Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Published byCharlene Carter Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security."— Presentation transcript:

1 Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security

2 Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 1: Security Principles

3 Objectives Explain the need for security in Linux and Windows 2000 environments Describe industry evaluation criteria used for security Identify the guidelines for determining the three general security levels Discuss the security mechanisms used to implement security systems

4 Objectives (cont’d) Identify the different areas of security management Describe Windows 2000 and Linux “out-of-the- box” security measures Implement tools to evaluate key security parameters in Windows 2000 and Linux Describe security components in the Windows 2000 security architecture

5 Security Services Authentication Access control Data confidentiality Data integrity Nonrepudiation

6 Evaluation Criteria European Information Technology Security Evaluation Criteria document BS 7799 Trusted Computer Systems Evaluation Criteria Common Criteria

7 Security Levels Low Medium High

8 Security Mechanisms Specific –Encipherment –Digital signature –Access control –Data integrity –Authentication –Traffic padding Wide –Trusted functionality –Security labels –Audit trails –Security recovery

9 Windows 2000 Security Exploits Windows 2000 registry

10 Windows 2000 Security Architecture Windows 2000 security components –C2 certification Windows 2000 objects Security components –SIDs –Access tokens –Security descriptors –Access control lists and entities Security subsystem

11 Linux Security Configuration problems –Misconfigured authentication settings –Unnecessary services –Default account policies –Non-root user access to sensitive commands

12 Pluggable Authentication Modules Editing PAM files PAM directories PAM entry format Telnet access and the root account

13 Summary Explain the need for security in Linux and Windows 2000 environments Describe industry evaluation criteria used for security Identify the guidelines for determining the three general security levels Discuss the security mechanisms used to implement security systems

14 Summary (cont’d) Identify the different areas of security management Describe Windows 2000 and Linux “out-of-the- box” security measures Implement tools to evaluate key security parameters in Windows 2000 and Linux Describe security components in the Windows 2000 security architecture

15 Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 2: Account Security

16 Objectives Describe the relationship between account security and passwords Explain techniques for securing accounts in Windows 2000 and Linux Prune users, detect account changes, rename default accounts, and implement password policies in Windows 2000 and Linux

17 Objectives (cont’d) Identify Linux commands for password aging and explain how to log unsuccessful logon attempts Explain Linux security threats, restrict account access, and monitor accounts

18 Passwords Windows 2000 and strong passwords –Enforcing strong passwords –Dictionary attacks Linux and strong passwords –Shadow passwords –The root account

19 Verifying System State Cross-referencing information on non-domain controllers Built-in and external tools Renaming default accounts Windows 2000 account policies Password lockout

20 Password Aging in Linux Linux command options Timing out users Monitoring accounts System-wide event logging facility

21 Summary Describe the relationship between account security and passwords Explain techniques for securing accounts in Windows 2000 and Linux Prune users, detect account changes, rename default accounts, and implement password policies in Windows 2000 and Linux

22 Summary (cont’d) Identify Linux commands for password aging and explain how to log unsuccessful logon attempts Explain Linux security threats, restrict account access, and monitor accounts

23 Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 3: File System Security

24 Objectives Identify the Windows 2000 file-level permissions Assign NTFS permissions Explain the importance of drive partitioning and how it relates to security Describe how copying and moving a file affect file security Identify remote file access control permissions

25 Objectives (cont’d) Describe Linux file system security concepts Explain the function of the umask command Discuss the purpose of setuid, setgid, and sticky bits

26 Windows 2000 File System Security File-level permissions Standard 2000 permissions Drive partitioning Copying and moving files

27 Remote File Access Control Remote access permissions –Full Control –Modify –Read & Execute –No Access Share permissions

28 Linux File System Security Files File information Permissions The umask command The chmod command UIDs and GIDs The set bits: setuid, setgid and sticky bits

29 Summary Identify the Windows 2000 file-level permissions Assign NTFS permissions Explain the importance of drive partitioning and how it relates to security Describe how copying and moving a file affect file security Identify remote file access control permissions

30 Summary (cont’d) Describe Linux file system security concepts Explain the function of the umask command Discuss the purpose of setuid, setgid, and sticky bits

31 Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 4: Assessing Risk

32 Objectives Identify general and specific operating system attacks Describe a keylogger program’s function Change Windows 2000 system defaults Scan a system to determine security risks Explain Linux security concerns

33 Security Threats Accidental threats Intentional threats –Passive threats –Active threats

34 Types of Attacks Spoofing/masquerade Replay Denial of service Insider Trapdoor Trojan horses

35 Windows 2000 Security Risks Default directories Default accounts Default shares and services

36 General UNIX Security Vulnerabilities Viruses Buffer overflows

37 Keyloggers Invisible KeyLogger Stealth and Windows 2000 Keylogging and securing the Linux search path Protecting yourself against keyloggers

38 System Port Scanning Advanced security scanners –WebTrends Security Analyzer

39 UNIX Security Risks The rlogin command –Interactive sessions: Telnet vs. rlogin Network Information System (NIS) Network File System (NFS)

40 NIS Security Concerns NIS security problems –No authentication requirements –Contacting server by broadcast –Plain-text distribution –Encryption and authentication –Portmapper processes and TCPWrappers –The securenets file NIS+

41 NFS Security Concerns Users, groups and NFS Secure RPC NFS security summary

42 Summary Identify general and specific operating system attacks Describe a keylogger program’s function Change Windows 2000 system defaults Scan a system to determine security risks Explain Linux security concerns

43 Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 5: Reducing Risk

44 Objectives Explain the purpose and importance of system patches and fixes, and apply system patches Modify the Windows 2000 Registry for security Lock down and remove services for effective security in Windows 2000 and Linux

45 Patches and Fixes Microsoft service packs Red Hat Linux errata

46 Windows 2000 Registry Security Registry structure –Subtrees and their uses Auditing the registry Setting registry permissions

47 Disabling and Removing Services in Windows 2000 Securing network connectivity Server Message Block Miscellaneous configuration changes

48 Disabling and Removing Services in UNIX Bastille –The tarball format –Downloading and installing Bastille –Running Bastille in text mode

49 Summary Explain the purpose and importance of system patches and fixes, and apply system patches Modify the Windows 2000 Registry for security Lock down and remove services for effective security in Windows 2000 and Linux

50 Operating System Security Security Principles Account Security File System Security Assessing Risk Reducing Risk

Download ppt "Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security."

Similar presentations

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Information Security Policies and Standards

Information Security Policies and Standards
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Similar presentations

Ads by Google