Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operating System Security Fundamentals Dr. Gabriel.

Published byDarrell Cannon Modified over 8 years ago

Similar presentations

Presentation on theme: "Operating System Security Fundamentals Dr. Gabriel."— Presentation transcript:

1 Operating System Security Fundamentals Dr. Gabriel

2 2 Operating System Overview Operating system: collection of programs that allows user to operate computer hardware Three layers: –Inner layer –Middle layer –Outer layer

3 3 Operating System Overview (continued)

4 4 Key functions of an operating system: –Multitasking, multisharing –Computer resource management –Controls the flow of activities –Provides a user interface

5 5 Operating System Overview (continued) Key functions of an operating system (continued): –Administers user actions and accounts –Runs software utilities and programs –Enforce security measures –Schedules jobs

6 6 The Operating System Security Environment A compromised OS can compromise a database environment Physically protect the computer running the OS (padlocks, chain locks, guards, cameras) Model: –Bank building (operating system) –Safe (database) –Money (data)

7 7 The Operating System Security Environment (continued)

8 8 The Components of an Operating System Security Environment Used as access points to the database Three components: –Memory –Services –Files

9 9 The Components of an Operating System Security Environment (continued)

10 10 Services Main component of operating system security environment Operating system core utilities Used to gain access to the OS and its features Include –User authentication –Remote access –Administration tasks –Password policies

11 11 Files Common threats: –File permission –File sharing Files must be protected from unauthorized reading and writing actions Data resides in files; protecting files protects data Read, write, and execute privileges

12 12 File Transfer FTP (File Transfer Protocol): –Internet service for transferring files from one computer to another –Transmits usernames and passwords in plaintext –Root account cannot be used with FTP –Anonymous FTP: ability to log on to the FTP server without being authenticated

13 13 File Transfer (continued) Best practices: –Use Secure FTP utility if possible –Make two FTP directories: One for uploads with write permissions only One for downloads with read permissions only –Use specific accounts with limited permissions –Log and scan FTP activities –Allow only authorized operators

14 14 Sharing Files Naturally leads to security risks and threats Peer-to-peer programs: allow users to share files over the Internet Reasons for blocking file sharing: –Malicious code –Adware and spyware –Privacy and confidentiality –Pornography –Copyright issues

15 15 Memory Hardware memory available on the system Can be corrupted by badly written software Two options: –Stop using the program –Apply a patch (service pack) to fix it Can harm data integrity Can potentially exploit data for illegal use

16 16 Authentication Methods Authentication: –Verifies user identity –Permits access to the operating system Physical authentication: –Allows physical entrance to company property –Magnetic cards and biometric measures Digital authentication: verifies user identity by digital means

17 17 Digital Authentication Mechanism Digital certificates: digital passport that identifies and verifies holder of certificate Digital token (security token): –Small electronic device –Displays a number unique to the token holder; used with the holder’s PIN as a password –Uses a different password each time

18 18 Digital Authentication Mechanism Digital card: –Also known as a security card or smart card –Similar to a credit card; uses an electronic circuit instead of a magnetic strip –Stores user identification information Kerberos: –Developed by MIT –Uses unique keys a.k.a. tickets for authentication purposes

19 19 Digital Authentication Mechanism Lightweight Directory Access Protocol (LDAP): –Developed by the University of Michigan –A centralized directory database stores: Users (user name and user ID) Passwords Internal telephone directory Security keys –Efficient for reading but not suited for frequently changing information –Easy to implement –Uses client/server architecture

20 20 Digital Authentication Mechanism NTLM (NT LAN Manager): –Developed and used by Microsoft –Employs a challenge/response authentication protocol –No longer used Public Key Infrastructure (PKI): –User keeps a private key –Authentication firm holds a public key –Encrypt and decrypt data using both keys

21 21 Digital Authentication Mechanism RADIUS: –Remote authentication dial-in user services –used by network devices to provide a centralized authentication mechanism Secure Socket Layer (SSL): authentication information is transmitted over the network in an encrypted form Secure Remote Password (SRP): –Password is not stored locally –Invulnerable to brute force or dictionary attacks

22 22 Authorization Process that decides whether users are permitted to perform the functions they request Authorization is not performed until the user is authenticated Deals with privileges and rights

23 23 User Administration Create user accounts Set password policies Grant privileges to users Best practices: –Use a consistent naming convention –Always provide a password to an account and force the user to change it at the first logon –Protect passwords –Do not use default passwords

24 24 User Administration (continued) Best practices (continued): –Create a specific file system for users –Educate users on how to select a password –Lock non-used accounts –Grant privileges on a per host basis –Do not grant privileges to all machines –Use ssh, scp, and Secure FTP –Isolate a system after a compromise –Perform random auditing procedures

25 25 Password Policies First line of defense Dictionary attack: permutation of words in dictionary Make hard for hackers entering your systems Best password policy: –Matches your company missions –Enforced at all level of the organization

26 26 Password Policies (continued) Best practices: –Password aging –Password reuse –Password history –Password encryption

27 27 Password Policies (continued) Best practices (continued): –Password storage and protection –Password complexity –Logon retries –Single sign-on

28 28 Vulnerabilities of Operating Systems Top vulnerabilities to Windows systems: –Internet Information Services (IIS) –Microsoft SQL Server (MSSQL) –Windows Authentication –Internet Explorer (IE) –Windows Remote Access Services

29 29 Vulnerabilities of Operating Systems (continued) Top vulnerabilities to Windows (continued): –Microsoft Data Access Components (MDAC) –Windows Scripting Host (WSH) –Microsoft Outlook and Outlook Express –Windows Peer-to-Peer File Sharing (P2P) –Simple Network Management Protocol (SNMP)

30 30 Vulnerabilities of Operating Systems (continued) Top vulnerabilities to UNIX systems: –BIND Domain Name System –Remote Procedure Calls (RPC) –Apache Web Server –General UNIX authentication accounts with no passwords or weak passwords –Clear text services

31 31 Vulnerabilities of Operating Systems (continued) Top vulnerabilities to UNIX systems (continued): –Sendmail –Simple Network Management Protocol (SNMP) –Secure Shell (SSH) –Misconfiguration of Enterprise Services NIS/NFS –Open Secure Sockets Layer (SSL)

32 32 E-mail Security Tool must widely used by public May be the tool must frequently used by hackers: –Viruses –Worms –Spam –Others Used to send private and confidential data as well as offensive material

33 33 E-mail Security (continued) Used by employees to communicate with: –Clients –Colleagues –Friends Recommendations: –Do not configure e-mail server on the same machine where sensitive data resides –Do not disclose technical details about the e-mail server

34 34 Questions?

Download ppt "Operating System Security Fundamentals Dr. Gabriel."

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Access Control Methodologies

Access Control Methodologies
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Similar presentations

Ads by Google