THE UNITED REPUBLIC OF TANZANIA

PRESIDENT’S OFFICE

PUBLIC SERVICE MANAGEMENT

TANZANIA PUBLIC SERVICE COLLEGE

MODULE NAME: System Administration and Security

MODULE CODE: ITT06104

QUALIFICATION: Ordinary Diploma in Information Technology (DIT)

SEMESTER: I

LEVEL: NTA Level 6

DURATION: Six Months

CONTACT HOURS: FOUR (4) HOURS WEEKLY

This Module will be conducted by: MR. HAMIS MASHAKA, Email:

mashaka_khamis@yahoo.com Mobile No: 0753 917 918, Office No: B3

Consultation hours is from 09:30 - 11:30am, Monday and 08:00 -10:00am, Thursday

11:30 - 13:30am, Thursday

What Is Security?
In general, security is “the quality or state of being secure—to be free from
danger.” In other words, protection against adversaries—from those who
would do harm, intentionally or otherwise—is the objective.
National security, for example, is a multilayered system that protects the
sovereignty of a state, its assets, its resources, and its people. Achieving the
appropriate level of security for an organization also requires a multifaceted
system.
A successful organization should have the following multiple layers of
security in place to protect its operations:
● Physical security, to protect physical items, objects, or areas from
unauthorized access and misuse

● Personnel security, to protect the individual or group of individuals who

are authorized to access the organization and its operations

● Operations security, to protect the details of a particular operation or

series of activities

● Communications security, to protect communications media,

technology, and content

● Network security, to protect networking components, connections, and

contents

● Information security, to protect the confidentiality, integrity and

availability of information assets, whether in storage, processing, or
transmission. It is achieved via the application of policy, education, training
and awareness, and technology.

SECURITY GOALS
There are three primary goals in any security service. These are
confidentially, integrity and availability.

Confidentiality
The principle of confidentiality is that only the sender and the intended
recipient should be able to access the contents of a message. Confidentiality
gets compromised if an unauthorized person is able to access the message.
Example of this could be a confidential email message sent by user A to user
B, which is accessed by user C without the permission or knowledge of A and
B. This type of attack is called interception.

Integrity
When the contents of a message are changed after the sender sends it, but
before it reaches the intended recipient, we say that the integrity of the
message is lost. For example, consider that user A sends message to user B.
User C tampers with a message originally sent by user A, which is actually
destined for user B. User C somehow manages to access it, change its
contents and
send the changed message to user B. User B has no way of knowing that the
contents of the message changed after user A had sent it. User A also does
not know about this change. This type of attack is called modification.
Availability
The principle of availability is that resources should be available to
authorized parties at all times. For example, due to the intentional actions of
an unauthorized user C, an authorized user A may not be able to contact a
server B. This would defeat the principle of availability. Such an attack is
called interruption.

OSI SECURITY ARCHITECTURE

The OSI security architecture focuses on security attacks, mechanisms, and
services.
These can be defined briefly as follows:

Security attack
Security attack is any action that compromises the security of information
owned by an organization.

Security mechanism
A process (or a device incorporating such a process) that is designed to
detect, prevent, or recover from a security attack.

Security service
A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization.
The services are intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service.
In the literature, the terms threat and attack are commonly used to mean
more or less the same thing.

Threat
Threat is a potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and
cause harm. That is, a threat is a possible danger that might exploit
vulnerability.
Attack
Attack is an assault on system security that derives from an intelligent
threat; that is, an intelligent act that is a deliberate attempt (especially in
the sense of a method or technique) to evade security services and violate
the security policy of a system.

TYPES OF ATTACKS
Attacks are classified as passive and active. A passive attack is an attempt
to learn or make use of information from the system without affecting
system resources; whereas an active attack is an attempt to alter system
resources or affect their operation.
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being
transmitted.
Two types of passive attacks are release of message contents and traffic
analysis.
The release of message contents is easily understood (Figure 1.3 a). A
telephone conversation, an electronic mail message, and a transferred file
may contain sensitive or confidential information. We would like to prevent
an opponent from learning the contents of these transmissions.

A second type of passive attack, traffic analysis, is subtler (Figure 1.3 b).
Suppose that we had a way of masking the contents of messages or other
information traffic so that opponents, even if they captured the message,
could not extract the information from the message. The common technique
for masking contents is encryption. If we had encryption protection in place,
an opponent might still be able to observe the pattern of these messages.
The opponent could determine the location and identity of communicating
hosts and could observe the frequency and length of messages being
exchanged. This information might be useful in guessing the nature of the
communication that was taking place.
Passive attacks are very difficult to detect because they do not involve any
alteration of the data. Typically, the messages are sent and received in
seemingly normal fashion. Neither the sender nor receiver is aware that a
third party has read the messages or observed the traffic pattern. However,
it is feasible to prevent the success of these attacks. Message encryption is a
simple solution to thwart passive attacks. Thus, the emphasis in dealing with
passive attacks is on prevention rather than detection.

Active Attacks
Active attacks involve some modification of the data stream or the creation
of a false stream and can be subdivided into four categories: masquerade,
replay, modification of messages, and denial of service.

Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect (Figure 1.4 a).
A masquerade takes place when one entity pretends to be a different entity
(Figure 1.4 b). A masquerade attack usually includes one of the other forms
of active attack. For example, authentication sequences can be captured and
replayed after a valid authentication sequence has taken place, thus
enabling an authorized entity with few privileges to obtain extra privileges by
impersonating an entity that has those privileges.

Modification of messages simply means that some portion of a legitimate

message is altered, or that messages are delayed or reordered, to produce
an unauthorized effect (Figure 1.4 c). For example, a message meaning
"Allow John Smith to read confidential file accounts" is modified to mean
"Allow Fred Brown to read confidential file accounts."
The denial of service prevents or inhibits the normal use or management
of communications facilities (Figure 1.4 d). This attack may have a specific
target; for example, an entity may suppress all messages directed to a
particular destination (e.g., the security audit service).

SECURITY SERVICE
a security service as a service that is provided by a protocol layer of
communicating open systems and that ensures adequate security of the
systems that are components of data transfers.
Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks.
With respect to the content of a data transmission, several levels of
protection can be identified

Data Integrity
Assurance that data is as sent by authorized entity (contains no
modifications, insertion, deletion, or replay) provides protection against
message modification only.

Authentication
The authentication service is concerned with assuring that a communication
is authentic. In the case of a single message, such as a warning or alarm
signal, the function of the authentication service is to assure the recipient
that the message is from the source that it claims to be from.

Access Control
In the context of network security, access control is the ability to limit and
control the access to host systems and applications via communications
links. To achieve this, each entity trying to gain access must first be
identified, or authenticated, so that access rights can be tailored to the
individual.

Non-repudiation
Non-repudiation prevents either sender or receiver from denying message
transmission or receipt of message. Thus, when a message is sent, the
receiver can prove that the alleged sender in fact sent the message.
Similarly, when a message is received, the sender can prove that the alleged
receiver in fact received the message.
TECHNIQUES

Cryptography

Cryptography, a word with Greek origin, means “secret writing”. However,

we use the term to refer to the science and art of transforming messages to
make them secure and immune to attacks. Although in the past
cryptography referred only to the encryption and decryption of messages
using secret keys,

Cryptography is used in many applications like banking transactions cards,

computer passwords, and e- commerce transactions.

Three types of cryptographic techniques used in general.

1. Symmetric-key cryptography

2. Hash functions.

3. Public-key cryptography

Symmetric-key Cryptography: Both the sender and receiver share a

single key. The sender uses this key to encrypt plaintext and send the cipher
text to the receiver. On the other side the receiver applies the same key to
decrypt the message and recover the plain text.

Public-Key Cryptography: This is the most revolutionary concept in the

last 300-400 years. In Public-Key Cryptography two related keys (public and
private key) are used. Public key may be freely distributed, while its paired
private key, remains a secret. The public key is used for encryption and for
decryption private key is used.

Hash Functions: No key is used in this algorithm. A fixed-length hash value

is computed as per the plain text that makes it impossible for the contents of
the plain text to be recovered. Hash functions are also used by many
operating systems to encrypt passwords.
Steganography
This is the art of hiding messages in another form. Message is not altered as
in encryption. A text can hide a message. For example “red umbrella
needed” may mean the message “run”. The first letter of each word in the
text becomes the message. An image can also be used for hiding messages.
Digital images are after all binary information. Suppose the image is grey
image.

SYMMETRIC CIPHER MODEL

A symmetric encryption scheme has five ingredients (Figure 3.1). They are
1. Plaintext: This is the original intelligible message or data that is fed
into the algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.

3. Secret key: The secret key is also input to the encryption algorithm.
The key is a value independent of the plaintext and of the algorithm.
The algorithm will produce a different 37 output depending on the
specific key being used at the time. The exact substitutions and
transformations performed by the algorithm depend on the key.

4. Cipher text: This is the scrambled message produced as output. It

depends on the plaintext and the secret key. For a given message, two
different keys will produce two different cipher texts. The cipher text is
an apparently random stream of data and, as it stands, is
unintelligible.

5. Decryption algorithm: This is essentially the encryption algorithm

run in reverse. It takes the cipher text and the secret key and
produces the original plaintext.
Figure 3.1: Simplified Model of Conventional Encryption

There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm

2. Sender and receiver must have obtained copies of the secret key in a
secure fashion and must keep the key secure.

SUBSTITUTION TECHNIQUES

Caesar cipher
This is simple technique, used by Julius Caesar. The Caesar cipher involves
replacing each letter of the alphabet with the letter standing n places further
down the alphabet. For example,

Plain: meet me after the toga party

Cipher: PHHW PH DIWHU WKH WRJD SDUWB
Alphabet set is wrapped around. That is A follows Z. In this example n=3.
If the numbers 0 to 25 are assigned to alphabets then c = E(3, p) = (p+3)
mod 26.
A shift of k characters is the general Caesar algorithm. Encryption and
decryption formulas are given as:
c = E (k, p) = (p + k) mod 26, where k= 1 to 25
p = D (k, c) = (c-k) mod 26.
If it is known that Caesar cipher technique is used, cryptanalytic attack is
easy. Attacker can try values 1 to 25 for k systematically and whichever k
gives intelligible text is the key used.
Let us take the cipher text
Transposition Techniques
All the techniques examined so far involve the substitution of a cipher text
symbol for a plaintext symbol.
A very different kind of mapping is achieved by performing some sort of
permutation on the plain text letters. This technique is referred to as a
transposition cipher.
The simplest such cipher is the rail fence technique, in which the plaintext is
written down as a sequence of diagonals and then read off as a sequence of
rows. For example, to encipher the message "meet me after the toga party"
with a rail fence of depth 2, we write the following:

mematrhtgpry
etefeteoaat

The encrypted message is

MEMATRHTGPRYETEFETEOAAT

SUMMARY

An original message is known as the plaintext, while the coded message is called
the cipher text. The process of converting from plaintext to cipher text is known
as enciphering or encryption; restoring the plaintext from the cipher text is
deciphering or decryption. The many schemes used for encryption constitute the
area of study known as cryptography. Such a scheme is known as a
cryptographic system or a cipher. Techniques used for deciphering a message
without any knowledge of the enciphering details fall into the area of
cryptanalysis. Cryptanalysis is what the layperson calls "breaking the code." The
areas of cryptography and cryptanalysis together are called cryptology.

Cybercrime
Cybercrime can be committed against an individual or a group; it can also be
committed against government and private organizations. It may be
intended to harm someone’s reputation, physical harm, or even mental
harm.

Cybercrime can cause direct harm or indirect harm to whoever the victim is.
However, the largest threat of cybercrime is on the financial security of an
individual as well as the government.
Cybercrime causes loss of billions of USD every year.

i)E-Mail Spoofing: this means a spoofed email is one that appears to

originate from one source but actually has been sent from another source.
This can also be termed as E-Mail forging. The main goal of the attacker in
this case is to interrupt the victim's e-mail service by sending him a large
number of emails.

ii) Phishing: Phishing means trying to fool people into parting with their
money. Phishing refers to the receipt of unsolicited emails by customers of
financial institutions, requesting them to enter their username, password or
other personal information to access their account. The criminal then has
access to the customer's online bank account and to the funds contained in
that account. The customers click on the links on the email to enter their
information, and so they remain unaware that the fraud has occurred.
iii) Spamming: Spam is the abuse of electronic messaging system to send
unsolicited bulk messages indiscriminately

iv)Cyber defamation: It involves any person with intent to lower down the
dignity/image of the person by hacking his mail account and sending some
mails with using vulgar language to unknown persons mail account.

v) Cyber stalking and harassment: The use of Internet to repeatedly

harass another person group, or
organization. This harassment could be sexual in nature, or it could have
other motivations including anger.

vi) Computer sabotage: the use of the internet to halt the normal
functioning of a computer system through the introduction of worms,
viruses, or logic bomb is referred to as computer sabotage.

vii) Malware: Malware is any software that infects and damages a

computer system without the owner's knowledge or permission and takes
control of any individual‘s computer to spread a bug to other people‘s
devices or social networking profiles.

4.2) Crime against property:

i) Intellectual Property Crimes: Any unlawful act by which the owner is

deprived completely or partially of his rights is a crime. The most common
type of crimes are software piracy, infringement of copyright, trademark ,
theft of computer source code, etc.

ii) Cyber Squatting: It involves two persons claiming for the same Domain
Name either by claiming that they had registered the name first. For
example two similar names i.e. www.yahoo.com and www.yahhoo.com.

iii) Cyber Vandalism: Vandalism means damaging property of another.

Thus cyber vandalism means destroying or damaging the data or
information stored in computer when a network service is stopped or
disrupted.

iv)Hacking Computer System: Hacking in simple terms means an illegal

intrusion into a computer system and/or network. Hacking attacks include
Famous social networking sites such as facebook, Twitter, blogging
platform by unauthorized access/control over the computer. Due to the
hacking activity there will be loss of data as well as computer system. Also
research especially indicates that those attacks were not mainly intended for
financial gain too and to diminish the reputation of particular person or
company.

v) Altering in an unauthorized way. This requires little technical

expertise and is common form of theft by employees altering the data before
entry or entering false data, or by entering unauthorized instructions or
using unauthorized processes; Altering, destroying, suppressing, or stealing
output, usually to conceal unauthorized transactions.

4.3) Cyber crime against organization:

i)Hacking: It means unauthorized control/access over computer system and
act of hacking completely destroys the whole data as well as computer
programs.

ii) Password sniffing: password sniffers are programs that monitor and
record the name and password of network users as they login, at site.

iii) Denial of service attacks: the criminal floods the bandwidth of the
victim‘s network. The attackers typically target site or service hosted on
high-profile web servers such as bank, credit card payment gateways,
mobile phone networks and even root name servers. Denial of service
attacks are designed to consume resources so that other users are unable to
use the resources and are therefore ―denied service‖ . In a Computer
network environment, the key resources are CPU, memory, and bandwidth

iv) Virus attack: A computer virus is a malware program that, when

executed, replicates by inserting copies of itself (possibly modified) into
other computer programs, data files, or the boot sector of the hard drive;
when this replication succeeds, the affected areas are then said to be
"infected.

V) E-mail bombing/mail bomb: refers to sending a large no of emails to

the victim to crash victim‘s E-mail account or server crash.

vi) Salami attack: these attacks used for committing financial crimes. The
key here is to make the alteration so insignificant that in a single case it
would go completely unnoticed e.g. a bank employee inserts a program into
bank‘s servers that deducts a small amount from the account of every
customer.
Vii) Logic bomb: A logic bomb is a piece of code intentionally inserted into
a software system that will set off a malicious function when specified
conditions are available. For example, a programmer may hide a piece of
code that starts deleting files should they ever be terminated from the
company.

viii) Trojan horse: Trojan horses are email viruses that can duplicate
themselves, steal information, or harm the computer system.

V. PRECAUTION FOR CYBER CRIME:

5.1). Use strong passwords.
i) Use separate ID/password combinations for different accounts, and
avoid writing them down.

ii) Make the passwords more complicated by combining letters,

numbers, and special characters. Change them on a regular basis.

iii)Use strong passwords with upper case, lower case, number and
special characters and minimum of 6 characters.

iv) Don‘t use passwords that contain names, birthdays, phone

numbers, etc.

v) Don‘t share passwords across multiple services i.e. same password

for Gmail, Credit Cards, Work, Twitter, etc.

vi) Don‘t use sequential passwords for different services i.e. ABC10,
ABC11, ABC12, etc.

vii)Don‘t store your passwords under your keyboard, in your drawer, in

Outlook, Gmail, Phone, password wallet software, etc.

viii) Best place to store passwords is in your brain; second best is

written on a piece of paper and kept in your wallet.

ix) Never tell your password to anyone, including people from support,
customer service, helpdesk, etc.

5.2). Secure your computer:

i) Enable your firewall: Firewalls are the first line of cyber defense; they
block connections from suspicious traffic and keep out some types of viruses
and hackers
ii) Use anti-virus/malware software: Prevent viruses from infecting your
computer by installing and regularly updating anti-virus software.

5. 3). Block spyware attacks. Prevent spyware from infiltrating your

computer by installing and updating antispyware software.

5.4). Install the latest operating system updates: Keep your applications and
operating system (e.g., Windows, Mac, Linux) current with the latest system
updates. Turn on automatic updates to prevent potential attacks on
older software.
5.5). Protect your data: Use encryption for your most sensitive files such as
health records, tax returns, and financial records. Make regular backups of
all of your important data.

5.6). Secure your wireless network: Wi-Fi (wireless) networks are vulnerable
to intrusion if they are not properly secured.

5.7). protect your e-identity: Be cautious when giving out personal

information such as your name, address, phone number, or financial
information on the Internet. Ensure that websites are secure, especially
when making online purchases, or ensure that you‘ve enabled privacy
settings.

5.8). Avoid being scammed: Never reply to emails that ask you to verify
your information or confirm your user ID or password. Don‘t click on a link
or file of unknown origin. Check the source of the message; when in doubt,
verify the source.

Other Types of Cybercrime

Hacking
It is an illegal practice by which a hacker breaches the computer’s security
system of someone for personal interest.

Unwarranted mass-surveillance
Mass surveillance means surveillance of a substantial fraction of a group of
people by the authority especially for the security purpose, but if someone
does it for personal interest, it is considered as cybercrime.

Child pornography
It is one of the most heinous crimes that is brazenly practiced across the
world. Children are sexually abused and videos are being made and
uploaded on the Internet.
Child grooming
It is the practice of establishing an emotional connection with a child
especially for the purpose of child-trafficking and child prostitution.

Copyright infringement
If someone infringes someone’s protected copyright without permission and
publishes that with his own name, is known as copyright infringement.

Money laundering
Illegal possession of money by an individual or an organization is known as
money laundering. It typically involves transfers of money through foreign
banks and/or legitimate business. In other words, it is the practice of
transforming illegitimately earned money into the legitimate financial
system.

Cyber-extortion
When a hacker hacks someone’s email server, or computer system and
demands money to reinstate the system, it is known as cyber-extortion.

Cyber-terrorism
Normally, when someone hacks government’s security system or intimidates
government or such a big organization to advance his political or social
objectives by invading the security system through computer networks, it is
known as cyber-terrorism.

Cyber Security
Cyber security is a potential activity by which information and other
communication systems are protected from and/or defended against the
unauthorized use or modification or exploitation or even theft.
Likewise, cyber security is a well-designed technique to protect computers,
networks, different programs, personal data, etc., from unauthorized access.

All sorts of data whether it is government, corporate, or personal need high

security; however, some of the data, which belongs to the government
defense system, banks, defense research and development organization,
etc. are highly confidential and even small amount of negligence to these
data may cause great damage to the whole nation. Therefore, such data
need security at a very high level.

How to Secure Data?

Let us now discuss how to secure data. In order to make your security
system strong, you need to pay attention to the following −
  Security Architecture
 Network Diagram
 Security Assessment Procedure
 Security Policies
 Risk Management Policy
 Backup and Restore Procedures
 Disaster Recovery Plan
 Risk Assessment Procedures
 Once you have a complete blueprint of the points mentioned above,
you can put better security system to your data and can also retrieve
your data if something goes wrong.

SERVER TYPES AND SERVICES

Server is a computer program or a device that provides functionality for
other programs or devices, called "clients". This architecture is called the
client–server model, and a single overall computation is distributed across
multiple processes or devices.

Some services provided by server

Servers can provide various functionalities, often called "services", such as:
 sharing data or resources among multiple clients,
 Performing computation for a client.
 It provide authentication
 It provide security,
 It provide Web,
 It provide mail,
 It provides print.

A server can be called by many names. For example, it can be called an

authentication and security database server, Web server, mail server, and
print server.

A small network usually has one server set up to handle many different
services. A large network usually has several servers, each providing a
different service or set of services. For example, a large corporation may use
one server to handle e-mail requests and Web hosting, another server to
serve as a domain
Thin Servers
A thin server is a server that has only the hardware and software needed to
support and run a specific function, such as Web services, print services, and
file services.

It is more economical to use a thin server as a print server than to tie up a

more expensive server simply to handle printing on a network. IBM markets
a thin server, which consists of a sealed box that contains only the essential
hardware and software required for supporting the server’s dedicated
function.

Thin Client Servers

A thin client server is a server that provides applications and processing
power to a thin client. Thin client servers run terminal server software and
may have more RAM and hard disk drive storage than needed. A thin client
is a computer that typically has a minimal amount of processing power and
memory.

Do not confuse a thin client with a dumb terminal. A dumb terminal sends
user input to a mainframe. Dumb terminals have absolutely no computing
power, operating system, hard disk drive, BIOS, and RAM. A thin client may
not need a hard disk drive or an operating system; however, it is still a full-fl
edged computer because it has a CPU and processing power.
Windows 2000 Server, Windows Server 2003, and Windows Server 2008
come with Terminal Services software

Major Server Components

The major components of a server are similar to a typical PC. In fact, you
can use a typical PC as a server for a small network. Following are major
components: case, hot-swap components, power supply, motherboard,
BIOS, and CPU.

Case
Server case styles vary greatly. Some are similar to desktop models. Some
are designed to be mounted into a rack.

A blade server derives its name from its size and shape. It is extremely
thin compared to other servers and fits into a rack. Blade servers are
especially designed to allow a large number of servers to be mounted in a
small space. Blade servers are not to be confused with thin servers.
Hot-Swap Components
Servers are generally designed to provide continuous service with minimal
interruptions and data loss. The main feature that most servers use to
provide this continuous service is hot-swap technology. Hot-swap
technology allows a component to be removed or installed while the
system is running

Power Supply
The power supply converts standard 120-volt or 240-volt AC power into
lower DC voltage levels that can be used by the motherboard and other
devices inside the computer case. A typical power supply provides an
assortment of output plugs. The plug style matches the intended piece of
equipment.

Motherboard
Servers generally use a backplane. A backplane is a simple motherboard
designed with minimal components. It typically serves as the interface of all
the major components. It is designed to allow major components to be
added or removed without powering down the system. Removing
components without shutting down the system is call hot swapping.

BIOS
The BIOS contains a small software program that starts the server boot
operation when power is applied to the server. The combination BIOS chip
and the software program are usually referred to as firmware. The BIOS is
responsible for the power-on self-test (POST), which is performed at
startup.

Central Processing Unit (CPU)

One major difference between a server and a typical PC is that many servers
have multiple CPUs installed rather than just one. When multiple CPUs are
installed, the server can perform parallel processing. This means that a
program can be processed through more than one CPU simultaneously.
Another advantage of multiple CPUs is several clients may be serviced at the
same time rather than waiting their turn to access a single CPU.
Supercomputers and enterprise servers may contain over 1,000 CPUs.
Review questions

1. What are some typical services that servers provide?

2. What is a thin server and what applications can it be used for?

3. What is a thin client server and what applications can it be used for?

4. What does the term hot-swap mean?

5. What type of motherboard is commonly used for servers?

6. Which server component is responsible for the POST?

Server operating systems

. A server operating system is a set of abstractions and runtime support for
specialized, high performance server applications.

Functions of server operating system

(1) Tools and parameterizable default implementations of server

abstractions (e.g., network protocol implementation, storage management,
etc.) to support modular construction of server applications

(2) Full freedom to replace or override these default implementations and

specialize server abstractions based on application-specific characteristics,
and
(3) Protection boundaries, such that multiple applications (including both
highly specialized servers and “normal” applications) can timeshare a high-
performance system effectively.

5 Best Server Operating System

Each has its strengths and weaknesses, and its use may depend on your
level of technical competence.
1. Windows Server: (2000, 2003 R2 , Small Business Server 2008 ) : It
can be used as small business servers. Familiar interface; wide support ,
mass of third party development for the platform, reasonable price tag , File
Support, Maintenance & Installation.
2. Linux: (Red Hat): Software packages and licensing/support models.
Prices range considerably, as well, from free to a couple thousand dollars.
3. FreeBSD: It's derived from BSD, a version of Unix . ideal for high
performance network applications as well as being easy to use. Longest
uptime , no crashes , no real licensing issues . large range of products .
4. Mac OS X Server: Mac OS X shares origins with FreeBSD, and has many
of the same features and stability. The interface is very Macintosh, and you
need to buy Apple hardware to use it.. Unlimited user license.
5. Solaris: The Open Solaris operating system is a free, open source release
that offers a range of support options for businesses. Mostly used for small
and midsize-business .

New Features of Windows Server 2016

Nano Server : Nano Server now has an updated module for building
Nano Server images . There are also improvements to the Recovery
Console
PowerShell Direct : PowerShell is a great management automation
tool but it can be complicated to get it to run remotely against your
VMs.
Linux Secure Boot : Another new feature in Windows Server 2016
Hyper-V is the ability to enable secure boot for VMs with Linux guest
operating systems.
Windows Server Containers and Hyper-V Containers : Containers
enable you to isolate your applications from the underlying OS
improving the deployment and reliability of those applications.
Docker Support : Docker is an open-source engine that’s used for
building, running and managing containers.
Hot add & remove of virtual memory network adapters : Another great
new feature in Windows Server 2016 Hyper-V is the ability to add and
remove virtual memory and virtual network adapters while the virtual
machine is running.

Top 4 Linux distribution for client server and distributed

environment
 Ubuntu Server : Ubuntu Server is a serious server operating system
for small businesses that have a good system and network
administrator , open source & easy graphical interface as well.
 Red Hat : While Red Hat started out as the "little Linux company," its
Enterprise server operating system is now a major force in the quest
for data center rackspace. The large companies throughout the world,
Red Hat's innovations and non-stop support.
 CentOS : If you operate a website through a web hosting company,
there's a very good chance your web server is powered by CentOS
Linux.
  Debian : Debian is the mother of Ubuntu and is used by those who
don’t need any commercial support. Since Debian is known for being
the most stable distribution around.
 File and printer sharing : File sharing involves setting up a common
storage point for a company's documents - a network drive,
 Application services (including databases) : ability to run the
applications you need is obviously crucial. Special application for
business.
 E-mail, groupware and messaging : A central e-mail server allows
you to forward and receive e-mails to and from your business,
 Terminal services : Allow a client to run a productivity application on
a server, while seeing the visual results of the application on their
screen
 Caching : Speeding up network access (usually Internet access) by
storing previously downloaded files in a cache

Leading Server OS vendors

 Microsoft: Microsoft came up with the only non-Linux hypervisor,
Hyper-V, to compete in a tight server virtualization market that
VMware currently dominates. Not easily outdone in the data center
space, Microsoft offers
 Attractive licensing for its Hyper-V product and the operating systems
that live on it.
 Citrix was once the lone wolf of application virtualization, but now it
also owns the world's most-used cloud vendor software: Xen
 Red Hat: For the past 15 years, everyone has recognized Red Hat as
an industry leader and open source champion. Hailed as the most
successful open source company
 Oracle: If Oracle's world domination of the enterprise database server
market doesn't impress you, its acquisition of Sun Microsystems.
Additionally, Oracle owns an operating system (Sun Solaris), multiple
virtualization software solutions

WINDOWS SERVER 2016 MINIMUM HARDWARE REQUIREMENTS

Processor: 1.4Ghz 64-bit processor

RAM: 512 MB
Disk Space: 32 GB
Network: Gigabit (10/100/1000baseT) Ethernet adapter, 1Gbps connection
is ideal.
Optical Storage: DVD drive (if installing the OS from DVD media)

1. PROCESSOR
For you to run Windows Server 2016, you need a minimum of AMD64 or
1.4GHz EMT64 Processor.
Your processor must also be compatible with x64 instruction set architecture
and should support security features such as Data Execution
Prevention (DEP) and NX Bit.
It should also support CMPXCHG16b, PrefetchW, and LAHF/SAHF.
As well, it should support Second Level Address Translation: Extended Page
Table (EPT) and Nested Page Tables (NPT).

2. RAM
The following are the minimum RAM requirements for this server:
512 MB and 2 GB for Window Servers that have the Desktop Experience
feature ECC type or a similar technology
If you create a virtual machine (VM) that has the minimum hardware
parameters and then attempt to install WS2016 on the VM, the setup is
likely to fail.
To avoid this, you can allocate 800 MB RAM or more to the VM you intend to
install WS2016 on and run setup. Once the installation is complete, you can
then reduce the VM's RAM to 512 MB.
You can also interrupt the booting process of Windows Server 2016 by
pressing SHIFT+F10. In the CP (command prompt) that will pop up, you can
make use of the Diskpart.exe command-line tool to create the desired
installation partition. Then run the Wpeutil create page file /path=X:\pf.sys
(where X represents the installation partition you created).
After that, close the CP and continue with the installation process.

3. Disk Controller and Disk Space

Your disk controller should be PCI Express compliant.
You should also note that WS2016 does not support ATA/ IDE /PATA//EIDE
for boot, page, or data. For Core installation, you need a minimum disk
space of 32 GB.
Additional 4 GB is required for the installation of Graphical User
Interface (GUI).

4. Network Adapter
Microsoft recommends the following minimum Windows Server 2016 system
requirements:
A Gigabit adapter with 1 Gbps throughput
Your network Adapter Should be PCI Express Compliant
Your Ethernet Adapter should also support PXE (Pre-boot Execution
Environment)
If your system meets these requirements, you can consider installing the
revolutionary server.

5. Other Windows Server 2016 Requirements

If you intend to install WS2016 from a DVD media, you should ensure your
computer has a DVD drive.
You should also have a UEFI 2.3.1c-based system, Graphic device, Trusted
Platform Module, keyboard, internet access, and firmware supporting secure
boot.
A Microsoft mouse and a monitor that has high-resolution can also help to
make the installation process smooth and successful.
After installation, you need to gather some security tips to protect your
Windows server.

Windows Server 2016 Recommended Hardware Requirements:

Processor: 3.0GHz 64 Bit Processor
RAM: 8GB RAM
Disk Space: 32 GB
Network: Gigabit (10/100/1000baseT) Ethernet adapter, 1Gbps connection
is ideal.
Optical Storage: DVD drive (if installing the OS from DVD media)

INSTALL WINDOWS SERVER 2016 STEP BY STEP

Prepare the installation media (DVD, USB flash, etc) and start the
installation process. If you don’t have the Windows Server 2016 installation
software, click here and download the software from Microsoft website.

1. Plug the Windows Server 2016 boot drive (DVD, USB) to the computer
and boot your computer. When the Windows Setup page appears, select
your language, time format and keyboard then click on Next button.
Language, Time, Keyboard
2. Now click on Install now button to start the installation process.
Install now
3. Select the appropriate version of the windows server that meets your
organization’s needs then click Next. Make sure that you’ve chosen an
appropriate edition of Windows server.
Select the operating system you want to istall
4. Put a check mark in the box next to the I accept license terms and click
on the Next button. License term is about the way you want to buy license
for your server from Microsoft.
I accept the license term
5. Select the Custom: Install Windows only (advanced) option for clean
installation. Clean installation is the term used against upgrade. When you
upgrade a Windows server you can have your settings, apps, etc from
previous version of Windows. When you do the clean installation you can’t
have the settings, apps, etc.
Custom installation
6. Select the hard drive that you want to install the windows server on, then
click on the New button to do the partitions.
partition
7. After clicking on the New button, some options appear. Specify the
amount of the drive based on MB and click on the Apply button. A warning
appears which wants you to give the permission to system to create a drive
for system files. Click on ok button, if you want to add more drives do this
process again. When finished hit Next.
Drive size
8. After clicking Next the System starts coping all the files from the external
drive to internal hard drive. It will take a while so be patient. Be aware that
your system will be restarted several times.
Copying files on machine’s hard drive
9. When the system copied all the files and restarted, finalize your task by
entering the required details. Type complex password (composed of
uppercase, lowercase, symbol and numbers) twice in the boxes and click on
the Finish button. User name is Administrator by default.
Enter password
10. Press Ctrl+Alt+Del buttons to jump start the screen to a login page
and inside the box below the administrator user name, enter the password
and press Enter button from the keyboard to sign in the Windows.
Press Ctrl+Alt+Del buttons
11. After you logged in the Windows you see the some thing like the picture
below. Welcome to Windows Server 2016.
Windows Server 2016 Evalution