Operating System Security Fundamentals Dr. Gabriel.

Slides:



Advertisements
Similar presentations
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Access Control Methodologies
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
System and Network Security Practices COEN 351 E-Commerce Security.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Introduction To Windows NT ® Server And Internet Information Server.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Chapter 2 Operating System Security Fundamentals
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Authentication, Authorization and Accounting
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Software Security Testing Vinay Srinivasan cell:
Security Planning and Administrative Delegation Lesson 6.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Module 11: Remote Access Fundamentals
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
Types of Electronic Infection
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Small Business Security Keith Slagle April 24, 2007.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Privilege Management Chapter 22.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Secure Connected Infrastructure
Chapter One: Mastering the Basics of Security
Secure Software Confidentiality Integrity Data Security Authentication
Security.
PLANNING A SECURE BASELINE INSTALLATION
Operating System Concepts
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Presentation transcript:

Operating System Security Fundamentals Dr. Gabriel

2 Operating System Overview Operating system: collection of programs that allows user to operate computer hardware Three layers: –Inner layer –Middle layer –Outer layer

3 Operating System Overview (continued)

4 Key functions of an operating system: –Multitasking, multisharing –Computer resource management –Controls the flow of activities –Provides a user interface

5 Operating System Overview (continued) Key functions of an operating system (continued): –Administers user actions and accounts –Runs software utilities and programs –Enforce security measures –Schedules jobs

6 The Operating System Security Environment A compromised OS can compromise a database environment Physically protect the computer running the OS (padlocks, chain locks, guards, cameras) Model: –Bank building (operating system) –Safe (database) –Money (data)

7 The Operating System Security Environment (continued)

8 The Components of an Operating System Security Environment Used as access points to the database Three components: –Memory –Services –Files

9 The Components of an Operating System Security Environment (continued)

10 Services Main component of operating system security environment Operating system core utilities Used to gain access to the OS and its features Include –User authentication –Remote access –Administration tasks –Password policies

11 Files Common threats: –File permission –File sharing Files must be protected from unauthorized reading and writing actions Data resides in files; protecting files protects data Read, write, and execute privileges

12 File Transfer FTP (File Transfer Protocol): –Internet service for transferring files from one computer to another –Transmits usernames and passwords in plaintext –Root account cannot be used with FTP –Anonymous FTP: ability to log on to the FTP server without being authenticated

13 File Transfer (continued) Best practices: –Use Secure FTP utility if possible –Make two FTP directories: One for uploads with write permissions only One for downloads with read permissions only –Use specific accounts with limited permissions –Log and scan FTP activities –Allow only authorized operators

14 Sharing Files Naturally leads to security risks and threats Peer-to-peer programs: allow users to share files over the Internet Reasons for blocking file sharing: –Malicious code –Adware and spyware –Privacy and confidentiality –Pornography –Copyright issues

15 Memory Hardware memory available on the system Can be corrupted by badly written software Two options: –Stop using the program –Apply a patch (service pack) to fix it Can harm data integrity Can potentially exploit data for illegal use

16 Authentication Methods Authentication: –Verifies user identity –Permits access to the operating system Physical authentication: –Allows physical entrance to company property –Magnetic cards and biometric measures Digital authentication: verifies user identity by digital means

17 Digital Authentication Mechanism Digital certificates: digital passport that identifies and verifies holder of certificate Digital token (security token): –Small electronic device –Displays a number unique to the token holder; used with the holder’s PIN as a password –Uses a different password each time

18 Digital Authentication Mechanism Digital card: –Also known as a security card or smart card –Similar to a credit card; uses an electronic circuit instead of a magnetic strip –Stores user identification information Kerberos: –Developed by MIT –Uses unique keys a.k.a. tickets for authentication purposes

19 Digital Authentication Mechanism Lightweight Directory Access Protocol (LDAP): –Developed by the University of Michigan –A centralized directory database stores: Users (user name and user ID) Passwords Internal telephone directory Security keys –Efficient for reading but not suited for frequently changing information –Easy to implement –Uses client/server architecture

20 Digital Authentication Mechanism NTLM (NT LAN Manager): –Developed and used by Microsoft –Employs a challenge/response authentication protocol –No longer used Public Key Infrastructure (PKI): –User keeps a private key –Authentication firm holds a public key –Encrypt and decrypt data using both keys

21 Digital Authentication Mechanism RADIUS: –Remote authentication dial-in user services –used by network devices to provide a centralized authentication mechanism Secure Socket Layer (SSL): authentication information is transmitted over the network in an encrypted form Secure Remote Password (SRP): –Password is not stored locally –Invulnerable to brute force or dictionary attacks

22 Authorization Process that decides whether users are permitted to perform the functions they request Authorization is not performed until the user is authenticated Deals with privileges and rights

23 User Administration Create user accounts Set password policies Grant privileges to users Best practices: –Use a consistent naming convention –Always provide a password to an account and force the user to change it at the first logon –Protect passwords –Do not use default passwords

24 User Administration (continued) Best practices (continued): –Create a specific file system for users –Educate users on how to select a password –Lock non-used accounts –Grant privileges on a per host basis –Do not grant privileges to all machines –Use ssh, scp, and Secure FTP –Isolate a system after a compromise –Perform random auditing procedures

25 Password Policies First line of defense Dictionary attack: permutation of words in dictionary Make hard for hackers entering your systems Best password policy: –Matches your company missions –Enforced at all level of the organization

26 Password Policies (continued) Best practices: –Password aging –Password reuse –Password history –Password encryption

27 Password Policies (continued) Best practices (continued): –Password storage and protection –Password complexity –Logon retries –Single sign-on

28 Vulnerabilities of Operating Systems Top vulnerabilities to Windows systems: –Internet Information Services (IIS) –Microsoft SQL Server (MSSQL) –Windows Authentication –Internet Explorer (IE) –Windows Remote Access Services

29 Vulnerabilities of Operating Systems (continued) Top vulnerabilities to Windows (continued): –Microsoft Data Access Components (MDAC) –Windows Scripting Host (WSH) –Microsoft Outlook and Outlook Express –Windows Peer-to-Peer File Sharing (P2P) –Simple Network Management Protocol (SNMP)

30 Vulnerabilities of Operating Systems (continued) Top vulnerabilities to UNIX systems: –BIND Domain Name System –Remote Procedure Calls (RPC) –Apache Web Server –General UNIX authentication accounts with no passwords or weak passwords –Clear text services

31 Vulnerabilities of Operating Systems (continued) Top vulnerabilities to UNIX systems (continued): –Sendmail –Simple Network Management Protocol (SNMP) –Secure Shell (SSH) –Misconfiguration of Enterprise Services NIS/NFS –Open Secure Sockets Layer (SSL)

32 Security Tool must widely used by public May be the tool must frequently used by hackers: –Viruses –Worms –Spam –Others Used to send private and confidential data as well as offensive material

33 Security (continued) Used by employees to communicate with: –Clients –Colleagues –Friends Recommendations: –Do not configure server on the same machine where sensitive data resides –Do not disclose technical details about the server

34 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.