Memory management is a very important consideration when designing, building, and maintaining a network regardless of its size. The memory management system in any network is one of the most important parts of the core system, with its basic function of managing the hierarchy of CPU memory, RAM, virtual memory, and hard disks on a network, including allocation and de-allocation of memory, as well as moving the available memory between them. Without proper memory management, a network will slow down to the point of failure very quickly. This paper will be used to compare and contrast the memory management considerations between Unix/Linux, Mac, and Windows Operating Systems. Unix/Linux is one of the oldest and most widely used operating systems used in large networks today, with most network server operations running all or part of its system using a Unix/Linux based operating system.
Unix/Linux is an operating system that comes in several different forms, but each one shares many of the core features, including memory management. Memory management is a part of the operating system where the network’s performance is examined and memory is allocated or de-allocated in order to optimize the speed and responsiveness of the system. This is accomplished in Unix/Linux by assigning virtual addresses to each portion of the memory processes that are running on a system starting at zero and going up to the maximum size of the virtual memory available on the system. The memory manager typically accomplishes this by dividing each process up based on the priority of the memory usage, assigning more virtual memory space as the processes require. Mac systems are the second most popular type of operating system in use by computers today, with some applications designed specifically for networks. While not as popular or widespread as windows, mac has gained a significant foothold in the world’s networks, with mac having its own set of memory management processes. Mac operating systems have a page cache system built in for managing memory on its system.
A typical Mac system will examine the amount of memory that is being requested for a page cache and allocate the amount of memory required providing the request does not exhaust the available memory. Requests of data from slower processes can be assigned and retained in virtual memory for a short time while the faster processes use the available physical memory to improve performance. Windows operating systems are the most widely used network operating system today, with many variations of windows being used in larger network systems. Memory management in windows operating systems operates much in the same way that Unix/Linux and Mac operating systems operate, with the memory manager monitoring and assigning data between physical and virtual memory on its system depending on the network’s needs and abilities at any given time.
Much like the other operating systems, windows can assign data to virtual memory allocated in the system’s hard drive when the physical memory becomes insufficient to run a specific process. This can reduce the performance in a system, depending on the size and speed of the hard drive on a system, although Windows will attempt to increase performance by shunting memory usage to a temporary file on the hard drive. Windows also has the ability to allow the network administrator to assign and allocate virtual memory on a system, based on the size of the network’s hard drive and physical memory capabilities. File Management
File management is very similar in all three of the operating systems flavors; Windows, Mac, and Linux. They all are organized in a hierarchy of folders which makes of the folder structure, each folder can have multiple folders or files with in it and all file searches start from the root of the folder structure when a search occurs. In all of the operating system flavors we have the ability to copy or move files and folders around the file system as long as the user account that we are accessing the system by has access to the source and destination locations. Directory and File Naming Conventions
The naming conventions between all the operating systems are very similar we have the ability to use between 1-256 characters but Linux has one advantage over Windows out of the box (University of Calgary, 2012). The advantage is that the directory structure is case-sensitive this will allow you to have more folders with the same name as long as the case is different so you can make a better use of your file system (Jelsoft Enterprises Ltd, 2013). Be careful thou, this can become very confusing for users and system administrators alike but the windows file system is case insensitive which is simple to manage the file system. Macs are a special case in the case sensitive/insensitive topic because you have the ability to change this at the time you create your file system so if you want to change this you can if there is a business or personal need. Linux file names and directories allow for special characters like comma, quotes, slash, backslash, and spaces in their names but it is highly recommended not do to so (University of Calgary, 2012). Unlike Linux windows doesn’t allow for quotes, slash, and or backslashes at all it is not just advised against but it is not even allowed. Process Management
Process management is best described as the proper allocation of critical resources such as processor time and main memory to computer processes. When effectively applied, process management allows the computer system as a hole to run in very efficient manner by creating an environment in which all of the components can be used to maximum capacity. While there are various types of operating systems it can be assured that in regards to process management they share a common desired end game: effective employment. This section will cover the differences that separate how the Unix/Linux, Mac, and Microsoft operating systems effectively enforce process management respectively. The Linux operating system is considered dynamic because of its constantly shifting computer needs. The process is the center piece that represents those computational needs. In the Linux operating system processes are dynamically created and represented by dynamically allocated task_struct. This task_struct holds all of the required data to represent a process as well as a lot of other data such as accounting and information that helps maintain the relationships with other processes (Emulex Corp, 2008).
There are two ways that processes can be collected in Linux, which are a hash table and a circular doubly linked list. The first method, a hash table, is hashed by PID (process identifiers) (EmbLogic Embedded Technologies Pvt. Ltd, n.d.). A PID uniquely identifies each process with its own numeric value. However, the circular doubly linked list is considered ideal for iterating through the task list. The list is described as circular as it has no heads or tails. As the initial task must always exist, it can be used as an anchor to iterate further, as with all process management (Emulex Corp, 2008). As is common of processes in operating systems, Window’s processes are made of one or more threads and are the basic executable unit. Windows has supported symmetric multiprocessing since the creation of NT 4, enabling threads to be sent to different processors inside a system.
The components or resources or a Windows process are its threads, global variables, code and data segments, environment block, and its process heap. The Windows process management function is CreateProcess, which creates a process with a default thread, which becomes its primary. Unlike other operating systems, Windows does not maintain a parent child relationship in regards to its processes, which are identifiable by both process handles as well as ID’s that are comparable to the UNIX PID’s. This means that when a call is sent in the system for this process it is return with both the process and primary thread handles. The Windows OS schedules its threads in a priority range of 0 to 31. Multiple threads can have the same priority level except for zero because it is responsible for zeroing free pages when there are now cued threads. The priority class of its process as well as the priority level of a thread within the priority class of its process determines the priority of a thread (Microsoft, 2013). These two things combine to make the base priority of the thread. Based on this the processor allots time to the highest priority threads in slices.
The overall concept of how a process is created and managed in the Mac OS does not drastically differ from that of the UNIX or Windows Models. For starters the number of processes is only limited by the amount of available memory. The process manager assigns a process serial number (differing only in name from the UNIX PID) to each process. Some call functions to retrieve a serial number from a process are GetNextProcess, GetCurrentProcess, and GetFrontProcess. The call get process information retrieves information about a specific process such as its name, number of bytes, type and signature, as well as where it was originated from. To touch on the Mac scheduling system, it is based on run queues at priorities that are handled in different ways. Security
Installing firewall or anti-virus software on enterprise workstations can help prevent some of the security problems the Internet can cause; but not everything. By understanding the different Open Systems Interconnect (OSI) levels and security threats involved with each one of them, it is easier to plan a strategy to combat security problems (University of Phoenix, 2005). Purpose and Scope
To cover all areas I have listed the network security measures that are associated with each level of the Open Systems Interconnect (OSI) (University of Phoenix, 2005). Physical Layer
This layer is responsible for moving raw bits from one node to another: electrical impulse, light or radio signals. This layer represents the physical application security. It includes access control, power, fire, water, and backups. Many of the threats to security at the Physical layer cause a Denial of Service (DoS) of the enterprise application, making the application unavailable to enterprise users. To ensure this does not occur, the electrical and mechanical parts of the network are not only tested periodically but are kept safe from external damages like tampering or other physical destruction. The backups are in a secured room only few people have access to this room (University of Phoenix, 2005). One method used to manage security in this layer is through Physical Layer Automation. By use of tools such as the Apcon’s IntellaPatch™ line of copper and fiber Physical Layer switches, the network administrators have control and security at the foundation or physical layer of their network. With “wire once technology” built into every IntellaPatch switch, network administrators have the ability to manage and re-arrange the physical cabling topology of network closets or wire racks without the manual effort of pulling and patching a single wire.
The network is cabled to IntellaPatch switches, then, using the graphical user interface (GUI) of Apcon’s Control™ software, instantaneously configures (University of Phoenix, 2005). Then connect from any port to any other port without ever leaving your desk. Making changes to the network topology easy using these Apcon’s IntellaPatch switches (Avocent-Raritan KVM over IP, 2013). Security being top priority in networks, tools like IntellaPatch Physical Layer switches provide access control for both small and large networks. In large environments or multi-floor building environments where wiring termination points are scattered among various buildings or floors, managing and monitoring those facilities can be a tedious and cumbersome job. This is key for environments like manufacturing where there are multiple work shifts (Avocent-Raritan KVM over IP, 2013). Data Link layer
With this layer the data packages is then encrypted and decrypted into bits. This layer ensures that everything sent was physically received (“Client/server Audit: One Bite at a Time”, 1999). This layer encompasses switch security topics such as ARP attacks and MAC flooding. Simple configuration changes to the network switch can help protect enterprise applications from Data layer attacks (University of Phoenix, 2005). At my workplace only authorized users can have access to layer two, software. The IT department has full control and determines when changes are made and who is authorized to do these changes. Additional measures are taken like turning off unused ports in the VLAN and restricting the number of allowed MAC addresses by using port security appliance. Network and Transport Layers
These two style layers handle the routing or forwarding of data. Also these two layers are usually the most common for the security safeguards features to take place, where a company will have in place routers and firewalls to comply with the company’s policy and producers standards. If a threat happens to occur within this layer and also within this level then the company will utilizes IP translation, access control points, or either firewall structures to ease these risks. Session
This layer sets up remote communication and at these layers the IT personnel’s ability to mitigate application security risks begins to diminish as developers take a bigger role in protecting applications (University of Phoenix, 2005). One way to ensure security on this layer is by testing application integrity, proper routing transaction, and proficiency to deal with or handle communications under stress and then proficiency to handle the incomplete transactions. IT personnel have the administrator capability to prevent unauthorized user login access and unauthorized harmful data transfer access, which are commonly attacked at this level layer, by using either encryption and authentication methods or one of the other depending on the issue at hand. Evaluation tracks of all additions and deletions of a user’s company critical files and changes to their privileges should be maintained due to company’s standards for critical file security maintenance. Presentation Layers
This layer is usually part of the operating system, which converts incoming and outgoing data from one presentation format to another. An example is, it converts data from text stream into a pop-up window with the newly arrived text, or from EBCDIC to ASCII (“Client/server Audit: One Bite at a Time”, 1999). Examples of ensuring security at this layer are as followed. Since this layer manipulates data, it’s important to ensure that the software is authorized. Investigate the use of encryption, such as Secure Socket Layer (SSL). Review what encryption algorithm is in use and whether it’s used securely and whether secure implementations are used (“Client/server Audit: One Bite at a Time”, 1999). Application Layer
The Application layer is where a user’s authentication and privacy is considered. The layer supports application and end user processes. If a backdoor attack occurs within the application layer it is then the programmer’s responsibility to close the back doors issue. IT personnel can use high level access to help diagnose and assist in preventing and limiting harmful backdoor attacks that can get through a firewall. IT personnel are equipped with such tools as virus scanners, Web Inspect, several different layers of firewall systems and interference detection devices to help prevent harm to a company’s internal applications.
When looking at security issues in a company, it can be overwhelming. The ability to be able to identify all security areas of the network it is important yet sometimes loop holes can be found but can be perfected if the application layer is well equipped and up to the latest standards. Knowledge, experience and a positive work ethic can make a major impact on the level of security system a company has and the ability to stay ahead of the curve and keeping the company network system strong and secure. In closing, UNIX®/Linux®, Mac®, and Microsoft® Windows® have stood the test of time. Each has had their particular features and functions, which depends on your personal or company needs. We have been tasked with, is to compare and contrast the difference between basic operating systems. We have covered several different functions of a basic operating system and the different style management.
Avocent-Raritan KVM over IP. (2013). Solutions. Retrieved from http://www.itpros.com/ Client/Server Audit: One Bite At A Time. (1999). Retrieved fromhttp://pdaconsulting.com/csaudit.htm?&lang=en_us&output=json&session-id=5627fec4c04615e516b411a8b7e81f91 Data Communications http://apcon.com/ethernet.php retrieved on August 9, 05 EmbLogic Embedded Technologies Pvt. Ltd. (n.d.). EmbLogic’s Blog. Retrieved from http://emblogic.org/blog/03/understanding-linux-interprocess-communication-ii-process-management Emulex Corp. (2008). developerWorks. Retrieved fromhttp://www.ibm.com/developerworks/library/l-linux-process-management/ Holl, K. (2003), SANS Security Essentials. OSI Defense in Depth to Increase Application Security, p2. Jelsoft Enterprises Ltd. (2013). MacRumors.com. Retrieved from http://forums.macrumors.com/archive/index.php/t88724.html?&lang=en_us&output=json&sesson-id=5627fec4c04615e516b411a8b7e81f91 Microsoft. (2013). Scheduling Priorities. Retrieved from http://msdn.microsoft.com/en-us/library/windows/desktop/ms685100%28v=vs.85%29.aspx
University of Calgary. (2012). Information Technologies. Retrieved from http://www.ucalgary.ca/it/research/generalscientificcomputing/managing_files