8200 Cyber Bootcamp
Enroll Now

Select Language

© 2025 8200 Cyber Bootcamp

🛡️ Operating System (OS) Basics for Cyber Students — From Zero to Pro

🛡️ Operating System (OS) Basics for Cyber Students — From Zero to Pro

Dive into the core concepts of operating systems essential for cybersecurity. Understand OS architecture, processes, memory management, and security fundamentals. Learn practical Linux and Windows administration skills, and get a hands-on hardening checklist for both.

1) What is an Operating System?

An operating system (OS) is the software layer that sits between users/applications and computer hardware. It allocates CPU time, manages memory and files, controls devices, and exposes a consistent interface through system calls and shells/GUI so programs can run efficiently and safely.

2) Core Responsibilities of an OS

  • Process & CPU management: create/kill processes, schedule threads on CPUs.
  • Memory management: allocate RAM, implement virtual memory, and enforce isolation.
  • Device & I/O management: abstract disks, NICs, keyboards via drivers.
  • File system management: organize data into files/directories with permissions.
  • Security & accounting: authentication, authorization, logging, quotas.
  • User & program interface: shells/GUI plus a system-call API for apps.

--

3) OS Architecture: Kernel, Shell & System Calls

  • Kernel: the privileged core that runs in kernel mode, handles scheduling, memory, drivers, filesystems, and IPC.
  • Shell: the user-facing interface (CLI or GUI) that interprets commands and launches programs.
  • System calls: controlled entry points from user space to kernel services (e.g., open, read, execve, CreateProcessW).

Kernel styles you’ll meet in cyber:

  • Monolithic kernels (e.g., Linux) pack most services in-kernel.
  • Microkernels push services to user space for modularity.
  • Hybrid (e.g., Windows, XNU) combine elements of both.

4) Processes, Threads & CPU Scheduling

  • A process is an executing program with its own virtual address space.
  • A thread is a schedulable unit within a process sharing memory.
  • Schedulers decide which thread runs next (FCFS, SJF, Priority, Round-Robin, Multilevel Feedback Queue). Understand preemption vs. non-preemption, context switches, and starvation for performance and forensic analysis.

5) Memory Management & Virtual Memory

  • Virtual memory gives each process its own logical address space, backed by RAM and disk (paging).
  • Page replacement algorithms (e.g., FIFO, LRU, Optimal) balance locality and overhead.
  • Protection (user vs. kernel mode, page permissions) prevents one process from trampling another.

6) Storage, File Systems & I/O

  • OSes expose file systems (e.g., ext4/XFS on Linux, NTFS/ReFS on Windows) with metadata, permissions/ACLs, and journaling for resilience.
  • Block I/O (disks, SSDs) uses schedulers; character I/O (terminals) is stream-oriented.
  • Disk scheduling (e.g., SCAN/LOOK) and buffering/caching improve throughput.

7) Boot Process & Operating Modes

Typical stages:

  1. Firmware/UEFI runs hardware init and locates bootloader.
  2. Bootloader loads the kernel (and initramfs) into memory.
  3. Kernel initializes subsystems, mounts root FS, starts the first user-space process (init/systemd or Windows Session Manager).
  4. Services and the login/session manager start.

User actions happen in user mode; core OS runs in kernel mode.

8) Security Foundations (Accounts, ACLs, Policies)

Security primitives across OSes:

  • Identities & groups; permissions (rwx, ACLs), ownership, and privilege boundaries.
  • Policy enforcement (e.g., Windows UAC, group policy; Linux DAC + MAC like SELinux/AppArmor).
  • Auditing & logging (Windows Event Logs, Linux syslog/journald).

Good hygiene includes least privilege, patching, and strong authentication.

9) Virtualization & Containers

  • Virtual machines emulate full hardware to run multiple OS instances.
  • Containers (Linux namespaces/cgroups) isolate processes with shared kernels—fast startup and density, great for modern deployments and lab work.

10) Desktop, Server & Mobile OS Types

  • Desktop: Windows, macOS, Linux distributions—productivity, development, gaming.
  • Server: Linux/Windows Server—headless services, performance, and security tuning.
  • Mobile: Android/iOS—sandboxed apps, mobile-security paradigms.

11) Linux vs. Windows: Admin Essentials (Hands-On)

User & Group Management

  • Linux: useradd, groupadd, passwd -l, files /etc/passwd, /etc/shadow.
  • Windows: net user, net localgroup, Local Users & Groups (MMC).

Packages & Updates

  • Linux: apt, dnf, yum, apk manage packages and repositories.
  • Windows: Winget/Chocolatey for packages; Windows Update service (wuauserv).

Services & Startup

  • Linux: systemctl enable|start <service> (systemd) or service (SysV).
  • Windows: Service Control Manager (sc config/start/stop), Services.msc.

Files & Permissions

  • Linux: chmod, chown, umasks; ext4/XFS.
  • Windows: NTFS ACLs (GUI or icacls), inheritance, auditing.

Logs

  • Linux: /var/log/*, journalctl; logrotate manages rotation/compression.
  • Windows: Event Viewer → Application/Security/System logs; retention policies via Group Policy or console.

12) Logs, Monitoring & Troubleshooting

  • Linux: journalctl -u <svc>, dmesg, top/htop, ss -tulpn, lsof, strace.
  • Windows: Event Viewer filters, Resource Monitor, Process Explorer, Get-WinEvent, Get-Process, netstat, Sysinternals tools.
  • Rotate logs, centralize (e.g., syslog → SIEM), and set policies for retention and access. Logrotate is a standard Linux tool to automate rotation.

13) Hardening Checklist (Linux & Windows)

Linux

  • Disable root SSH (PermitRootLogin no), enforce key-based auth.
  • Patch routinely; minimal packages; firewall (ufw/nftables).
  • Correct sensitive perms (e.g., /etc/shadow 640, root:shadow).
  • Configure logrotate and central logging; monitor auth failures.

Windows

  • Enforce NLA for RDP; disable Guest; strong lockout policies.
  • Keep Windows Update service enabled; Defender + SmartScreen on.
  • Limit local admin use; apply least privilege and AppLocker/WDAC.
  • Set Event Log retention and forward to SIEM.

14) Common Interview/Exam Questions (with Answers)

  • What is an OS? Interface between user/applications and hardware; manages resources and provides services.
  • Process vs. thread? Process has its own address space; threads share that space and are scheduled units.
  • What is virtual memory? Abstraction that gives processes isolated address spaces using paging and backing store.
  • Kernel vs. shell? Kernel = privileged core; shell = user interface (CLI/GUI) that talks to the kernel via syscalls.
  • Monolithic vs. microkernel? Monolithic puts most services in kernel; microkernel keeps minimal kernel, moves services to user space.

15) Mini-Labs: Try It Now

Run these in a disposable VM or container.

Linux

# 1) Users & groups
sudo groupadd secops && sudo useradd -m -g secops -s /usr/sbin/nologin secops && sudo passwd -l secops

# 2) Packages (Debian/Ubuntu)
sudo apt-get update -y && sudo apt-get install -y htop && htop --version && sudo apt-get remove -y htop

# 3) Services (systemd)
sudo systemctl enable --now cron || echo "Not available here"

# 4) Log rotation
cat | sudo tee /etc/logrotate.d/custom <<'EOF'
/var/log/custom.log {
  weekly
  rotate 4
  compress
  missingok
  notifempty
  create 0640 root adm
}
EOF
sudo touch /var/log/custom.log && sudo chown root:adm /var/log/custom.log && sudo chmod 0640 /var/log/custom.log

# 5) SSH hardening
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config && sudo systemctl restart ssh || true

Windows (PowerShell as Admin)

# 1) Users & groups
net user secops /add /y
net localgroup "Users" secops /add

# 2) Packages via winget (or Chocolatey if present)
winget install --id=7zip.7zip -e; winget uninstall --id=7zip.7zip -e

# 3) Services
sc config wuauserv start= auto
sc start wuauserv

# 4) Event log retention (example: Application log to 64MB)
wevtutil sl Application /ms:67108864

# 5) RDP + NLA recommended (use Group Policy / System Properties > Remote)

16) Glossary

  • ACL: Access Control List – fine-grained permission entries on objects.
  • Context switch: CPU saves/restores state to switch threads.
  • Journaling FS: File system that logs changes for crash resilience.
  • Kernel/User mode: CPU privilege levels determining allowed operations.
  • Paging: Move fixed-size pages between RAM and disk.
  • Preemption: Scheduler interrupts a running thread to run another.
  • System call (syscall): API boundary from user space into kernel services.

17) SEO Tips for Publishing on the Cyber8200 Blog

  • Include target keywords in H1/H2: “Operating System Basics,” “OS for Cybersecurity,” “Linux vs Windows administration.”
  • Add internal links to your Linux CLI, Windows Registry, SIEM/logging, and threat hunting posts.
  • Provide a downloadable cheat sheet and lab scripts to boost dwell time and backlinks.
  • Mark up the FAQ with JSON-LD (FAQPage) to improve rich results.
🚀 READY TO LEVEL UP?

Take Your Cybersecurity Career to the Next Level

If you found this content valuable, imagine what you could achieve with our comprehensive 47-week elite training program. Join 1,200+ students who've transformed their careers with Unit 8200 techniques.

Enroll in Full ProgramView Curriculum
97% Job Placement Rate
Elite Unit 8200 Techniques
42 Hands-on Labs