Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Operating Systems and introduction to security

Published byFrederica Lynch Modified over 5 years ago

Similar presentations

Presentation on theme: "Network Operating Systems and introduction to security"— Presentation transcript:

1 Network Operating Systems and introduction to security

2 Network Operating Systems(NOS)
Designed to support networks Networks are a collection of many computers and devices that are connected together By installing a NOS onto a computer it becomes what is know as a Server. Servers can provide many different functions. NOS installed on a server and configured to distribute files.

3 Open-Source (UNIX and Linux)
Free Various NOS distros available Ubuntu Server, Red Hat Enterprise, CentOS, Debian, Oracle and many, many more. Accessible code open for development by anyone. Extremely wide customization range, meaning that they can perform many tasks to suit the host. Known for is its stability because processes are separate from those of the operating system. Even if an application crashes, unless it somehow manages to take down the X Windows system with it (which does happen), the operating system keeps going. With Windows or Mac however, if an application crashes it can often cause the OS to crash along with, resulting in the server going down with it. X Windows system: X provides the basic framework for a GUI environment in UNIX

4 Proprietary Such as Mac OS X or Windows Server.
Compatible and easily integrate with Windows or Mac OS and their associated eco systems respectively. Familiar GUI’s Cost’s money. Different to open source operating systems in a sense that they may or may not be allowed to use certain software, especially if it doesn’t support a particular file format. Closed NOS’s that cannot be customized beyond the developers original intention. Users cannot modify or access Windows Servers' underlying code for example. Open-source NOSs which are free to use can be a great benefit for smaller organisations with smaller budgets.

5 General Purpose A general purpose NOS or setup refers to a server which can be used for a multitude of tasks all at the same time. General purpose tasks include handling users and access policies and managing files & applications. Windows Server is used widely because of a few reasons, but typically for its accessibility, maintenance costs and security. These servers are typically used to communicate with all other devices on the network and commonly used as a computing server. Distribute computing resources over a network, helping local machines to perform tasks such as domain services, distributing and running applications and storage.

6 Task Specific Implemented into a network for specificity.
Servers that are dedicated to computing one task, and one task only. Could be multiple servers set up on a network all assigned just one task each. They don’t interact with the network the same way that a general purpose server would Generally a lot easier to implement and more cost efficient to maintain. Will not include domain services.

7 NOS services: File: Allows resources to be shared between clients on the network. System admin can regulate who has access to what. Web: Server configured to store, process and deliver web pages to clients. Print: Manages the print queue, usage and potentially user credit. Print queue could be shared between multiple printers. Remote access: Using software such as Virtual Machine Manager the server can be remotely managed. Using VPN connection to the remote server, clients can access their files and folders after logging in. Firewall/Proxy: A proxy firewall acts as an intermediary between in-house clients and servers on the network. Proxy firewalls are considered to be the most secure type of firewall because they prevent direct network contact with other systems. A proxy firewall has its own IP address so an outside network connection will never receive packets from the sending network directly.

8 NOS services continued:
Terminal services: With remote access configured a user or admin can take full control of a computer or virtual machine desktop on the network. Access control: Allows the server admin to authorize users, groups, and computers to access or restrict access to objects on the network or computer. Group Policy in windows server allows us to configure policy's. Infrastructure management: Allows you to connect and manage the objects on the network. Ecommerce: Website hosting, secure (SSL) certificate installed and management can be set up. Remote Desktop Protocol (RDP) for Windows. Remote access and Terminal Services software.

9 Windows Server 2016 – Services
Services in Windows Server 2016 can be installed through server roles

10 Theory leading to Assignment 1
Disaster recovery Theory leading to Assignment 1

11 Disaster recovery: Backup Mythology Full Backups
Stores a copy of all files and typically occurs automatically according to a pre-set schedule. Files are usually compressed to save space, however, even when compressed full backups may consume a lot of storage. Image reference:

12 Disaster recovery: Backup Mythology Full Backups
Disadvantages include causing heavy access to the backup disk, which shorten disk life and consume network bandwidth. More robust than many businesses require. Only a small percentage of files change from one backup to another. Will yield multiple identical copies of files and consume valuable storage space on the backup medium. An advantage is the ease of restoration. Restoring a file requires only the file name, location, and date from which to restore the data.

13 Disaster recovery: Backup Mythology Incremental Backups
Backup only the files that have been created or changed since the last backup. Usually backup strategies include a combination of full backups and incremental backups. Running a full backup once per week—on weekends when network and computing resource demands are lower—and scheduling incremental backups on weekdays. Backing up files with this combination enables a restoration that does not require looking through or merging more than a week’s worth of iterations. Image reference:

14 Disaster recovery: Backup Mythology Incremental Backups
An advantage is that the volume of data backed up at each iteration is much smaller, which in turn saves space on the backup medium and uses less network bandwidth. Disadvantages include backups increasing computing overhead, each source file must be compared with the last full backup as well as the incremental iterations to determine whether data is new or changed. More complex to locate a specific file to restore as it may require searching several iterations. To completely restore all files requires merging all iterations while taking care to keep only the most recent version of each file.

15 Disaster recovery: Backup Mythology Differential Backups
Differential backups are similar to incremental backups, except that each backup operation stores the new and updated files since the last full backup. For example, if a full backup was performed on Sunday and a file changed on Monday, that file will be part of every differential backup until the next full backup is run. Image reference:

16 Disaster recovery: Backup Mythology Differential Backups
Using differential backups simplifies recovery because only the last full backup and the last differential backup is needed to create a complete restoration. As with incremental backups, differential backups need to compare current and already-backed-up files to identify any changes. However, differential backups require more space and network bandwidth compared with incremental backups.

17 Disaster recovery: Data Recovery: If data has been backed up it can be recovered by simply installing the backup. If not, through the use of specialised software deleted or corrupted data can be recovered. Mirrored Systems: A second backup server has an exact copy of another server. If one goes down the other takes over meaning no downtime to the network. Virtualisation: One physical server split into multiple isolated virtual environments. Reduces physical space and cost. UPS (Uninterruptible Power Supply)/Backup Power supply: Battery devices that connect to a physical server to give it power when the primary source of power fails.

18 Disaster recovery: Off site management: Off site backup allows copied server data stored physically away from the main site. Should the server and data be damaged at one site through fire or flooding for example there is a backup still available. High availability: How operational the server is. By having regular backups, UPS’s set up and offsite management available your server should be 99% available and therefore considered to have high availability. Fault tolerance: No single point of failure, fault isolation, backups. Combination of previous and this slides topics. By having two separate machines that are mirrored.  In the event that the main system has a hardware failure, the secondary system takes over and there is zero downtime.

19 Theory leading to Assignment 1
NOS Security Theory leading to Assignment 1

20 NOS security: Management of updates/patches: Keeping your server software and client installed software uptodate will eliminate potential holes in security. Anti-virus protection: Essential on a server. Microsoft Endpoint is an example that protects servers and devices on the network. Alerts can be set to notify the Admin but usual kills viruses automatically. Physical access policies: Who can access your server? Key coded or locked servers rooms are essential. Access should be restricted only to admin. Service access policies: Examples include , file, web and printing. Who needs access to what? Policy's should ensure that only users who need services have access to them.

21 NOS security cont. User access policies: Who has access to the network? Users should have username and passwords setup and only access to data essential to their role. Policy management: Through group policy management network admins can restrict user access and control what they can add and change. User and group audits: Maintaining a log and monitoring users network usage to maintain security. Can be set in Group policy. Firewalls and filters could restrict access to undesirable websites. Continual vetting of access: Consistent consideration of who should have access to what. Based on job role and audits. Disclosure and Barring Service (DBS) check and References should be gathered for new employees.

22 NOS security cont. Authentication policies and practice: Methods put in place to safeguard access to network services including internet. Password or fingerprint scanners could be considers as ways to authenticate access. Password policy: Passwords could be set to change every 90 days or have a minimum of 8 characters with numbers, uppercase and lowercase lettering.

23 Password – Good practice
1. Adopt Long Passphrases According to Special Publication Digital Identity Guidelines, a best practice is to create passwords of up to 64 characters including spaces. XKCD did an analysis between ”Tr0ub4dor&3” and a long passphrase “correct horse battery staple”. They found that it took only 3 days to guess the password created in with special character substitutions, while the passphrase would take 550 years to crack. 2. Don’t force password changes – Controversial! NCSC suggest that a new password may have been used elsewhere, and attackers can exploit this. A new password is also more likely to be written down, which represents another vulnerability. New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out of their accounts, and service desks having to reset passwords. Note: good practice in password policy is often changing and there’s contradicting research.

24 Password – Good practice
3. Create Password Blacklist Don’t allow easy to crack passwords using software like nFront and Anixis PPE within Windows Server. Hackers usually start their attacks with attempts to guess a password by using a database of the most popular passwords, dictionary words, or passwords that have already been cracked. 4. Limit failed log in attempts Add a limit on the number of failed login attempts in order to detect and reject brute force or dictionary attacks. This can be altered in account policy within Group Policy of Windows Server Note: Don’t underestimate the importance of employee training to help detect and avoid phishing and other social media attacks.

25 Types of password attacks
Dictionary attacks Uses a list of known or commonly used passwords top crack a password. Could be based on the individual with personal details or a more general attack based on globally popular passwords Particularly good password may not be on the list and will therefore be missed. Brute force Try's all possible combinations in the password space. Takes much longer than a dictionary attack but covers a wider range of passwords

26 Security Policies & Procedures to consider
Password(timeout, requirements, history) Security(Group policy, CCTV, guards, check points) Vetting (DBS, CRB, references) Physical protection (Doors & locks) Encryption(Bitlocker, reverse engineering) Timeout(Session, PC, User account) User roles (Admin, non-admin, restricted admin, guest) Backup & Data evacuation Data protection act, GDPR Two factor Authentication (Software, hardware, physical)

Download ppt "Network Operating Systems and introduction to security"

Similar presentations

Computer networks Fundamentals of Information Technology Session 6.

Computer networks Fundamentals of Information Technology Session 6.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
File Management Systems

File Management Systems
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
P6 - CONFIGURE THE SOFTWARE. CONFIGURE SOFTWARE Most software can be configured to suit an individual user, for example by changing the appearance of.

P6 - CONFIGURE THE SOFTWARE. CONFIGURE SOFTWARE Most software can be configured to suit an individual user, for example by changing the appearance of.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Chapter 7: Using Windows Servers to Share Information.

Chapter 7: Using Windows Servers to Share Information.
Chapter 8 Implementing Disaster Recovery and High Availability Hands-On Virtual Computing.

Chapter 8 Implementing Disaster Recovery and High Availability Hands-On Virtual Computing.
Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.

Chapter 16 Designing Effective Output. E – 2 Before H000 Produce Hardware Investment Report HI000 Produce Hardware Investment Lines H100 Read Hardware.
Troubleshooting Windows Vista Security Chapter 4.

Troubleshooting Windows Vista Security Chapter 4.
Module 7: Fundamentals of Administering Windows Server 2008.

Module 7: Fundamentals of Administering Windows Server 2008.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Similar presentations

Ads by Google