Guide to Operating System Security Chapter 1 Operating
- Slides: 58
Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure
Objectives l l l Explain what operating system and network security means Discuss why security is necessary Explain the cost factors related to security Describe the types of attacks on operating systems and networks Discuss system hardening, including features in operating systems and networks that enable hardening Guide to Operating System Security 2
What Is Operating System and Network Security? l Ability to reliably store, modify, protect, and grant access to information, so that information is only available to designated users Guide to Operating System Security 3
Operating Systems and Security l Operating systems Provide basic programming instructions to computer hardware u Interface with user application software and computer’s BIOS to allow applications to interact with hardware u l Security issue u Potential to provide security functions at every level of operation Guide to Operating System Security 4
Operating System Components l l Application programming interface (API) Basic input/output system (BIOS) u l l l Basic form of security: Configure BIOS password security Kernel Resource managers Device drivers Guide to Operating System Security 5
Operating System Functions and Components Guide to Operating System Security 6
Computer Networks and Security l Computer network u l System of computers, print devices, network devices, and computer software linked by communications cabling or radio and microwaves Security issue u All networks have vulnerable points that require security Guide to Operating System Security 7
Types of Networks l Classified by reach and complexity Local area networks (LANs) u Metropolitan area networks (MANs) u Wide area networks (WANs) u l Enterprise networks Guide to Operating System Security 8
Resources in an Enterprise Network Guide to Operating System Security 9
Careers in Information Security l l Number of jobs has increased by 100% per year since 1998 Potential for healthy salaries and organizational advancement Guide to Operating System Security 10
Why Security Is Necessary l l l Protects information and resources Ensures privacy Facilitates workflow Addresses security holes and software bugs Compensates for human error or neglect Guide to Operating System Security 11
Protecting Information and Resources l Security protects information and resources of: Businesses u Educational institutions u Government u Telecommuters u Personal users u Guide to Operating System Security 12
Ensuring Privacy l Potential for serious legal and business consequences when an intruder accesses private information Guide to Operating System Security 13
Facilitating Workflow l Potential for loss of money, data, or both if a step in the work process is compromised due to a security problem Guide to Operating System Security 14
Addressing Security Holes or Software Bugs l After purchasing a new OS, software, or hardware: Test rigorously for security and reliability u Check security defaults u Install patches immediately u Guide to Operating System Security 15
Compensating for Human Error or Neglect l l Use an OS that enables the organization to set up security policies Develop written security policies Implement training Test security of new operating systems and software Guide to Operating System Security 16
Setting Up Local Security Policies Guide to Operating System Security 17
Cost Factors l Cost of deploying security u l Should be an element in total cost of ownership (TCO) Cost of not deploying security Guide to Operating System Security 18
Types of Attacks l l l Standalone workstation or server attacks Attacks enabled by access to passwords Viruses, worms, and Trojan horses l l l l Guide to Operating System Security Buffer attacks Denial of service Source routing attack Spoofing E-mail attack Port scanning Wireless attacks 19
Standalone Workstation or Server Attacks l l Easy to take advantage of a logged-on computer that is unattended and unprotected Avoid by setting up a password-protected screen saver Guide to Operating System Security 20
Attacks Enabled by Access to Passwords l Users defeat password protection by Sharing them with others u Writing them down and displaying them u l Attackers have sophisticated ways of gaining password access Guide to Operating System Security 21
Attempting to Log On to a Telnet Account Guide to Operating System Security 22
Viruses l Virus Able to replicate throughout a system u Infects a disk/file, which infects other disks/files u Some cause damage; some don’t u l Virus hoax u E-mail falsely warning of a virus Guide to Operating System Security 23
Worm l l Endlessly replicates on the same computer, or sends itself to many other computers on a network Continues to create new files but does not infect existing files Guide to Operating System Security 24
Trojan Horse l l Appears useful and harmless, but does harm Can provide hacker with access to or control of the computer Guide to Operating System Security 25
Buffer Attacks l l Attacker tricks buffer software into attempting to store more information than it can contain (buffer overflow) The extra information can be malicious software Guide to Operating System Security 26
Denial of Service (Do. S) Attacks l Interfere with normal access to network host, Web site, or service by flooding network with: Useless information, or u Frames or packets containing errors that are not identified by a network service u l Distributed Do. S attack u One computer causes others to launch attacks directed at one or more targets Guide to Operating System Security 27
Source Routing Attack l l l Attacker modifies source address and routing information to make a packet appear to come from a different source Can be used to breach a privately configured network A form of spoofing Guide to Operating System Security 28
Spoofing l l l Address of source computer is changed to make a packet appear to come from a different computer Can be used to initiate access to a computer Can appear as just another transmission to a computer from a legitimate source Guide to Operating System Security 29
E-mail Attack l Attached file may contain: Virus, worm, or Trojan horse u Macro that contains malicious code u l E-mail may contain Web link to a rogue Web site Guide to Operating System Security 30
Port Scanning l l Attacker determines live IP address, then runs port scanning software (eg Nmap or Strobe) to find a system on which a key port is open or not in use To block access through open ports: Stop OS services or processes that are not in use u Configure a service only to start manually with your knowledge u Unload unnecessary NLMs u Guide to Operating System Security 31
Sample TCP Ports Guide to Operating System Security 32
Using the kill Command in Red Hat Linux Guide to Operating System Security 33
Managing Mac OS X Sharing Services Guide to Operating System Security 34
Wireless Attacks l l Generally involve scanning multiple channels Key elements Wireless network interface card u Omnidirectional antenna u War-driving software u l Difficult to determine when someone has compromised a wireless network Guide to Operating System Security 35
Organizations That Help Prevent Attacks (Continued) l l American Society for Industrial Security (ASIS) Computer Emergency Response Team Coordination Center (CERT/CC) Forum of Incident Response and Security Teams (FIRST) Infra. Gard Guide to Operating System Security 36
Organizations That Help Prevent Attacks (Continued) l l Information Security Forum (ISF) Information Systems Security Association (ISSA) National Security Institute (NSI) Sys. Admin, Audit, Network, Security (SANS) Institute Guide to Operating System Security 37
Hardening Your System l Taking specific actions to block or prevent attacks by means of operating system and network security methods Guide to Operating System Security 38
General Steps to Harden a System (Continued) l l Learn about OS and network security features Consult Web sites of security organizations Only deploy services and processes that are absolutely necessary Deploy dedicated servers, firewalls, and routers Guide to Operating System Security 39
General Steps to Harden a System (Continued) l l l Use OS features that are provided for security Deploy as many obstructions as possible Audit security regularly Train users to be security conscious Monitor OSs and networks regularly for attackers Guide to Operating System Security 40
Overview of Operating System Security Features l l Logon security Digital certificate security File and folder security Shared resource security Guide to Operating System Security l l Security policies Remote access security Wireless security Disaster recovery 41
Logon Security l l Requires user account and password to access OS or network User account provides access to the domain Guide to Operating System Security 42
Objects in a Domain Guide to Operating System Security 43
Digital Certificate Security l Verifies authenticity of the communication to ensure that communicating parties are who they say they are Guide to Operating System Security 44
File and Folder Security l l Lists of users and user groups can be given permission to access resources Attributes can be associated with resources to manage access and support creation of backups Guide to Operating System Security 45
Shared Resource Security l Ways to control access to resources: Use a list of users and groups that should be configured u Use domains u Publish resources in a directory service (eg, Active Directory or NDS) u Guide to Operating System Security 46
Using an Access List Guide to Operating System Security 47
Security Policies l l l Security default settings that apply to a resource offered through an OS or directory service May apply only to local computer, or to other computers May specify that user account passwords must be a minimum length and be changed at regular intervals Guide to Operating System Security 48
Remote Access Security l l Enable remote access only when absolutely necessary Many forms, including: Callback security u Data encryption u Access authentication u Password security u Guide to Operating System Security 49
Wireless Security l l Implement Wired Equivalent Privacy (WEP) Create a list of authorized wireless users based on the permanent address assigned to the wireless interface in the computer Guide to Operating System Security 50
Disaster Recovery l Use of hardware and software techniques to prevent loss of data Perform backups u Store backups in a second location u Use redundant hard disks u l Enables restoration of systems and data without loss of critical information Guide to Operating System Security 51
Overview of Network Security Features l l Authentication and encryption Firewalls Topology Monitoring Guide to Operating System Security 52
Authentication l l Using a method to validate users who attempt to access a network or resources, to ensure they are authorized Examples User accounts with passwords u Smart cards u Biometrics u Guide to Operating System Security 53
Encryption l l Protects information sent over a network by making it appear unintelligible Generally involves using a mathematical key Guide to Operating System Security 54
Firewalls l Software or hardware placed between networks that selectively allows or denies access Guide to Operating System Security 55
Topology l l Different designs yield different results in terms of security planning and hardening Also affects security in terms of where specific devices are placed Guide to Operating System Security 56
Monitoring l l Involves determining performance and use of an OS or network Enables you to determine weak points of a system or network and address them before a problem occurs Guide to Operating System Security 57
Summary l l l Operating system and network security Why such security is vital Careers in information security The cost of security; the cost of not having security Common types of attacks Techniques for guarding against attacks on operating systems and on networks Guide to Operating System Security 58
- Guide to network security
- Security guide to network security fundamentals
- Security guide to network security fundamentals
- Privat security
- Protection and security in operating system
- Security and protection in operating system
- Security and protection in operating system
- Operating system security trent jaeger
- Protection and security in operating system
- Linux security features
- Operating system security
- Trojan horse in computer
- Operating system security
- Operating system security problems
- Operating system security features
- Operating system security features
- Buddy system in os
- File system in operating system
- File system in operating system
- File system in operating system
- System security in system analysis and design
- Chapter 35 section 1 the digestive system
- Earth moon
- Router audit tool
- Nist sp 800-55
- Computer security incident handling guide
- Cissp guide to security essentials
- Cissp guide to security essentials
- What are 5 operating systems
- Operating system history
- Chapter 4 operating system
- Operating system concepts chapter 8 solutions
- Operating system concepts chapter 5 solutions
- Operating system concepts chapter 5 solutions
- Chapter 4 operating system
- Windows operating system architecture
- Operating system chapter 1
- Operating system chapter 3
- Operating system chapter 3
- Osi model security architecture
- Wireless security in cryptography
- Explain about visa international security mode
- Electronic mail security in network security
- Cnss model 27 cells example
- Electronic commerce security
- Software security building security in
- Earth closed system
- Respiratory system circulatory system digestive system
- Oras score
- Struktur wawancara
- Cylinder measurement
- Multitasking operating system
- Nt operating system
- ____________ is an example of operating system. *
- Before operating system
- Multi tasking operating system
- Block diagram of unix
- Trusted os
- Tinyos operating system