Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mumtaz Ali Rajput mumtaz.ali@superior.edu.pk +92 – 301- 4949 409 INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput mumtaz.ali@superior.edu.pk +92 – 301-

Published byShinta Tanuwidjaja Modified over 6 years ago

Similar presentations

Presentation on theme: "Mumtaz Ali Rajput mumtaz.ali@superior.edu.pk +92 – 301- 4949 409 INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput mumtaz.ali@superior.edu.pk +92 – 301-"— Presentation transcript:

1 Mumtaz Ali Rajput mumtaz.ali@superior.edu.pk +92 – 301- 4949 409
INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput +92 –

2 Information Security (IS)
In This Chapter: Boot Sequence BIOS Passwords Hibernation Event Logging Windows - Event Logging Linux – Event logging Process monitoring Memory and File system Security Virtual Memory Security Access Methods Information Security (IS)

3 Information Security (IS)
The Boot Sequence The action of loading an operating system into memory from a powered- off state is known as booting or bootstrapping. When a computer is turned on, it first executes code stored in a firmware component known as the BIOS (basic input/output system). On modern systems, the BIOS loads into memory the second-stage boot loader, which handles loading the rest of the operating system into memory and then passes control of execution to the operating system. Information Security (IS)

4 Information Security (IS)
BIOS Passwords A malicious user could potentially seize execution of a computer at several points in the boot process. To prevent an attacker from initiating the first stages of booting, many computers feature a BIOS password that does not allow a second- stage boot loader to be executed without proper authentication. Information Security (IS)

5 Information Security (IS)
Hibernation Modern machines have the ability to go into a powered-off state known as hibernation. •While going into hibernation, the OS stores the contents of machine’s memory into a hibernation file (such as hiberfil.sys) on disk so the computer can be quickly restored later. •But… without additional security precautions, hibernation exposes a machine to potentially invasive forensic investigation. Information Security (IS)

6 Information Security (IS)
Event Logging •Keeping track of –what processes are running, –what other machines have interacted with the system via the Internet, and –if the operating system has experienced any unexpected or suspicious behavior •Such logging can often leave important clues for –troubleshooting ordinary problems –determining the cause of a security breach Information Security (IS)

7 Windows - Event Logging
•3 source of logs –System •Can only be written by OS –Application •Written by ordinary application –Security •Written by windows service known as Local Security Authority Subsystem Service (lsass.exe) •lsass enforce access control and user authentication Information Security (IS)

8 Information Security (IS)
Linux – Event logging •Typically log files are stored in /var/log •These are text files with descriptive names with one event per line •E.g. auth.log contains record of user authentication •kern.log keeps track of unexpected kernel behavior •Writing of these log is done by syslog daemon Information Security (IS)

9 Information Security (IS)
Process monitoring •There should be a way to know which processes are currently running •May be to identify the suspicious process •With this that process can be terminated •Windows –Task manager •Linux –ps, top, pstree and kill commands Information Security (IS)

10 Memory and File system Security
•The contents of a computer are encapsulated in its memory and filesystem. •Thus, protection of a computer’s content has to start with the protection of its memory and its filesystem. Information Security (IS)

11 Virtual Memory Security
•Windows –Virtual memory pages are written on page file name pagefile.sys •Linux –Requires user to create a swap partition to contain these memory pages –Alternatively support page file like windows •OS prevent user to view the content of virtual memory while OS is running Information Security (IS)

12 Attacks on Virtual memory
•Attacker suddenly power off machine •Boot to another OS with external media •It may be possible to view these file •Mitigation –Hard disk encrypt •But still attacker can access encrypted swap file/partition Information Security (IS)

13 Password-Based Authentication
•How does OS securely identified its users? •Authentication –Determination of identity or role that some has –Standard mechanism is username and password –OS store cryptographic hash of password •Cannot obtained actual password from hash even the attacker get hash password file •Basic approach to guess passwords – dictionary attack –Each word in a dictionary is hashed and compared with the hashed passwords stored in the password file. •A dictionary of 500,000 “words” is often enough to discover most passwords. Information Security (IS)

14 Information Security (IS)
Password Salt •It is used to make the dictionary attack more difficult to launch •Associate a random number with each user id •Without Salt: –comparing hash of an entered password with a stored hash of a password, •With Salt: –comparing hash of an entered password and salt for user id with a stored hash of the password and salt. Note: cryptography, a salt is random data that is used as an additional input to a one-way function that "hashes" a password or passphrase. Salts are closely related to the concept of nonce. Information Security (IS)

15 How Password Salt Works
Without salt: User types userid, X, and password, P. System looks up H, the stored hash of X’s password. System tests whether h(P) = H. With salt: User types userid, X, and password, P. System looks up S and H, where S is the random salt for userid X and H is stored hash of S and X’s password. System tests whether h(S||P) = H. Information Security (IS)

16 How Salt Increases Search Space Size
•Assuming that an attacker cannot find the salt associated with a userid he is trying to compromise, then the search space for a dictionary attack on a salted password is of size 2B*D, where B is the number of bits of the random salt D is the size of the list of words for the dictionary attack •For example, if a system uses a 32-bit salt for each userid and its users pick passwords in a 500,000 word dictionary, then the search space for attacking salted passwords would be 232 * 500,000 = 2,147,483,648,000,000 •Even if an attacker can find a salt password for a userid, he only learns one password. Information Security (IS)

17 Information Security (IS)

18 Information Security (IS)

19 Information Security (IS)

20 Information Security (IS)

21 Information Security (IS)

22 Information Security (IS)

23 Information Security (IS)

24 Information Security (IS)

25 Information Security (IS)

26 Information Security (IS)

27 Information Security (IS)

28 Information Security (IS)

29 Information Security (IS)

30 Information Security (IS)

31 Information Security (IS)

32 Information Security (IS)

33 Information Security (IS)

34 Information Security (IS)

35 Information Security (IS)

36 Information Security (IS)

37 Information Security (IS)

38 Information Security (IS)

39 Information Security (IS)

40 Information Security (IS)

Download ppt "Mumtaz Ali Rajput mumtaz.ali@superior.edu.pk +92 – 301- 4949 409 INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput mumtaz.ali@superior.edu.pk +92 – 301-"

Similar presentations

Operating Systems (CSCI2413) Lecture 2 Overview phones off (please)

Operating Systems (CSCI2413) Lecture 2 Overview phones off (please)
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Operating System Structures

Operating System Structures
Linux+ Guide to Linux Certification Chapter Nine System Initialization.

Linux+ Guide to Linux Certification Chapter Nine System Initialization.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
CSUF Chapter 3.2 1. CSUF Operating Systems Security 2.

CSUF Chapter CSUF Operating Systems Security 2.
The Operating System. What is an Operating System? The software which makes it possible for you to use your computer The software which starts up when.

The Operating System. What is an Operating System? The software which makes it possible for you to use your computer The software which starts up when.
Operating-System Structures

Operating-System Structures
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
What do operating systems do? manage processes manage memory and computer resources provide security features execute user programs make solving user.

What do operating systems do? manage processes manage memory and computer resources provide security features execute user programs make solving user.
Linux Security.

Linux Security.
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Linux+ Guide to Linux Certification Chapter Three Linux Installation and Usage.

Linux+ Guide to Linux Certification Chapter Three Linux Installation and Usage.
CS 1308 Computer Literacy and the Internet. Introduction  Von Neumann computer  “Naked machine”  Hardware without any helpful user-oriented features.

CS 1308 Computer Literacy and the Internet. Introduction  Von Neumann computer  “Naked machine”  Hardware without any helpful user-oriented features.
Section 3.1: Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random.

Section 3.1: Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random.
Silberschatz, Galvin and Gagne  2002 3.1 Operating System Concepts Chapter 3: Operating-System Structures System Components Operating System Services.

Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 3: Operating-System Structures System Components Operating System Services.

Similar presentations

Ads by Google