Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 04: 1 Introduction to Computer Security and Information Assurance Objectives Describe major OS functions Recognize OS related threats Apply major.

Published byJoella Spencer Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 04: 1 Introduction to Computer Security and Information Assurance Objectives Describe major OS functions Recognize OS related threats Apply major."— Presentation transcript:

1 Module 04: 1 Introduction to Computer Security and Information Assurance Objectives Describe major OS functions Recognize OS related threats Apply major steps in securing the OS Perform a vulnerability scan to identify existing vulnerabilities on an active system

2 Module 04: 2 Introduction to Computer Security and Information Assurance An Operating System Is… … a program that acts as an intermediary between a computer user and computer hardware. What does that mean?

3 Module 04: 3 Introduction to Computer Security and Information Assurance Early Operating Systems 1950s –Monitor system –Batch processing –Spooling –No interaction with program while running 1960s –Multiprogrammed batch systems –Graphical displays, pointing devices –Timesharing (multitasking) – first interaction with running programs –MULTICS – multiuser forerunner of Unix

4 Module 04: 4 Introduction to Computer Security and Information Assurance Operating System Evolution 1970s –Personal computer systems – resident monitor –Windowing, icons, menus, and pointers are developed as an interface 1980s –PCs become affordable –Multiprocessor systems 1990s –Distributed computing –Mainstream graphical interface

5 Module 04: 5 Introduction to Computer Security and Information Assurance Operating System Tasks Management Tasks –Process management –Main-memory management –File management –I/O system management –Secondary storage management –Networking management –Protection system –User interface management Command Line Interface (CLI) Graphical User Interface (GUI)

6 Module 04: 6 Introduction to Computer Security and Information Assurance Process Management Many processes running on a modern computer system Manage schedule, time to execute, and resources for each process –Create and delete processes –Suspend and resume of processes –Provide for process synchronization –Provide for communication –Provide deadlock avoidance

7 Module 04: 7 Introduction to Computer Security and Information Assurance Main Memory Management Memory is the storage area the CPU uses for executing programs Each process (including the operating system) must have its own piece of memory –Keep track of which process is where –Decide which process to load when there is room –Allocate and deallocate memory as needed

8 Module 04: 8 Introduction to Computer Security and Information Assurance File Management The basic storage unit from a user perspective Provide structure (directories, file types, etc.) to storage –Create and delete files and directories –Support manipulation of files and directories –Map files to secondary storage –Backup files

9 Module 04: 9 Introduction to Computer Security and Information Assurance I/O System Management Hides the specifics of I/O devices from the user Provides tools to handle the speed difference between CPU and I/O devices –Memory management for buffering, caching, and spooling –General device driver interface –Hardware specific device drivers

10 Module 04: 10 Introduction to Computer Security and Information Assurance Secondary Storage Management Why? Because main memory is usually too small to hold all programs and disappears when power is turned off Non-volatile (stays when power is turned off) and larger than main memory Use disk drives (tapes, punch cards, etc.) –Manage free space –Allocate storage –Schedule disk activity

11 Module 04: 11 Introduction to Computer Security and Information Assurance Network Management Network communications for the system is a special case of I/O Manages communication links by –Establishing connections –Scheduling communication –Directing communication to correct processes

12 Module 04: 12 Introduction to Computer Security and Information Assurance Protection System Management The operating system plays a basic role in protecting information, especially on multitasking and multiuser systems –Protect memory for processes –Provide file access mechanism –Provide authentication and access control mechanisms

13 Module 04: 13 Introduction to Computer Security and Information Assurance User Interface Management A way to give commands to the computer Accomplished via command line and/or Graphical User Interface (GUI) Accepts and acts on user commands in a timely manner

14 Module 04: 14 Introduction to Computer Security and Information Assurance Operating Systems Operating system developers determine which features are implemented and what capabilities they have –For example, early personal computer operating systems had no protection mechanism other than reserving special memory locations for the operating system

15 Module 04: 15 Introduction to Computer Security and Information Assurance So Far Operating systems manage computer resources –Schedules time –Allocates space (in memory, on disk) –Handles I/O –Protects system and information

16 Module 04: 16 Introduction to Computer Security and Information Assurance Operating Systems Security Goals of operating system security –Confidentiality: Only let authorized entities access computer and information Corollary: Only run authorized processes –Integrity: Only allow authorized changes to information –Availability: Manage resources to permit access to information and system at all required times

17 Module 04: 17 Introduction to Computer Security and Information Assurance Authorization & Authentication Who is authorized? –Authorized by policy of organization and operational requirements How do we know? –Accounts (identification) –Known systems –Password –Secure communication channel

18 Module 04: 18 Introduction to Computer Security and Information Assurance Access Control Controls how users and systems communicate and interact with other systems and resources First line of defense Authenticate before allowing access to authorized resources

19 Module 04: 19 Introduction to Computer Security and Information Assurance Operating System Access Controls Two basic methods –Access Control List (ACL) For every resource, indicates who has access and what kind of access –Permissions based on identification User permissions Group permissions Additional controls –Passwords for files, resources, etc.

20 Module 04: 20 Introduction to Computer Security and Information Assurance Managing Identities Local user and group accounts Directory server –LDAP –Microsoft Domain Controller Policies and operational requirements Introduces need for “trust” relationships

21 Module 04: 21 Introduction to Computer Security and Information Assurance Auditing – A Trail To Follow Detect auditable events –What is an auditable event? Collect and save in secure location –Where do you save them? –How do you protect logs? Analyze results –Human readable? Searchable? Prioritized? –Fix problems

22 Module 04: 22 Introduction to Computer Security and Information Assurance Access & Audit What? Resources –Computer system –Processes –Files –Memory –Disk drives –Printers –Communication –Etc.

23 Module 04: 23 Introduction to Computer Security and Information Assurance Threats To Operating Systems Compromise system to gain unauthorized access to system resources –Weak/broken identification –Weak internal security structures –Programming errors in operating system

24 Module 04: 24 Introduction to Computer Security and Information Assurance It’s You! How do you let people know who you are? How can we tell you are who you say you are? Will this allow me to trace actions back to you? Authentication Identification Non-repudiation

25 Module 04: 25 Introduction to Computer Security and Information Assurance Once Identified, Authorize User accounts are the mechanism used to identify and authorize people Access control is based on identification Most common authentication: password Password and account policies help improve security Joe

26 Module 04: 26 Introduction to Computer Security and Information Assurance Implementing Policies Recall: policies can be topic specific Procedures can be one way to implement policies Policies can also be implemented in hardware or software Password and account policies are often implemented using operating system features

27 Module 04: 27 Introduction to Computer Security and Information Assurance Password Policy What makes a good password policy? –How many new passwords should you use before you can reuse an old password? –How long should a password be valid? –How long must you use a password before you change it? –What is the minimum length for a password? –Should there be complexity requirements? –Should the password be stored so it can be decrypted?

28 Module 04: 28 Introduction to Computer Security and Information Assurance Account Policy Should your account be locked if you don’t log in correctly? If so, how long should it be locked? How many login failures should occur before your account is locked? How much time should elapse before a failed login is no longer counted?

29 Module 04: 29 Introduction to Computer Security and Information Assurance Activity 04.1: Account And Local Security Policies For Windows Purpose: –Walk you through ways to harden the security of the Microsoft Windows operating system to lessen its vulnerability to attack Estimated completion time: –20 - 25 minutes Additional information: –Account password for Windows machine

30 Module 04: 30 Introduction to Computer Security and Information Assurance Hints For Activity 04.1 Student password: XXXXXXXX Action on errors: –Adding new users: Click “OK” on error message Add “&123” to the end of suggested passwords Audit Logs –Security logging may not be turned on, so there may be no entries

31 Module 04: 31 Introduction to Computer Security and Information Assurance Activity 04.1: Account And Local Security Policies For Windows What did you see? What policies are in place in your organization? Do they help with security?

32 Module 04: 32 Introduction to Computer Security and Information Assurance Activity 04.2: Account And Local Security Policies For Fedora Purpose: –Walk you through ways to harden the security of the Fedora Linux operating system to lessen its vulnerability to attack Estimated completion time: –25 - 30 minutes Additional information: –Account password for Fedora Linux virtual machine

33 Module 04: 33 Introduction to Computer Security and Information Assurance Hints For Activity 04.2 student password: student root password: student Action on errors: –Adding new users: Click “YES” on error message that says “Use Anyway?” If password is too short, add “123” and try again Remember, Linux is case sensitive

34 Module 04: 34 Introduction to Computer Security and Information Assurance Activity 04.2: Account And Local Security Policies For Fedora What did you see? Could you implement the same policies in both Windows and Fedora? Which seemed more secure to you?

35 Module 04: 35 Introduction to Computer Security and Information Assurance Vulnerabilities Protection function – Access control –Compromise access control to attack other functions Process management –Unauthorized processes –Hidden processes –Affect other processes Main memory management –Access other processes’ memory

36 Module 04: 36 Introduction to Computer Security and Information Assurance More Vulnerabilities File management –Unauthorized access to files –Create unauthorized files I/O system management –Unauthorized I/O –Affect authorized I/O Secondary storage –Access or corrupt

37 Module 04: 37 Introduction to Computer Security and Information Assurance Even More Vulnerabilities Network –Unauthorized connections/communications –Disable or compromise –Affect authorized use User interface –Eavesdrop –Deny access to authorized users –Permit access to unauthorized users

38 Module 04: 38 Introduction to Computer Security and Information Assurance Threats How do threats affect the system? –Affect availability –Compromise confidentiality or integrity How do you tell if you have a problem? –Process listing– Network connections –Memory check– Storage size –Auditing logs What if management tools are compromised?

39 Module 04: 39 Introduction to Computer Security and Information Assurance Specific Operating System Attacks DoS Hack (or crack) the system Backdoor Memory issues Escalation of privileges Default settings

40 Module 04: 40 Introduction to Computer Security and Information Assurance Denial of Service (DoS) An attack on availability Consume resources –CPU or memory –Communication Recall terms –ping, Smurf, botnet Availability Confidentiality Integrity CIA

41 Module 04: 41 Introduction to Computer Security and Information Assurance Hack The System Exploit a vulnerability to gain unauthorized access to the system Access as an existing user Perform other actions –Add unauthorized account –Add malicious software –Use system resources Availability Confidentiality Integrity CIA

42 Module 04: 42 Introduction to Computer Security and Information Assurance Backdoor What is a backdoor? –An access method that bypasses the normal security of the system How does it get there? What impact might it have? Availability Confidentiality Integrity CIA

43 Module 04: 43 Introduction to Computer Security and Information Assurance Memory Issues Memory is not erased before given to another process –Gives new process access to information from old process –What is the impact? Memory is not released by a process –What is the impact? Availability Confidentiality Integrity CIA

44 Module 04: 44 Introduction to Computer Security and Information Assurance Escalation Of Privileges User exploits vulnerability to gain unauthorized access –Gain administrator access –Gain access as a specific account –What is the impact? Availability Confidentiality Integrity CIA

45 Module 04: 45 Introduction to Computer Security and Information Assurance Default Settings Most operating systems ship in the simplest configuration… unsecure Security features disabled Default accounts enabled with standard passwords Available services (programs) running Availability Confidentiality Integrity CIA

46 Module 04: 46 Introduction to Computer Security and Information Assurance How Do They Do It? The key is gaining access Break an operating system management function to gain command access –Connect to print server, cause process to create a command line as administrator –Send special packets to network controller to cause a buffer overflow to execute program –And many more

47 Module 04: 47 Introduction to Computer Security and Information Assurance Securing Systems Perform system “hardening” Find out what vulnerabilities are still present –Perform a vulnerability scan Fix them

48 Module 04: 48 Introduction to Computer Security and Information Assurance Activity 04.3: Vulnerability Scanning Using Nessus 3 Purpose: –Demonstrate that port scanning is one of the most common forms of attacks and can be used to gather information about a target environment Estimated completion time: –20 - 25 minutes Additional information: –We need to perform one or two scans using Nessus –IP address ranges to scan

49 Module 04: 49 Introduction to Computer Security and Information Assurance Hints For Activity 04.3 Perform Nessus scans on the indicated IP ranges First Scan –Start IP:XX.XX.XX.XX –End IP:XX.XX.XX.XX Second Scan –Start IP:XX.XX.XX.XX –End IP:XX.XX.XX.XX

50 Module 04: 50 Introduction to Computer Security and Information Assurance Activity 04.3: Vulnerability Scanning Using Nessus 3 What vulnerabilities did you discover? Would this be useful for system administrators? Does this tool identify all vulnerabilities?

51 Module 04: 51 Introduction to Computer Security and Information Assurance Countermeasures: DoS Set network and host firewall filters for known bad traffic Apply operating system patches for known vulnerabilities Limit time and resources for processes Monitor for threat activity on the network and host using Intrusion Detection Systems

52 Module 04: 52 Introduction to Computer Security and Information Assurance Countermeasures: Hack The System Use account and password policies –Reduce likelihood of password guessing or cracking –Limit privileges of users to those they need –Manage by responsibilities (group permissions) Change default accounts, settings, passwords Use restricted accounts for services (don’t run everything as administrator) Apply operating system patches for known vulnerabilities Turn off unnecessary services Watch for social engineering

53 Module 04: 53 Introduction to Computer Security and Information Assurance Countermeasures: Backdoor Disable any unnecessary default accounts Apply operating system patches for known vulnerabilities Scan system periodically Monitor system

54 Module 04: 54 Introduction to Computer Security and Information Assurance Countermeasures: Memory Issues Apply operating system patches for known vulnerabilities Turn on security features (some operating systems will clear memory before reallocating it) Reclaim memory on process termination

55 Module 04: 55 Introduction to Computer Security and Information Assurance Countermeasures: Escalation Of Privileges Apply operating system patches for known vulnerabilities Monitor system Establish restricted accounts for services (don’t run everything as administrator)

56 Module 04: 56 Introduction to Computer Security and Information Assurance Countermeasures: Default Settings Disable unnecessary accounts and services Apply operating system patches for known vulnerabilities Follow lockdown procedures when possible Monitor system

57 Module 04: 57 Introduction to Computer Security and Information Assurance Additional Countermeasures HIDS –Provides system monitoring function –Can raise alert when changes occur Backups –Allow restoration of system to known good state Physical security – Don’t allow unauthorized access to systems

58 Module 04: 58 Introduction to Computer Security and Information Assurance Are We Done? Not yet Recurring theme –Apply operating system patches for known vulnerabilities –Disable unnecessary accounts and services –Monitor system Always balance security and ease of use

59 Module 04: 59 Introduction to Computer Security and Information Assurance Operating System Security: System Specific Stuff History and general functions of operating systems Major vulnerabilities and threats for operating systems Steps in securing system accounts Using a vulnerability scanner to test systems Countermeasures for operating system threats

Download ppt "Module 04: 1 Introduction to Computer Security and Information Assurance Objectives Describe major OS functions Recognize OS related threats Apply major."

Similar presentations

Operating-System Structures

Operating-System Structures
Interactive lesson about operating system

Interactive lesson about operating system
Operating System Structures

Operating System Structures
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Operating System Structure

Operating System Structure
Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.

Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.
CS 345 Computer System Overview

CS 345 Computer System Overview
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Common System Components

Common System Components
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
1 Operating Systems Ch. 14 - An Overview. Architecture of Computer Hardware and Systems Software Irv Englander, John Wiley, 2000 2 Bare Bones Computer.

1 Operating Systems Ch An Overview. Architecture of Computer Hardware and Systems Software Irv Englander, John Wiley, Bare Bones Computer.
Silberschatz, Galvin and Gagne  2002 3.1 Operating System Concepts Common System Components Process Management Main Memory Management File Management.

Silberschatz, Galvin and Gagne  Operating System Concepts Common System Components Process Management Main Memory Management File Management.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
An Introduction to Operating Systems. Definition  An Operating System, or OS, is low-level software that enables a user and higher-level application.

An Introduction to Operating Systems. Definition  An Operating System, or OS, is low-level software that enables a user and higher-level application.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Process Management A process is a program in execution. It is a unit of work within the system. Program is a passive entity, process is an active entity.

Process Management A process is a program in execution. It is a unit of work within the system. Program is a passive entity, process is an active entity.
Operating Systems What do you have left on your computer after you strip away all of the games and application programs you bought and installed? Name.

Operating Systems What do you have left on your computer after you strip away all of the games and application programs you bought and installed? Name.

Similar presentations

Ads by Google