Information Technology Refuting the Claims essay

Download this essay in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from essay:



Linux Kernel Analysis

Much has been written in praise of the Linux (Crandall, Wu, Chong, 359),

(Parnas, 112), (Baliga, Iftode, Chen, 323), and its use of preemptive multitasking memory architectures to manage process control, file management, device management, information maintenance and communications subsystems securely and effectively. The Linux modular design, lack of reliance on Remote Procedure Calls (RPC), and use of UNIX-based system administration all are often cited as factors in how it is significantly more secure than Microsoft Windows for example. Linux relies on a dedicated memory partition architecture more comparable to Microsoft Windows than UNIX and also has a specific API calls for each of the subsystems as well. The combination of modularity and preemptive multitasking through dedicated memory structures is also an architectural argument that Linux supporters site when defending the inherent security of this operating system. In fact the KDE and GNOME components of the operating system are monolithic, not modular in design and therefore pose a security risk from the standpoint of being accessible through the kernel. Figure 3, Linux Kernel Structure, provides a graphical representation.

Figure 3: Linux Kernel Structure

Source: (Jaeger, Edwards, Zhang, 7)

What is immediately apparent from analyzing the Linux kernel is that when you take into account its wide variation in interpretation between Linux distributions from Debian, Red Hat, MandrakeSoft and SUSE it is clear that coordination and collaboration to resolve severe security risks can be challenging. In fact the highly fragmented nature of the Linux kernel and the distributed ownership of it across all those companies who are offering unique distributions make response time to severe alerts (as defined by CERT's methodology) challenging. Further exacerbating this shared ownership of security on the Linux platform is the integration of only Crypto functions, IPSec, SSL Tunnel and firewall functions. All other functions critical for operating system security are in fact supported through 3rd party partners including Directory Support, PKI integration, Cryptography at the hardware level, Kerberos support and a security management framework. As a result of the Linux kernel structure and operating system infrastructure being so balkanized the days of risk associated with any attack and the response time to resolve them is significantly longer than any Microsoft operating system included in the analysis (Massel, et.al.). This is a function of the lack of concerted, focused collaboration on the part of companies who are creating and marketing Linux distributions. Unlike the Apple operating system and its QuickTime and Java Virtual Machine (JVM) security liabilities, Linux has more complex security threats. At the operating system, kernel and the threat of days of risk growing rapidly due to a lack of shared knowledge (despite the myth of the open source community being egalitarian) Linux has significant security vulnerabilities (Massel, et.al.).

Microsoft Windows Operating System Architecture Analysis

The Microsoft Windows architecture has evolved to support pre-emptive multitasking and also the support of up to four concurrent application environments including Win!6, Win32, POSIX and UNIX emulations on the Windows XP Server architecture, which is the processor to Windows 7. As can be seen from Figure 4, Microsoft Windows Operating System Structure the Windows API Layer includes Win16 (16 bit Windows Subsystem) and Win32 (Windows 32 Bit Subsystem) support both with their own kernels (KRNL386.EXE and KERNEL32.DLL) in addition to their own GID and user components. These two subsystems in the API layer are completely separated from the Kernel Mode. Microsoft initially made this design decision from a security standpoint. There is also a Hardware Abstraction Layer (HAL) within the architecture which supports cryptography customization to MIL-STD specifications.

Figure 4: Microsoft Windows Operating System Structure

Source: (Shone, et.al.)

The Windows Operating Structure integrated directory support, PKI, cryptography functions at the kernel and hardware levels through the hardware Abstraction Layer, while also having legacy support for Kerberos authentication and security technologies. IPSec, SSL and remote access have over time been integrated into a common subsystem which runs in its own memory space. The System Virtual Machine also has its own memory partition and is an emulation of a full Win32 runtime environment instead of making calls directly into the kernel of the operation system. Win16 and Win32-based applications therefore are not integrated to the kernel; therefore applications cannot be used to launch security attacks. Vulnerabilities within the Microsoft architecture emanate from device driver layer (Hartley, 4) and the lack of consistency on firewall definitions and methodologies over the lifecycle of the operating system (Mogull, Pepper, 1). Microsoft has also been negligent in defining common platform integration for third party systems, databases and architectures as well (Parnas, 112). These have all combined to create security liabilities for the operating system over time. In previous generations of the Microsoft architecture, including the first editions of Windows NT and later XP, there was extensive use of Remote Procedure Calls (RPCs). RPC threat analysis based on CERT entries showed that there was the potential to gain access to the kernel layer of the operating system. There is also the factor of how Microsoft originally chose to interpret TCP/IP and specifically how the development of the telnet and FTP commands were completed. These both have been configured as UNIX equivalents, where administrators can only grant access via these commands to an entire system. There are also authentication processes in place to alleviate the risk of RPC-based calls when SQL Serer is being used, significantly reducing a previous threat when both of these system components were used in conjunction with each other (Bradley, 34). The multithreaded environment of Windows NT/XP/7 is now managed through the Virtual Memory manager, a development originally in XP that continues in Windows 7 to alleviate individual program threads from being impersonated or otherwise used to launch attacks to the kernel level of the operating system.

Analysis and Recommendation/Conclusion

Based on the analysis of each operating system's structure, inherent design strengths and weaknesses with regard to security it is apparent that the design criteria for security vary significantly. For the Apple OS X operating system the entry points of QuickTime and JVMs has been well documented in the CERT database. Apple has been relatively fast to respond to these concerns and has yet to define a management framework which makes the operating system secure in heterogeneous integration use. The second operating system evaluated, Linux, has far more security vulnerabilities due to its lack of preemptive memory management and use of actual calls through a virtualization layer from the applications to the kernel. Compounding this is the variation in approach each distribution takes when completing an interpretation of the operating system. All of these factors add up to significant increases in days of risk when a security threat is found.

When all of these factors are taken into account from an operating system design perspective and then the CERT data is analyzed from the standpoint of days of risk exposure, it is clear Microsoft, while has the highest percentage of flaws with high severity also have the highest percentage of flaws fixed. Table 1: CERT Analysis provides an analysis High Severity Flaws based on Forrester Research methodology. The factors contributing to the lower scores for Linux include the lack of efficient collaboration across the open source community, exacerbated by the fact that each of the companies listed in the analysis have slight variations in how they have interpreted the Linux operating system.

TABLE 1: CERT Analysis

Platform

Number of Total Flaws

Number of High-Severity Flaws

(%) of flaws with High Severity

Number of Flaws Fixed

(%) of Flaws Fixed

Microsoft

86

67%

Red Hat (Linux)

56%

99.6%

Apple

65

47

72%

46

97.8%

Debian (Linux)

57%

96.2%

MandrakeSoft (Linux)

60%

99.0%

SUSE (Linux)

63%

97.7%

It is also evident from evaluating this data in the context of the operating system architectures that days of risk, over time, tends to correlate to the level of consistency and modularity of an operating system. Days of risk also are indicative of how effective the cross functional teams can quickly ascertain the root cause of the problem and respond with a patch or an update. Given the fact that Microsoft has the most complex of the operating system architectures, the level of internal coordination and collaboration to fixed fatal flaws shows that xecurity has become a strategic priority inside the company.

References

Baliga, A., L. Iftode, and X. Chen. "Automated containment of rootkits attacks. " Computers & Security 27.7/8 (2008): 323.

Bradley, S.. "Windows 7: Is It Right for You? " Journal of Accountancy 208.5 (2009): 32-37.

Grant Buckler. "New Macs and new viruses. " Computer Dealer News 24 Mar. 2006:

Jedidiah R. Crandall, S. Felix Wu, and Frederic T. Chong. "Minos: Architectural support for protecting control data. " ACM Transactions on Architecture and Code Optimization 3.4 (2006): 359.

Erber, G.. "Proprietary Digital Rights Management Systems and Music-Downloads - Obstacles for Innovation from a Competition Policy Perspective. " SSRN…[continue]

Some Sources Used in Document:

"Operating-system-market-share" 

Cite This Essay:

"Information Technology Refuting The Claims" (2009, December 06) Retrieved December 3, 2016, from http://www.paperdue.com/essay/information-technology-refuting-the-claims-16642

"Information Technology Refuting The Claims" 06 December 2009. Web.3 December. 2016. <http://www.paperdue.com/essay/information-technology-refuting-the-claims-16642>

"Information Technology Refuting The Claims", 06 December 2009, Accessed.3 December. 2016, http://www.paperdue.com/essay/information-technology-refuting-the-claims-16642

Other Documents Pertaining To This Topic

  • Health Care Information Networks

    Careful planning is vital due to the first 9 lessons listed here, that BI solutions: must probably be purchased by multiple providers; requires company it specialists who are well-versed in up-to-date BI solutions; are expensive; are time-consuming; take meaningful intra-company education; require the work of a consequential number of company personnel; should involve only necessary outsourcing with an eye toward educating personnel; require anticipation of change and willingness to

  • Chief Medical Information Officer Cmio

    The theory has three factors: Valence Instrumentality Expectancy Equity Theory -- Stated that a person compares their outcomes and inputs with others. Sarah has a meeting to discuss the salary of the whole entire organization. They realized that women were low paid in comparison to the men. Sarah started comparing herself with one of her colleagues saying that she worked harder than him and she has been there longer than him. Satisfaction performance theory

  • Video Games and Violence

    Behavioral and Cognitive Consciousness and Cognitive Behavior Treatment Prelude In this modern era, technology has made us its slave. Life has never been this flexible and convenient bringing efficiency and speed too. The technology has certainly altered our methods of communication, socializing, entertainment and maybe the way we behave. In this research paper, both popular sources and scholarly sources will be employed to discuss the possible effects of video gaming on youth.

  • Internet Usage on Our Lives A Critique

    Internet Usage on our Lives: A Critique of the Shallows The pervasive adoption of the Internet continues to completely redefine the nature and scope of people's lives and their ability to communicate and collaborate globally. The Internet is also enabling entirely new approaches to defining methods of co-creation with customers, in addition to the creation and growth of virtual work teams (Panteli, Duncan, 2004). From friends who connect and communicate

  • Work vs Life Balance the

    Wood indicates that "everyone has different motivations and aspirations that they wish to achieve in their life. Work-life balance is about adjustments that can be made to working patterns to enable people to combine work with the other facets of their life. Bratton and Gold (2003: 105) de-ne work-life balance as, 'the relationship between the institutional and cultural times and spaces of work and non-work in societies where income

  • Garden of Eden Biblical Folklore

    This difficulty has given rise to numerous theories of motivation throughout history, each with its own distinct value. Many generations after Adam, have created new and insightful methods of thought. The problem with many of these theories is that they are imperfect by nature and do not encompass all possible options of behavior. To begin, Elliot defines motivation as a basic innate drive for success. This drive encompasses the

  • How Can We Make Profit Through Investing on Stock Market

    profit through investing on Stock Market Generally, all over the world financial markets exemplify a state of intricate and inscrutable situation. These marketplaces are of immense significance in the western nations, where the constituents employ their expertise to invest and generate profit whilst formulating a pool of funds, statistics, derivatives, shares and calculation intricacy. These constituents or elements are those investment maestros who are the whole and sole performers of


Read Full Essay
Copyright 2016 . All Rights Reserved