SlideShare a Scribd company logo

Operating system security

Ramesh Ogania
Ramesh Ogania

This document provides an overview of operating system security. It discusses the key components and functions of an operating system including multitasking, resource management, user interfaces, and more. It then examines the security environment of an operating system including services, files, memory, authentication, authorization, and vulnerabilities. Finally, it outlines best practices for securing an operating system such as installing only necessary software, configuring users and permissions properly, applying patches and updates, and performing regular security monitoring, backups and testing.

Technology
1 of 33
email : rameshogania@gmail.com Gsm : 9969 37 44 37 O I S S T
O I S S T
Operating System Overview • Operating system: collection of programs that allows user to operate computer hardware • Three layers: – Inner layer, computer hardware – Middle layer, operating system – Outer layer, different software
Operating System Overview • Key functions of an operating system: – Multitasking, multi sharing – Computer resource management – Controls the flow of activities – Provides a user interface – Administers user actions and accounts – Runs software utilities and programs – Enforce security measures – Schedule jobs – Provide tools to configure the operating system and hardware
The OS Security Environment • A compromised OS can compromise a database environment • Physically protect the computer running the OS (padlocks, chain locks, guards, cameras) • Model: – Bank building (operating system) – Safe (database) – Money (data)
The Components of an OS Security Environment • Used as access points to the database • Three components: – Services – Files – Memory
Services • Main component of operating system security environment • Used to gain access to the OS and its features • Include – User authentication – Remote access – Administration tasks – Password policies
Files • Common threats: – File permission – File sharing • Files must be protected from unauthorized reading and writing actions • Data resides in files; protecting files protects data
File Permissions • Read, write, and execute privileges • In Windows: – Change permission on the Security tab on a file’s Properties dialog box – Allow indicates grant; Deny indicates revoke
Sharing Files • Naturally leads to security risks and threats • Peer-to-peer programs: allow users to share files over the Internet • Reasons for blocking file sharing: – Malicious code – Adware and spyware – Privacy and confidentiality – Pornography – Copyright issues
Memory • Hardware memory available on the system can be corrupted by badly written software • Can harm data integrity • Two options: – Stop using the program – Apply a patch (service pack) to fix it
Authentication • Authentication: – Verifies user identity – Permits access to the operating system • Physical authentication: – Allows physical entrance to company property – Magnetic cards and biometric measures • Digital authentication: verifies user identity by digital means
Authorization • Process that decides whether users are permitted to perform the functions they request • Authorization is not performed until the user is authenticated • Deals with privileges and rights
User Administration • Create user accounts • Set password policies • Grant privileges to users • Best practices: – Use a consistent naming convention – Always provide a password to an account and force the user to change it at the first logon – Protect passwords – Do not use default passwords
Vulnerabilities of OS • Top vulnerabilities to Windows systems: – Internet Information Services (IIS) – Microsoft SQL Server (MSSQL) – Windows Authentication – Internet Explorer (IE) – Windows Remote Access Services – Microsoft Data Access Components (MDAC) – Windows Scripting Host (WSH) – Microsoft Outlook and Outlook Express – Windows Peer-to-Peer File Sharing (P2P) – Simple Network Management Protocol (SNMP)
NIST Approach Phases • Planning • Installation • Configuration • Update • Maintenance • Consider the OS layered model, each layer needs to be properly secured, and it may be attack from layers bellow
OS Layered Model User Space Services / Hypervisor System Calls Device Drivers / Hardware Abstraction Layer (HAL) Kernel / BIOS Instruction Set Architecture Hardware Physical World
Hardening the OS • Default OS configurations are for ease of use • Measures have to be done at all stages – Installing and patching – Configuring • Remove unnecessary applications, services and protocols • Users, groups, controls and privileges – Install additional software (anti-virus, firewall, intrusion detection system, etc.) – Test Security
Installing and Patching • Installation – Machines should not connect to network until secured • However removable media may be infected as well – Limited network (firewall) is acceptable, ideally: • No inbound connections • Only out to certain key sites – Install only required services and drivers (from trusted sources) – Set up automatic updates (only if update time is not an issue) • Booting – Protect BIOS changes with password – Disable some bootable media – Cryptographic hard drives? Pros and Cons
Automatic Updates
Remove Unnecessary Support • Software have vulnerabilities, hence more software = more vulnerabilities • Better to not install it at all – Uninstallers sometimes fail to clean all dependency – Disabled software may be enabled by an attacker upon control acquisition • Disabling can be done via msconfig command (Windows), yast or equivalent (Linux) or Control Panel (Windows / Linux)
Configure Authentication • Define user types and privileges – Admin (ideally only temporary) – Normal – Limited • Authentication – Force default password change – Password definition – Password lifespan • Remove or disable old accounts • Allow for remote connections?
Additional Security and Testing • Anti-virus • Firewalls, IDS, IPS • White list – If attackers manage to install a program what will happen? • Run some test cases which attempt to break security (stress testing), good hackers make a lot of money here
Application Security • Configure applications properly • Use encryption when possible as seen earlier – For storing – For transmit (SSH connections) • Limit privileges as with users – Remember what we have said about security in Android, Blackberry, and iPhone • Applications may provide backdoors if not configured properly
Maintenance • Now that system is set, keep it secure • This involves – Monitoring and analyzing logging information – Performing regular backups – Recovering from security compromises – Regular testing of security – Patch, update, and revise critical software
Logging • Keep a record of important events in the computer • Problems – Need to make sure to have enough space – Manual analysis is hard, so these logs should contain a format such that a program (e.g. in Perl) can parse messages
Data Backup • Backup is the act of creating copies of information such that it may be recovered • Archive is to keep these backups for a long period of time in order to meet some legal aspects • Should the backup be kept online or offline? – Online makes easier access, faster recover – Offline is more secure, harder to recover – Why not both?: Users should keep their own offline backups, in case online backup gets removed • Data may be lost accidentally (hardware failures, human mistake) or intentionally
Windows Security • Use automatic updates specially for – Windows – Adobe Acrobat Reader and Flash Plugin – Java • Users are defined with a Security ID (SID) and information such as passwords may be stored at Security Account Manager (SAM) • System restore • User Account Control to treat users with admin only as admin when required, otherwise as normal (Vista and later)
Windows Registry • Hard to maintain • Easy to access • May use a specific application hiding complex information from administrator • May use regedit to see everything – Useful to have an application that queues and monitors registry changes, such that they need to get approved before proceeding
Other Windows Security • Anti-virus • Anti-spyware • Personal firewall • Encrypting File Systems – Local Security Policy • BitLocker: full disk encryption with AES • More on Control Panel System Security • Microsoft Baseline Security Analyzer – Checks for minimal recommended requirements in a system – Its free – Shavlik NetChk Limited for legacy
Virtualization • Virtualization: defines an isomorphism that maps a virtual guest system to a physical host • Adds another degree of freedom by enabling multiple resource managers and controlled sharing. – Adds a level of indirection • Can virtualize a single resource (DRAM, Disks) or an entire system (machine). – may create one or more virtual objects. • Virtual Machine: Add virtualization layer which transforms the physical machine into the desired virtual architecture.
Some Virtual Machines • Oracle VirtualBox • Microsoft Virtual PC (formerly Virtual PC) • VMware • Xen Hypervisor • Parallel Desktop (popular on MAC)
Questions ? email : rameshogania@gmail.com Gsm : 9969 37 44 37

Recommended

Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
System security
System securitySystem security
System securitysommerville-videos
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 

Recommended

Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Email security
Email securityEmail security
Email securityBaliram Yadav
 
System security
System securitySystem security
System securitysommerville-videos
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber securityShri ramswaroop college of engineering and management
 
Data encryption
Data encryptionData encryption
Data encryptionDeepam Goyal
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security ThreatsQuick Heal Technologies Ltd.
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 

More Related Content

What's hot

Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 

What's hot (20)

Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Intruders
IntrudersIntruders
Intruders
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
 
Data encryption
Data encryptionData encryption
Data encryption
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 
Database security
Database securityDatabase security
Database security
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network security
Network securityNetwork security
Network security
 
Web Security
Web SecurityWeb Security
Web Security
 

Similar to Operating system security

Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and datagocybersec
 
Security Architectures and Models.pptx
Security Architectures and Models.pptxSecurity Architectures and Models.pptx
Security Architectures and Models.pptxRushikeshChikane2
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesSam Bowne
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesSam Bowne
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
 
Ch2 operating-system structures
Ch2 operating-system structuresCh2 operating-system structures
Ch2 operating-system structuresWelly Dian Astika
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.pptajajkhan16
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're InfectedTripwire
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxAlfredObia1
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01wardell henley
 
Information Security
Information SecurityInformation Security
Information Securitysonykhan3
 
CH12-CompSec4e.pptx
CH12-CompSec4e.pptxCH12-CompSec4e.pptx
CH12-CompSec4e.pptxams1ams11
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 

Similar to Operating system security (20)

Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
 
Security Architectures and Models.pptx
Security Architectures and Models.pptxSecurity Architectures and Models.pptx
Security Architectures and Models.pptx
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS VulnerabilitiesCNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
 
CNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS VulnerabilitiesCNIT 123 Ch 8: OS Vulnerabilities
CNIT 123 Ch 8: OS Vulnerabilities
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security Presentation
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
 
Ch2 operating-system structures
Ch2 operating-system structuresCh2 operating-system structures
Ch2 operating-system structures
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.ppt
 
Lec # 1 chapter 2
Lec # 1 chapter 2Lec # 1 chapter 2
Lec # 1 chapter 2
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01
 
Information Security
Information SecurityInformation Security
Information Security
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
CH12-CompSec4e.pptx
CH12-CompSec4e.pptxCH12-CompSec4e.pptx
CH12-CompSec4e.pptx
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 

Recently uploaded

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 

Recently uploaded (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

Operating system security

  • 1. email : rameshogania@gmail.com Gsm : 9969 37 44 37 O I S S T
  • 3. Operating System Overview • Operating system: collection of programs that allows user to operate computer hardware • Three layers: – Inner layer, computer hardware – Middle layer, operating system – Outer layer, different software
  • 4. Operating System Overview • Key functions of an operating system: – Multitasking, multi sharing – Computer resource management – Controls the flow of activities – Provides a user interface – Administers user actions and accounts – Runs software utilities and programs – Enforce security measures – Schedule jobs – Provide tools to configure the operating system and hardware
  • 5. The OS Security Environment • A compromised OS can compromise a database environment • Physically protect the computer running the OS (padlocks, chain locks, guards, cameras) • Model: – Bank building (operating system) – Safe (database) – Money (data)
  • 6. The Components of an OS Security Environment • Used as access points to the database • Three components: – Services – Files – Memory
  • 7. Services • Main component of operating system security environment • Used to gain access to the OS and its features • Include – User authentication – Remote access – Administration tasks – Password policies
  • 8. Files • Common threats: – File permission – File sharing • Files must be protected from unauthorized reading and writing actions • Data resides in files; protecting files protects data
  • 9. File Permissions • Read, write, and execute privileges • In Windows: – Change permission on the Security tab on a file’s Properties dialog box – Allow indicates grant; Deny indicates revoke
  • 10. Sharing Files • Naturally leads to security risks and threats • Peer-to-peer programs: allow users to share files over the Internet • Reasons for blocking file sharing: – Malicious code – Adware and spyware – Privacy and confidentiality – Pornography – Copyright issues
  • 11. Memory • Hardware memory available on the system can be corrupted by badly written software • Can harm data integrity • Two options: – Stop using the program – Apply a patch (service pack) to fix it
  • 12. Authentication • Authentication: – Verifies user identity – Permits access to the operating system • Physical authentication: – Allows physical entrance to company property – Magnetic cards and biometric measures • Digital authentication: verifies user identity by digital means
  • 13. Authorization • Process that decides whether users are permitted to perform the functions they request • Authorization is not performed until the user is authenticated • Deals with privileges and rights
  • 14. User Administration • Create user accounts • Set password policies • Grant privileges to users • Best practices: – Use a consistent naming convention – Always provide a password to an account and force the user to change it at the first logon – Protect passwords – Do not use default passwords
  • 15. Vulnerabilities of OS • Top vulnerabilities to Windows systems: – Internet Information Services (IIS) – Microsoft SQL Server (MSSQL) – Windows Authentication – Internet Explorer (IE) – Windows Remote Access Services – Microsoft Data Access Components (MDAC) – Windows Scripting Host (WSH) – Microsoft Outlook and Outlook Express – Windows Peer-to-Peer File Sharing (P2P) – Simple Network Management Protocol (SNMP)
  • 16. NIST Approach Phases • Planning • Installation • Configuration • Update • Maintenance • Consider the OS layered model, each layer needs to be properly secured, and it may be attack from layers bellow
  • 17. OS Layered Model User Space Services / Hypervisor System Calls Device Drivers / Hardware Abstraction Layer (HAL) Kernel / BIOS Instruction Set Architecture Hardware Physical World
  • 18. Hardening the OS • Default OS configurations are for ease of use • Measures have to be done at all stages – Installing and patching – Configuring • Remove unnecessary applications, services and protocols • Users, groups, controls and privileges – Install additional software (anti-virus, firewall, intrusion detection system, etc.) – Test Security
  • 19. Installing and Patching • Installation – Machines should not connect to network until secured • However removable media may be infected as well – Limited network (firewall) is acceptable, ideally: • No inbound connections • Only out to certain key sites – Install only required services and drivers (from trusted sources) – Set up automatic updates (only if update time is not an issue) • Booting – Protect BIOS changes with password – Disable some bootable media – Cryptographic hard drives? Pros and Cons
  • 21. Remove Unnecessary Support • Software have vulnerabilities, hence more software = more vulnerabilities • Better to not install it at all – Uninstallers sometimes fail to clean all dependency – Disabled software may be enabled by an attacker upon control acquisition • Disabling can be done via msconfig command (Windows), yast or equivalent (Linux) or Control Panel (Windows / Linux)
  • 22. Configure Authentication • Define user types and privileges – Admin (ideally only temporary) – Normal – Limited • Authentication – Force default password change – Password definition – Password lifespan • Remove or disable old accounts • Allow for remote connections?
  • 23. Additional Security and Testing • Anti-virus • Firewalls, IDS, IPS • White list – If attackers manage to install a program what will happen? • Run some test cases which attempt to break security (stress testing), good hackers make a lot of money here
  • 24. Application Security • Configure applications properly • Use encryption when possible as seen earlier – For storing – For transmit (SSH connections) • Limit privileges as with users – Remember what we have said about security in Android, Blackberry, and iPhone • Applications may provide backdoors if not configured properly
  • 25. Maintenance • Now that system is set, keep it secure • This involves – Monitoring and analyzing logging information – Performing regular backups – Recovering from security compromises – Regular testing of security – Patch, update, and revise critical software
  • 26. Logging • Keep a record of important events in the computer • Problems – Need to make sure to have enough space – Manual analysis is hard, so these logs should contain a format such that a program (e.g. in Perl) can parse messages
  • 27. Data Backup • Backup is the act of creating copies of information such that it may be recovered • Archive is to keep these backups for a long period of time in order to meet some legal aspects • Should the backup be kept online or offline? – Online makes easier access, faster recover – Offline is more secure, harder to recover – Why not both?: Users should keep their own offline backups, in case online backup gets removed • Data may be lost accidentally (hardware failures, human mistake) or intentionally
  • 28. Windows Security • Use automatic updates specially for – Windows – Adobe Acrobat Reader and Flash Plugin – Java • Users are defined with a Security ID (SID) and information such as passwords may be stored at Security Account Manager (SAM) • System restore • User Account Control to treat users with admin only as admin when required, otherwise as normal (Vista and later)
  • 29. Windows Registry • Hard to maintain • Easy to access • May use a specific application hiding complex information from administrator • May use regedit to see everything – Useful to have an application that queues and monitors registry changes, such that they need to get approved before proceeding
  • 30. Other Windows Security • Anti-virus • Anti-spyware • Personal firewall • Encrypting File Systems – Local Security Policy • BitLocker: full disk encryption with AES • More on Control Panel System Security • Microsoft Baseline Security Analyzer – Checks for minimal recommended requirements in a system – Its free – Shavlik NetChk Limited for legacy
  • 31. Virtualization • Virtualization: defines an isomorphism that maps a virtual guest system to a physical host • Adds another degree of freedom by enabling multiple resource managers and controlled sharing. – Adds a level of indirection • Can virtualize a single resource (DRAM, Disks) or an entire system (machine). – may create one or more virtual objects. • Virtual Machine: Add virtualization layer which transforms the physical machine into the desired virtual architecture.
  • 32. Some Virtual Machines • Oracle VirtualBox • Microsoft Virtual PC (formerly Virtual PC) • VMware • Xen Hypervisor • Parallel Desktop (popular on MAC)
  • 33. Questions ? email : rameshogania@gmail.com Gsm : 9969 37 44 37