Transcript Guide to Operating System Security
Guide to Operating System Security Chapter 1
Operating Systems Security – Keeping Computers and Networks Secure
Objectives Explain what operating system and network security means Discuss why security is necessary Explain the cost factors related to security Describe the types of attacks on operating systems and networks Discuss system hardening, including features in operating systems and networks that enable hardening Guide to Operating System Security 2
What Is Operating System and Network Security?
Ability to reliably store, modify, protect, and grant access to information, so that information is only available to designated users Guide to Operating System Security 3
Operating Systems and Security Operating systems Provide basic programming instructions to computer hardware Interface with user application software and computer’s BIOS to allow applications to interact with hardware Security issue Potential to provide security functions at every level of operation Guide to Operating System Security 4
Operating System Components Application programming interface (API) Basic input/output system (BIOS) Basic form of security: Configure BIOS password security Kernel Resource managers Device drivers 5 Guide to Operating System Security
Operating System Functions and Components Guide to Operating System Security 6
Computer Networks and Security Computer network System of computers, print devices, network devices, and computer software linked by communications cabling or radio and microwaves Security issue All networks have vulnerable points that require security Guide to Operating System Security 7
Types of Networks Classified by reach and complexity Local area networks (LANs) Metropolitan area networks (MANs) Wide area networks (WANs) Enterprise networks Guide to Operating System Security 8
Resources in an Enterprise Network Guide to Operating System Security 9
Careers in Information Security Number of jobs has increased by 100% per year since 1998 Potential for healthy salaries and organizational advancement Guide to Operating System Security 10
Why Security Is Necessary Protects information and resources Ensures privacy Facilitates workflow Addresses security holes and software bugs Compensates for human error or neglect Guide to Operating System Security 11
Protecting Information and Resources Security protects information and resources of: Businesses Educational institutions Government Telecommuters Personal users 12 Guide to Operating System Security
Ensuring Privacy Potential for serious legal and business consequences when an intruder accesses private information Guide to Operating System Security 13
Facilitating Workflow Potential for loss of money, data, or both if a step in the work process is compromised due to a security problem Guide to Operating System Security 14
Addressing Security Holes or Software Bugs After purchasing a new OS, software, or hardware: Test rigorously for security and reliability Check security defaults Install patches immediately Guide to Operating System Security 15
Compensating for Human Error or Neglect Use an OS that enables the organization to set up security policies Develop written security policies Implement training Test security of new operating systems and software 16 Guide to Operating System Security
Setting Up Local Security Policies Guide to Operating System Security 17
Cost Factors Cost of deploying security Should be an element in total cost of ownership (TCO) Cost of
not
deploying security Guide to Operating System Security 18
Types of Attacks Standalone workstation or server attacks Attacks enabled by access to passwords Viruses, worms, and Trojan horses Buffer attacks Denial of service Source routing attack Spoofing E-mail attack Port scanning Wireless attacks 19 Guide to Operating System Security
Standalone Workstation or Server Attacks Easy to take advantage of a logged-on computer that is unattended and unprotected Avoid by setting up a password-protected screen saver Guide to Operating System Security 20
Attacks Enabled by Access to Passwords Users defeat password protection by Sharing them with others Writing them down and displaying them Attackers have sophisticated ways of gaining password access Guide to Operating System Security 21
Attempting to Log On to a Telnet Account Guide to Operating System Security 22
Viruses Virus Able to replicate throughout a system Infects a disk/file, which infects other disks/files Some cause damage; some don’t Virus hoax E-mail falsely warning of a virus Guide to Operating System Security 23
Worm Endlessly replicates on the same computer, or sends itself to many other computers on a network Continues to create new files but does not infect existing files Guide to Operating System Security 24
Trojan Horse Appears useful and harmless, but does harm Can provide hacker with access to or control of the computer Guide to Operating System Security 25
Buffer Attacks Attacker tricks buffer software into attempting to store more information than it can contain (buffer overflow) The extra information can be malicious software Guide to Operating System Security 26
Denial of Service (DoS) Attacks Interfere with normal access to network host, Web site, or service by flooding network with: Useless information, or Frames or packets containing errors that are not identified by a network service Distributed DoS attack One computer causes others to launch attacks directed at one or more targets 27 Guide to Operating System Security
Source Routing Attack Attacker modifies source address and routing information to make a packet appear to come from a different source Can be used to breach a privately configured network A form of spoofing Guide to Operating System Security 28
Spoofing Address of source computer is changed to make a packet appear to come from a different computer Can be used to initiate access to a computer Can appear as just another transmission to a computer from a legitimate source 29 Guide to Operating System Security
E-mail Attack Attached file may contain: Virus, worm, or Trojan horse Macro that contains malicious code E-mail may contain Web link to a rogue Web site Guide to Operating System Security 30
Port Scanning Attacker determines live IP address, then runs port scanning software (eg Nmap or Strobe) to find a system on which a key port is open or not in use To block access through open ports: Stop OS services or processes that are not in use Configure a service only to start manually with your knowledge Unload unnecessary NLMs 31 Guide to Operating System Security
Sample TCP Ports Guide to Operating System Security 32
Using the
kill
Command in Red Hat Linux Guide to Operating System Security 33
Managing Mac OS X Sharing Services Guide to Operating System Security 34
Wireless Attacks Generally involve scanning multiple channels Key elements Wireless network interface card Omnidirectional antenna War-driving software Difficult to determine when someone has compromised a wireless network Guide to Operating System Security 35
Organizations That Help Prevent Attacks (Continued) American Society for Industrial Security (ASIS) Computer Emergency Response Team Coordination Center (CERT/CC) Forum of Incident Response and Security Teams (FIRST) InfraGard Guide to Operating System Security 36
Organizations That Help Prevent Attacks (Continued) Information Security Forum (ISF) Information Systems Security Association (ISSA) National Security Institute (NSI) SysAdmin, Audit, Network, Security (SANS) Institute 37 Guide to Operating System Security
Hardening Your System Taking specific actions to block or prevent attacks by means of operating system and network security methods Guide to Operating System Security 38
General Steps to Harden a System (Continued) Learn about OS and network security features Consult Web sites of security organizations Only deploy services and processes that are absolutely necessary Deploy dedicated servers, firewalls, and routers Guide to Operating System Security 39
General Steps to Harden a System (Continued) Use OS features that are provided for security Deploy as many obstructions as possible Audit security regularly Train users to be security conscious Monitor OSs and networks regularly for attackers Guide to Operating System Security 40
Overview of Operating System Security Features Logon security Digital certificate security File and folder security Shared resource security Security policies Remote access security Wireless security Disaster recovery 41 Guide to Operating System Security
Logon Security Requires user account and password to access OS or network User account provides access to the domain Guide to Operating System Security 42
Objects in a Domain Guide to Operating System Security 43
Digital Certificate Security Verifies authenticity of the communication to ensure that communicating parties are who they say they are Guide to Operating System Security 44
File and Folder Security Lists of users and user groups can be given permission to access resources Attributes can be associated with resources to manage access and support creation of backups Guide to Operating System Security 45
Shared Resource Security Ways to control access to resources: Use a list of users and groups that should be configured Use domains Publish resources in a directory service (eg, Active Directory or NDS) Guide to Operating System Security 46
Using an Access List Guide to Operating System Security 47
Security Policies Security default settings that apply to a resource offered through an OS or directory service May apply only to local computer, or to other computers May specify that user account passwords must be a minimum length and be changed at regular intervals 48 Guide to Operating System Security
Remote Access Security Enable remote access only when absolutely necessary Many forms, including: Callback security Data encryption Access authentication Password security Guide to Operating System Security 49
Wireless Security Implement Wired Equivalent Privacy (WEP) Create a list of authorized wireless users based on the permanent address assigned to the wireless interface in the computer Guide to Operating System Security 50
Disaster Recovery Use of hardware and software techniques to prevent loss of data Perform backups Store backups in a second location Use redundant hard disks Enables restoration of systems and data without loss of critical information Guide to Operating System Security 51
Overview of Network Security Features Authentication and encryption Firewalls Topology Monitoring Guide to Operating System Security 52
Authentication Using a method to validate users who attempt to access a network or resources, to ensure they are authorized Examples User accounts with passwords Smart cards Biometrics 53 Guide to Operating System Security
Encryption Protects information sent over a network by making it appear unintelligible Generally involves using a mathematical key Guide to Operating System Security 54
Firewalls Software or hardware placed between networks that selectively allows or denies access Guide to Operating System Security 55
Topology Different designs yield different results in terms of security planning and hardening Also affects security in terms of where specific devices are placed Guide to Operating System Security 56
Monitoring Involves determining performance and use of an OS or network Enables you to determine weak points of a system or network and address them before a problem occurs Guide to Operating System Security 57
Summary Operating system and network security Why such security is vital Careers in information security The cost of security; the cost of
not
having security Common types of attacks Techniques for guarding against attacks on operating systems and on networks 58 Guide to Operating System Security