¶ … Operating Systems Protection
Operating systems are the collection of programs that assist users operating computer hardware to control and managing the computer resources, providing the user interface and enforcing security measures. An operating system is referred as the physical environment that provides an interface between the underlying computer hardware and data. The advent of information and networking systems has led to the connectivity of the computer system that assists in sending and receiving data through the operating systems. The effective application of the software system are based on the foundation operating systems, thus, a security of the operating system is very critical for the effectiveness of the computer and information system. Typically, all the modern computer systems whether network servers, laptops, hand-held devices and workstation desktops are controlled by the software called operating system, and the most popular operating systems are the Microsoft Windows, UNIX, and Linux. Since the operating systems are very crucial for the operations of the computer systems, lack of security for the operating systems will have an impact on the overall computer system. A formal security of the operating systems is the application of the CIA (confidentiality, integrity and authentication). Presently, many operating systems have inbuilt access control mechanisms for the effective security of the operating systems.
The objective of this study is to access the security vulnerabilities of the operating systems and the strategies to protect them from imminent attacks.
Vulnerabilities and Protection of Operation Systems
In an information system environment, an organization may face common threats when the file or data are shared between one operating system environments to another operating system environment. A compromise on the operating systems will expose all applications in the system to danger. When the operating systems are jeopardized, overall information systems are vulnerable to attack. Moreover, lack of effective control and security systems may lead to breaking in or attack across the different application in the systems. (Anderson, 2008). Thus, security of the operating systems is critical for the entire computer system. The operating systems are to be protected to avoid an unauthorized access to data. Critical methods of providing security for the operating systems are the:
Access control,
Identification and Authentication,
Password policies.
SSL or SSH
Intrusion Detection System
Intrusion Prevention System
Firewall, and Antivirus or Antimalware.
Identification and Authentication
The identification and authentication are one of the important operating system protections. The authentication is the process of confirming the identity of users before being allowed to gain access to the information systems. The authentication process asks the administrator or user for the identification and authentication before being allowed to gain access to the systems. At present, many organizations use the access badges for the identification and authentication. The access badges are linked to security control and system to monitor a logical access to sensitive information. The physical authentication is another forms of security where users use the biometric measures or magnetic cards before allowing the users to access the information resources. Digital authentication is used to verify user identity using the digital procedures. Some organizations use the digital certificates that consist of digital passports to identify and verify the holders of the certificates. The digital certificate is another authentication method used to protect the operating systems. The digital certificates involve the use of the digital passport to identify and verify the holders of the certificate. The benefit of the digital certificate is that it allows users to exchange information securely using the PKI (public key infrastructure). Moreover, the digital certificate contains the serial number, the public key for digital signatures and encrypting message. The digital certificate is also implemented through the trusted certificate authority.
Access Control
The access control is another security device used to protect the operating systems. Typically, the access control is a security protocol that controls the principals such as machines, persons or processes that can be authorized having access to the resources in the information systems. The access control covers which files are allowed to be read, and programs allowed to be executed. In other words, the access control uses the authentication such as passwords to limit an access to communication ports, access to files and access to other resources in information systems. Hu, Ferraiolo, & Kuhn, (2006) argue that access control is used to allow legitimate users into the information systems and mediate every attempt of illegitimate users gaining access to the information resources. The goal of the operating systems is to protect directories and files. Thus, an effective integration of the access control system can facilitate...
However, a strong password should consist of the combination capital letter, smaller, number and symbols. (Goodrich, & Tamassia, 2011).
SSL or SSH
Additionally, encryption of data using the SSL the (Secure Sockets Layer) or SSH (Secure Shell) are the other strategies to protect the operating system. The SSL or SSH assists in encrypting data transmitted over the network system thereby protecting the data from being read by an authorized individual. However, the encrypted data can only be read by an authorized individual having the decrypted key. (Beuchelt, 2013).
Relative Advantages and Disadvantages used to Protect Operating Systems
Access Control
The security policies to protect the operating system have advantages and disadvantages. Different benefits can be realized from using the access controls to protect the operating systems. For example, the access control assists in protecting the information resources from the unauthorized access. Moreover, the access control model is easy to implement since it can be identified with the person trying to gain access to the information resources. Moreover, the access control enhances integrity and confidentiality of the information systems. The access control also prevents the activities that can lead to a breach of security systems thereby assisting in enhancing their confidentiality, integrity, and availability.
Despite the benefits associated with the access control, this security model has different shortcomings. First, the access control is not immune from the malicious agent attack. A malicious agent can tamper with the inputs thereby subverting the access control mechanisms. Moreover, an attacker can use the malicious software to modify the access control software thereby gaining access to sensitive information resources. A malicious software can be used to impersonate the authorized users to gain access to the system. More importantly, a hacker can bypass the access control by using the malicious agent.
Identification and Authentication
The advantages of authentication and identification are that they serve as an additional layer of security. By using the authentication process, the users are able to avoid the rigors of using and remembering the complex passwords. However, the authentication security tool can be susceptible to the malicious attack. Moreover, man-in- the- middle can gain access to the system through a brute force attack.
Password Policies
The password policy is the least expensive method to protect the operating system since there is no extra software to install. Moreover, users can change their passwords at a convenient time. There is also no need to install extra software in the operating system since most operating systems have inbuilt interface to input the passwords. Despite the aforementioned advantages, the password policy as a security for the operating systems is not reliable for organizations allowing employees to log in remotely because the attackers can hijack the password online. Moreover, the hacker can use software called the keylogger to record the passwords. At present, some keylogging program can support a remote installation that allows an attacker installing the software remotely on a target computer. Some hackers can also use the phishing to hack passwords. The phishing involves the use of spoofed web pages that look like legitimate websites to steal the passwords of users. The spoofed web pages will contain the fake login, and if the users enter their passwords in the fake login page, the passwords are stolen by the hackers.
Intrusion Detection System
The IDS (intrusion detection systems) are the set of programs that assist in detecting the authorized activities in the operating systems. The benefit of the IDS is that it alerts the administrator that imminent attacks are about to occur in the operating systems.
Intrusion Prevention System
The IPS (intrusion prevention systems) are the set of programs that prevent the unauthorized access into the operating systems. The IPS block an authorized access from the systems thereby preventing an attacker gaining access into the systems.
Firewall
The firewall is the program that bocks an unauthorized network access into network system. Some attackers may attempt to gain access into the systems through network sniffing, however, if the firewall is installed in the operating system, it will block the intruders.
Anti-malware or Antivirus
The anti-malwares or antivirus are the tool that prevent the attackers from installing the malware into the operating systems. Some attackers may send an attachment to users that contains the malwares through the emails. If the users download the attachment, the malware will be installed in the systems thereby steal sensitive information from the systems. Similarly, an attacker may use a spoofed website…
One of the main drawbacks of the user authentication is the essence of various attacks to the protection mechanism. The concept of user authenticity is weak and susceptible to numerous attacks. The protection mechanism also relates to the ability of the user to maintain the user ID and password secret for the purposes of minimizing threats and attacks (Weber 2010). This is an indication that the users must have
This report will hopefully pull together the research available with regard to this issue, and also identify what users are most at risk for virus attacks. The research currently available also confirms that modern viruses are becoming more insidious and complex, with the potential to incur more damage to computers and data than in the past. Studies suggest that newer versions of viruses may escape detection using standard anti-viral software.
Enforcement of European Community Law Legal systems are basically just useless if they are not efficiently enforced. On that note, they have normally two principal devices through which to make sure that these norms are enforced. Firstly, they may make the choice to trust on community enforcement by the state or an organ (Craig, 1998). On the other hand, trusting purely on public enforcement can be incompetent. Even though the
TREATMENT OF PRISONERS IN THE U.S. AND RUSSIA How Does the United States Compare to Russia in Following the UN Standard Minimum Rules for the Treatment of Prisoners? There are nearly 9 million people under certain forms of incarceration or supervision across the globe. The United States has the highest number of prisoners or individuals under some of supervision since approximately 25% of the world's prisoners are held in the country (U.S.
HVAC System: (1) Describe the components of the system or systems (AH, VAV, RTU, Chiller, cooling tower, piping, pumps, type of duct, etc.). Direct Expansion Air Conditioning serves as the main system used for the HVAC system. This kind of system utilizes RVEC or refrigerant vapor expansion/compression cycle to allow for the direct cooling of the air supply to an occupied space. Because there are both the split systems and one package
HSMS Gap Analysis and Hazard Identification Risk Assessments Description of APM Terminals Legal Environment Review of the Health and Safety Management System Description Gap Analysis Hazard Identification Physical Hazards Health and Welfare Hazards Risk Assessment Physical Hazard -- Working at Height - Scaffolding Health & Welfare Hazard -- Noise Action Plans Action Plan 1 - Management System Action Plan 2 -- Hazards and Risks Barbour Checklist: BS OHSAS 18001 Audit Checklist Occupational health and safety management has numerous benefits for business, not only an employer's duty