UNIX, Linux, and Windows Servers
Security
When comparing Linux/Unix versus Windows platforms for security it is important to take into account the security issues being addressed. The most common types of security breaches in today’s business world are based on social engineering attacks. These attacks are focused on bypassing security measures by tricking users into accomplishing the tasks required by the malicious code. These attacks can introduce numerous types of malicious code into the network ranging from spyware up to and including viruses. When comparing Windows versus Linux/Unix it is important to realize that more security features may be available depending on the exact operating system. This comparison is not to compare specific distributions of Linux/Unix against a specific version of Windows, instead it will compare the core elements that are prevalent in both operating systems regardless of the distribution or version chosen. The first security feature that is discussed is the structure of both operating systems. The difference between Linux/Unix and Windows based on structure is the way configuration for software is approached. Most malicious code in a Windows platform is embedded into the registry. The registry is a single location that stores every configuration setting for software installed on the machine. This allows a standard location for malicious code to target on a windows machine. Whereas Linux/Unix does not have a registry, instead it uses individual configuration files to accomplish the same task. On a properly configured system a user would not have the ability to edit these files due to the file permissions that should be in place to avoid altering a file of this nature. The second security feature is the way files are executed. It is very common for systems to be infected by users downloading malicious code unknowingly and then executing the files. On a Windows platform most systems are compromised because executable files can be hidden and ran without the user knowing. Linux/Unix on the other hand is safe guarded due to the fact that there is no executable type of files on a Linux/Unix system. For these types of attack to be successful on a Linux/Unix platform a user would have to download the file into a location that they have permission to, login as root, change ownership or modify permissions to allow for the file to execute, ensure that the file is in a location that is accessible to execute, and finally run the file. This feature reduces the likely hood of this type of attack to almost zero. The final security feature of Linux/Unix versus Windows has to do with popularity. Over 85% of all desktop computers are running a version of Windows as opposed to the 5% of the market share running Linux/Unix ( W3Schools, 2011). This means most attacks are designed and implemented to attack the majority of the market share. This may not always be true with the growing popularity of Linux/Unix. This does not mean that no viruses or malicious code is out there it just means there are fewer ones designed this improves the security through lack of threat. No system is totally secure and there are exploits and vulnerabilities in every operating system. These security features available in Linux/Unix make it a better option for University of Phoenix by combating the most common types of exploits due to the huge user base that is required by University of Phoenix. To ensure total successful security it is important to properly plan, educate users, properly configure systems, and implement strict policy enforcement. If these security measures are implemented with the use of Linux/Unix will produce a very secure information system.
Administration
Even though the core features of a UNIX OS are handled automatically, there are still some jobs for an admin to do. Some examples are given here, but not all will be relevant for a particular network or system configuration. With the University of Phoenix being primarily depending on computer usage, administration becomes a large aspect in the university’s programming. A fundamental aspect of managing any computer system, UNIX or otherwise, is the backup of user and system data for possible retrieval purposes in the case of system failure, data corruption, etc. Users, both teacher, student, or counselor, expect and depend on the admin to recover files that have been accidentally erased, or lost due to hardware problems. Backup devices may be locally connected to a system or remotely accessible across a network. Typical backup media types include: • 1/4" cartridge tape, 8mm cartridge tape (used infrequently today) • DAT (very common) • DLT (where lots of data must be archived) • Floptical, ZIP, JAZ, SyQuest (common for user-level backups) Backup tapes, disks and other media should be well looked after in a secure location within the university, primarily at a main office as a whole (ie. Arizona). Software tools for archiving data include low-level format-independent tools, file and directory oriented tools such as tar, filesystem-oriented tools, standard UNIX utilities, and high-level tools (normally commercial packages) such as IRIS NetWorker. The most commonly used program is tar, which allows one to gather together a number of files and directories into a single 'tar archive' file. Tar files can also be compressed and some of the university’s backup devices have built-in hardware compression abilities. Note that files such as MPEG movies and JPEG images are already in a compressed format in a normal administration setting. By specifying a device such as a DAT instead of an archive file, tar can thus be used to archive data directly to a backup medium. The University of Phoenix will backup files frequently throughout every day and quite possibly hourly for a particular user’s account. Administrators may keep a reliable record of system access logs which are part of the root file system (those located in the files) by using this scripting example: /var/adm/SYSLOG /var/netscape/suitespot/proxy-sysname-proxy/logs
If the university’s system has a Proxy server installed, for example, 'sysname', would be the host name of the system and backing up while using /usr and /var instead of the entire / root directory is another option. The contents of /usr and /var change more often than many other areas of the overall file system, like a students' mail, is stored in /var/mail and most executable programs are under /usr. However, some administrators may only utilize an incremental backup, which only involves backing up files which have changed since the last backup. These backups may be written on a schedule and makes it a little more convenient to keep up with a constant changing environment.
Networking
The University of Phoenix is diverse with the use of several types of servers, which include UNIX, and Windows servers. The University of Phoenix uses both types of servers because they are nationwide. The University of Phoenix relies on its network for the reason that it is the backbone of how the university operates. Students enrolled at the University of Phoenix have to be included on the network to log on successfully. The network at the university can load balance several thousand students and faculty members every day at the same time. In UNIX the TCP/IP stack is part of the kernel. Here is a method, which prepares a “kernel trap”. The kernel trap is a type of exception that puts the CPU into a mode with more privileges. The kernel examines the parameters of the exception and calls a “number” for the exception. The kernel thread will pick up a copy of the data and use the network driver to send out the data (Digulla, 2009).
Windows Server 2008 is a system flexible like UNIX. A positive to Windows Server 2008 is generally it will work better with windows products rather than non-windows products. Windows is a little more user-friendly as Microsoft will restrict users to a certain point to make sure that the system will not receive any corruption. It is usually their way of protecting the end user. One positive is that Windows Server 2008 has dynamic host routes that are added automatically to the local routing for computer on a network with multiple routers (Microsoft, 2010). This allows users to connect to the network without acquiring a static IP address.
Programmability
Programmability refers to the ability of the operating system to be changed and modified. This ability allows for the software to be customized to suit the needs of the user. This area is one of great difference in the UNIX and Windows based systems. Being open sourced UNIX can be modified at a base level allowing the user to strip away unneeded components and add on needed ones. Being open sourced also has developed a community around the software where many features and functions can be found that will suit the user’s needs, be modified to better suit the needs or can be coded from scratch allowing for a custom build piece of software for the job and hardware. The windows based operating systems however do not share this same level of customization. While the latest versions do allow for a good level of customization by adding on extras the system itself will also contain extra components that are unneeded for many applications. Additionally additional programs to extend the functionality of the system are running on top of the operating system and not integrated as part of the system itself. This tends to lead to loss of efficiency and has the potential to produce a more buggy result due to the potential for conflicts between the various add-ons that could be running on the system at the same time.
Performance
Database performance is a key driver to overall system performance. System performance monitoring involves more than just keeping an eye on the amount of free space or the number of users who are logged in, you are also capable of getting into files to find out anything about the system. Some of the resources that have a direct influence on the performance of the system and that need to be monitored regularly are CPU power, bandwidth, memory, and storage. The CPU(s) and RAM are the two main players in evaluating performance.
How do you know what your server’s capable of? One of the most useful UNIX commands regarding performance is top. It displays the most important data about what is going on in your server. The process of monitoring performance consists of the following three phases: monitor the system in order to understand the areas that are causing performance problems, analyze the date to come up with a solution, and once again monitor the system to make sure that the problem has been rectified.
When tested with Unix and Windows running on standard PC Unix ran 27% faster than Windows when reading static HTML content, and with API generated content. “From perspective of performance, RedHat Linux 7.2 demonstrated an average performance advantage of 38.4% higher RDBMS throughput than a similarly configured Windows 2000 Server in a variety of operational scenarios” (Sherman, 2008). The UOP will benefit from using a Unix system. System monitoring is an iterative process and needs to be done on a daily basis. A system administrator needs to make sure that all the systems are operating at optimum performance level and needs to generate reports on the health of systems periodically.
References
Digulla, A. (2009, October). NETWORKING - UNIX Network Process. Retrieved from http://efreedom.com/Question/1-1542554/Unix-Network-Process
Microsoft. (2010, February). Windows Server. Retrieved from http://social.technet.microsoft.com/Forums/en-US/winserverPN/thread/c2443864-e097-4576-bc72-6de0b7028fee
Sherman, R. (2008). Telecommunications. Park Ridge, N.J.: Noyes Data Corporation. W3Schools. (2011). OS Platform Statistics. Retrieved from http://www.w3schools.com/browsers/browsers_os.asp
"Success With DDS Media", Hewlett Packard, Edition 1, February 1991. 