SlideShare a Scribd company logo

Operating systems and computer security

Download as PPT, PDF
S
Swati Bhonde

Operating System Security

Engineering
1 of 29
Operating System and Computer Security By, Prof. Swati B. Bhonde, Department of Computer Engineering Amrutvahini College of Engineering, Sangamner
Why I need to have OS?
Software  Operating Systems  Run wide variety of tasks  Run when computer is started  Only one OS operates at a time  Applications  Run specified tasks  Only run when initiated  Can run multiple applications at a time
What does Operating System do  Manages all the resource in a computer (including processor, memory, i/o devices)  Provides an interface between the hardware and application software.
Mostly used OS  Desktop  Windows  Mac OS  Unix/Linux and their siblings.  PDA  Palm  Pocket PC  Embedded Linux OS
Computer security challenges  Virus  Email Virus  Worm  Trojan Horse  Spam
Virus  Viruses are fragments of computer code that are linked to the normal programs  When normal program is infected by virus, virus will run first every time you start the program.  Viruses can duplicate themselves and infect other programs.  Original virus are less and less popular now.  People don’t copy files from others, but would rather download from the original source.  Anti-virus software is widely used.
Email virus  An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.  Two kinds  Executable attachment (.exe .vbs .com .bat files).  Macro language viruses.
Fact about email virus  BOTTOM LINE :There is *NO* such thing as an E-mail text virus!  You can not get a virus or any system damaging software by reading an e-mail*. E-mails (that is, the ACTUAL message can not contain viruses)  Email viruses always resides in the attachment. So don’t run any suspect attachment files.
Worm  A worm is a computer program that has the ability to copy itself from machine to machine by taking advantage of the security hole in the system.  Security holes are bugs in the OS.  This is the most serious threat now  Your Computer can be infected by just plugging in the internet.  MSblast and SoBig are the recent worms that damage hundreds of thousand computers.
Trojan Horse (back door)  A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk).  Trojan horse usually does replicate itself.
Suggestions to secure your computer  Use anti-virus software.  Update your computer regularly.  Be careful with the email attachments  Safe: .jpg .bmp .pdf .txt ….  Unsafe: .exe .doc .xls .ppt …  Avoid email software by Microsoft (outlook, outlook express…). They are mostly targeted.  Use firewall or router to protect you from worm attack.
Spam (junk mail)  Spamming is business  Most effective way to stop it is legislation. Most states passed law to restrict it, but none fully banned it.  How spammers get your mail.  Web search  Sending test emails  Exchange or buy from other spammers
Suggestions to fight spam  Never reply junk emails  Moreover, never even open them.  Don’t post your actual email address in the website.  Sparty_at_msu.edu  Sparty@NOSPAMMINGmsu.edu  Use a picture of your email address.  When send group emails, put all the recipients in the BCC field to protect other people.
Any questions till this part?
Wireless Networks and Security
Outline  Wireless Networks and Security  Attacking and defending WEP  Attacking and defending WPA/WPA2  Common defense techniques  Summary
Wireless Networks and Security 1) What are Wireless Networks?  A wireless network is the way that a computer is connected to a router without a physical link. 2) Why do we need?  Facilitates mobility – You can use lengthy wires instead, but someone might trip over them. 3) Why security?  Attacker may hack a victim’s personal computer and steal private data or may perform some illegal activities or crimes using the victim’s machine and ID. Also there's a possibility to read wirelessly transferred data (by using sniffers)
Wireless Networks and Security Three security approaches: 1. WEP (Wired Equivalent Privacy) 2. WPA (Wi-Fi Protected Access) 3. WPA2 (Wi-Fi Protected Access, Version 2) WPA also has two generations named Enterprise and Personal.
WEP (Wired Equivalent Privacy) • Encryption: – 40 / 64 bits – 104 / 128 bits 24 bits are used for IV (Initialization vector) • Passphrase: – Key 1-4 – Each WEP key can consist of the letters "A" through "F" and the numbers "0" through "9". It should be 10 hex or 5 ASCII characters in length for 40/64-bit encryption and 26 hex or 13 ASCII characters in length for 104/128-bit encryption.
WPA/WPA2 Personal  Encryption:  TKIP (Temporal Key Integrity Protocol )  AES (Advanced Encryption Standard)  Pre-Shared Key:  A key of 8-63 characters  Key Renewal:  You can choose a Key Renewal period, which instructs the device how often it should change encryption keys. The default is 3600 seconds
Attacking WEP • iwconfig – a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP (Address Resolution Protocol) requests to the target router • macchanger – a tool that allows you to view and/or spoof (fake) your MAC address • airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon) • airodump – a tool for capturing packets from a wireless router (otherwise known as an AP) • aireplay – a tool for forging ARP requests • aircrack – a tool for decrypting WEP keys
How to defend when using WEP  Use longer WEP encryption keys, which makes the data analysis task more difficult. If your WLAN equipment supports 128-bit WEP keys.  Change your WEP keys frequently. There are devices that support "dynamic WEP" which is off the standard but allows different WEP keys to be assigned to each user.  Use a VPN for any protocol, including WEP, that may include sensitive information.  Implement a different technique for encrypting traffic, such as IPSec over wireless. To do this, you will probably need to install IPsec software on each wireless client, install an IPSec server in your wired network, and use a VLAN to the access points to the IPSec server.
Attacking WPA • macchanger – a tool that allows you to view and/or spoof (fake) your MAC address • airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon) • airodump – a tool for capturing packets from a wireless router (otherwise known as an AP) • aireplay – a tool for forging ARP requests ― Capture WPA/WPA2 handshakes by forcing clients to reauthenticate ― Generate new Initialization Vectors • aircrack – a tool for decrypting WEP keys (should be used with dictionary)
How to defend when using WPA  Passphrases – the only way to crack WPA is to sniff the password PMK associated with the handshake authentication process, and if this password is extremely complicated it will be almost impossible to crack  Passphrase Complexity – select a random passphrase that is not made up of dictionary words. Select a complex passphrase of a minimum of 20 characters in length and change it at regular intervals
Common defense techniques  Change router default user name and password  Change the internal IP subnet if possible  Change default name and hide broadcasting of the SSID (Service Set Identifier)  None of the attack methods are faster or effective when a larger passphrase is used.  Restrict access to your wireless network by filtering access based on the MAC (Media Access Code) addresses
Summary  Change all possible default router settings  Use encryption (WPA/WPA2)  Use long and complex keys/passphrases
Thank you!

Recommended

Ch14 security
Ch14 securityCh14 security
Ch14 securityWelly Dian Astika
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...usman butt
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Computer Virus
Computer VirusComputer Virus
Computer VirusDebraj Chatterjee
 
Detection of Self-Disciplinary Worms
Detection of Self-Disciplinary WormsDetection of Self-Disciplinary Worms
Detection of Self-Disciplinary WormsKrishna Chaitanya Yarlagadda
 

Recommended

Ch14 security
Ch14 securityCh14 security
Ch14 securityWelly Dian Astika
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...usman butt
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Computer Virus
Computer VirusComputer Virus
Computer VirusDebraj Chatterjee
 
Detection of Self-Disciplinary Worms
Detection of Self-Disciplinary WormsDetection of Self-Disciplinary Worms
Detection of Self-Disciplinary WormsKrishna Chaitanya Yarlagadda
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Cy - Firewall
Cy - FirewallCy - Firewall
Cy - Firewallbeacondaytech
 
Malware
MalwareMalware
MalwareHarshdeep Singh
 
Computer virus
Computer virusComputer virus
Computer virusToan Tong
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 
Presentation
PresentationPresentation
Presentationdarshpreet kaur
 
Essential security for linux servers
Essential security for linux serversEssential security for linux servers
Essential security for linux serversJuan Carlos Pérez Pardo
 
Windows network
Windows networkWindows network
Windows networkJithesh Nair
 
Linux security-fosster-09
Linux security-fosster-09Linux security-fosster-09
Linux security-fosster-09Dr. Jayaraj Poroor
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9Ali Habeeb
 
Personal firewall,Spy ware,ad ware remover and viruses
Personal firewall,Spy ware,ad ware remover and virusesPersonal firewall,Spy ware,ad ware remover and viruses
Personal firewall,Spy ware,ad ware remover and virusesAdeel Khurram
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61 Google
 
Virus
VirusVirus
VirusMukul Kumar
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final pptaritradutta22
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-IntroAparna Bulusu
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptImXaib
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its DefenceGreater Noida Institute Of Technology
 

More Related Content

What's hot

Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Computer virus
Computer virusComputer virus
Computer virusToan Tong
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 
Personal firewall,Spy ware,ad ware remover and viruses
Personal firewall,Spy ware,ad ware remover and virusesPersonal firewall,Spy ware,ad ware remover and viruses
Personal firewall,Spy ware,ad ware remover and virusesAdeel Khurram
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61 Google
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final pptaritradutta22
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 

What's hot (18)

Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Cy - Firewall
Cy - FirewallCy - Firewall
Cy - Firewall
 
Malware
MalwareMalware
Malware
 
Computer virus
Computer virusComputer virus
Computer virus
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 
Presentation
PresentationPresentation
Presentation
 
Essential security for linux servers
Essential security for linux serversEssential security for linux servers
Essential security for linux servers
 
Windows network
Windows networkWindows network
Windows network
 
Linux security-fosster-09
Linux security-fosster-09Linux security-fosster-09
Linux security-fosster-09
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9
 
Personal firewall,Spy ware,ad ware remover and viruses
Personal firewall,Spy ware,ad ware remover and virusesPersonal firewall,Spy ware,ad ware remover and viruses
Personal firewall,Spy ware,ad ware remover and viruses
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61
 
Virus
VirusVirus
Virus
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final ppt
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 

Similar to Operating systems and computer security

AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptImXaib
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareBRNSSPublicationHubI
 
23 computer security
23 computer security23 computer security
23 computer securityhafizhanif86
 
Network security.pptx
Network security.pptxNetwork security.pptx
Network security.pptxrishi707971
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Securitydrkelleher
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Miigaa Mine
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 

Similar to Operating systems and computer security (20)

Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-Intro
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.ppt
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security Software
 
Cloud Computing & Security
Cloud Computing & SecurityCloud Computing & Security
Cloud Computing & Security
 
23 computer security
23 computer security23 computer security
23 computer security
 
Network security.pptx
Network security.pptxNetwork security.pptx
Network security.pptx
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Computer networking
Computer networking Computer networking
Computer networking
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
 
Desktop Security 8 9 07
Desktop Security 8 9 07Desktop Security 8 9 07
Desktop Security 8 9 07
 
Mitppt
MitpptMitppt
Mitppt
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 

Recently uploaded

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2RajaP95
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 

Recently uploaded (20)

Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2HARMONY IN THE HUMAN BEING - Unit-II UHV-2
HARMONY IN THE HUMAN BEING - Unit-II UHV-2
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 

Operating systems and computer security

  • 1. Operating System and Computer Security By, Prof. Swati B. Bhonde, Department of Computer Engineering Amrutvahini College of Engineering, Sangamner
  • 2. Why I need to have OS?
  • 3. Software  Operating Systems  Run wide variety of tasks  Run when computer is started  Only one OS operates at a time  Applications  Run specified tasks  Only run when initiated  Can run multiple applications at a time
  • 4. What does Operating System do  Manages all the resource in a computer (including processor, memory, i/o devices)  Provides an interface between the hardware and application software.
  • 5. Mostly used OS  Desktop  Windows  Mac OS  Unix/Linux and their siblings.  PDA  Palm  Pocket PC  Embedded Linux OS
  • 6. Computer security challenges  Virus  Email Virus  Worm  Trojan Horse  Spam
  • 7. Virus  Viruses are fragments of computer code that are linked to the normal programs  When normal program is infected by virus, virus will run first every time you start the program.  Viruses can duplicate themselves and infect other programs.  Original virus are less and less popular now.  People don’t copy files from others, but would rather download from the original source.  Anti-virus software is widely used.
  • 8.
  • 9. Email virus  An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.  Two kinds  Executable attachment (.exe .vbs .com .bat files).  Macro language viruses.
  • 10. Fact about email virus  BOTTOM LINE :There is *NO* such thing as an E-mail text virus!  You can not get a virus or any system damaging software by reading an e-mail*. E-mails (that is, the ACTUAL message can not contain viruses)  Email viruses always resides in the attachment. So don’t run any suspect attachment files.
  • 11. Worm  A worm is a computer program that has the ability to copy itself from machine to machine by taking advantage of the security hole in the system.  Security holes are bugs in the OS.  This is the most serious threat now  Your Computer can be infected by just plugging in the internet.  MSblast and SoBig are the recent worms that damage hundreds of thousand computers.
  • 12. Trojan Horse (back door)  A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk).  Trojan horse usually does replicate itself.
  • 13. Suggestions to secure your computer  Use anti-virus software.  Update your computer regularly.  Be careful with the email attachments  Safe: .jpg .bmp .pdf .txt ….  Unsafe: .exe .doc .xls .ppt …  Avoid email software by Microsoft (outlook, outlook express…). They are mostly targeted.  Use firewall or router to protect you from worm attack.
  • 14. Spam (junk mail)  Spamming is business  Most effective way to stop it is legislation. Most states passed law to restrict it, but none fully banned it.  How spammers get your mail.  Web search  Sending test emails  Exchange or buy from other spammers
  • 15. Suggestions to fight spam  Never reply junk emails  Moreover, never even open them.  Don’t post your actual email address in the website.  Sparty_at_msu.edu  Sparty@NOSPAMMINGmsu.edu  Use a picture of your email address.  When send group emails, put all the recipients in the BCC field to protect other people.
  • 16. Any questions till this part?
  • 18. Outline  Wireless Networks and Security  Attacking and defending WEP  Attacking and defending WPA/WPA2  Common defense techniques  Summary
  • 19. Wireless Networks and Security 1) What are Wireless Networks?  A wireless network is the way that a computer is connected to a router without a physical link. 2) Why do we need?  Facilitates mobility – You can use lengthy wires instead, but someone might trip over them. 3) Why security?  Attacker may hack a victim’s personal computer and steal private data or may perform some illegal activities or crimes using the victim’s machine and ID. Also there's a possibility to read wirelessly transferred data (by using sniffers)
  • 20. Wireless Networks and Security Three security approaches: 1. WEP (Wired Equivalent Privacy) 2. WPA (Wi-Fi Protected Access) 3. WPA2 (Wi-Fi Protected Access, Version 2) WPA also has two generations named Enterprise and Personal.
  • 21. WEP (Wired Equivalent Privacy) • Encryption: – 40 / 64 bits – 104 / 128 bits 24 bits are used for IV (Initialization vector) • Passphrase: – Key 1-4 – Each WEP key can consist of the letters "A" through "F" and the numbers "0" through "9". It should be 10 hex or 5 ASCII characters in length for 40/64-bit encryption and 26 hex or 13 ASCII characters in length for 104/128-bit encryption.
  • 22. WPA/WPA2 Personal  Encryption:  TKIP (Temporal Key Integrity Protocol )  AES (Advanced Encryption Standard)  Pre-Shared Key:  A key of 8-63 characters  Key Renewal:  You can choose a Key Renewal period, which instructs the device how often it should change encryption keys. The default is 3600 seconds
  • 23. Attacking WEP • iwconfig – a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP (Address Resolution Protocol) requests to the target router • macchanger – a tool that allows you to view and/or spoof (fake) your MAC address • airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon) • airodump – a tool for capturing packets from a wireless router (otherwise known as an AP) • aireplay – a tool for forging ARP requests • aircrack – a tool for decrypting WEP keys
  • 24. How to defend when using WEP  Use longer WEP encryption keys, which makes the data analysis task more difficult. If your WLAN equipment supports 128-bit WEP keys.  Change your WEP keys frequently. There are devices that support "dynamic WEP" which is off the standard but allows different WEP keys to be assigned to each user.  Use a VPN for any protocol, including WEP, that may include sensitive information.  Implement a different technique for encrypting traffic, such as IPSec over wireless. To do this, you will probably need to install IPsec software on each wireless client, install an IPSec server in your wired network, and use a VLAN to the access points to the IPSec server.
  • 25. Attacking WPA • macchanger – a tool that allows you to view and/or spoof (fake) your MAC address • airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon) • airodump – a tool for capturing packets from a wireless router (otherwise known as an AP) • aireplay – a tool for forging ARP requests ― Capture WPA/WPA2 handshakes by forcing clients to reauthenticate ― Generate new Initialization Vectors • aircrack – a tool for decrypting WEP keys (should be used with dictionary)
  • 26. How to defend when using WPA  Passphrases – the only way to crack WPA is to sniff the password PMK associated with the handshake authentication process, and if this password is extremely complicated it will be almost impossible to crack  Passphrase Complexity – select a random passphrase that is not made up of dictionary words. Select a complex passphrase of a minimum of 20 characters in length and change it at regular intervals
  • 27. Common defense techniques  Change router default user name and password  Change the internal IP subnet if possible  Change default name and hide broadcasting of the SSID (Service Set Identifier)  None of the attack methods are faster or effective when a larger passphrase is used.  Restrict access to your wireless network by filtering access based on the MAC (Media Access Code) addresses
  • 28. Summary  Change all possible default router settings  Use encryption (WPA/WPA2)  Use long and complex keys/passphrases