1 / 50

Objectives

Telecommunications and Network. Physical and Personnel. System. Application and Individual. Planning, Policies, and Procedures. Objectives. Describe major OS functions Recognize OS related threats Apply major steps in securing the OS

rickyv
Download Presentation

Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Telecommunications and Network Physical and Personnel System Application and Individual Planning, Policies, and Procedures Objectives • Describe major OS functions • Recognize OS related threats • Apply major steps in securing the OS • Perform a vulnerability scan to identify existing vulnerabilities on an active system

  2. An Operating System Is… … a program that acts as an intermediary between a computer user and computer hardware. What does that mean?

  3. Early Operating Systems • 1950s • Monitor system • Batch processing • Spooling • No interaction with program while running • 1960s • Multiprogrammed batch systems • Graphical displays, pointing devices • Timesharing (multitasking) – first interaction with running programs • MULTICS – multiuser forerunner of Unix

  4. Operating System Evolution • 1970s • Personal computer systems – resident monitor • Windowing, icons, menus, and pointers are developed as an interface • 1980s • PCs become affordable • Multiprocessor systems • 1990s • Distributed computing • Mainstream graphical interface

  5. Operating System Tasks • Management Tasks • Process management • Main-memory management • File management • I/O system management • Secondary storage management • Networking management • Protection system • User interface management • Command Line Interface (CLI) • Graphical User Interface (GUI)

  6. Process Management • Many processes running on a modern computer system • Manage schedule, time to execute, and resources for each process • Create and delete processes • Suspend and resume of processes • Provide for process synchronization • Provide for communication • Provide deadlock avoidance

  7. Main Memory Management • Memory is the storage area the CPU uses for executing programs • Each process (including the operating system) must have its own piece of memory • Keep track of which process is where • Decide which process to load when there is room • Allocate and deallocate memory as needed

  8. File Management • The basic storage unit from a user perspective • Provide structure (directories, file types, etc.) to storage • Create and delete files and directories • Support manipulation of files and directories • Map files to secondary storage • Backup files

  9. I/O System Management • Hides the specifics of I/O devices from the user • Provides tools to handle the speed difference between CPU and I/O devices • Memory management for buffering, caching, and spooling • General device driver interface • Hardware specific device drivers

  10. Secondary Storage Management • Why? Because main memory is usually too small to hold all programs and disappears when power is turned off • Non-volatile (stays when power is turned off) and larger than main memory • Use disk drives (tapes, punch cards, etc.) • Manage free space • Allocate storage • Schedule disk activity

  11. Network Management • Network communications for the system is a special case of I/O • Manages communication links by • Establishing connections • Scheduling communication • Directing communication to correct processes

  12. Protection System Management • The operating system plays a basic role in protecting information, especially on multitasking and multiuser systems • Protect memory for processes • Provide file access mechanism • Provide authentication and access control mechanisms

  13. User Interface Management • A way to give commands to the computer • Accomplished via command line and/or Graphical User Interface (GUI) • Accepts and acts on user commands in a timely manner

  14. Operating Systems • Operating system developers determine which features are implemented and what capabilities they have • For example, early personal computer operating systems had no protection mechanism other than reserving special memory locations for the operating system

  15. So Far • Operating systems manage computer resources • Schedules time • Allocates space (in memory, on disk) • Handles I/O • Protects system and information

  16. Operating Systems Security • Goals of operating system security • Confidentiality: Only let authorized entities access computer and information • Corollary: Only run authorized processes • Integrity: Only allow authorized changes to information • Availability: Manage resources to permit access to information and system at all required times

  17. Authorization & Authentication • Who is authorized? • Authorized by policy of organization and operational requirements • How do we know? • Accounts (identification) • Known systems • Password • Secure communication channel

  18. Access Control • Controls how users and systems communicate and interact with other systems and resources • First line of defense • Authenticate before allowing access to authorized resources

  19. Operating System Access Controls • Two basic methods • Access Control List (ACL) • For every resource, indicates who has access and what kind of access • Permissions based on identification • User permissions • Group permissions • Additional controls • Passwords for files, resources, etc.

  20. Managing Identities • Local user and group accounts • Directory server • LDAP • Microsoft Domain Controller • Policies and operational requirements • Introduces need for “trust” relationships

  21. Auditing – A Trail To Follow • Detect auditable events • What is an auditable event? • Collect and save in secure location • Where do you save them? • How do you protect logs? • Analyze results • Human readable? Searchable? Prioritized? • Fix problems

  22. Access & Audit What? • Resources • Computer system • Processes • Files • Memory • Disk drives • Printers • Communication • Etc.

  23. Threats To Operating Systems • Compromise system to gain unauthorized access to system resources • Weak/broken identification • Weak internal security structures • Programming errors in operating system

  24. It’s You! • How do you let people know who you are? • How can we tell you are who you say you are? • Will this allow me to trace actions back to you? Identification Authentication Non-repudiation

  25. Once Identified, Authorize • User accounts are the mechanism used to identify and authorize people • Access control is based on identification • Most common authentication: password • Password and account policies help improve security Joe

  26. Implementing Policies • Recall: policies can be topic specific • Procedures can be one way to implement policies • Policies can also be implemented in hardware or software • Password and account policies are often implemented using operating system features

  27. Password Policy • What makes a good password policy? • How many new passwords should you use before you can reuse an old password? • How long should a password be valid? • How long must you use a password before you change it? • What is the minimum length for a password? • Should there be complexity requirements? • Should the password be stored so it can be decrypted?

  28. Account Policy • Should your account be locked if you don’t log in correctly? If so, how long should it be locked? • How many login failures should occur before your account is locked? • How much time should elapse before a failed login is no longer counted?

  29. Vulnerabilities • Protection function – Access control • Compromise access control to attack other functions • Process management • Unauthorized processes • Hidden processes • Affect other processes • Main memory management • Access other processes’ memory

  30. More Vulnerabilities • File management • Unauthorized access to files • Create unauthorized files • I/O system management • Unauthorized I/O • Affect authorized I/O • Secondary storage • Access or corrupt

  31. Even More Vulnerabilities • Network • Unauthorized connections/communications • Disable or compromise • Affect authorized use • User interface • Eavesdrop • Deny access to authorized users • Permit access to unauthorized users

  32. Threats • How do threats affect the system? • Affect availability • Compromise confidentiality or integrity • How do you tell if you have a problem? • Process listing – Network connections • Memory check – Storage size • Auditing logs • What if management tools are compromised?

  33. Specific Operating System Attacks • DoS • Hack (or crack) the system • Backdoor • Memory issues • Escalation of privileges • Default settings

  34. Confidentiality Integrity Availability Denial of Service (DoS) • An attack on availability • Consume resources • CPU or memory • Communication • Recall terms • ping, Smurf, botnet CIA

  35. Confidentiality Integrity CIA Availability Hack The System • Exploit a vulnerability to gain unauthorized access to the system • Access as an existing user • Perform other actions • Add unauthorized account • Add malicious software • Use system resources

  36. Confidentiality Integrity CIA Availability Backdoor • What is a backdoor? • An access method thatbypasses the normalsecurity of the system • How does it get there? • What impact mightit have?

  37. Confidentiality Integrity Availability Memory Issues • Memory is not erased before given to another process • Gives new process access to information from old process • What is the impact? • Memory is not released by a process • What is the impact? CIA

  38. Confidentiality Integrity CIA Availability Escalation Of Privileges • User exploits vulnerability to gain unauthorized access • Gain administrator access • Gain access as aspecific account • What is the impact?

  39. Confidentiality Integrity CIA Availability Default Settings • Most operating systems ship in the simplest configuration… unsecure • Security features disabled • Default accounts enabled with standard passwords • Available services (programs) running

  40. How Do They Do It? • The key is gaining access • Break an operating system management function to gain command access • Connect to print server, cause process to create a command line as administrator • Send special packets to network controller to cause a buffer overflow to execute program • And many more

  41. Securing Systems • Perform system “hardening” • Find out what vulnerabilities are still present • Perform a vulnerability scan • Fix them

  42. Countermeasures: DoS • Set network and host firewall filters for known bad traffic • Apply operating system patches for known vulnerabilities • Limit time and resources for processes • Monitor for threat activity on the network and host using Intrusion Detection Systems

  43. Countermeasures: Hack The System • Use account and password policies • Reduce likelihood of password guessing or cracking • Limit privileges of users to those they need • Manage by responsibilities (group permissions) • Change default accounts, settings, passwords • Use restricted accounts for services (don’t run everything as administrator) • Apply operating system patches for known vulnerabilities • Turn off unnecessary services • Watch for social engineering

  44. Countermeasures: Backdoor • Disable any unnecessary default accounts • Apply operating system patches for known vulnerabilities • Scan system periodically • Monitor system

  45. Countermeasures: Memory Issues • Apply operating system patches for known vulnerabilities • Turn on security features (some operating systems will clear memory before reallocating it) • Reclaim memory on processtermination

  46. Countermeasures: Escalation Of Privileges • Apply operating system patches for known vulnerabilities • Monitor system • Establish restricted accounts for services (don’t run everything as administrator)

  47. Countermeasures: Default Settings • Disable unnecessary accounts and services • Apply operating system patches for known vulnerabilities • Follow lockdown procedures when possible • Monitor system

  48. Additional Countermeasures • HIDS • Provides system monitoring function • Can raise alert when changes occur • Backups • Allow restoration of system to known good state • Physical security – Don’t allow unauthorized access to systems

  49. Are We Done? • Not yet • Recurring theme • Apply operating system patches for known vulnerabilities • Disable unnecessary accounts and services • Monitor system • Always balance security and ease of use

  50. Operating System Security: System Specific Stuff • History and general functions of operating systems • Major vulnerabilities and threats for operating systems • Steps in securing system accounts • Using a vulnerability scanner to test systems • Countermeasures for operating system threats

More Related