Embed Size (px)
Citation preview
COMPUTER SECURITY AND OPERATING SYSTEM
Design by Faraz HussainCompile and edited by Saqib Iqbal
Security
Operating System
Computer SecurityMEET OUR TEAM
Faraz Hussain Saqib Iqbal Muhammad TahaSaad Abbasi Ahmed Usman
INTRODUCTIONDefinitions of Operating System and Computer Security
Security
Operating System
Computer SecurityWHAT IS AN OPERATING SYSTEM
A
B C
D
It manages the computer's memory, processes, and all of its software and hardware
It also allows you to communicate with the computer without knowing how to speak the computer's language
An operating system is the most important software that runs on a computer
The operating system coordinates all of this to make sure each program gets what it needs.
Security
Operating System
Computer SecurityMOSTLY USED OPERATING SYSTEMS
OS
Linux
Windows
FreeRTOS
Bsd
iOS
Android
Debian
OS X
Blackberry
Security
Operating System
Computer SecuritySECURITY (OPERATING SYSTEM)
GARFRINKEL “a computer is secure if you can depend on it and its software to behave as you expect”
GOLLMEN“deals with the prevention and detection of unauthorized actions by users of a computer system”
ROSS“the ability of a system to protect information and system resources with respect to confidentiality and integrity”
Security
Operating System
Computer SecuritySTANDARD SECURITY ATTACKS
01ComputerSystem
02Screening
04Capability
03ModernComputing
Physical
Human
Network
OS
• Physical – Physical protection of the computer system.
• Human – Screening of users given access to the computer system.e.g. Phishing, Dumpster Diving, Password Cracking.
• Network – As network communications become ever more important and pervasive in modern computing environments, it becomes ever more important to protect this area of the system.
• Operating System – OS must be capable of protecting itself from accidental or intentional security breaches
.
8
SECURITY THREATSThe first part of presentation outlines security threats and briefly describes the methods, tools, and techniques that intruders use to exploit vulnerabilities in systems to achieve their goals. The section discusses a theoretical model and provides some real life scenarios. The appendixes give detailed analyses of the various aspects and
components that are discussed in this presentation.
01 Program threatsThey attack specific programs or are carried and distributed in programs.
02System and Network threats
They attack the operating system or the network itself, or leverage those systems to launch their attacks.
03 Rootkits
A rootkit is a type of malicious software that is activated each time your system boots up.
TYPES OF
SECURITY THREATS
VIRUSES
5
BUFFER O
VERFLOW
4LO
GIC BO
MB
3
TRAPDO
OR
2
TROJAN
HORSE
1
PROGRAM THREATS
Security
Operating System
Computer Security1.TROJAN HORSE
IT INLCUDE
SData
Modification
Deletion
BlockingModifying
Copying
Distraction
Performance
“The primary role of Trojan horses is to perform various actions that were not explicitly allowed by the user.”
Security
Operating System
Computer SecurityTROJAN HORSE CLASSIFICATION
01EXPLOIT
02 BACKDOOR
03RANSOM
Exploit Trojans are applications that seek security vulnerabilities of software and operating systems already installed on a computer for malicious intent.
Trojan-Ransoms will modify or block data on a computer either so it doesn’t work properly or so certain files can’t be accessed.
These are created to give an unauthorized user remote control of a computer.
04
05
06
SPYThis type of Trojan horse will be invisible to the user while he or she goes about their daily routines. They can collect keyboard data, monitor program usage and take screenshots of the activity performed on the computer.DDoS
A sub sect of backdoor Trojans, denial of service (DDoS) attacks are made from numerous computers to cause a web address to fail.
BANKERTrojan-bankers are created for the sole purpose of gathering users’ bank, credit card, debit card and e-payment information.
• A Trap Door is when a designer or a programmer ( or hacker ) deliberately inserts a security hole that they can use later to access the system.
• Because of the possibility of trap doors, once a system has been in an untrustworthy state, that system can never be trusted again. Even the backup tapes may contain a copy of some cleverly hidden back door.
TRAP DOOR• A Logic Bomb is code that is not designed to cause
havoc all the time, but only when a certain set of circumstances occurs, such as when a particular date or time is reached or some other noticeable event.
• A classic example is the Dead-Man Switch, which is designed to check whether a certain person ( e.g. the author ) is logging in every day, and if they don't log in for a long time ( presumably because they've been fired ), then the logic bomb goes off and either opens up security holes or causes other problems.
LOGIC BOMB
STACK AND BUFFER OVERFLOW• A Buffer Overflow is a flaw that occurs when more
data is written to a block of memory, or buffer, than the buffer is allocated to hold. Exploiting a buffer overflow allows an attacker to modify portions of the target process’ address space.
Security
Operating System
Computer SecurityVIRUS
AA virus is a fragment of code embedded in an otherwise genuine program, designed to replicate itself ( by infecting other programs ), and ( eventually ) causing destruction. B
Viruses are delivered to systems in a virus dropper, usually some form of a Trojan Horse, and usually via e-mail or unsafe downloads.
CViruses are more likely to infect PCs than UNIX or other multi-user systems, because programs in the latter systems have limited authority to modify other programs or to access critical system structure.
Security
Operating System
Computer SecurityTYPES OF VIRUSES
03
04
05
06• Macro - exist as a script that are
run automatically by certain macro-capable programs
• Source code - viruses look for source code and infect it in order to spread
• Polymorphic - viruses change every time they spread
• Encrypted - viruses travel in encrypted form to escape detection
01
02
• File – A virus attaches itself to an executable file (.exe)
• Boot - virus occupies the boot sector, and runs before the OS is loaded
07• Stealth - viruses try to avoid
detection by modifying parts of the system that could be used to detect it.
Lorem IpsumLorem ipsum dolor sit amet, consectetur adipiscing.
Security
Operating System
Computer SecurityFORMS OF VIRUSES
123456
File – A virus attaches itself to an executable file (.exe)
Boot - virus occupies the boot sector, and runs before the OS is loaded.Macro - exist as a script that are run automatically by certain macro-capable programsSource code - viruses look for source code and infect it in order to spreadEncrypted - viruses travel in encrypted form to escape detectionStealth - viruses try to avoid detection by modifying parts of the system that could be used to detect it.
Security
Operating System
Computer SecuritySystem and Network Threats
123
DOS attacks do not attempt to actually access or damage systems, but merely to block them up so badly that they cannot be used for any useful work. Tight loops that repeatedly request system services are an obvious form of this attack.
DENIAL OF SERVICE (DOS)
Port scanning is technically not an attack, but rather a search for vulnerabilities to attack.
PORT SCANNING
A worm is a process that uses the fork / spawn process to make copies of itself in order to cause havoc(disorder) on a system. Worms consume system resources, often blocking out other, valid processes.
WORMS
Security
Operating System
Computer SecurityROOTKITSPersistent – Activates each time the system boots. The rootkit must store code in a persistent store, such as the registry or file system and configure a method by which the code executes without user intervention.
ROOTKITS
1
2
3
4
Memory Based – Has no persistent mode and therefore cannot survive a reboot.
User Mode – Intercepts calls to API’s(Application Program Interface) and modifies returned results.
Kernel Mode – Can intercept calls to native API’s in kernel mode. The rootkit can also hide the presence of a malware process by removing it from the kernel’s list of active processes.
A Rootkit virus is a stealth type of malware that is designed to hide the existence of certain processes or programs on your computer from regular detection methods, so as to allow it or another malicious process privileged access to your computer.
SECURITY TECHNIQUESSecurity is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secure—the destination we all strive for. Even Fort Knox, the
White House and the New York Stock Exchange are vulnerable.
Security
Operating System
Computer SecuritySECURITY TECHNIQUES
TECHNIQUESFOR SECURING
SYSTEM
Authentication
Access Control
Intrusion Detection
One Time passwords
• The operating system is the physical environment where your application runs. Any vulnerability in the operating system could compromise the security of the application. By securing the operating system, you make the environment stable, control access to resources, and control external access to the environment.
• The physical security of the system is essential. Threats can come through the Web, but they can also come from a physical terminal. Even if the Web access is very secure, if an attacker obtains physical access to a server, breaking into a system is much easier.
Security
Operating System
Computer SecurityAUTHENTICATION
PASSWO
RDCARD
BIOM
ETRIC
User need to enter a registered username and password with Operating system to login into the system.
User need to punch card in card slot, or enter key generated by key generator in option provided by operating system to login into the system.
User need to pass his/her attribute via designated input device used by operating system to login into the system.
Authentication refers to identifying the each user of the system and associating the executing programs with those users. It is the responsibility of the Operating System to create a protection system which ensures that a user who is running a particular program is authentic.
Security
Operating System
Computer SecurityACCESS CONTROL LIST
CREATIVE
An access control model is a framework that dictates how subjects access objects.It uses access control technologies and security mechanisms to enforce the rules and objectives of the model.
Discretionary Access List
Role-based Access List
Mandatory Access List
Security
Operating System
Computer SecurityTYPES OF ACCESS CONTROL MODELS
DAC
MAC
RBAC
The control of access is based on the discretion (wish) of the owner.
A system that uses DAC enables the owner of the resource to specify which subjects can access specific resources
The most common implementation of DAC is through ACL’s which are dictated and set by the owners and enforced by the OS.
This model is very strict and is based on a security label attached to all objects.
The subjects are given security clearance by classifying the subjects as secret, top secret, confidential etc.) and the objects are also classified similarly.
This model is used and is suitable for military systems where classifications and confidentiality is of at most important.
A RBAC is based on user roles and uses a centrally administered set of controls to determine how subjects and objects interact.
The RBAC approach simplifies the access control administration
It is a best system for a company that has high employee turnover
Security
Operating System
Computer SecurityONE TIME PASSWORDS
THREETYPES
RANDOM NUMBERS Users are provided cards having numbers printed along with corresponding alphabets. System asks for numbers corresponding to few alphabets randomly chosen.
SECRET KEY User are provided a hardware device which can create a secret id mapped with user id. System asks for such secret id which is to be generated every time prior to login.
NETWORK PASSWORD Some commercial applications send one time password to user on registered mobile/ email which is required to be entered prior to login.
One time passwords provides additional security along with normal authentication. In One-Time Password system, a unique password is required every time user tries to login into the system. Once a one-time password is used then it can not be used again. One time password are implemented in various ways.
Security
Operating System
Computer SecurityREERENCES
• Book: operating systems internals and design principles by william stallings 7th edition
• https://www.cs.uic.edu/~jbell/coursenotes/operatingsystems/15_security.html
• http://www.tutorialspoint.com/operating_system/os_security.htm
• https://en.wikibooks.org/wiki/fundamentals_of_information_systems_security/access_control_systems
• http://www.computerworld.com/article/2572130/security0/buffer-overflow.html
• http://pcunleashed.com/different-types-of-trojan-horse-malware/
• http://support.kaspersky.com/viruses/general/614
Thank You
Thanks for comingHave a nice day
Ask your questions in comment
