Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operating System Security

Published byMarta Ursler Modified over 6 years ago

Similar presentations

Presentation on theme: "Operating System Security"— Presentation transcript:

1 Operating System Security

2 Lesson 1: Security Principles

3 Objectives Explain the need for security in Linux and Windows 2000 environments Describe industry evaluation criteria used for security Identify the guidelines for determining the three general security levels Discuss the security mechanisms used to implement security systems

4 Objectives (cont’d) Identify the different areas of security management Describe Windows 2000 and Linux “out-of- the-box” security measures Implement tools to evaluate key security parameters in Windows 2000 and Linux Describe security components in the Windows 2000 security architecture

5 Security Services Authentication Access control Data confidentiality
Data integrity Nonrepudiation

6 Evaluation Criteria European Information Technology Security Evaluation Criteria document BS 7799 Trusted Computer Systems Evaluation Criteria Common Criteria

7 Security Levels Low Medium High

8 Security Mechanisms Specific Encipherment Digital signature
Access control Data integrity Authentication Traffic padding Wide Trusted functionality Security labels Audit trails Security recovery

9 Windows Security Exploits Windows 2000 registry

10 Windows 2000 Security Architecture
Windows 2000 security components C2 certification Windows 2000 objects Security components SIDs Access tokens Security descriptors Access control lists and entities Security subsystem

11 Linux Security Configuration problems
Misconfigured authentication settings Unnecessary services Default account policies Non-root user access to sensitive commands

12 Pluggable Authentication Modules
Editing PAM files PAM directories PAM entry format Telnet access and the root account

13 Summary Explain the need for security in Linux and Windows 2000 environments Describe industry evaluation criteria used for security Identify the guidelines for determining the three general security levels Discuss the security mechanisms used to implement security systems

14 Summary (cont’d) Identify the different areas of security management
Describe Windows 2000 and Linux “out-of- the-box” security measures Implement tools to evaluate key security parameters in Windows 2000 and Linux Describe security components in the Windows 2000 security architecture

15 Lesson 2: Account Security

16 Objectives Describe the relationship between account security and passwords Explain techniques for securing accounts in Windows 2000 and Linux Prune users, detect account changes, rename default accounts, and implement password policies in Windows 2000 and Linux

17 Objectives (cont’d) Identify Linux commands for password aging and explain how to log unsuccessful logon attempts Explain Linux security threats, restrict account access, and monitor accounts

18 Passwords Windows 2000 and strong passwords Enforcing strong passwords
Dictionary attacks Linux and strong passwords Shadow passwords The root account

19 Verifying System State
Cross-referencing information on non- domain controllers Built-in and external tools Renaming default accounts Windows 2000 account policies Password lockout

20 Password Aging in Linux
Linux command options Timing out users Monitoring accounts System-wide event logging facility

21 Summary Describe the relationship between account security and passwords Explain techniques for securing accounts in Windows 2000 and Linux Prune users, detect account changes, rename default accounts, and implement password policies in Windows 2000 and Linux

22 Summary (cont’d) Identify Linux commands for password aging and explain how to log unsuccessful logon attempts Explain Linux security threats, restrict account access, and monitor accounts

23 Lesson 3: File System Security

24 Objectives Identify the Windows 2000 file-level permissions
Assign NTFS permissions Explain the importance of drive partitioning and how it relates to security Describe how copying and moving a file affect file security Identify remote file access control permissions

25 Objectives (cont’d) Describe Linux file system security concepts
Explain the function of the umask command Discuss the purpose of setuid, setgid, and sticky bits

26 Windows 2000 File System Security
File-level permissions Standard 2000 permissions Drive partitioning Copying and moving files

27 Remote File Access Control
Remote access permissions Full Control Modify Read & Execute No Access Share permissions

28 Linux File System Security
File information Permissions The umask command The chmod command UIDs and GIDs The set bits: setuid, setgid and sticky bits

29 Summary Identify the Windows 2000 file-level permissions
Assign NTFS permissions Explain the importance of drive partitioning and how it relates to security Describe how copying and moving a file affect file security Identify remote file access control permissions

30 Summary (cont’d) Describe Linux file system security concepts
Explain the function of the umask command Discuss the purpose of setuid, setgid, and sticky bits

31 Lesson 4: Assessing Risk

32 Objectives Identify general and specific operating system attacks
Describe a keylogger program’s function Change Windows 2000 system defaults Scan a system to determine security risks Explain Linux security concerns

33 Security Threats Accidental threats Intentional threats
Passive threats Active threats

34 Types of Attacks Spoofing/masquerade Replay Denial of service Insider
Trapdoor Trojan horses

35 Windows 2000 Security Risks
Default directories Default accounts Default shares and services

36 General UNIX Security Vulnerabilities
Viruses Buffer overflows

37 Keyloggers Invisible KeyLogger Stealth and Windows 2000
Keylogging and securing the Linux search path Protecting yourself against keyloggers

38 System Port Scanning Advanced security scanners
WebTrends Security Analyzer

39 UNIX Security Risks The rlogin command
Interactive sessions: Telnet vs. rlogin Network Information System (NIS) Network File System (NFS)

40 NIS Security Concerns NIS security problems
No authentication requirements Contacting server by broadcast Plain-text distribution Encryption and authentication Portmapper processes and TCPWrappers The securenets file NIS+

41 NFS Security Concerns Users, groups and NFS Secure RPC
NFS security summary

42 Summary Identify general and specific operating system attacks
Describe a keylogger program’s function Change Windows 2000 system defaults Scan a system to determine security risks Explain Linux security concerns

43 Lesson 5: Reducing Risk

44 Objectives Explain the purpose and importance of system patches and fixes, and apply system patches Modify the Windows 2000 Registry for security Lock down and remove services for effective security in Windows 2000 and Linux

45 Patches and Fixes Microsoft service packs Red Hat Linux errata

46 Windows 2000 Registry Security
Registry structure Subtrees and their uses Auditing the registry Setting registry permissions

47 Disabling and Removing Services in Windows 2000
Securing network connectivity Server Message Block Miscellaneous configuration changes

48 Disabling and Removing Services in UNIX
Bastille The tarball format Downloading and installing Bastille Running Bastille in text mode

49 Summary Explain the purpose and importance of system patches and fixes, and apply system patches Modify the Windows 2000 Registry for security Lock down and remove services for effective security in Windows 2000 and Linux

50 Operating System Security
Security Principles Account Security File System Security Assessing Risk Reducing Risk

Download ppt "Operating System Security"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Information Security Policies and Standards

Information Security Policies and Standards
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google