APPLIED OPERATING

SYSTEM
 MODULE 6
PROTECTION AND SECURITY
Upon completion of this module, the student would be able to:
• Identify the role of the operating system with regard to system
security;
• Define the key properties to system survivability;
• Discuss the effects of system security practices on overall system
performance;
• Give the levels of system security that can be implemented and
the threats posed by evolving technologies;
• Enumerate the different types of security breaches;
• Identify system vulnerabilities and how to protect our system from
them;
Operating system plays a key role in computer system security.
• Any vulnerability at the operating system level opens the entire
system to attack
• The more complex and powerful the operating system, the
more likely it is to have vulnerabilities to attack

System administrators must be on guard to arm their operating

systems with all available defenses against attack
System Survivability is the capability of a system to fulfill its
mission, in a timely manner, in the presence of attacks, failures, or
accidents

Key properties of survivable systems:

• Resistance to attacks
• Recognition of attacks and resulting damage
• Recovery of essential services after an attack
• Adaptation and evolution of system defense mechanisms to
lessen future attacks
Four key properties of a survivable system
System administrator must evaluate the risk of intrusion for each
computer configuration, which in turn depends on the level of
connectivity given to the system

A simplified comparison of security protection required for

three typical computer configurations
• Backup and recovery policies are essential for most computing
systems
• Many system managers use a layered backup schedule
• Backups, with one set stored off-site, are crucial to disaster
recovery
• Written policies and procedures and regular user training are
essential elements of system management
• Written security procedures should recommend:
• Frequent password changes
• Reliable backup procedures
• Guidelines for loading new software
• Compliance with software licenses
• Network safeguards
• Guidelines for monitoring network activity
• Rules for terminal access
• A gap in system security can be malicious or not
• Intrusions can be classified as:
• Due to uneducated users and unauthorized access to system
resources
• Purposeful disruption of the system’s operation
• Purely accidental
Examples: Hardware malfunctions, undetected errors in OS or
applications, or natural disasters

• Malicious or not, a breach of security severely damages the

system’s credibility
• Any breach of security or modification of data that was not the
result of a planned intrusion

• Examples:
• Accidental incomplete modification of data
• When non-synchronized processes access data records
and modify some but not all of a record’s fields
• Errors due to incorrect storage of data values
Example: When the field isn’t large enough to hold the
numeric value stored there
(a) Original data value in a field large enough to hold it. If the field is too small,
(b) FORTRAN replaces the data with asterisks,
(c) COBOL truncates the higher order digits and stores only the digits that remain
• Types of Intentional attacks:
• Intentional unauthorized access
Examples: denial of service attacks, browsing, wire
tapping, repeated trials, trap doors, and trash collection
• Viruses and worms
• Trojan Horses
• Bombs
• Blended threats
• Denial of service (DoS) attack is one in which a malicious
hacker takes over computers via the Internet and causes them
to flood a target site with demands for data and other small
tasks causing a computer to perform repeated unproductive
task.
• Browsing is when unauthorized users gain access to search
through secondary storage directories or files for information
they should not have the privilege to read.
• Wire Tapping Unauthorized users monitor or modify a user’s
transmission
• Repeated Trials refer to entering systems by guessing
authentic passwords

• Trap doors refer to an unspecified and undocumented entry

point to the system
• Installed by a system diagnostician or programmer for future
use
• Leaves the system vulnerable to future intrusion

• Trash collection refers to the use of discarded materials such

as disks, CDs, printouts, etc., to enter the system illegally.
Average time required to guess passwords up to ten
alphabetic characters (A-Z) using brute force
• Small programs written to alter the way a
computer operates, without permission of
the user
• Must meet two criteria: It must be self-
executing and self-replicating
• Usually written to attack a certain OS
• Spread via a wide variety of applications
• Macro virus works by attaching itself to a
template (such as NORMAL.DOT), which A file infector virus attacks
in turn is attached to word processing a clean file (a) by attaching
a small program to it (b)
documents
• Logic bomb is a destructive program with a fuse
• a certain triggering event (such as a keystroke or connection
with the Internet)
• Spreads unnoticed throughout a network
• Time bomb is a destructive program triggered by a specific time,
such as a day of the year
• Blended Threat combines into one program the characteristics
of other attacks
Examples: virus, worm, Trojan Horse, spyware, and other
malicious code into a single program
• Sniffers are programs that reside on computers attached to the
network. Peruse data packets as they pass by, examine each
one for specific information
• Spoofing is the act of disguising a communication from an
unknown source as being from a known, trusted source.
• Spoofing can apply to emails, phone calls, and websites
• Used when unauthorized users want to disguise themselves as
friendly sites (hoax sites)
A technique whereby system intruders gain access to information
about a legitimate user to learn active passwords by
• Looking in and around the user’s desk for a written reminder
• Trying the user logon ID as the password
• Searching logon scripts
• Telephoning friends and co-workers to learn the names of user’s
family members, pets, vacation destinations, favorite hobbies,
car model, etc.
• Phishing is the act of fraudulently using email to try to get the
recipient to reveal personal data. In a phishing scam, con artists
send legitimate-looking emails urging the recipient to take action
to avoid a negative consequence or to receive a reward.
• Spear-phishing is a variation of phishing in which the phisher
sends fake emails to a certain organization’s employees. It is
known as spear-phishing because the attack is much more
precise and narrow, like the tip of a spear.
• Smishing is a type of phishing that involves the use of Short
Message Service (SMS) texting. In a smishing scam, people
receive a legitimate-looking text message on their phone telling
them to call a specific phone number or to log on to a Web site.
• Vishing is similar to smishing except that the victims receive a
voice mail telling them to call a phone number or access a Web
site.
• Rootkits is a set of programs that enables its user to gain
administrator-level access to a computer without the end user’s
consent or knowledge. Once installed, the attacker can gain full
control of the system.
• Ransomware is a malware that disables a computer or smart-
phone until the victim pays a fee, or ransom.
• No single guaranteed method of protection
• System vulnerabilities include:
• File downloads, e-mail exchange
• Vulnerable firewalls
• Improperly configured Internet connections, etc.
• Need for continuous attention to security issues
• System protection is multifaceted protection methods include:
• Use of antivirus software, firewalls, restrictive access and
encryption
• Software to combat viruses that can
be preventive, diagnostic, or both
• Preventive programs may calculate a
checksum for each production
program
• Diagnostic software compares file
sizes, looks for replicating
instructions or unusual file activity (a) Uninfected file;
• Can sometimes remove the infection (b) file infected with a virus;
and leave the remainder intact (c) a Trojan horse or worm
• Unable to repair worms, Trojan consists entirely of
horses, or blended threats as they are malicious code

malicious code in entirety

• A set of hardware and/or
software designed to protect
a system by disguising its IP
address from unauthorized
users
• Sits between the Internet
and network
• Blocks curious inquiries and Firewall sitting between campus networks
potentially dangerous and Internet, filtering requests for access
intrusions from outside the
system
• Mechanisms used by the firewall to perform various tasks include:
• Packet filtering
• Proxy servers
• Typical tasks of the firewall are to:
• Log activities that access the internet
• Maintain access control based on senders’ or receivers’ IP
addresses
• Maintain access control based on services that are requested
• Hide internal network from unauthorized users
• Verify that virus protection is installed and enforced
• Perform authentication based on the source of a request from the
Internet
• Authentication is a verification
that an individual trying to
access a system is authorized
to do so.

• Kerberos is a network
authentication protocol.
• Designed to provide strong Using Kerberos, when client A
attempts to access server B, user is
authentication for client/server authenticated (a), and receives a
applications by using secret- ticket for the session (b). Once the
key cryptography. ticket is issued, client and server can
communicate at will (c). Without the
ticket, access is not granted.
Most extreme protection method for sensitive data where data
is put into a secret code
• To communicate with another system, data is encrypted,
transmitted, decrypted, and processed
• Sender inserts public key with the message
• Message receiver required to have private key to decode the
message

Disadvantages:
• Increases system’s overhead
• System becomes totally dependent on encryption process itself
Most basic techniques used to protect hardware and software
investments include:
• Good passwords
• Careful user training

Password Construction:
• Good password is unusual, memorable, and changed often
• Password files normally stored in encrypted form
• Password length has a direct effect on the ability of password
to survive password cracking attempts
Reliable techniques for generating a good password:
• Use minimum of eight characters, including numbers and non-
alphanumeric characters
• Create a misspelled word or join bits of phrases into a word
that’s easy to remember
• Follow a certain pattern on the keyboard
• Create acronyms from memorable sentences
• Use upper and lowercase characters if allowed
• Never use a word that’s included in any dictionary
• Dictionary attack is a method of breaking encrypted passwords
• Requirements:
• A copy of the encrypted password file
• Algorithm used to encrypt the passwords
• Prevention:
• Some operating systems “salt” user passwords with extra
random bits to make them less vulnerable to dictionary
attacks
• Use of a smart card
• A credit card-sized calculator that requires both “something
you have and something you know”
• User must type in the number that appears at that moment on
the smart card
• For added protection, user then enters a secret code
• User is admitted to the system only if both number and code
are validated
• Biometrics
• The science and technology of identifying individuals based
on unique biological characteristics of each person such as
human face, fingerprints, hand measurements, iris/retina, and
voice prints
• Positively identifies the person being scanned
• Critical factor is reducing the margin of error
• Siberschatz, A. (2018). Operating System Concepts,
Wiley.
• Tomsho, G. (2019). Guide to Operating Systems,
Cengage Learning.