Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure

Guide to Operating System Security

Chapter 1

Operating Systems Security – Keeping Computers and

Networks Secure

2 Guide to Operating System Security

Objectives

Explain what operating system and network security means

Discuss why security is necessary Explain the cost factors related to security Describe the types of attacks on operating

systems and networks Discuss system hardening, including features

in operating systems and networks that enable hardening


What Is Operating System and Network Security?

Ability to reliably store, modify, protect, and grant access to information, so that information is only available to designated users


Operating Systems and Security

Operating systems Provide basic programming instructions to

computer hardware Interface with user application software and

computer’s BIOS to allow applications to interact with hardware

Security issue Potential to provide security functions at every

level of operation


Operating System Components

Application programming interface (API) Basic input/output system (BIOS)

Basic form of security: Configure BIOS password security

Kernel Resource managers Device drivers


Operating System Functions and Components


Computer Networks and Security

Computer network System of computers, print devices, network

devices, and computer software linked by communications cabling or radio and microwaves

Security issue All networks have vulnerable points that require

security


Types of Networks

Classified by reach and complexity Local area networks (LANs) Metropolitan area networks (MANs) Wide area networks (WANs)

Enterprise networks


Resources in an Enterprise Network


Careers in Information Security

Number of jobs has increased by 100% per year since 1998

Potential for healthy salaries and organizational advancement


Why Security Is Necessary

Protects information and resources Ensures privacy Facilitates workflow Addresses security holes and software bugs Compensates for human error or neglect


Protecting Information and Resources

Security protects information and resources of: Businesses Educational institutions Government Telecommuters Personal users


Ensuring Privacy

Potential for serious legal and business consequences when an intruder accesses private information


Facilitating Workflow

Potential for loss of money, data, or both if a step in the work process is compromised due to a security problem


Addressing Security Holes or Software Bugs

After purchasing a new OS, software, or hardware: Test rigorously for security and reliability Check security defaults Install patches immediately


Compensating forHuman Error or Neglect

Use an OS that enables the organization to set up security policies

Develop written security policies Implement training Test security of new operating systems and

software


Setting Up Local Security Policies


Cost Factors

Cost of deploying security Should be an element in total cost of ownership

(TCO) Cost of not deploying security


Types of Attacks

Standalone workstation or server attacks

Attacks enabled by access to passwords

Viruses, worms, and Trojan horses

Buffer attacks Denial of service Source routing attack Spoofing E-mail attack Port scanning Wireless attacks


Standalone Workstationor Server Attacks

Easy to take advantage of a logged-on computer that is unattended and unprotected

Avoid by setting up a password-protected screen saver


Attacks Enabled by Access to Passwords

Users defeat password protection by Sharing them with others Writing them down and displaying them

Attackers have sophisticated ways of gaining password access


Attempting to Log On to a Telnet Account


Viruses

Virus Able to replicate throughout a system Infects a disk/file, which infects other disks/files Some cause damage; some don’t

Virus hoax E-mail falsely warning of a virus


Worm

Endlessly replicates on the same computer, or sends itself to many other computers on a network

Continues to create new files but does not infect existing files


Trojan Horse

Appears useful and harmless, but does harm Can provide hacker with access to or control

of the computer


Buffer Attacks

Attacker tricks buffer software into attempting to store more information than it can contain (buffer overflow)

The extra information can be malicious software


Denial of Service (DoS) Attacks

Interfere with normal access to network host, Web site, or service by flooding network with: Useless information, or Frames or packets containing errors that are not

identified by a network service Distributed DoS attack

One computer causes others to launch attacks directed at one or more targets


Source Routing Attack

Attacker modifies source address and routing information to make a packet appear to come from a different source

Can be used to breach a privately configured network

A form of spoofing


Spoofing

Address of source computer is changed to make a packet appear to come from a different computer

Can be used to initiate access to a computer Can appear as just another transmission to a

computer from a legitimate source


E-mail Attack

Attached file may contain: Virus, worm, or Trojan horse Macro that contains malicious code

E-mail may contain Web link to a rogue Web site


Port Scanning

Attacker determines live IP address, then runs port scanning software (eg Nmap or Strobe) to find a system on which a key port is open or not in use

To block access through open ports: Stop OS services or processes that are not in use Configure a service only to start manually with

your knowledge Unload unnecessary NLMs


Sample TCP Ports


Using the kill Commandin Red Hat Linux


Managing Mac OS X Sharing Services


Wireless Attacks

Generally involve scanning multiple channels Key elements

Wireless network interface card Omnidirectional antenna War-driving software

Difficult to determine when someone has compromised a wireless network


Organizations That HelpPrevent Attacks (Continued)

American Society for Industrial Security (ASIS)

Computer Emergency Response Team Coordination Center (CERT/CC)

Forum of Incident Response and Security Teams (FIRST)

InfraGard


Organizations That Help Prevent Attacks (Continued)

Information Security Forum (ISF) Information Systems Security Association

(ISSA) National Security Institute (NSI) SysAdmin, Audit, Network, Security (SANS)

Institute


Hardening Your System

Taking specific actions to block or prevent attacks by means of operating system and network security methods


General Steps to Harden a System (Continued)

Learn about OS and network security features Consult Web sites of security organizations Only deploy services and processes that are

absolutely necessary Deploy dedicated servers, firewalls, and

routers


General Steps to Harden a System (Continued)

Use OS features that are provided for security Deploy as many obstructions as possible Audit security regularly Train users to be security conscious Monitor OSs and networks regularly for

attackers


Overview of Operating System Security Features

Logon security Digital certificate

security File and folder

security Shared resource

security

Security policies Remote access

security Wireless security Disaster recovery


Logon Security

Requires user account and password to access OS or network

User account provides access to the domain


Objects in a Domain


Digital Certificate Security

Verifies authenticity of the communication to ensure that communicating parties are who they say they are


File and Folder Security

Lists of users and user groups can be given permission to access resources

Attributes can be associated with resources to manage access and support creation of backups


Shared Resource Security

Ways to control access to resources: Use a list of users and groups that should be

configured Use domains Publish resources in a directory service (eg, Active

Directory or NDS)


Using an Access List


Security Policies

Security default settings that apply to a resource offered through an OS or directory service

May apply only to local computer, or to other computers

May specify that user account passwords must be a minimum length and be changed at regular intervals


Remote Access Security

Enable remote access only when absolutely necessary

Many forms, including: Callback security Data encryption Access authentication Password security


Wireless Security

Implement Wired Equivalent Privacy (WEP) Create a list of authorized wireless users based

on the permanent address assigned to the wireless interface in the computer


Disaster Recovery

Use of hardware and software techniques to prevent loss of data Perform backups Store backups in a second location Use redundant hard disks

Enables restoration of systems and data without loss of critical information


Overview of Network Security Features

Authentication and encryption Firewalls Topology Monitoring


Authentication

Using a method to validate users who attempt to access a network or resources, to ensure they are authorized

Examples User accounts with passwords Smart cards Biometrics


Encryption

Protects information sent over a network by making it appear unintelligible

Generally involves using a mathematical key


Firewalls

Software or hardware placed between networks that selectively allows or denies access


Topology

Different designs yield different results in terms of security planning and hardening

Also affects security in terms of where specific devices are placed


Monitoring

Involves determining performance and use of an OS or network

Enables you to determine weak points of a system or network and address them before a problem occurs


Summary

Operating system and network security Why such security is vital Careers in information security The cost of security; the cost of not having security Common types of attacks Techniques for guarding against attacks on operating

systems and on networks

Documents

Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure