
Executable Image (.EXE)
- Contains the actual executable code for an application
- May also contain resources, graphics, fonts, etc.
- Based on the old Unix COFF (Common Object File Format)
Dynamic Link Library (.DLL)
- Shared library files used by programs
- Uses same format as .EXE file
- Programs can access same .DLL files simultaneously
Initialization File (.INI)
- Informal standard for configuration files
- Used extensively in Windows up to Windows ME for system & software settings
- Structured text files
Registry Keys
- Structured data storage for system settings
- Key <-> Value pairs
- Faster loading of settings
- Allows multiple users to use a system simultaneously
Windows Software Install Process
- Extract/expand files
- Place files in location
- Create registry keys
- Install drivers/services
- Create user data files
- Create shortcuts
Tracking - Process Monitor
Tracking - InstallWatch Pro
Installing - Thunderbird
Ubuntu Software Architecture
- Binary Files
- Shared Object Files (.SO)
- Library Files
- Settings Files
- Documentation Files
- Upstart/Systemd/init scripts
Binary Files
- Contains the executable code for the application
- Uses the ELF (Executable and Linkable Format)
- Commonly used in many Unix-like systems
- Usually stored in /bin folder
Shared Object & Library Files
- Shared information or code used by multiple programs
- Install once, use everywhere
- May have to store multiple versions for different programs
- Usually stored in /usr/lib
Settings Files
- Configuration files used by programs
- Text based, similar to .INI files
- Usually stored in /etc for system-wide settings or in a hidden folder in ~/ (like ~/.thunderbird)
Documentation Files
- Stores information about the software
- Responds to 'man' command on terminal
- Usually stored in /usr/share folder
Ubuntu Package Management
- Most software installed via "packages"
- Packages are provided from a repository
- Programs such as Synaptic or apt can install packages
- Programs can also be installed from source
Ubuntu Software Commands
- apt-get install (package)
- apt-get update
- apt-get upgrade
- apt-get dist-upgrade
- auto-apt run (command)
- dpkg-reconfigure (package)
Ubuntu Software Install Process
- Extract/expand files
- Place files in location
- Create user data files (usually on first run)
- Create startup scripts
Tracking - Synaptic
System Security
- Install system updates
- Install antivirus software
- Configure firewall
- Set up users and passwords
Principle of Least Privilege (PoLP)
- Only allow access to programs and data to users who have a legitimate need
- Do work on an account with limited permissions
- Use an administrator account only when needed
- Protect files restrictively
Assignments
- Lab 1 - Building Secure Workstations: Due Monday Feb 1st by 11:30 AM