guide to operating system security chapter 1 operating systems security – keeping computers and...
TRANSCRIPT
![Page 1: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/1.jpg)
Guide to Operating System Security
Chapter 1
Operating Systems Security – Keeping Computers and
Networks Secure
![Page 2: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/2.jpg)
2 Guide to Operating System Security
Objectives
Explain what operating system and network security means
Discuss why security is necessary Explain the cost factors related to security Describe the types of attacks on operating
systems and networks Discuss system hardening, including features
in operating systems and networks that enable hardening
![Page 3: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/3.jpg)
3 Guide to Operating System Security
What Is Operating System and Network Security?
Ability to reliably store, modify, protect, and grant access to information, so that information is only available to designated users
![Page 4: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/4.jpg)
4 Guide to Operating System Security
Operating Systems and Security
Operating systems Provide basic programming instructions to
computer hardware Interface with user application software and
computer’s BIOS to allow applications to interact with hardware
Security issue Potential to provide security functions at every
level of operation
![Page 5: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/5.jpg)
5 Guide to Operating System Security
Operating System Components
Application programming interface (API) Basic input/output system (BIOS)
Basic form of security: Configure BIOS password security
Kernel Resource managers Device drivers
![Page 6: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/6.jpg)
6 Guide to Operating System Security
Operating System Functions and Components
![Page 7: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/7.jpg)
7 Guide to Operating System Security
Computer Networks and Security
Computer network System of computers, print devices, network
devices, and computer software linked by communications cabling or radio and microwaves
Security issue All networks have vulnerable points that require
security
![Page 8: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/8.jpg)
8 Guide to Operating System Security
Types of Networks
Classified by reach and complexity Local area networks (LANs) Metropolitan area networks (MANs) Wide area networks (WANs)
Enterprise networks
![Page 9: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/9.jpg)
9 Guide to Operating System Security
Resources in an Enterprise Network
![Page 10: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/10.jpg)
10 Guide to Operating System Security
Careers in Information Security
Number of jobs has increased by 100% per year since 1998
Potential for healthy salaries and organizational advancement
![Page 11: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/11.jpg)
11 Guide to Operating System Security
Why Security Is Necessary
Protects information and resources Ensures privacy Facilitates workflow Addresses security holes and software bugs Compensates for human error or neglect
![Page 12: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/12.jpg)
12 Guide to Operating System Security
Protecting Information and Resources
Security protects information and resources of: Businesses Educational institutions Government Telecommuters Personal users
![Page 13: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/13.jpg)
13 Guide to Operating System Security
Ensuring Privacy
Potential for serious legal and business consequences when an intruder accesses private information
![Page 14: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/14.jpg)
14 Guide to Operating System Security
Facilitating Workflow
Potential for loss of money, data, or both if a step in the work process is compromised due to a security problem
![Page 15: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/15.jpg)
15 Guide to Operating System Security
Addressing Security Holes or Software Bugs
After purchasing a new OS, software, or hardware: Test rigorously for security and reliability Check security defaults Install patches immediately
![Page 16: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/16.jpg)
16 Guide to Operating System Security
Compensating forHuman Error or Neglect
Use an OS that enables the organization to set up security policies
Develop written security policies Implement training Test security of new operating systems and
software
![Page 17: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/17.jpg)
17 Guide to Operating System Security
Setting Up Local Security Policies
![Page 18: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/18.jpg)
18 Guide to Operating System Security
Cost Factors
Cost of deploying security Should be an element in total cost of ownership
(TCO) Cost of not deploying security
![Page 19: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/19.jpg)
19 Guide to Operating System Security
Types of Attacks
Standalone workstation or server attacks
Attacks enabled by access to passwords
Viruses, worms, and Trojan horses
Buffer attacks Denial of service Source routing attack Spoofing E-mail attack Port scanning Wireless attacks
![Page 20: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/20.jpg)
20 Guide to Operating System Security
Standalone Workstationor Server Attacks
Easy to take advantage of a logged-on computer that is unattended and unprotected
Avoid by setting up a password-protected screen saver
![Page 21: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/21.jpg)
21 Guide to Operating System Security
Attacks Enabled by Access to Passwords
Users defeat password protection by Sharing them with others Writing them down and displaying them
Attackers have sophisticated ways of gaining password access
![Page 22: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/22.jpg)
22 Guide to Operating System Security
Attempting to Log On to a Telnet Account
![Page 23: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/23.jpg)
23 Guide to Operating System Security
Viruses
Virus Able to replicate throughout a system Infects a disk/file, which infects other disks/files Some cause damage; some don’t
Virus hoax E-mail falsely warning of a virus
![Page 24: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/24.jpg)
24 Guide to Operating System Security
Worm
Endlessly replicates on the same computer, or sends itself to many other computers on a network
Continues to create new files but does not infect existing files
![Page 25: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/25.jpg)
25 Guide to Operating System Security
Trojan Horse
Appears useful and harmless, but does harm Can provide hacker with access to or control
of the computer
![Page 26: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/26.jpg)
26 Guide to Operating System Security
Buffer Attacks
Attacker tricks buffer software into attempting to store more information than it can contain (buffer overflow)
The extra information can be malicious software
![Page 27: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/27.jpg)
27 Guide to Operating System Security
Denial of Service (DoS) Attacks
Interfere with normal access to network host, Web site, or service by flooding network with: Useless information, or Frames or packets containing errors that are not
identified by a network service Distributed DoS attack
One computer causes others to launch attacks directed at one or more targets
![Page 28: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/28.jpg)
28 Guide to Operating System Security
Source Routing Attack
Attacker modifies source address and routing information to make a packet appear to come from a different source
Can be used to breach a privately configured network
A form of spoofing
![Page 29: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/29.jpg)
29 Guide to Operating System Security
Spoofing
Address of source computer is changed to make a packet appear to come from a different computer
Can be used to initiate access to a computer Can appear as just another transmission to a
computer from a legitimate source
![Page 30: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/30.jpg)
30 Guide to Operating System Security
E-mail Attack
Attached file may contain: Virus, worm, or Trojan horse Macro that contains malicious code
E-mail may contain Web link to a rogue Web site
![Page 31: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/31.jpg)
31 Guide to Operating System Security
Port Scanning
Attacker determines live IP address, then runs port scanning software (eg Nmap or Strobe) to find a system on which a key port is open or not in use
To block access through open ports: Stop OS services or processes that are not in use Configure a service only to start manually with
your knowledge Unload unnecessary NLMs
![Page 32: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/32.jpg)
32 Guide to Operating System Security
Sample TCP Ports
![Page 33: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/33.jpg)
33 Guide to Operating System Security
Using the kill Commandin Red Hat Linux
![Page 34: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/34.jpg)
34 Guide to Operating System Security
Managing Mac OS X Sharing Services
![Page 35: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/35.jpg)
35 Guide to Operating System Security
Wireless Attacks
Generally involve scanning multiple channels Key elements
Wireless network interface card Omnidirectional antenna War-driving software
Difficult to determine when someone has compromised a wireless network
![Page 36: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/36.jpg)
36 Guide to Operating System Security
Organizations That HelpPrevent Attacks (Continued)
American Society for Industrial Security (ASIS)
Computer Emergency Response Team Coordination Center (CERT/CC)
Forum of Incident Response and Security Teams (FIRST)
InfraGard
![Page 37: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/37.jpg)
37 Guide to Operating System Security
Organizations That Help Prevent Attacks (Continued)
Information Security Forum (ISF) Information Systems Security Association
(ISSA) National Security Institute (NSI) SysAdmin, Audit, Network, Security (SANS)
Institute
![Page 38: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/38.jpg)
38 Guide to Operating System Security
Hardening Your System
Taking specific actions to block or prevent attacks by means of operating system and network security methods
![Page 39: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/39.jpg)
39 Guide to Operating System Security
General Steps to Harden a System (Continued)
Learn about OS and network security features Consult Web sites of security organizations Only deploy services and processes that are
absolutely necessary Deploy dedicated servers, firewalls, and
routers
![Page 40: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/40.jpg)
40 Guide to Operating System Security
General Steps to Harden a System (Continued)
Use OS features that are provided for security Deploy as many obstructions as possible Audit security regularly Train users to be security conscious Monitor OSs and networks regularly for
attackers
![Page 41: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/41.jpg)
41 Guide to Operating System Security
Overview of Operating System Security Features
Logon security Digital certificate
security File and folder
security Shared resource
security
Security policies Remote access
security Wireless security Disaster recovery
![Page 42: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/42.jpg)
42 Guide to Operating System Security
Logon Security
Requires user account and password to access OS or network
User account provides access to the domain
![Page 43: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/43.jpg)
43 Guide to Operating System Security
Objects in a Domain
![Page 44: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/44.jpg)
44 Guide to Operating System Security
Digital Certificate Security
Verifies authenticity of the communication to ensure that communicating parties are who they say they are
![Page 45: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/45.jpg)
45 Guide to Operating System Security
File and Folder Security
Lists of users and user groups can be given permission to access resources
Attributes can be associated with resources to manage access and support creation of backups
![Page 46: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/46.jpg)
46 Guide to Operating System Security
Shared Resource Security
Ways to control access to resources: Use a list of users and groups that should be
configured Use domains Publish resources in a directory service (eg, Active
Directory or NDS)
![Page 47: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/47.jpg)
47 Guide to Operating System Security
Using an Access List
![Page 48: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/48.jpg)
48 Guide to Operating System Security
Security Policies
Security default settings that apply to a resource offered through an OS or directory service
May apply only to local computer, or to other computers
May specify that user account passwords must be a minimum length and be changed at regular intervals
![Page 49: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/49.jpg)
49 Guide to Operating System Security
Remote Access Security
Enable remote access only when absolutely necessary
Many forms, including: Callback security Data encryption Access authentication Password security
![Page 50: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/50.jpg)
50 Guide to Operating System Security
Wireless Security
Implement Wired Equivalent Privacy (WEP) Create a list of authorized wireless users based
on the permanent address assigned to the wireless interface in the computer
![Page 51: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/51.jpg)
51 Guide to Operating System Security
Disaster Recovery
Use of hardware and software techniques to prevent loss of data Perform backups Store backups in a second location Use redundant hard disks
Enables restoration of systems and data without loss of critical information
![Page 52: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/52.jpg)
52 Guide to Operating System Security
Overview of Network Security Features
Authentication and encryption Firewalls Topology Monitoring
![Page 53: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/53.jpg)
53 Guide to Operating System Security
Authentication
Using a method to validate users who attempt to access a network or resources, to ensure they are authorized
Examples User accounts with passwords Smart cards Biometrics
![Page 54: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/54.jpg)
54 Guide to Operating System Security
Encryption
Protects information sent over a network by making it appear unintelligible
Generally involves using a mathematical key
![Page 55: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/55.jpg)
55 Guide to Operating System Security
Firewalls
Software or hardware placed between networks that selectively allows or denies access
![Page 56: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/56.jpg)
56 Guide to Operating System Security
Topology
Different designs yield different results in terms of security planning and hardening
Also affects security in terms of where specific devices are placed
![Page 57: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/57.jpg)
57 Guide to Operating System Security
Monitoring
Involves determining performance and use of an OS or network
Enables you to determine weak points of a system or network and address them before a problem occurs
![Page 58: Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure](https://reader035.vdocuments.site/reader035/viewer/2022062217/5697bfab1a28abf838c9accb/html5/thumbnails/58.jpg)
58 Guide to Operating System Security
Summary
Operating system and network security Why such security is vital Careers in information security The cost of security; the cost of not having security Common types of attacks Techniques for guarding against attacks on operating
systems and on networks