ONIAZ UBLICATIONS: Course Code : MCS-022 Course Title : Operati Management ‘Assignment Number : BCA(VI)/022/Assignment/2023-24 Maximum Marks : 100 Weightage : 25% www.ignousite.com Last Date of Submission : 31st October, 2023 (For July, 2023 30th April, 2024 (For January, 2024 Session) System Concepts and Networking Note: Ths ass gnmert only for students, not for sll or re-upload any media or website. Allright reserve to IGNOU Study Helper’ fis legal to share or reupload it \Farything like thsi found, then appropriate action willbe taken and apply copyright ACT to you. You il be responsible for legal work. So don't share and upload on any media, Q1. (a) Explain two approaches used to improve system performance by overlapping input, output and processing in CPU. Ans. To improve system performance by overlapping input, output, and processing in the CPU, two common approaches are pipelining and multi-core processing, Let's explore each approach: ‘LPipelining: Pipelining is @ technique used to improve CPU performance by breaking down the execution of instructions into a series of sequential stages. Fach stage performs a spetific operation on the instruction, and multiple instructions are executed simultaneously by processing them through different stayés of the pipeline. This overlapping of tasks allows the CPU to achieve higher throughput and efficiency. The pipeline stages typically include instruction fetching, decoding, execution, memory acess, and write-back. As One Instruction proceeds to the next stage, the CPU fetches the next instruction from memory, effectively overlapping the processing of multiple instructions. Advantages of Pipelining: ‘+ Improved throughout: Multiple instructions can be in various stages of execution simultaneously, which increases the number of instructions completed per clock cycle. Better resource utilization: The CPU resources are better utilized as aach stage ofthe pipeline is continuously occupied, reducing ide time. Limitations of Pipelining: © Pipeline stalls: Dependencies between instructions (data dependencies or control dependencies} can cause stalls, where a laterinstruction must wait for a previous instruction to complete before it can proceed. This can reduce the performance gain from pipelining Branch prediction misses: Incorrectly predicted branches can lead to pipeline flushes, wasting cycles and reducing performance. 2.Multi-core processing: Multi-core processing involves integrating multiple processor cores on a single chip. Each core functions as an individual processing unit capable of executing instructions independently. By having multiple cores, the CPU can handle multiple threads or tasks simultaneously, enabling parallel processing and improved system performance, Modern CPUs often come with multiple cores, such as dual-core, quad-core, or even more. These cores can handle separate threads simultaneously, allowing the CPU to perform more wark in parallel Advantages of Multi-core Processing: Ignou Study Help Sunil Poonia Page 1pon ONIAZ 4 ee Touoy Srey HeLPee UBLICATION®. Naor Sumi Pooula ‘+ Increased parallelism: Multiple cores can handle different tasks simultaneously, improving the overall system performance and responsiveness. * Lower power consumption: Multi-core processors can be more power-efficient than single-core processors because ‘they can distribute the workiosd across cores, allowing each core to operate at a lower frequency. Limitations of Multi-core Processing: # Not all tases henafit fram parallelism: Some tasks are inherently sequential and cannot he split into multiple threads, limiting the potential performance improvement of multi-core processors for certain applications. © _Inter-core communication: In some cases, tasks may need to communicate with each other, and managing this communication can introduce overhead. (b) Explain the characteristics of multiprocessor operating system. Ans. A multiprocessor operating system, also known as a multi-core operating system or multiprocessing operating system, is designed to efficiently utilize and manage multiple CPU cores or processors in a single computer system. These operating systems are specifically tailored to take advantage of the parallel processing capabilities provided by multiple processors, improving system performance and resource utilization. Z, ety Here are the key characteristics of amultiprocessor operating systems). # BE Noe 1. Parallel Processing: The primary characteristic of a multiprocessor 0$ ists ability to execute multiple tasks or processes in parallel across multiple CPU cores. This allows the operating system to perform tasks simultaneously, increasing overall system throughput and responsiveness. 2. Load Balancing: & multiprocessor 0S employs load balancing techniques to distribute tasks evenly across the available CPU cores. it ensures that no core is overburdened while others remain idle, thereby optimizing the utilization of system resources. 3. Process Synchronization: As multinle processors work concurrently, the operating system needs to manage process synchronization to avoid conflicts and ensure data integrity. Techniques like semaphores, mutexes, and barriers are used to synchronize access to shared resources among multiple processes. 4, Scalability: Multiprocessor operating systems are designed to scale efficiently with the number of CPU cores. As the system grows with more processors, the OS caq effectively manage the increasing complexity and maintain optimal performance: 5. Inter-Processor Communication (IPC); Communication between different processors is vital for collaboration and coordination. A multiprocessor 0S includes mechanisms for efficient IPC, such as message passing, shared memory, or inter-process communication channels. 6. Kernel-level Threading: Multiprocessor operating systems often support kernel-level threading, where the kernel can schedule and manage multiple threads on different processors directly, This reduces the overhead of context switching and enhances performance, 7. Thread Affinity: Some multiprocessor 05s provide thread affinity, a feature that allows certain threads to be bound tw specific CPU cores. This wan 8. Fault Tolerance: Multiprocessor operating systems may incorporate fault-tolerant mechanisms to ensure system stability and reliability. For example, redundancy in critical components can provide failover capabilities in case of hardware or software failures. 9. Priority Management: The OS needs to manage task priorities to ensure that essential tasks are given higher precedence, preventing resource starvation and ensuring smooth operation. wee anid Feduce Contention fur shared resourses, prove Cathe pe fun Page 2ONIAE ge iam rant UBLICATIONS. Naat SUNIL PooMlA 10. Power Management: Multiprocessor OSs often include power management features to optimize energy consumption and thermal performance; ensuring that cores are activated or deactivated based on workload 2. (a) What is Token Ring? How does it work? Differentiate between token ring and token bus. ‘Ans. Token Ring: Token Ring is a networking technology that was commonly used in local area networks (LANs) during the 1980s and 1980s. It is based on the concept of a token passing protocal, where a special control frame called the "token" circulates around the network, allowing devices to transmit data when they possess the token. How Token Ring Works: 1. Token Circulation: in a Token Ring network, all devices are connected in a logical ring topology. The token circulates around this ringin a unidirectional manner. When a device has data to transmit, it waits for the token to arrive at its position in the'ring. 2. Data Transmission: When a device has the token, itis granted permission to transmit data, The device places its data frame onto the network, and the frame travels around the ring, passing through each connected device in sequence until it reaches the destination device. 3. Token Release: Once the data frame reaches its intended recipient, that device removes the data fromthe frame and releases an empty token back onto the ring. The token then continues to circulate, making tt available for the next device to use for transmission. 4. Priority and Contention: Token Ring uses a priority system to determine which device gets ta transmit firstwhen multiple devices have data to send. Devices with higher priority can gain access to the token more quickly. Additionally, Token Ring avoids dat’ collisions since only one device can possess the token and transmit at a time. oie beeen Toke ig and Toba fe Ltoptoy ey * Token Ring: Token Ring networks use a logical ring topology, where devices are connected in a closed loop. * Token Bus: Token Bus networks use a logical bus topology, where devices are connected in a linear bus arrangement. 2Direction of Data Transmission: * Token Ring: Data transmission in Token Ring networks unidirectional, following the logical ring path ‘+ Token Bus: Data transmission in Token Bus networks is bidirectional, traveling along the shared bus in both directions. 3.Token Passing Mechanism: # Token Ring: Token Ring networks use a token passing protocol, where a special token circulates among devices to control data transmission, + Token Bus: Token Bus networks use a token reservation mechanism, Devices request access to the token before they transmit data, and if eranted, they ean transmit data on the shared bus. 4.Data Collision Handling: Token Ring: Token Ring inherently avoids data collisions since only one device can possess the token at a time, ensuring orderly data transmission. Token Bus: Token Bus can experience data collisions if multiple devices attempt to transmit at the same time. The ‘token reservation mechanism helps to reduce collisions, but they can still occur in heauy traffic situations. Page 3ONIAZ UBLICATIONS 5.Popularity and Adoption: * Token Ring: Token Ring was widely used in the past but has since been largely replaced by Ethernet due to its more straightforward implementation, higher speeds, and lower cost. ‘+ Token Bus: Token Bus was less popular than Token Ring and never gained widespread adoption. Ethemet also became the dominant choice for bus-based LAN. (b) What is meant by Trust Relations! relationships. ‘Ans. Trust relationship: Trust relationship refers to the establishment of mutual trust between different entities, typically between systems, domains, or users, It enables secure communication and resource sharing, allowing entities to rely on each other's authentication and authorization mechanisms, Trust relationships are crucial in multi-domain environments, where Users from one domain need to access resources in another domain securely #2 Discuss the role of Kerberos and Domain controller in maintaining trust Kerberos and Domain Controllers play essential roles in establishing and maintaining trust relationships in a Windows-based network environment: Kerberos: Kerberos is a network authentication protocol designed to provide secure authentication for users and Services over'a non-secure network, such as the internet or an intranet. It is widely used in Windows-based networks andis the default authentication protocol for Active Directory. sruor *, How Kerberos Works: Aes + Authentication: When a user logs iti #018 domain joined computer, the computer requests an authentication token called a Ticket Granting Ticket (TGT) from the Key Distribution Center (KDC), which is a component of the Domain Controller (DC). The TGT is encrypted with the user's password. + Ticket Granting Service (TGS): When the user needs to access a network resource, the computer requests a service ticket from the KDC. The TGS is encrypted with a session key derived from the TGT. + Mutual Trust: The Domain Controller and the client both trust the Kerberos authentication process. The TGT and TS are exchanged securely, allowing the clientto access network fésouirées Without revealing the user's password. Domain Controller (DC):A Domain Controller is a server responsible for managing user authentication and authorization in a Windows domain. it holds a central database of user accounts, passwords, and security policies. Domain Controllers also act ‘as KDCs for the Kerberos authentication process. Role of Domain Controller in Maintaining Trust Relationships: * User Authentication: Domain Controllers authenticate users who log in to domain-joined computers by verifying their credentials against the domain's user database. ‘© Trust Verification: When a user from one domain needs to access resources in another domain, the Domain Controller in the user's domain establishes a trust relationship with the Domain Controller in the target domain. This allows the user's credentials to be verified in the target domain, '* Authorization: Domain Controllers determine the user's access rights and permissions based on group memberships and security policies defined in the Active Directory. Page 4ONIAZ E-1+ TOMou Stu Here UBLICATIONS. nf SUNIL POONA Q3. (a) Describe the pre-installation checks and information gathering that need to be carried out before installing LINUX en a computer Ans. Before installing Linux on a computer, it's essential to perform pre-installation checks and gather necessary information. to ensure a smooth installation process and compatibility with the hardware and software environment. Here's a step-by- step guide for the pre-installation checks and information gathering: ‘Verify Hardware Compatibility: * check the minimum hardware requirements forthe Linux distribution you plan to Install, Ensure that your computer meets or exceeds these requirements iri terms of CPU, RAM, disk space, and graphics capabilities. ‘+ Ensure that essential hardware components such as CPU, motherboard, network card, graphics card, and storage devices are compatible with Linux. Look for hardware that has good driver support for your chosen Linux distribution. 2.Backup Data: * Before proceeding with the installation, back up all critical data on your computer to prevent dataloss in case something goes wrong during the installation process. 3.Choose a Linux Distribution: © There are numerous 1ux distributions available, each with its own characteristics and features. Decide on the distribution that best suits your needs and level af expertise, Popular choices include Ubuntu, Fedora, Debizn, et CentOS, and more. ts fey 4.Download the Installation Image: Nee * Once you've chosen a Linux distribution, download the appropriate installation image (ISO file) from the official ‘website of the distribution or a trusted mirror site, Make sure to choose the correct architecture (32-bit or 64-bit) based on your computer's hardware. 5.Create Installation Media: ‘+ Burn the downloaded IS0 file to # DVD or create'a bootable USB flash drive using tools like Rufus or Etcher. This will be used to boot the computer and initiate the installation process. 6.Verify installation Media: * After creating the installation media, verity its integrity by checking the checksum or using tools ike “mdSsum" or "sha256sum" to ensure that the downloaded file is not corrupted. 7.Check UEFI/BIOS Settings: + Ensure that your computer's UEFI/SI0S settings are configured to boot from the installation media (DVD or USB). I you're using UEF|, disable Secure Boot if your Linux distribution doesn't supportit. 8.Check internet Connectivity: * Ifyou pian to install additional packages or updates during the installation process, make sure you have a stable internet connection to download the required files. 9.Gather Network Information: * Note down your computer's network configuration, such as IP address, subnet mask, gateway, and DNS settings, in case you need to configure them manually during or after the installation. Page 5SPt ONIAE ets Tony Suny Hezee UBLICATIONS Nac? Sumi Paawia 40.Gather Paritoning Information Plan the ds partitioning chee besed on your requirements Decide whether you wan to use the entire dst for Linoe or duekboot with another operating system Make sure to back up any dat on existingpattions you wish to keep. ‘11.Gather User Account Information: ‘* Decide on the root password and create anon-root user account with administrative privileges. Note down the sername and password for later use. 12.Secure Boot and TPM: + Hf your system has Secure Boot and TPM (Trusted Platform Module}, ensure you understand how to handle them during the installation process, as they can impact Linux installation and compatibility. By performing these presinstallation checks and gathering the necessary information, you Can ensure a successful Linux installation and minimize potential issues during the process. (b) Differentiate between absolute and relative path names, along with an example of each. Ans. Absolute and relative path names are two ways to specify the location of a file or directory in a file system, They help in identifying the exact location of a file or directory in relation to the root of the file system of the current working directory. Absolute Path: An absolute path specifies the complete and exact location of a file or directory in the file system, starting from the root directory. It includes the entifé path from the root directory to the target file or directory, regardless of the current working directory. Absolute paths always begin with the root directory symbol ("/" in Unix-like systems and "in Windows). Example of an Absolute Path: Suppose we have the following directory structure: sr jome\user\documents\report.txt fe The absolute path to the "report.bxt" fle would be: “femamye nome/user/documents/report txt (Uncle Systems) CAhome\user\documents\report.txt (Windows) Relative Path: & relative path specifies the location of a file or directory relative to the current working directory. It does not start from the root directory but relies on the context of the current location. Relative paths are more concise and can be useful when you need to refer to files or directories within the same directory or within a known folder structure. Example of a Relative Path: Continuing with the same directory structure, let's assume the current working directory is "fhome/user/documents/." The relative path to the "report.txt file from this location would be: Jteport:txt. (Unix-like systems) \report-txt_ (Windows) Note that the dot (,) represents the current working directory in both Unix-like systems and Windows Page 6Pt ONIAZ 5s Hono Suny Hevea UBLICATIONS. Nua? Sumit Paowa Q4. Answer the following ques 's related to Linux comman {a) Is desired to create a file in LINUX called "newfile" that consists of the last 15 lines of a file "filer followed by the last 6 ile". Both "filet" and “file2" already exist. Write the sequence of commands in LINUX to achieve this 's of the last 15 lines of a file "file1" followed by the last 6 lines of a file “file2," you can use the following sequence of commands: lines of a file ‘Ans. To create a file in Linux called "newfile" that cor 4 Get the last 15 lines from file1 and save them in newiile Lalla 15 fled 2 newhile 4 Get the last 6 lines from file2 and append them to newfile tail-n 6 file2 >> newfile (b) Write the LINUX command to change the password of a user called "SOCIS" to "E93dflkN#", Who can run this command? Ans. To change the password of a user called "SOCIS" to "E93df!kN#", you can use the following command: sudo passwa SOCIS ‘The passwd command Is typically run by the rvot user or # user witti Sudo privileges. It prompts you tw enter the new password twice for verification. fees HA? (c) Write the LINUX command to find the nunfiber of users currently logged into the system? yi" 4 Ans. To find the number of users currently logged into the system, you can use the who command: who | we-1 The who command displays information about currently logged-in users, and wc-| counts the number of lines in the output, which corresponds to the number of logged-in users. (d) Write the LINUX command to take a text file named “source-file".as input and circularly shift every small case letter forward by 5 characters, such that "a" becomes "f", "2" becomes "e” and so on, but"A", "3", "$” and other such characters are left unchanged. Ans. To take a text file named "source-file” as input and circularly shift every lowercase letter forward by 5 characters, you can use the tr command in combination with the echo command and command substitution’ cat source-file | tr'a-2' 'fza-e' > output file In this command, tr's-2' f-za-e' translates each lowercase letter to the corresponding letter that is 5 positions forward in the alphabet (circularly). Characters other than jowercase letters remain unchanged. The output is redirected to anew file named “outputfile.” QS. (a) What Is the Active Directory in Windows 2000? Describe, with the help of a diagram, the logical structure of the Active Directory. ‘Ans. Active Directory is a centralized and hierarchical directory service used in Windows 2000 and subsequent Windows operating systems. It functions as a distributed database that stores and manages information about network resources, including user accounts, computers, groups, printers, and other network components. Active Directory provides a single point Page7ONIA: ets Tony Suny Hezee tenes | Ngo? Sumlk Poowla of management for network resources and allows administrators to define and enforce security policies, permissions, and access controls across the network. Logical Structure of Active Directory: The logical structure of Active Directory is organized as a tree-like hierarchy, similar to the structure of a domain name system (DNS). it consists of several key components, each serving a specific purpose. The logical structure can be represented using a diagram: Domain [| Organizational Units User Computers Groups Printers Explanation of the Components: L.Domain: ‘The top-level component of the Active Directory logical structure is the domain. A domain is a logical group of network resources that share a common security Boundary. It typically represents an organization or a distinct administrative boundary within the network. '* Each domain has a unique domain name, and user accounts and computers within a domain have a domain-specific suffix (e.g.; “example.com"). Domain controllers, which are servers running Active Directory services, store and replicate the directory data within each domain. 2.Organizational Units (OU): * Organizational Units (OUs) are containers within a domain that are used for organizing and managing network resources. OUs provide a way to create a logical structure within a domain to reflect the organization's hierarchy. + OUs areused to group related objects, such as users, computers, and groups, for easier management. Us can contain other OUs, creating a hierarchical structure that reflects the organization's structure, 3.Users, Computers, Groups, Printers, et + Within each Organizational Unit (QU), Various types of network objects are stored. These objects include user accounts, computer accounts, groups, printers, and other resources that are part of the network, # User accounts represent individual users who can log in and access network resources * Computer accounts represent the computers that are members of the domain, * Groups are used to organize users and computers for the purpose of applying permissions and access controls. * Printers represent network printers that are shared and accessibie to users within the domain. Page Bpan ONIAE ge law rant co EP svane Pocus Active Directory provides a highly scalable and flexible logical structure that allows organizations to manage their network resources efficiently. By organizing resources into damains and OUs;administrators can apaly group policies, permissions; tmnd access control tn specific groups of users and computers, making network mandgernent mort: managesble:and sera: (b) Differentiate the rote and responsibilities of user mode and kernel mode of windows 2000 system. ‘Ans. In Windows 2000 [and other Windows operating systems), the operating system operates in two distinct modes: user mode ond kernel mode. Each mode serves specific roles ond responsibiltics and hes different levels of privilege and access to system resources, Let's differentiate the role and responsibilities of user mode and kernel mode: Z, mt User Mode: Qromen gh © Role: User mode is the mode in which most applications and user-level processes run. When $@8er launches a program or apalication, it operates in user mode. + Responsibilities: In user mode, applications have limited access to system resources and can only perform actions that are permitted by the operating system. They cannot directly access hardware or interact with sensitive parts of the system. + Privileges: User mode provides a restricted environment where applications are isolated from each other and the ity cate operating systam Applications fun with lower priv and cers breaches. * User Interface: User mode processes interact with users through the graphical user interface (GUI) or command-line interface (CLI). They perform tasks like cunning applications, managing files, and interacting with the user: 126; Fecucing the rick Af cystom inctahi Kernel Mode: * Role: Kernel mode, also knawn as supervisor mode or privileged mode, is the most privileged mode of the operating system. itis reserved for the core components of the operating system and device drivers. Kernel mode manages and controls hardware resources and provides services to user mode applications. + Responsibilities: In kernel mode, the operating system has full access to system resources, memory, and hardware. It can execute privileged instructions and perform critical tasks such 2s memory management, process scheduling, and handling hardware interrupts. + Privileges: Kernel mode processes have full control over the system and can execute privileged instructions, which may have a significant impaction the stability and security of the system. * Device Drivers: Device drivers, essential for communication with hardware devices, run in Kernel mode. These drivers enable the operating system to communicate with peripherals lke printers, graphics cards, and network adapters. Interaction between User Mode and Kernel Mode: When a user initiates an action through an application running in user mode, the application may need access to system resources or perform privileged operations, To accomplish this, it sends a request to the operating system. The operating system, operating in kernel mode, evaluates the request, validates its legitimacy, and, if permissible, performs the requested operation on behalf of the user mode process. The results are then returned to the application in user mode. Q6. (a) Write a shell script which will generate the list of users along with details of files those are created /modified by the respective user during the specified time. ‘Ans. To generate a list of users along with details of files created or modified by each user during a specified time, you can Use a shell script that utilizes the find command and some text processing, The script will take two arguments: the start time and end time for the search Ignou Study Helper Page 9ONIAZ UBLICATION? Here's @ sample shell script bash: Al/bin/bash 44 Check if two arguments (start time and end time) are provided if[ $#-ne2 J; then echo "Usage: $0 " ext fl start_time=S(date -d "$1" 1%") # Convert start time to epoch timestamp end_time=$(date -d "$2"#"%s") _# Convert end time to epoch timestamp #4 Function to process files and print user details process files) ( user=$1 stor, fies=$2 fet echo "User $user” echo “Files created or modified between $1 and $2:" echo “Sfiles* echo" * ff Loop through all users for userin S(cut -d:- /ete/passwd); do files: 11 Find files created or modified by the user within the specified time ‘while IFS= read -rline; do file timestamp=$(date-d "S(echo "sine" | cut-d'*11,2)" +"%s!) IF I $flle_timestamp -ge $start_time && Sfile timestamp le Send _time |]; then (echo "Sine | cut-d done < <(find / -type f-user "Suser"-printf" Th %6Td TH:ISTM Yp\n" 2>/dev/oull) # Print user details and files if [-n "Sfiles" J; then process files "Suse fi done Save the script into a file (e.., file_details.sh) and make it executable with the command: Ignou Study Help Sunil Poonia Page 10ONIAZ UBLICATION® chmod +x file_details.sh Then, you can run the script with the desired start and end time as arguments: 9" ‘file_details.sh "2023-08-01 00:00:00" "2023-08-05 2: (b) Differentiate between LAN, MAN and WAN in terms of size, protocols, access mechanism, hardware devices and switching methods. Ans. LAN (Local Area Network), MAN (Metropolitan Area Network), and WAN (Wide Area Network) are different types of networks based on their size, coverage area, protocols, access mechanisms, hardware devices, and switching methods. Let's differentiate between them: Size and Coverage Area: + LAN: LANs cover a relatively small geographical area, typically confined within a building, campus, ora group of nearby buildings. The coverage area can range from a few meters to a few kilometers, ‘© MAN: MANs cover a larger geographical area than LANs but are stil confined to a specific city or metropolitan area The coverage area can extend from a few kilometers to tens of kilometers, © WAN: WANS cover vast geographival areas, often spanning aeross countries or cofitinents, They connect multiple cities, states, or countries. Protocols: * LAN: LANs commonly use Ethernet and Wi-Fi (IEEE 802,11) protocols for wired and wireless connections, respectively. + MAN: MANS can use technologies like Asynchronous Transfer Mode (ATM), SONET/SDH (Synchronous Optical 1g/Synchronous Bigital Hierarchy), and Ethernet. + WAN: WANS use a variety of protocols, including Point-to-Point Protocol (PPP), Frame Relay, Multiprotocol Label ‘Switching (MPLS), and Internet Protocol (IP) for data transmission over long distances. ‘Access Mechanism: + LAN: In LANs, devices are typically connected through switches or hubs, providing high-speed and low-latency connections among devices. + MAN: MANsmay use a combifiation of'switches and routers to manage traffic flow and provide connectivity between different areas within the metropolitan region, + WAN: WANs use routers to connect geographically distant locations over various communication links lke leased lines, fiber-optic cables, and satellites. less hardware Devi ey * LAN: LANs employ network interface cards (NiCs) tor devices to connect to the network, along with switches, hubs, and routers for network connectivity and management. 1+ MAN: MANIs use similar hardware davieds a8 LANs, such as switches, routers, and network cables, but on 3 larger scale to cover the extended geographical area, + WAN: WANs require additional hardware devices such as modems, multiplexers, and CSU/DSUs (Channel Service Unit/Data Service Unit) for connecting to telecommunication services Page 11ONIAZ UBLICATIONS Switching Methods = LAN: LANs use technologies like Ethernet switching (store-and-forward or cut-through) for high-speed data transfer within the local network ‘* MAN: MANs use similar switching methods as LANs, including Ethernet switching for data transfer over the metropolitan area, «WAN: WANS employ packet switching and ccult itching methods, depending on the typeof service and the distance between locations. 7. (a) What are the security services provided by IPsec? Disciiss the two IPsec components in WINDOWS 2000. Also explain the policy options for |Psec implementation. ‘Ans. IPsec (Internet Protocol Security) is a suite of protocols used to provide security services for IP communications. it ensures confidentiality, integrity, and authenticity of data transmitted over IP networks. IPsec is commonly used to establish Virtual Private Networks (VPNs) and secure communication between network devices, The security sefvices provided by IPsec include: Authentication Header (AH): + Authentication: AH provides data integrity and authentication. It ensures thot the dato has not becn altered during. ‘transmission and that the sender isa valid entity. AH uses eryptozraphic algorithms, such as HIMAC (Hash-based Message Authentication Code), to generate a hash and add it to the IP header, protecting the payload from ‘tampering. h ay 2.Encapsulating Security Payload (ESP): ey * Encryption: ESP provides data confidentiality and can encrypt the payload of the IP packet. This ensures that the data is secure from eavesdropping during transmission. ESP supports various encryption algorithms, such as AES {Advanced Encryption Standard), 3DES (Triple Data Encryption Standard), and DES (Data Encryption Standard). Windows 2000 introduced IPsee.as a built-in feature to provide network security. The two IPsee components in Windows 2000 are: ‘LIPsec Policy Agent (Policy Agent): The IPsec Policy Agent is a service responsible for managing IPsec policies on the computer. It reads, interprets, and applies the IPsee policies defined for communication with specific network peers or IP addresses, ‘+ The PolicyAgent is responsible for implementing IPsec policies, which include the selection of security methods {e.g., ‘AH or ESP), cryptographic algorithms, and key management, 24Psec Driver (IPsecDrv}: ‘+ The IPsec Driver is a kernels mode driver responsible for implementing IPSec security services. It handles the actual processing of sec packets, including the encapsulation of data, authentication, and decryption when necessary. + The IPsec Driver isa critical component of the Windows 2000 IPsee architecture, as it ensures that IPsec services are applied to network traffic at the kernel level. Policy options for IPsec implementation in Windows 2000 include: Page 12ONIAZ esi Toney Stuer Henee uBLicaTion® EP Suu Pocus '* Filter lists are sets of rules used to define which traffic should be protected by IPsec. A filter list includes information such as the source IP address, destination IP address, protocol, and port numbers. It determines which traffic should be subject to IPsec processing, 2.Security Associations (SA): * Security associations define the security parameters for a particular flow of traffic. Each SA specifies the security method (AH or ESP], cryptographic algorithms, and keys to be used for data authentication and/or encryption. 3.Connection Security Rules: * Connection security rules are used to specify the IPsec Settings that should be applied to specific network connections. These rules define which filter lists and security associations to use for inbound and outbound traffic. 4.Key Management: * Windows 2000 uses the Internet Key Exchange (IKE) protocol to manage keys and establish security associations dynamically. IKE negotiates security parameters and exchanges keys securely to set up IPsec Communication between, devices, (b) List and deseribe various security features in WINDOWS 2060 0/8. os ‘Ans. Windows 2000 introduced several security features to enhance the protection of the operating system and Its resources. Here are some of the Key security features in Windows 2000: User Accounts and Password Policies: Windows 2000 introduced the concept of local and domain user accounts. User accounts are used to control access to the system and its resources, Password policies can be enforced, including minimum password length, password complexity requirementsyand password expiration. 2.Access Control Lists (ACLs): ACLs are used to control permissions for files, folders, and other objects in the file system, Windows 2000 allows fine-grained access control, defining who can access, modify, or delete specific resources. 3.Group Policies: Group Policies enable administrators to manage security settings and configurations for groups of users and computers in a centralized manner. Group Policies help enforce security standards across the network 4 Secure Logon: Windows 2000 introduced secure logon methods, including Kerberos authentication for domain-joined computers. Secure logon mechanisms protect against various attacks, such as replay attacks. 5.Enerypting File System (EFS); EFS allows users to encrypt thelr files and folders to protect sensitive data from unauthorized access. Encrypted files can only be decrypted by the user who encrypted them or designated recovery agents. 6.System File Protection (SFP): SF? prevents critical system files from being replaced or modified by unauthorized programs or users. It helps maintain the integrity of the system, 7.Anternet Protocol Security (IPsec): As discussed earlier, IPsec provides authentication, integrity, and encryption for network communication to ensure secure data transmission 8.Software Restriction Policies: Software Restriction Policies (SRP) allow administrators to control which applications can run ona system, This helps prevent the execution of malicious or unauthorized software. Page 13Foes Town Srupy Mere ONIA; a 5 Coord E27 suuie Pocus ing and Event Logging: Windows 2000 includes extensive auditing capabilites to track security-related events, such as jes for security analysis SAU logon attempts, file access, and user management actions. Event logs record these acti 10,Security Configuration and Analysis: Windows 2000 offers the Security Configuration and Analysis tool, which allows administrators to compare the system's security configuration against a predefined security template to identify potential security vulnerabilities. 11, Remote Access Security: Windows 2000 provides secure remote access capabilities. such as Virtual Private Networking (VPN) using PPTP (Point-to-Point Tunneling Protocol) and L2TP/IPsec to ensure secure communication over public networks. 12.Active Directory Security: Windows 2000 introduced Active Directory, which includes robust security features for managing user accounts, group policies, and access to network resources. These security features in Windows 2000 help administrators and users safeguard the operating system and network environment from vafious security threats and ensure the confidentiality, integrity, and availabilty of data and resources. QB. Write short notes on the following: (a) NTFS (b) Packet switching. (c) EFS services sTU0y (@) Firewall fey nea — Ned (a) NTFS (New Technology File System); NTFS is a file system introduced by Microsoft with Windows NT 3.1 and later versions, including Windows 2000. Its the default file system used in modern Windows operating systems due to its advanced features and improved performance over the older FAT(File Allocation Table) file system. Key features of NTFS includ + File and Folder Permissions: NTFS supports access control lists (ACLs), allowing fine-grained permissions to be set on files and folders for different users and groups. + File Compression: NTFS provides built-in file compression, allowing users to save disk space by compressing individual files or entire folders. + Encryption: NTFS supports the Encrypting File System (EFS), which allows users to encrypt sensitive files to protect them from unauthorized access. * Disk Quotas: NTFS enables administrators to set disk space quotas for users, ensuring fair disk usage across the system, * Journaling: NTFS uses a journaling file System, which helps recover the file system quickly in case of unexpected system shutdowns or power failures, reducing the risk of data corruption. + Longe File and Volume Support NTFS supports large files and volumes, making it suitable for modem storage requirements. (b) Packet Switching: Packet switching is a method of data transmission used in computer networks and the internet. In packet switching, data is divided into smaller units called packets before transmission. Each packet includes information about its source, destination, and sequence number. These packets are then routed independently through the network to their destination. Ignou Study Helper Page 14ONIAZ UBLICATIONS Key points about packet switching: * Efficiency: Packet switching enables efficient use of network resources, as multiple packets from different sources can ‘share the same network link simultaneousty. + Error Correction: Packets can take different routes to reach their destination, allowing the network to dynamically avoid congested or faulty paths, improving reliability. * _ Store-and-Forward: In packet switching, each intermediate network node (router) receives @ complete packet before forwarding it to the next node. + TCP/IP: The internet primarily uses packet-switched networks, specifically the TCP/IP suite, where data is broken into IP packets for transmission. (c) EFS (Enerypting File System) Services: EFS is a feature in Windows operating systems that provides data encryption for individual files and folders, EFS is designed to protect sensitive data stored on disk from unauthorized aétess, ensuring data confidentiality. fe ty cremgh Dinan 0 ‘+ File-Level Encryption: EFS allows users to encrypt individual files and folders using asymmetric cryptography. The files are decrypted on the fly when accessed by authorized users With appropriate erodentiols. + Public/Private Key Pair: EFS uses a combination of a usée's public and private key to enerypt and decrypt files. The user's private key is used to encrypt the data, and the public keys used for decryption. ‘+ Transparent Encryption: EFS encryption is'transparent'to the user and applications, Encrypted files can be accessed and used like regular files as long asithe user has the correct credentials. * Data Recovery: EFS provides recovery agents, which are designated accounts that can decrypt encrypted files in case a user's private key is lost or inaccessible ‘+ EFS is primarily used in enterprise environments t0 protect sensitive data stored on file servers or individual ‘workstations. (4) Firewall: A firewall is 2 security device or software that acts as a barrler between a trusted internal network and an Untrusted external network (such as the internet). Its main purpose is to control and monitor incoming and outgoing network traffic based on a set of predefined security rules or policies. Firewalls can be hardware-based (e.¢., dedicated firewall appliances) or software-based (e.g, firewall software running on a computer). key functions of a firewall: + Packet Filtering: Firewalls inspect network packets based on defined rules and allow or biock traffic accordingly. Packet filtering can be based on source/destination IP addresses, port numbers, and protocols. + Stateful Inspection: Stateful firewalls maintain information about the state of active connections, allowing them to make intelligent decisions on packet filtering. * Network Address Translation (NAT): Firewalls with NAT functionality hide internal IP addresses from external networks, adding an extra layer of security. ‘+ Application Layer Filtering: Next-generation firewalls can inspect data at the application layer, allowing more granular control over specific applications and services. + Intrusion Detection and Prevention: Some advanced firewalls include intrusion detection and prevention capabilities, ing real-time monitoring and protection against potential threats. Page 15ONIA; E-1+ TOMou Stu Here con iets Sumte Padua ‘* VPN Support: Firewalls can facilitate Virtual Private Networks (VPNs), enabling secure communication over public networks. Firewalls play @ crucial role in network security, helping to protect networks from uneuthorized access, data breaches, and Page 16