HOW DO LEGAL ISSUES IMPACT NETWORK SECURITY

 

An increasing number of legal issues effect how one approaches computer security. If your company is publicly traded, the company, a government agency or both in the business, may be legal barriers for the safety of your network. Even if your network is not legally bound to these security guidelines, it is useful to understand the various laws impacting computer security you may choose to apply them to your on security standards.

The effect is an ancient law that states that computer security Computer Security Act of 1987. This requires government agencies to identify sensitive systems, develop computer security training, and develop computer security plans. This law was vague mandate ordering federal agencies in the Stats to establish security measures, but it does not specify any standards.

It established a legal mandate for legislation paves the way for future guidelines and regulations impose certain criteria. It also helped define terms, such as what information is considered “sensitive” this quote is found in the legislation itself.

 

The term "sensitive information" means any information, damage, may affect the conduct to misuse or unauthorized access to or modification of negative national or federal programs or the privacy to which individuals are entitled under law of a state, but which has not been specifically authorized under criteria established by executive order to be kept sect in the interest of national defense or foreign policy..

 

This definition should be kept in mind, for it is not just social security information or medical history that must be secured. When considering what information needs to be secure, simply ask the question; Would the unauthorized access or modification this information adversely affect your institution? The answer is yes, then you must consider that the information is sensitive and needs security precaution.

Security must be applied to the system is a more specific law OMB Circular. This document requires that agencies of the state establish security programs containing specified elements. It also describes requirements for developing standards for computer systems & for records held by government agencies.

Most states have specific laws regarding computer security, such as legislation like the cyber-crimes. If you are responsible for network security, you might find yourself part of criminal investigation. It may be investigating a hacking incident or employee misuse of computer resources A list of computer crime laws (by a state) can be found at information system of the state.

 

Online Security Resources

When you move out into the professional world, you will have frequent need for additional security resources. Appendix B includes a more complete list of resources, but this section highlights a few of the most important once and those you may find useful now.

 

CERT

CERT is stands for Computer Emergency Response Team. This group is sponsored by Carnegie-Meilon University CERT was the first computer incident response team and it is still one of the most respected in the industry. Anyone interested in network security should visit the site routinely.

Microsoft Security Advisor

Because so many computers today run Microsoft operating system, another good resource is the Microsoft Security Advisor Website: www.microsoft .com/security/default.mspx. This site shows a portal to all Microsoft security information, tools & updates. If you use any Microsoft software, then it is advised that you visit this web site regularly.

 

F - Secure

The F – Secure corporation maintains a website at www.f-secure.com. Among other things, this site is a repository for detailed information on the virus. Here you will not only find notifications about a particular virus but you will find detailed information about  the virus. This information includes how the virus spreads; ways to recognize the virus; & frequently, specific tools for cleaning an infected system of a particular virus.

 

SANS Institute

The SANS instituted website (www.sans.org) is a vast repository of security-related documentation. On this site you will find detailed documentation on all aspects of protecting your computer you can imagine in practice. Sans Institute has also published a number of sponsorship and information about those projects in the security research projects.

SECURITY DEVICES

 

To knowing the titles used for the people involved in breaching security. It would also be beneficial for you to start with a basic understanding of the security devices involved in stopping these individuals. You are probably familiar with some of these and most of them will be discussed at much greater length in subsequent.

 

Firewall:

The most basic security device is the firewall. A firewall is a bridge between a network and the outside world. Sometimes a firewall takes the form of a stand – alone server, sometimes a router, and sometimes software running on a machine. Whatever the actual form, a firewall Selects people that from where they are access and as well as exiting the network.

 

Proxy Server

A proxy server uses a firewall to hide the internal network’s IP (Internet Protocol) address and present a single IP address (its own) to the outside world. A proxy server is a server that it’s between a client application, i.e. a Web Browser and a real server. It stops all application to see the server itself. If it doesn’t forwards the request to the main server. Proxy server has two main purposes: to improve performance and filter requests.

 

Intrusion Detection System (IDS)

Firewalls & proxy server guard the perimeter, they don’t interfere in network access people that from where they are accessing. These two ways of safe guards are augmented by Intrusion Detection System. The IDS monitors the traffic that from where these are coming on site. It also point out the person that who are damaged your system security.

 

Activities

The last set of terms that you need to be familiar with delving deeper into the security are the names given to the activities involved in either breaching security or preventing a security breach. These terms also used throughout text.

 

Phreaking

Another type of specialty hacking involves breaking into telephone systems. Phreaking is sub-branch of the hacking. The Dictionary of New Hacker actually defines phreaking as “The action of using mischievous and mostly illegal ways in order to not pay for some sort of telecommunication bill, order, transfer, and other services.” Phreaking requires a rather significant knowledge of telecommunication & many Phreakers have some professional experience working for a phone company or other telecommunication business. This type of activity is often dependent upon specific technology required to compromise phone systems more than simply knowing certain techniques, i.e. there are many devices used to compromise telephone system. Telephonic systems are dependent on frequencies. Machines that record & duplicate frequencies are essential to phone phreaking.

 

Authentication

It is to security devices discussed above. There are specific security activities. Authentication is the most basic security activity. If this was the case, the process of determining the weather would have been more credible.

. When you log in with your username and security code. You will be granted access.

 

Auditing

Another crucial safeguard is auditing. Auditing is the process of reviewing logs, records and procedures to determine whether these item most standards. These activity will mentioned in different places.

Network Security Paradigms

Taking the approach to your security affects all subsequent security decisions and sets the tone for the entire organization's network security infrastructure.  Network Security sample rate may be either protective measures Scope (parameter, layered) or system is so active.

 

Perimeter Security                                             

In a perimeter security approach, most security efforts are focused on the network frame. This may include the possibility of reduced network firewalls to make non-authorized access, proxy servers and keyword policy or any technology or method. Little or no effort is made to secure the system within the network. In this approach, the circle is safe, but the various systems within that circle are often weak.

The perimeter approach is clearly flawed. So why do some companies use it? If a small organization is a budget constraint or an inexperienced network administrator, they can use it. This method might be adequate for small organizations that do not store sensitive data but it rarely works in a larger corporation setting.

 

Layered Security

A layered security approach individual systems within the network that is not only safe, secure area. All servers, workstations, routers and hubs within the network are secured. One way to accomplish this is to divide the network into sections and secure each segment as if it were a separate network so that if there is perimeter security neither compromised, nor all internal system are affected. Layered security is the preferred method whenever possible.

 

Proactive Versus Reactive

You should also measure your security approach by how proactive and / or reactive it is. This done by gauging how much of the system’s security infrastructure and policy are dedicated to preventive measures as opposed to how much are devoted to simply responding to an attack after it has occurred A passive security approach does little or nothing to prevent an attack. A dynamic or active defense is one in which measures are taken to prevent attacks from occurring.

One example of a proactive defense in the use of IDS, which works to detect attempts to circumvent security measures. This system is the system administrator can tell you that trying to break security, even if not successful attempt. IDS can also be used to detect various techniques that intruders use to assess a target system, thus alerting a network administrator to the potential for an attempted breach before the attempt is even initiated.

 

Hybrid Security Method

In the real world, network security is usually a combination of approaches and not focused completely in on paradigm or another. The two categories also combine. One can have a network that is predominantly passive, but layered, or one that is primarily perimeter but proactive. It can be helpful to consider approaches to computer security along a Cartesian coordinate system, with the x axis representing the level of passive-active approaches and the y axis to reflect the range covering the perimeter defense.

The most desirable hybrid approach is a layered paradigm that is dynamic, which would be located in the upper right-hand quadrant. In this system, there would be perimeter security as well as layered internal security. The intrusion detection system to make a more complete security solution that would give a level of dynamic activities.

 

BASIC SECURITY TERMINOLOGY

 

The security and hacking term are merely an introduction to computer security terminology, but they are excellent starting point to help you prepare for learning more about computer security. Additional terms will be introduced throughout the text and listed in the Glossary.

The computer security takes its vocabulary from both the professional security community & the hacker community. As we explore these terms, you will see that there is a great deal of overlap. However, most hacker terminology is concerned with the activity (phreaking) or the person performing the activity (sneaker). In contrast, security professionals’ terminology describes defensive barrier devices, procedures & policies. This is quite logical because hacking is an offensive activity centered around attackers and attack methodologies, whereas security is a defensive activity concerning itself with defensive barriers and procedure.

 

People

There are many titles used for those individuals who set their web sites on breaching computer security systems. We describe some of the most common names. These are the terms that we will use throughout this text.

 

Hackers

You probably have heard the term hacker used in movies and news broadcasts. Most people use it to describe any person who breaks in to a system. In the hacking community, however, a hacker is an expert on a particular system or systems who wants to learn more about the system. Hackers feel that looking at a system’s flaws in the best way to learn about that system. i.e someone well-versed in Windows O/S who works to understand that system by learning its weaknesses and flaw would be a hacker.

This process does indeed often mean seeing whether a flaw can be exploited to gain access to a system. This “exploiting” part of the process is where hackers differentiate themselves into the groups.

 

Ø  White hat hackers, upon finding vulnerability in a system, will report the vulnerability to the vendor of that system. If they discovered some flaw in Red Had Linuxtm, they would then e-mail the Red Hat company (probably anonymously) & explain exactly what the flaw is and how it was exploited.

Ø  Black hat Hackers are the people normally depicted in the media. Once they gain access to a system, their goal is to cause some type of harms. They might steal data, erase files or deface web sites. Black hat hackers are sometimes referred to crackers.

Ø  Gray hat hackers, are typically law-abiding citizens, but in some cases will venture into illegal activities. They may do so for a wide variety of reasons. Commonly, gray hat hackers conduct illegal activities for reasons they feel are ethical, such as hacking into a system belonging to a corporation that the hackers feels is engaged in unethical activities.

 

Regardless of how hackers view themselves, intruding on any system without permission is illegal. This means that, technically speaking, all hackers, regardless of the color of the metaphorical hat they may wear, are in violation of the law. However, many people feel that white hat hackers actually perform a service by finding flaws and informing vendors before those flaws are exploited by less ethically inclined individuals.

 

Script Kiddies

So what is term for someone who calls themselves a hacker, but lacks the expertise? The most common term for this sort of person is Script kiddy (Glossary of hacker terminology). The name come from the fact that the Internet is full of utilities and script that one can download to perform some hacking tasks. Someone who downloads such a tool without really understanding the target system would be considered a script kiddy.

 

Ethical Hackers:

Sneakers when and why would someone give permission to another party to hack his system? The most common answer is in order to assess vulnerabilities of their systems. This employee, commonly called a sneaker, legally breaks into a system in order to access security deficiencies. This started in a movie in 90’s about this subject. There are consultants who perform work of this type and you can even find firms that specialize in this very activities as more and more companies or forms are soliciting these services to assess their vulnerabilities.

Anyone hired to assess the system vulnerabilities should be both technically proficient and ethical. It is best to run a criminal background check and avoid those people with problem pasts. These are plenty of legitimate security professionals available who know and understand hacker skills, but have never committed security crimes. If you take the argument that hiring convicted hackers means hiring talented people in question is not conclusion, you would surmise that, obviously, the person in question is not as a good a hacker as they would like to think because they were caught. Most importantly, giving a person with a criminal background access to your systems is on par with hiring a person with multiple DWI convictions to be your driver. In both cases, you are inviting problems and perhaps assuming significant civil liabilities.

Also, some review of their qualifications is clearly in order. Just as there are people who claim to be highly skilled hackers but are not, there are those who will claim to be skilled sneakers who lack the skills truly needed. You would not want to inadvertently hire a script kiddy who thinks she is a sneaker. Such a person might then pronounce you system to be sound, when in fact it was simply a lack of skills that prevented the script kiddy from successfully breaching your security.

 

COMPROMISING SYSTEM SECURITY

 

Now that we have examined the three broad classes of attack. It is an appropriate time to ask? What are the most likely attacks and what are your vulnerabilities? This section covers the basics of what threats are possible and which are most likely to cause you or your organization. The most likely threat to individuals and large organization is the computer virus. In the first nine days of September 2003, the F-Secure security information Website listed 20 new viruses. This is a fairly common monthly statistic. In a month, new virus will be generated & old viruses are still there. All the major anti – viruses software vendors have released protection for the SoBig virus; today alone I receive several e-mails which that virus as an attachment. Therefore, even when a virus is known and there is protection against it, it can continue to thrive because many people do not update their protection or clean their system regularly.

The most common attacks are unauthorized usage of computer system. Unauthorized usage includes everything from Denial of Service attacks to outright intrusion of system. It also includes internal employees misusing system resource. A recent survey by the Computer Security Institute of 223 computer professionals showed over 445 million in losses due to computer security breaches. In 75% of cases, an internet connection was the point the attacks, while 33% of professionals cited the location as their internal systems. A rather astonishing 78% of those surveyed detected employee abuse of systems / internet (Computer Security Institute). This statistic means that, in any organization, one of the chief dangers might be its own employees.

In addition to the negative effects of employees misusing system resources, you need to also consider the possibility of an outright attack by an employee. An “insider” attacks can cause considerably more damage than your typical internet-based attacks because the employee haws more familiarity with the organization as a whole.

IDENTIFYING TYPES OF THREATS

There is one of three broad classes of threats which are attacks.

 

§  Malware:
Malware is a term which is used for software that has used for multiple purposes. It includes various types of virus attacks. It is most dangerous for your system or network system.

§  Intrusions:
this type of attack destroy your unauthorized access of your system.

§  Denial of Service (DoS) Attacks:
 these are designed to stop legitimate computer access.

This section offers a broad description of each type of attack.

Malware

Malware is a generic for software that has a malicious purpose. This section discusses three types of malware: viruses, Trojan horses and spy ware. Trojan horses and viruses are the most widely encountered.

According to Symantec (creator of Anti-Virus and other software products), a virus is “a small program which is hide in itself, usually without knowledge”. A computer virus is similar to a biological virus in that both replicate and spread. The email is most common way for virus spreading to everywhere. Some virus can’t damage the system usually but it cause of system slowdown or shutdown.

The Trojan horse receives its name from an ancient tale. In this tale, the city of Troy was besieged for an extended period of time, but the attacker could not gain entrance. Therefore, they constructed huge wooden horses and let it in front of the gates to Troy one night. The next morning, the residents of Troy saw the horse and assumed it to be a gift, consequently rolling the wooden horse into the city. Unbeknownst to them, several soldiers where hidden inside the horse. That evening, the soldiers left the horse, open the city gates & let their fellow attackers in the city. An electronic Trojan horse works in the same manner, appearing to be benign software but secretly downloaded a virus.

Spyware is an other category of Malware, which is literally spies that what you are done on your computer system. Spyware is a text file of cookies which creates and store on your computer system, which is downloaded through web site. This file is recognized you and return by you to web site. That file can able you to access different pages on site.

A key logger is other form of spyware, which records all the key strokes by you. Some key loggers also take screen shot of your computer. Data is then either stored for later retrieval by the person who installed the key logger or is sent immediately back via e-mail. This action has legitimate purpose such as an employer wants to track the activities of computer of any employee of his organization as well as it is used for illegal / unethical purposes.

 

Compromising System Security 

We will now look at attacks that breach your system security. This activity is commonly referred to as hacking, although that is not the tem hackers themselves use. We will delve into appropriate terminology shortly; however, it should be noted at this point that cracking is a appropriate word for, intruding onto a system without permission, usually with malevolent intent. Any attack that is designed to breach your security, either vis some operating system flaw or any other means, can be classified as cracking. Simply put, hacking may or may not be for malevolent purposes. Cracking is hacking conducted for malicious purposes.

Social engineering is a technique for breaching system security by exploiting human nature rather than technology. Social engineering uses standard con artist techniques to get users to offer up the3 information needed to gain access a target. This method works is rather simple. The perpetrator obtains preliminary information about a target organization and leverages it to gain extra information from the system.

Following is an example of social engineering in action. Armed with the name of a system administrator, you might call someone in the accounting department of a business and claim to be one of the company technical support panel. Mentioning the system administrator name would help validate that claim, allow to you ask question in an attempt to ascertain more details of specifications of the system. A savvy intruder might even get the accounting person to say a username and keyword. As you see, this method is based on how well the prospective intruder can manipulate people and computer skill.

 

Denial of Service Attacks 

In this addition to the various forms of malware and cracking attacks, there are attacks that prevent legitimate user from accessing their own system. This type of attack is called Denial of Service (DoS). In these attacks the attacker doesn’t actually access the system, but rather simply blocks access from legitimate users. One common way to prevent legitimate service is to flood the targeted system with so many unreal connection requests that the system cannot respond to legitimate request.

 

INTRODUCTION TO CYBER CRIME AND SECURITY

After this article you will be able to do following:

 

Ø  Identify the top threats to computer network: intrusion, Denial of Service attacks and malware.

Ø  Assess the likelihood of an attack on your personal computer and network.

Ø  Define key terms such as cracker, sneaker, firewall & authentication.

Ø  Compare and contrast perimeter and layered approaches to network security.

Ø  Use online resources to secure your network.

 

INTRODUCTION

 

It’s hard to find a facet of modern life that does not involve a computer system on some level. The following are just a few examples that illustrate this point.

 

§  Financial transactions----including online banking. ATMs and debit cards ---- are a pervasive part of modern commerce system.

§  Some small and large businessman automatic checkout.

§  You may be taking this class online or perhaps you registered for it online. You may have online order this book.

§  There is even widespread discussion of eventually online voting.

 

Because so much of our business is transacted online, a great deal of individual or personal information of any one is stored in computers. Medical record, tax record, academic record and more are all stored in database. Whether this level of technology in our daily lives is to our advantage or not is question that is beyond the scope of this book. The fact is that our lives are inextricably intertwined with computer system. This leads to several important questions.

 

      How is information safeguarded?

      What are the vulnerabilities to these systems?

      What steps are taken to ensure that these systems and data are safe?

 

FYl: Online Banking
A recent study found that 28% consumer’s access their primary banking institution by phone, the internet or at branches at least three times in a week (Online Banking Report). These consumers use online banking to view statements and checks, pay bills, balance, transfer of money.

 

Recent news stories do not offer encouraging answers to these questions. The electronic media often gives a great deal of attention to dramatic virus attacks, hackers and other interesting phenomena of Internet. Virus attacks news, often becomes lead stories on national networks. Even the most technically native person cannot go more than a few weeks without hearing of some new virus or hacking incident, such as the dramatic attack in Feb 2003, when a hacker was able to get some millions of credit cards numbers.

In spite of daily horror stories, however, many people (including some law enforcement professionals and trained computer professional) lack an adequate understanding for the reality of these threats. Attention is often focused on the most dramatic computer security breaches (intrusions), which do not necessarily give an accurate picture of the most plausible

FYl: Online Shopping
The commerce department reports show a rapid increase in online retail sales in just a few years. Since the year 2018, when sales were approximately 27. 3 million, online sales increased by nearly 325% to approximately 88.3 million in 2019. At the time of this writing, sales for 2020 were projected to approximately 109.9 million.

threat scenarios. Clearly, may people are aware of the attacks that can be executed against a target system. Unfortunately, they are often not familiar with the attack’s mechanism, its actual danger level or how to prevent it.

This article outlines current dangers, describes the most common types of attacks on your personal computer and network, teaches you how to speak the lingo of both hackers and security professionals and outlines the broad strokes of what is necessary to secure your computer as well as network.

 

How Seriously Should You Take Threats to Network Security

The first step in understanding computer and network security is to formulate a realistic assessment of the threats to those systems. The general population tends to have two extreme attitudes about computer security. The first group assumes there is no real threat. Subscribers to this theory believe that there is little real danger to computer system and that much of the negative news is simply unwarranted panic. They often think that taking only minimal security precautions should ensure the safety of their systems. The prevailing sentiment of these individuals is, “If our computer / organization have not been attack so far, we must be secure,” they tend to have a reactive approach to security. They will wait until after an incident occurs to address security issues --- the proverbial “closing the barn door after the horse has already gotten out.” If you are fortunate, the incident will have only minor impact on you or your organization and will serve as much needed wake up call. If you are unfortunate, then your organizations may face serious and possible catastrophic consequences. For example there are organizations that did not have an effective network security system in place when the virus attacked they system. One of those companies estimated that lost productivity through downtime of the systems cost over 100,000/-.

The second extreme attitude toward the dangers to commuter and network security is one that tends to overestimate the dangers. The people in this group are prone to assume that talented hackers exist in great numbers and all are imminent threats to your system. They may believe that any teenager with a laptop can traverse highly secure systems at will. This viewpoint has, unfortunately, been fostered by a number of movies that depict computer hacking in a somewhat glamorous light. Such as world view makes excellent movie  plots, but it is simply unre3alistic. The reality is that many people who call themselves hackers are less knowledgeable than they think. They have ascertained a few buzzwords from the Internet and are convinced of their own digital supremacy, but they are not able to affect any real compromises to even moderately secure system.

Both extremes of attitudes regarding the dangers to computer systems are inaccurate. It is certainly true that there are people who have both the comprehension of computer systems and the skills to compromise the security of many, if not most, system. However, it is also true that many who call themselves hackers are not as skilled as they claim. As with any field of human endeavor, the majority of hackers are, by definition, mediocre. Often, the people who most loudly declare their cyber prowess are usually those with the least actual skill. The truly talented hacker is no more common than the truly talented concert pianist. Consider how many people take lessons at some point in their lives; then consider how many of those mind that even those who do possess the requisite skill also need the motivation to expend the time and effort to compromises your system. This does not mean that unskilled hackers are no threat at all, but rather they are much less of a threat than administrators, the hackers themselves, might think. Additionally, the greatest threat to any system is not hackers, by rather virus attacks and Denial of Service attack.

A more balanced view and therefor, a better way to assess the threat level to your system is to weigh the attractiveness of your system to potential intruders against the security measures in place.

 

 

USE OF SOFTWARE

INTRODUCTION

GUI stands for Graphical User Interface and those software that are equipment with GUI feature like (Windows, Dialogue Boxes, Wizards, Check Boxes, Icons and so on) are called GUI software. GUI software are so commonly used now a days that we may find them almost on every computer. The reason for their so widespread usage is that these software are highly user-friendly with attractive capabilities like colour, graphics, ease of use and numerous other beneficial characteristics. The users are capable to work with GUI software in a very delightful manner as they can have the advantages as well as fun of their use. 

In this Article, our emphasis is the use of GUI Operating System, Word Processors, Spreadsheets and Internet browsing. For this purpose we will describe their general characteristics as well as their exemplar products. The exemplar products all Microsoft related software such as MS-Windows, MS-Word, MS-Excel and MS-Internet Explorer. So let us have a look on these GUI software one by one.

1. MS-Windows:
   As we have stated earlier, MS-Windows is a GUI operating system i.e. it contains all those features that are involving the clicking of mouse for quick input. A GUI product is one in which we can input through keyboard as well however in case of selection among graphical objects such as Windows, Icons, Dialogue Boxes etc, use of mouse is a better and faster alternative than keyboard.
   
   Windows is a DOS based operating system that uses GUI features in order to operate DOS commands for example if we wand to make a folder, we use the GUI objects like pop-up menus and make selections through mouse pointer however internally the DOS command DIR is used for this purpose. The reason for this close interaction and dependence between Windows and DOS is that DOS kernel files are active behind the interpretation of commands and booting of Windows operating system. However an advantage of GUI features is that as the name refers, we can open and work in as many Windows as we need. In that sense, Windows can be categorised as a multitasking operating system. Another key feature of Windows operating system is that it can work with a network of computers thus supporting multi-user computing. DOS on the other hand misses these multitasking and multi-user support features. 
1. Components of MS-Windows:
   As a GUI operating system, certain components of MS-Windows operating system are graphical in nature. These include the Desktop, Window, Icons, Wizards, GUI utilities and numerous other for making selection with the help of mouse like check boxes, radio buttons, command buttons, drop-down list boxes, text boxes, span boxes and so on. These components alongwith the selection techniques are discussed in this article one by one below:


1. Desktop:
   A desktop is the first screen that appears after the completion of Windows booting. It is the Graphical User Interface given to users to work with Windows operating system. The desktop by itself comprises a task bar, an icons area and the free space on the screen as demonstrated below. These components of a typical desktop are described one by one below:


• Task Bar is the bar present at the bottom of the desktop. It contains a start button on its left side, a quick launch bar portion next to the right of start button, a running application area (which in the picture below contains application icons for folder and document next to the right of quick launch bar. The last portion of task bar is the notification area that notifies users about certain important information like clock timing, connection to the Internet and so on. This notification area is the right most component of the Windows task bar. The component so called because it is highly related with the computational tasks that are continued or are needed start.
• Icon Area is that portion of the Windows desktop that contains icons. Icons are actually the graphical objects that are clicked to switch to a particular software or folder.
• Free Space is that area of the desktop that does not contain any icon. This area may be used to accommodate new icons in future. The scene or picture of the desktop is also called its background or Windows wall paper.
      
2. Windows:
   A Window is another component of a GUI operating system that provides us with the facility to open an application software or GUI utility and work with that. Due to the multitasking characteristic of Windows operating system, we can open more than one window simultaneously.
   
   
• Application window is a window through which we can work within any application software. Common types of such windows are MS-Word, MS-Excel and MS-Power Point windows. In these window, we are fully facilitated with all the commands and facilities provided for the users benefits by the particular application software.
• Document window is a window through which we can work within any document that is concerned to specific application software. This window is a part of application window and may have all or one of its own minimize, restore and close buttons on the right side of its upper most bar called title bar.
• Dialogue box is that window through which a dialogue occurs between the user and the computer system. These dialogue boxes are most commonly used in situations when the user command is not a straightforward one and operating system needs further details about doing a task. An example of a dialog box is a "Save As" dialogue box that asks about the name of file and location on the hard disk where the user wants to save it.
3. Icons:
   As discussed earlier, icons are those graphical representation that are clicked in order to switch to particular application software, a utility or to open a folder. These icons are contained within the icon area of desktop. Common types of icons are Application icons (such as icons for MS-Word, MS-Excel and MS-Power Point etc), Document icons (used to open any document), shortcut icons (that provide shortcuts to open a specific application or document window), folder icons (that are clicked to open a folder) and disk drive icons (which are used to access Floppy or CD drives or partitions on the hard disk like C:, D:, E: and so on). It must be noted that a shortcut icon will have a bending arrow at its lower left edge whereas a normal Application icon is not like this.
4. Wizards:
   Wizards are somewhat similar to guidelines that are used to tell how to perform a complicated task. These are highly useful for users with little knowledge about the hardware especially in case of installation or any other such operations. Some wizards are also used for performing certain other operations like adding a new option to the start menu. These wizards are extensively helpful for a user as they provide information in advance about the consequences of clicking at specific commands buttons like Next, Back, Finish and so on. The wizards provide these command buttons and the user can decide which button should be clicked according to the information provided to him / her by the wizards. A typical wizard is given below:
   
   
5. GUI Utilities / Services:
   Certain GUI utilities like Window Screen Savers, Windows Calculators, Paint and Editors are also used to perform specific tasks. These GUI utilities such as Windows Calculator greatly help the users for making their computation simple for them. Some GUI utilities are Windows built-in means that they are contained within the MS-Windows software whereas others like Anti-Viruses and Windows compressing and decompressing programs e.g. WinZip are not so and need to be explicitly installed.