Computer & OS Basics for Cybersecurity

What Are Computer and OS Basics and Why Do They Matter for Cybersecurity?

The CompTIA A+ certification (Core 1: 220-1101, Core 2: 220-1102) validates foundational knowledge of hardware, operating systems, and troubleshooting — the exact competencies that underpin every cybersecurity role. NIST SP 800-123 (Guide to General Server Security) establishes that secure system administration begins with understanding the operating system’s process management, file permissions, and service configuration.

Computer basics for cybersecurity is the true starting point for anyone entering the field. Every cyberattack targets a computer — its hardware, its operating system, its files, or the people using it. Before you can defend systems, you need to understand how they work.

This page is written for people with no IT background. If you have used a computer at work or at home but never thought about what happens inside it, this page fills that gap.

Who this is for

If you are a career changer from a non-technical field — retail, healthcare, aged care, administration, delivery — this is where you start. No prior knowledge is assumed. Every concept is explained from scratch with real-world analogies.

When I started this cybersecurity journey, I realised I had been using computers every day for years — processing real estate listings, logging aged care notes, navigating GPS for deliveries — without ever understanding what was actually happening inside the machine. I could not answer basic questions: What does RAM do? What is a process? Why does my computer slow down with too many tabs open? I felt embarrassed at first, but then I realised that most career changers are in the same position. Understanding these fundamentals changed everything that came after. Networking, Linux, security concepts — they all made more sense once I understood the machine itself.

Quick Answer

What are computer and OS basics? The foundational knowledge of how hardware (CPU, RAM, storage), operating systems (Windows, Linux, macOS), file systems, and user permissions work together — the layer that every cyberattack ultimately targets. Why it matters for beginners: CompTIA A+ tests this knowledge directly, and every security concept from malware detection to incident response depends on understanding the systems being defended. Key framework: CompTIA A+ exam objectives (220-1101, 220-1102) and NIST SP 800-123.

What Do Real-World Computer Security Scenarios Look Like?

Computers are involved in every security incident. Understanding the hardware and software stack helps you recognise where attacks happen.

Scenario	Computer component involved	Why it matters
Ransomware encrypts all files on a hospital network	Storage (hard drives, file systems)	Understanding file systems helps you know what backups protect and what encryption targets
An attacker gains admin access to a server	Users and permissions (OS)	Privilege escalation is one of the most common attack techniques
Malware runs silently in the background	Processes and services (OS)	Detecting malicious processes is a core SOC analyst skill
A USB device installs a keylogger	Hardware I/O	Physical security and device control policies exist because of this
A phishing email downloads an executable	Applications and the OS kernel	Understanding how programs execute helps you understand malware behaviour

These are not hypothetical. The 2022 Medibank breach in Australia — which exposed 9.7 million customer records — involved attackers escalating privileges and moving through systems. Understanding how computers work at each layer is the first step to understanding how breaches happen.

How Does a Computer Actually Work?

The CompTIA A+ Core 1 exam allocates 25% of its weight to hardware components and 11% to virtualisation and cloud computing — making this knowledge directly tested in the most widely recognised entry-level IT certification.

Think of a computer like a kitchen in a busy restaurant.

• The CPU is the chef — it does all the actual work, following recipes (instructions) step by step
• RAM is the bench space — it holds whatever the chef is currently working on. More bench space means more tasks at once, but when the power goes off (the restaurant closes), everything on the bench disappears
• Storage (hard drive or SSD) is the pantry — it holds everything permanently, even when the power is off, but accessing items from the pantry is slower than grabbing them from the bench
• The operating system is the restaurant manager — it decides which orders (programs) get the chef’s attention, manages bench space, keeps the pantry organised, and controls who is allowed in the kitchen
• Applications are the orders — each one needs chef time, bench space, and ingredients from the pantry

This analogy is simplified, but it captures the relationships that matter for security. When you understand that RAM is temporary and storage is permanent, you understand why forensic investigators rush to capture RAM before a compromised system is shut down — because the evidence disappears.

The Four Core Hardware Components

CPU (Central Processing Unit): The processor that executes instructions. Modern CPUs handle billions of instructions per second. In security, CPU-intensive operations include encryption, hashing, and running security scans.

RAM (Random Access Memory): Temporary, fast memory that holds data the CPU is actively using. When you open a program, it loads from storage into RAM. RAM is volatile — it loses its contents when the computer is powered off. Malware often lives only in RAM (fileless malware) to avoid detection by antivirus software that scans storage.

Storage (HDD/SSD): Permanent storage for the operating system, programs, and your files. Hard Disk Drives (HDDs) use spinning magnetic platters. Solid State Drives (SSDs) use flash memory and are faster. In security, full disk encryption protects data on storage if a device is stolen.

I/O (Input/Output): Everything that connects the computer to the outside world — keyboard, mouse, monitor, USB ports, network adapter. In security, I/O devices are attack surfaces. A malicious USB drive plugged into a computer can install malware without the user clicking anything.

How It All Fits Together: From Hardware to User

The layers of a computer system build on each other. Hardware at the bottom provides raw computing power. The operating system manages that hardware. System services run on top of the OS. Applications run on top of services. And the user interacts with applications.

Understanding these layers matters because attacks can target any level — from physical hardware tampering to application-level exploits.

Computer Architecture Layers

📊 Visual Explanation

Computer Architecture Layers

Every layer depends on the one below it — and every layer is an attack surface

Pause

User

You — interacting with applications via keyboard, mouse, screen

Applications

Browsers, email clients, Word, security tools, games

System Services

Background processes — networking, printing, updates, logging

Operating System Kernel

Manages CPU, RAM, storage, devices — the core of the OS

Hardware

CPU, RAM, storage (HDD/SSD), network adapter, I/O devices

Idle

Why this matters for security:

• Physical attacks target the hardware layer — stealing a laptop, plugging in a rogue USB
• Kernel exploits target the OS kernel — giving an attacker complete control of the system
• Service attacks target system services — exploiting a vulnerable web server or database service
• Application attacks target applications — SQL injection, cross-site scripting, buffer overflows
• Social engineering targets the user — phishing, pretexting, and manipulation

Defense in depth means protecting every layer, not just one.

What Does an Operating System Do?

NIST SP 800-123 defines the operating system as the foundational software layer responsible for managing hardware resources, enforcing access controls, and providing the security boundary between users and the system. The CompTIA A+ Core 2 exam allocates 31% of its weight to operating system knowledge.

An operating system (OS) is the software that manages all hardware resources and provides services for applications. Without an OS, you would have to write instructions directly to the hardware — which is what programmers did in the 1950s.

Key OS Functions

1. Process management — The OS decides which programs get CPU time and for how long. It can run multiple processes simultaneously (multitasking) by switching between them rapidly.

2. Memory management — The OS allocates RAM to programs and reclaims it when they finish. It prevents one program from accessing another program’s memory (memory isolation) — a critical security feature.

3. File system management — The OS organises data on storage into files and folders (directories). It tracks where each file is physically stored on the disk.

4. User management — The OS creates and manages user accounts, each with their own files, settings, and permissions. This is the foundation of access control.

5. Device management — The OS communicates with hardware devices through drivers. When you plug in a USB drive, the OS detects it and makes it available to applications.

6. Security enforcement — The OS enforces permissions, controls which users can access which files, manages authentication, and logs system events.

The Three Major Operating Systems

Windows — Used by approximately 72% of desktop computers worldwide. Most businesses run Windows. Active Directory, the dominant enterprise identity system, is a Windows technology. Security+ and most enterprise security tools assume a Windows environment.

Linux — Runs the majority of servers, cloud infrastructure, and security tools. Kali Linux is the standard penetration testing platform. Most web servers run Linux. Learning Linux is essential for cybersecurity — see the Linux Fundamentals page.

macOS — Apple’s operating system, built on a Unix foundation (similar to Linux). Common in creative industries and increasingly in corporate environments. Less targeted by malware historically, but not immune.

Windows vs Linux for Cybersecurity

📊 Visual Explanation

Windows vs Linux for Cybersecurity

Windows

• Enterprise standard — 72% of desktops, Active Directory dominates
• Largest attack surface — Most malware targets Windows
• GUI-focused — Point-and-click interface, PowerShell for automation
• Event Viewer for logs — Windows Event Log for security monitoring
• Licensing cost — Commercial — requires paid licence

VS

Linux

• Server and cloud standard — Runs most web servers and cloud infrastructure
• Security tool platform — Kali, Parrot OS, SIFT built on Linux
• Terminal-focused — Command line is the primary interface
• Syslog and journald — Centralised logging built into the system
• Free and open source — No cost, source code is publicly auditable

Verdict: Learn both. Windows for enterprise defense, Linux for security tools and servers. Start with whichever you will use more in your first role.

Use Windows when…

SOC analysis, Active Directory security, endpoint protection, enterprise environments

Use Linux when…

Penetration testing, server hardening, log analysis, security tool development

How Are File Systems and Directories Structured?

NTFS (Windows) and ext4 (Linux) are the dominant file systems in enterprise environments, and understanding their directory layouts is essential for forensic investigations, malware analysis, and security auditing.

A file system is how the OS organises data on storage. Understanding file systems helps you navigate systems during investigations, find log files, and understand where malware might hide.

Windows File System (NTFS)

Windows uses NTFS (New Technology File System). Key directories:

C:\
├── Windows\          # OS files — do not modify
│   ├── System32\     # Core system files and commands
│   └── Temp\         # Temporary files — malware often hides here
├── Program Files\    # 64-bit installed applications
├── Program Files (x86)\  # 32-bit installed applications
├── Users\
│   ├── YourName\     # Your user profile
│   │   ├── Desktop\
│   │   ├── Documents\
│   │   └── Downloads\ # Common malware delivery location
│   └── Public\       # Shared between all users
└── Temp\             # System-wide temporary files

Security-relevant locations:

• C:\Windows\Temp\ and C:\Users\*\AppData\Local\Temp\ — Malware frequently drops files here
• C:\Users\*\Downloads\ — Phishing attachments land here
• C:\Windows\System32\ — Attackers may place files here to blend in with legitimate system files

Linux File System (ext4)

Linux uses ext4 (and other file systems). The directory structure follows a standard:

/
├── bin/       # Essential user commands (ls, cp, cat)
├── etc/       # Configuration files — security policies live here
├── home/      # User home directories (/home/renu/)
├── var/
│   └── log/   # System logs — critical for security monitoring
├── tmp/       # Temporary files — world-writable, malware target
├── root/      # Root user's home directory
├── usr/       # User programs and utilities
└── dev/       # Device files

Security-relevant locations:

• /var/log/ — Authentication logs, system logs, application logs
• /tmp/ — World-writable, commonly used by attackers for staging
• /etc/passwd and /etc/shadow — User account and password hash storage
• /etc/crontab and /etc/cron.d/ — Scheduled tasks, commonly used for persistence

Practical Exercise: Explore Your File System

Try these commands to explore your system:

# Windows (PowerShell)
Get-ChildItem C:\ -Directory          # List top-level directories
Get-ChildItem $env:TEMP               # View temporary files
Get-ChildItem $env:USERPROFILE        # View your user profile

# Linux / macOS (Terminal)
ls -la /                               # List root directory with permissions
ls -la /var/log/                       # View log files
ls -la /tmp/                           # View temporary files
tree -L 2 /home/                       # View home directories (install tree first)

What Are Processes and Services in an Operating System?

NIST SP 800-123 recommends disabling unnecessary services as a fundamental server hardening step, because each running service expands the attack surface by introducing potential vulnerabilities.

A process is a running program. When you open a browser, the OS creates a process for it. When you close the browser, the process ends. Every running program is a process with its own allocated memory and CPU time.

A service (called a daemon on Linux) is a process that runs in the background without a visible window. Services start when the computer boots and keep running. Examples include the web server (Apache or Nginx), the SSH server, the Windows Update service, and antivirus scanning.

Why Processes Matter for Security

• Malware runs as a process. If you can identify suspicious processes, you can detect malware.
• Privilege escalation often involves a low-privilege process gaining higher privileges.
• Persistence means malware that survives a reboot — usually by installing itself as a service or scheduled task.

Viewing Running Processes

# Windows (PowerShell)
Get-Process | Sort-Object CPU -Descending | Select-Object -First 20
tasklist /v                              # Detailed process list

# Windows (Command Prompt)
tasklist                                  # List all running processes

# Linux
ps aux --sort=-%cpu | head -20           # Top 20 processes by CPU usage
top                                       # Real-time process monitor
htop                                      # Enhanced process monitor (install first)

# macOS
ps aux | head -20                         # List running processes

Viewing Running Services

# Windows (PowerShell)
Get-Service | Where-Object {$_.Status -eq "Running"}

# Linux
systemctl list-units --type=service --state=running

# Check if a specific service is running (Linux)
systemctl status sshd

Security exercise: Run these commands on your own machine. Look for any processes you do not recognise. Search the process name online to determine if it is legitimate. This is exactly what SOC analysts do when triaging alerts.

How Do Users, Permissions, and Privilege Levels Work?

NIST SP 800-53 (Security and Privacy Controls) defines access control as a foundational security control family, requiring organisations to enforce the principle of least privilege across all user accounts and system processes.

Key Definition

The principle of least privilege is a security concept requiring that users and processes are granted only the minimum level of access necessary to perform their function. NIST SP 800-53 lists it as a core access control requirement, and it appears across CompTIA A+, Security+, and CySA+ exam objectives.

Every operating system has a system of users and permissions. This is the foundation of access control — one of the most important concepts in cybersecurity.

User Types

User type	Windows name	Linux name	Access level
Standard user	User	Regular user	Can run programs, access own files, limited system changes
Administrator	Administrator	Root (sudo)	Full system control — install software, change settings, access all files
Service account	System / Network Service	daemon, www-data	Runs services with specific limited permissions
Guest	Guest (disabled by default)	nobody	Minimal access, highly restricted

The Principle of Least Privilege

The principle of least privilege means giving users only the permissions they need to do their job — nothing more. This is a core security principle covered on the Security Concepts page.

Why it matters:

• If an attacker compromises a standard user account, the damage is limited
• If an attacker compromises an administrator account, the damage is unlimited
• Most daily work does not require administrator access
• Running as admin all the time is like leaving every door in a building unlocked because the key is inconvenient

File Permissions

Windows: Uses Access Control Lists (ACLs). Each file and folder has a list of users and groups with specific permissions (Read, Write, Execute, Full Control).

Linux: Uses a simpler three-tier system: Owner, Group, Others. Each tier can have Read (r), Write (w), and Execute (x) permissions.

# View file permissions on Linux
ls -la /etc/passwd
# Output: -rw-r--r-- 1 root root 2847 Mar 18 10:00 /etc/passwd
# Translation: Owner (root) can read and write. Group and others can only read.

# View file permissions on Windows (PowerShell)
Get-Acl C:\Windows\System32\config\SAM | Format-List

The Linux permission string -rw-r--r-- breaks down as:

Position	Meaning	Value in this example
1	File type	- (regular file)
2-4	Owner permissions	rw- (read, write, no execute)
5-7	Group permissions	r-- (read only)
8-10	Others permissions	r-- (read only)

Understanding permissions is essential for security because misconfigured permissions are one of the most common vulnerabilities. A file that should be readable only by root but is world-readable could expose sensitive data like password hashes.

What Are the Limitations of Computer and OS Knowledge?

Understanding computers and operating systems is necessary but not sufficient. Here are the common ways this knowledge gets misapplied.

Concept	Common mistake	Better approach
Running as administrator	Using admin accounts for daily work because it is convenient	Use a standard account for daily tasks, elevate only when needed
File permissions	Setting overly permissive access (777 on Linux) to fix errors	Determine the minimum permissions needed and set exactly those
Process monitoring	Ignoring background services because they are not visible	Regularly audit running services and disable unnecessary ones
Storage security	Assuming deleted files are gone	Deleted files remain on disk until overwritten — use secure deletion tools for sensitive data
Temporary directories	Ignoring /tmp and C:\Windows\Temp	Monitor these directories — they are common malware staging areas
OS updates	Delaying updates because they are disruptive	Patch promptly — the ASD Essential Eight lists patching operating systems as a baseline mitigation

Common beginner mistakes

• Thinking “I use Mac, so I don’t need to worry about security”
• Running everything as root/administrator
• Not understanding that RAM is volatile (temporary) — critical for forensics
• Ignoring services running on the system
• Assuming the file system structure is just for organisation, not security

Intro to Cybersecurity for Non-ITAvailable Now

Complete beginner guide to cybersecurity for career changers with zero IT background.

Get the Guide → $19

What Interview Questions Should You Expect About Computer and OS Basics?

Hiring managers and SOC team leads frequently test foundational knowledge because it reveals whether a candidate truly understands the systems they will be defending. Interview questions about computer and OS basics test whether you understand the fundamentals that everything else is built on.

Q1: What is the difference between RAM and storage?

Strong answer: “RAM is temporary, fast memory that holds what the CPU is currently working on. When the computer loses power, RAM contents are lost. Storage — a hard drive or SSD — is permanent. It holds the operating system, files, and programs even when the power is off. This distinction matters in forensics because evidence in RAM disappears when a system is shut down.”

Q2: What is a process? How would you find a suspicious one?

Strong answer: “A process is a running program. I would use ps aux on Linux or Get-Process on Windows to list all running processes, sort by CPU or memory usage, and look for unfamiliar names. I would then research any suspicious process names online and check their file paths to see if they are in expected locations.”

Q3: Explain the principle of least privilege with an example.

Strong answer: “Least privilege means giving users only the access they need. For example, a receptionist who books appointments should not have administrator access to the server. If their account is compromised through phishing, the attacker only gets booking-level access, not control of the entire system.”

Q4: Why does file system knowledge matter for security?

Strong answer: “Knowing the file system helps me find log files for investigation, identify where malware typically hides — like temp directories — and verify that file permissions are set correctly. Misconfigured permissions are a common vulnerability.”

Q5: What is the difference between an administrator and a standard user?

Strong answer: “An administrator has full control of the system — installing software, changing settings, accessing all files. A standard user has limited privileges. In security, we prefer standard accounts for daily use because it limits the damage if an account is compromised. This is least privilege in practice.”

How Are Computer and OS Basics Used in Real Security Operations?

On your first day as a SOC analyst, computer and OS knowledge applies immediately.

Triage scenario: An endpoint detection tool alerts that svchost.exe is running from C:\Users\Public\Downloads\ instead of C:\Windows\System32\. You recognise this as suspicious because svchost.exe is a legitimate Windows service host — but it should only run from System32. An attacker has named their malware after a legitimate process to blend in. Without knowing the normal file system structure, you would miss this.

Log review: You are reviewing authentication logs on a Linux server. You check /var/log/auth.log and see hundreds of failed SSH login attempts from an external IP. You recognise this as a brute-force attack because you understand what SSH is (a service running on port 22), what authentication logs look like, and where to find them.

Australian context: The ASD Essential Eight mitigation strategies include patching operating systems as a fundamental control. Many Australian employers — government agencies, healthcare providers, managed service providers — measure security maturity using the Essential Eight. Understanding OS basics means understanding what patching protects and why it is listed as a top-priority mitigation.

# Check when OS was last updated (Linux)
stat /var/log/apt/history.log | grep Modify

# Check Windows update history (PowerShell)
Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 10

Summary and Key Takeaways

Computer and operating system basics are the foundation for everything in cybersecurity.

• The CPU, RAM, storage, and I/O are the four core hardware components. Every attack ultimately targets one or more of these.
• The operating system manages hardware, runs programs, enforces permissions, and provides the security boundary between users and the system.
• File systems organise data on storage. Knowing the directory structure helps you find logs, identify malware staging areas, and verify file permissions.
• Processes and services are running programs. Detecting suspicious processes is a core security skill.
• Users and permissions form the foundation of access control. The principle of least privilege limits damage from compromised accounts.
• Both Windows and Linux are essential for cybersecurity. Learn both — Windows for enterprise environments, Linux for security tools and servers.
• Every layer of the computer architecture is an attack surface. Defense in depth means protecting all of them.

Related

• Linux Fundamentals to go deeper into the command line and system administration
• Security Concepts to understand how principles like least privilege and defense in depth apply
• Networking Basics to learn how computers communicate with each other
• Career Roadmap to see how these fundamentals fit into your learning path
• CompTIA A+ to prepare for your first certification exam

---

Computer hardware and OS concepts verified against current documentation from Microsoft, Linux man pages, and CompTIA A+ exam objectives. Last verified: March 2026. Career and salary data sourced from CyberSeek and BLS Occupational Outlook Handbook as of 2025. Individual results vary based on location, experience, market conditions, and effort.

Frequently Asked Questions

What is the difference between RAM and a hard drive?

RAM (Random Access Memory) is fast, temporary memory that holds data the CPU is currently using. When the computer loses power, RAM contents are lost. A hard drive (or SSD) is permanent storage that retains data even when powered off. This distinction is critical in forensics — evidence in RAM disappears when a system shuts down.

What is an operating system and what does it do?

An operating system (OS) is software that manages hardware resources and provides services for applications. It handles process management, memory allocation, file system organisation, user accounts, device communication, and security enforcement. Windows, Linux, and macOS are the three major operating systems.

Do I need to know both Windows and Linux for cybersecurity?

Yes. Windows dominates enterprise desktop environments and Active Directory is the standard identity system. Linux runs most servers, cloud infrastructure, and security tools like Kali Linux. Entry-level security roles expect familiarity with both, though you can start with whichever you will use more in your target role.

What is a process in computing?

A process is a running instance of a program. When you open a browser, the OS creates a process for it with allocated memory and CPU time. In security, identifying suspicious processes is a core skill because malware runs as processes. Tools like ps (Linux) and Get-Process (Windows) list running processes.

What is the principle of least privilege?

Least privilege means giving users and programs only the minimum permissions needed for their task. A standard user should not have administrator access for daily work. This limits the damage if an account is compromised — an attacker who gains access to a limited account can do far less harm than one who gains administrator access.

Why do temporary directories matter for security?

Temporary directories like /tmp on Linux and C:\Windows\Temp on Windows are common locations where malware stages files. These directories are often world-writable, meaning any user or process can create files there. Security teams monitor these locations for suspicious activity.

What is a file system?

A file system is the method an operating system uses to organise and store data on a disk. NTFS is the standard Windows file system, and ext4 is common on Linux. Understanding file systems helps you navigate systems during investigations, find log files, and understand where malware might hide.

What is the difference between a standard user and an administrator?

A standard user can run programs and access their own files but cannot install system-wide software or change critical settings. An administrator (or root user on Linux) has full control over the entire system. Running as administrator daily is a security risk because any malware that runs inherits those elevated privileges.

What are file permissions and why do they matter?

File permissions control who can read, write, or execute a file. On Linux, permissions are set for the owner, group, and others. On Windows, Access Control Lists (ACLs) define permissions. Misconfigured permissions — like making sensitive files world-readable — are one of the most common security vulnerabilities.

How does understanding computers help with cybersecurity certifications?

CompTIA A+ covers hardware components, operating systems, file systems, and user management. CompTIA Security+ builds on these basics with security-specific topics. Understanding how computers work makes every certification topic easier to learn because you understand the system being secured, not just memorising abstract concepts.

Related sections

Linux Fundamentals

Go deeper into the Linux command line, file permissions, and system administration for cybersecurity.

Explore Security Concepts

Learn how CIA triad, least privilege, and defense in depth protect the computer architecture layers.

Explore Home Lab Setup

Set up virtual machines running Windows and Linux to practise these concepts safely.

Explore

More resources

CompTIA A+ Exam Objectives

Official A+ certification objectives covering hardware, operating systems, and security fundamentals.

Visit Linux Journey

Free, beginner-friendly interactive lessons on Linux fundamentals including file systems and permissions.

Visit Microsoft Windows Documentation

Official Microsoft documentation for Windows system administration and security features.

Visit