operating system security fundamentals dr. gabriel
TRANSCRIPT
![Page 1: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/1.jpg)
Operating System Security Operating System Security FundamentalsFundamentals
Dr. Gabriel
![Page 2: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/2.jpg)
2
Operating System OverviewOperating System Overview
• Operating system: collection of programs that allows user to operate computer hardware
• Three layers:– Inner layer
– Middle layer
– Outer layer
![Page 3: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/3.jpg)
3
Operating System Overview Operating System Overview (continued)(continued)
![Page 4: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/4.jpg)
4
Operating System Overview Operating System Overview (continued)(continued)
• Key functions of an operating system:– Multitasking, multisharing
– Computer resource management
– Controls the flow of activities
– Provides a user interface
![Page 5: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/5.jpg)
5
Operating System Overview Operating System Overview (continued)(continued)
• Key functions of an operating system (continued):– Administers user actions and accounts
– Runs software utilities and programs
– Enforce security measures
– Schedules jobs
![Page 6: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/6.jpg)
6
The Operating System Security The Operating System Security EnvironmentEnvironment
• A compromised OS can compromise a database environment
• Physically protect the computer running the OS (padlocks, chain locks, guards, cameras)
• Model:– Bank building (operating system)
– Safe (database)
– Money (data)
![Page 7: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/7.jpg)
7
The Operating System Security The Operating System Security Environment (continued)Environment (continued)
![Page 8: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/8.jpg)
8
The Components of an Operating The Components of an Operating System Security EnvironmentSystem Security Environment
• Used as access points to the database• Three components:
– Memory
– Services
– Files
![Page 9: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/9.jpg)
9
The Components of an Operating The Components of an Operating System Security Environment System Security Environment
(continued)(continued)
![Page 10: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/10.jpg)
10
ServicesServices
• Main component of operating system security environment
• Operating system core utilities• Used to gain access to the OS and its features• Include
– User authentication– Remote access– Administration tasks– Password policies
![Page 11: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/11.jpg)
11
FilesFiles
• Common threats:– File permission
– File sharing
• Files must be protected from unauthorized reading and writing actions
• Data resides in files; protecting files protects data
• Read, write, and execute privileges
![Page 12: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/12.jpg)
12
File TransferFile Transfer
• FTP (File Transfer Protocol):– Internet service for transferring files from one
computer to another
– Transmits usernames and passwords in plaintext
– Root account cannot be used with FTP
– Anonymous FTP: ability to log on to the FTP server without being authenticated
![Page 13: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/13.jpg)
13
File Transfer (continued)File Transfer (continued)
• Best practices:– Use Secure FTP utility if possible
– Make two FTP directories:• One for uploads with write permissions only• One for downloads with read permissions only
– Use specific accounts with limited permissions
– Log and scan FTP activities
– Allow only authorized operators
![Page 14: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/14.jpg)
14
Sharing FilesSharing Files
• Naturally leads to security risks and threats• Peer-to-peer programs: allow users to share
files over the Internet• Reasons for blocking file sharing:
– Malicious code
– Adware and spyware
– Privacy and confidentiality
– Pornography
– Copyright issues
![Page 15: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/15.jpg)
15
MemoryMemory
• Hardware memory available on the system• Can be corrupted by badly written software• Two options:
– Stop using the program
– Apply a patch (service pack) to fix it
• Can harm data integrity• Can potentially exploit data for illegal use
![Page 16: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/16.jpg)
16
Authentication MethodsAuthentication Methods
• Authentication:– Verifies user identity
– Permits access to the operating system
• Physical authentication:– Allows physical entrance to company property
– Magnetic cards and biometric measures
• Digital authentication: verifies user identity by digital means
![Page 17: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/17.jpg)
17
Digital Authentication MechanismDigital Authentication Mechanism
• Digital certificates: digital passport that identifies and verifies holder of certificate
• Digital token (security token):– Small electronic device
– Displays a number unique to the token holder; used with the holder’s PIN as a password
– Uses a different password each time
![Page 18: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/18.jpg)
18
Digital Authentication MechanismDigital Authentication Mechanism
• Digital card:– Also known as a security card or smart card
– Similar to a credit card; uses an electronic circuit instead of a magnetic strip
– Stores user identification information
• Kerberos:– Developed by MIT
– Uses unique keys a.k.a. tickets for authentication purposes
![Page 19: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/19.jpg)
19
Digital Authentication MechanismDigital Authentication Mechanism
• Lightweight Directory Access Protocol (LDAP):– Developed by the University of Michigan
– A centralized directory database stores:• Users (user name and user ID)• Passwords• Internal telephone directory• Security keys
– Efficient for reading but not suited for frequently changing information
– Easy to implement
– Uses client/server architecture
![Page 20: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/20.jpg)
20
Digital Authentication MechanismDigital Authentication Mechanism
• NTLM (NT LAN Manager):– Developed and used by Microsoft
– Employs a challenge/response authentication protocol
– No longer used
• Public Key Infrastructure (PKI):– User keeps a private key
– Authentication firm holds a public key
– Encrypt and decrypt data using both keys
![Page 21: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/21.jpg)
21
Digital Authentication MechanismDigital Authentication Mechanism
• RADIUS: – Remote authentication dial-in user services
– used by network devices to provide a centralized authentication mechanism
• Secure Socket Layer (SSL): authentication information is transmitted over the network in an encrypted form
• Secure Remote Password (SRP):– Password is not stored locally
– Invulnerable to brute force or dictionary attacks
![Page 22: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/22.jpg)
22
AuthorizationAuthorization
• Process that decides whether users are permitted to perform the functions they request
• Authorization is not performed until the user is authenticated
• Deals with privileges and rights
![Page 23: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/23.jpg)
23
User AdministrationUser Administration
• Create user accounts• Set password policies• Grant privileges to users• Best practices:
– Use a consistent naming convention
– Always provide a password to an account and force the user to change it at the first logon
– Protect passwords
– Do not use default passwords
![Page 24: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/24.jpg)
24
User Administration (continued)User Administration (continued)
• Best practices (continued):– Create a specific file system for users
– Educate users on how to select a password
– Lock non-used accounts
– Grant privileges on a per host basis
– Do not grant privileges to all machines
– Use ssh, scp, and Secure FTP
– Isolate a system after a compromise
– Perform random auditing procedures
![Page 25: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/25.jpg)
25
Password PoliciesPassword Policies
• First line of defense• Dictionary attack: permutation of words in
dictionary• Make hard for hackers entering your systems• Best password policy:
– Matches your company missions
– Enforced at all level of the organization
![Page 26: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/26.jpg)
26
Password Policies (continued)Password Policies (continued)
• Best practices:– Password aging
– Password reuse
– Password history
– Password encryption
![Page 27: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/27.jpg)
27
Password Policies (continued)Password Policies (continued)
• Best practices (continued):– Password storage and protection
– Password complexity
– Logon retries
– Single sign-on
![Page 28: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/28.jpg)
28
Vulnerabilities of Operating SystemsVulnerabilities of Operating Systems
• Top vulnerabilities to Windows systems:– Internet Information Services (IIS)
– Microsoft SQL Server (MSSQL)
– Windows Authentication
– Internet Explorer (IE)
– Windows Remote Access Services
![Page 29: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/29.jpg)
29
Vulnerabilities of Operating Systems Vulnerabilities of Operating Systems (continued)(continued)
• Top vulnerabilities to Windows (continued):– Microsoft Data Access Components (MDAC)
– Windows Scripting Host (WSH)
– Microsoft Outlook and Outlook Express
– Windows Peer-to-Peer File Sharing (P2P)
– Simple Network Management Protocol (SNMP)
![Page 30: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/30.jpg)
30
Vulnerabilities of Operating Systems Vulnerabilities of Operating Systems (continued)(continued)
• Top vulnerabilities to UNIX systems:– BIND Domain Name System
– Remote Procedure Calls (RPC)
– Apache Web Server
– General UNIX authentication accounts with no passwords or weak passwords
– Clear text services
![Page 31: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/31.jpg)
31
Vulnerabilities of Operating Systems Vulnerabilities of Operating Systems (continued)(continued)
• Top vulnerabilities to UNIX systems (continued):– Sendmail
– Simple Network Management Protocol (SNMP)
– Secure Shell (SSH)
– Misconfiguration of Enterprise Services NIS/NFS
– Open Secure Sockets Layer (SSL)
![Page 32: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/32.jpg)
32
E-mail SecurityE-mail Security
• Tool must widely used by public• May be the tool must frequently used by
hackers:– Viruses
– Worms
– Spam
– Others
• Used to send private and confidential data as well as offensive material
![Page 33: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/33.jpg)
33
E-mail Security (continued)E-mail Security (continued)
• Used by employees to communicate with:– Clients
– Colleagues
– Friends
• Recommendations:– Do not configure e-mail server on the same
machine where sensitive data resides
– Do not disclose technical details about the e-mail server
![Page 34: Operating System Security Fundamentals Dr. Gabriel](https://reader036.vdocument.in/reader036/viewer/2022062304/56649f115503460f94c2365f/html5/thumbnails/34.jpg)
34
Questions?Questions?