COMPUTER SECURITY COURSE (CCT302)

V SEMESTER CYBER SECURITY

UNIT 4 NOTES

System Security Requirements & Planning

System Security Requirements:

System security requirements are crucial to protect the operating system (OS) and its resources
from unauthorized access, misuse, and attacks. Below are the key components of system
security:

1. Authentication:
o Definition: It is the process of verifying the identity of users or processes attempting to
access the system.
o Purpose: Ensures that only legitimate users can access the system by requiring
credentials such as passwords, tokens, or biometrics.
2. Authorization:
o Definition: Determines what actions an authenticated user or process is allowed to
perform.
o Purpose: Restricts access based on user roles or permissions, ensuring users can only
access the information and perform actions for which they are authorized.
3. Confidentiality:
o Definition: Protects sensitive information from unauthorized access.
o Purpose: Ensures that only authorized users can view or retrieve private data,
preventing data breaches.
4. Integrity:
o Definition: Guarantees that the system’s data and software are accurate and unaltered.
o Purpose: Protects data from tampering or unauthorized modification, ensuring the
trustworthiness of the system.
5. Availability:
o Definition: Ensures that the system and its resources are available to authorized users
when needed.
o Purpose: Prevents downtime due to attacks like Denial-of-Service (DoS) and ensures
that critical services remain operational.

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
1
SECURITY
Security Planning:

Security planning involves developing a comprehensive strategy that integrates security

controls and mechanisms to protect the system and its resources. The key steps in security
planning include:

1. Risk Assessment:
o Definition: Identifying and analyzing potential risks that could affect the system.
o Purpose: Helps to understand the likelihood and impact of security threats and
prioritize mitigation measures accordingly.

2. Security Policies:
o Definition: A set of rules and guidelines defining acceptable behavior, access controls,
and how security incidents are to be handled.
o Purpose: Ensures that everyone understands and adheres to security best practices and
enforces consistency in managing security across the organization.

3. Incident Response Plan:

o Definition: A predefined set of procedures for dealing with security breaches or attacks.
o Purpose: Enables quick detection, mitigation, and recovery from security incidents,
minimizing damage and restoring normal operations as soon as possible.

A well-structured security plan helps in safeguarding system resources, preventing attacks, and
maintaining overall system health.

Operating Systems Hardening

Operating system (OS) hardening is the process of enhancing the security of an OS by
reducing its vulnerabilities and limiting the attack surface. By minimizing potential attack
vectors, hardening ensures the system is less susceptible to security threats. Below is a more
detailed explanation of the key steps in OS hardening:

1. Patch Management:
• Description: Regularly applying patches and updates provided by software vendors to
address security vulnerabilities in the OS and installed applications.
• Best Practices:

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
2
SECURITY
 o Automate updates where possible to ensure timely application of patches.
o Prioritize critical security patches for immediate deployment.
o Maintain a patch testing environment to verify patches do not disrupt system stability
before applying them to production systems.
o Schedule regular system audits to identify missing or outdated patches.

2. Disable Unnecessary Services:

• Description: Many operating systems come with services enabled by default that may not
be necessary for specific use cases. Disabling unused services can reduce the attack surface.
• Best Practices:
o Identify and audit running services to determine which ones are unnecessary.
o Disable or remove services, applications, and features that are not required (e.g., FTP,
Telnet, or unused network interfaces).
o Use a minimal installation approach during OS setup, only installing the essential
services and software packages.
o Regularly review and prune inactive accounts and daemons that no longer need
access.

3. Restrict User Privileges:

• Description: Apply the principle of least privilege (POLP), ensuring that users and
processes only have the minimum permissions required to perform their duties.
• Best Practices:
o Use role-based access control (RBAC) to assign users specific roles with
limited privileges.
o Create and enforce privileged account management (PAM) policies, ensuring
that administrative access is limited to necessary users and monitored.
o Remove or disable default user accounts, especially those with administrative
rights (e.g., "root" or "Administrator").
o Use multi-factor authentication (MFA) for accounts with elevated privileges
to increase security.

4. Enforce Strong Password Policies:

• Description: Implement strict password policies to reduce the likelihood of brute-force
attacks or unauthorized access.
• Best Practices:

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
3
SECURITY
 o Enforce password complexity requirements, ensuring passwords contain a mix
of uppercase letters, lowercase letters, numbers, and special characters.
o Implement password expiration policies, requiring regular password changes.
o Prevent the use of commonly reused passwords by enforcing password history
and preventing users from using their old passwords.
o Lock accounts after a set number of failed login attempts to prevent brute-force
attacks.

5. Security Configurations:
• Description: Applying security baselines and configuration templates ensures that
systems meet industry-recognized security standards.
• Best Practices:
o Use benchmarks from organizations like the Center for Internet Security (CIS)
or National Institute of Standards and Technology (NIST) to implement
recommended security settings.
o Regularly conduct security audits to ensure that systems comply with these
configuration standards.
o Automate security configuration using tools like Group Policy (Windows) or
Puppet/Ansible (Linux) to enforce compliance across multiple systems.

6. Enable Firewalls and Anti-malware:

• Description: Using host-based firewalls and antivirus software helps prevent network-
based attacks and malware infections.
• Best Practices:
o Enable and configure host-based firewalls to filter incoming and outgoing
traffic. Only allow necessary traffic to access the system.
o Use intrusion detection/prevention systems (IDS/IPS) to monitor and respond
to suspicious activities.
o Install antivirus and anti-malware software and configure regular updates to
maintain up-to-date definitions and signatures.
o Perform regular security scans and real-time monitoring to detect malicious
activity.
o Keep firewall and antivirus software updated to protect against new threats.

Additional Hardening Measures:

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
4
SECURITY
1. Secure Boot: Enable UEFI (Unified Extensible Firmware Interface) Secure Boot to
ensure the OS is booted using only trusted software, preventing unauthorized code from
running during startup.
2. Data Encryption: Implement disk encryption (e.g., BitLocker, LUKS) to protect data at
rest. Use transport encryption (e.g., TLS) for data in transit.
3. Log and Monitor Activities: Use logging and monitoring tools to track system activity
and detect any suspicious behavior. Log access to sensitive data and ensure the logs are
tamper-proof.
4. Remove Unnecessary Software: After installation, remove any unneeded software
packages to limit the number of potential attack points.
5. Implement Backup and Recovery: Maintain a backup system to protect data and restore
systems in case of attack or failure. Ensure backups are stored securely and tested regularly
for integrity.

Linux/Unix Security
Linux/Unix systems offer several built-in security features and best practices:

• File Permissions: Use rwx permissions to control access for users, groups, and others.
Commands like chmod, chown, and chgrp are used to manage these.
• Sudo: Use sudo instead of the root account for administrative tasks, limiting the risk of
system-wide damage.
• Firewall: Tools like iptables or firewalld help in filtering incoming and outgoing traffic to
protect against unauthorized access.
• SELinux (Security-Enhanced Linux): A security module that enforces mandatory access
controls (MAC) on top of discretionary access control (DAC).
• SSH Security: Secure access by disabling root login, using SSH keys instead of passwords,
and setting up IP restrictions.

Best Practices:
• Keep the system updated using package managers like yum, apt, or dnf.
• Regularly audit system logs using tools like syslog or journalctl.
• Configure automatic security updates to protect against known vulnerabilities.

Windows Security
Windows provides a robust set of built-in security features:

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
5
SECURITY
 • NTFS File Permissions: Control access to files and directories using permissions (read,
write, execute). Fine-grained control can be enforced using Access Control Lists
(ACLs).
• Group Policy: Centralized management of security settings for user accounts and
computers across an organization. It allows administrators to enforce security standards
such as password policies, user rights, and software restrictions.
• Windows Defender: Built-in antivirus and anti-malware solution to protect against
threats.
• BitLocker: Full disk encryption tool that ensures data is encrypted, protecting against
unauthorized access even if the physical device is compromised.
• Windows Firewall: A host-based firewall to filter traffic and enforce security policies.
• User Account Control (UAC): Ensures that users operate with standard privileges by
default, prompting for elevated privileges only when required.

MAC Security
MacOS has several native security features to protect its systems:
• FileVault: Full-disk encryption solution that protects data at rest, ensuring that
unauthorized users cannot access files.
• Gatekeeper: Prevents untrusted applications from running on the system by only
allowing apps from identified developers or the Mac App Store.
• XProtect: Built-in anti-malware tool that automatically detects and blocks known
malware.
• Sandboxing: Isolates apps from critical system resources and other apps, ensuring that
compromised or malicious apps cannot affect the overall system.
• System Integrity Protection (SIP): A security technology that protects the system files
and critical components from being modified by unauthorized users or malware.
• Firewall: Built-in macOS firewall to filter and block unauthorized inbound connections.

Best Practices:
• Regularly update the macOS and applications to protect against vulnerabilities.
• Use strong passwords and enforce encryption through FileVault.
• Enable two-factor authentication (2FA) for Apple ID and associated services.

Virtualization Security
Virtualization security refers to securing virtual machines (VMs) and the underlying
hypervisor. Key elements include:

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
6
SECURITY
 • Isolation: Ensuring that VMs are isolated from each other so that compromise in one
VM doesn’t spread to others. Hypervisor security is critical here.
• Secure Hypervisors: Protect the hypervisor (e.g., VMware, Hyper-V) to prevent
attacks from compromising the entire virtual environment.
• Access Control: Use role-based access control (RBAC) to limit access to VM
management and virtualized resources.
• Patching: Regularly patch hypervisors, guest OSs, and management tools to prevent
exploitation.
• Snapshot Management: Ensure proper management of VM snapshots, including
encryption and deletion of unnecessary snapshots to prevent data leakage.

Key Threats:
• VM Escape: When an attacker manages to break out of a VM and access the hypervisor
or host OS.
• Hyperjacking: Malicious control of a hypervisor to control VMs.
• Data Breach: Virtual machine data theft due to improper isolation or weak access
control.

Software Security & Trusted Systems

Software security refers to building software that is resistant to attacks and secure from
vulnerabilities. Trusted systems are systems designed to enforce specific security policies to
ensure high assurance and integrity.
• Secure Coding Practices: Write code to defend against buffer overflows, SQL
injections, cross-site scripting (XSS), and other common vulnerabilities.
• Code Signing: Use code signing certificates to ensure that the software’s origin is
trusted and has not been tampered with.
• Trusted Computing Base (TCB): The minimal set of software and hardware
components critical for enforcing security policies. TCB should be small, carefully
designed, and thoroughly verified.
• Trusted Platform Module (TPM): A hardware-based security feature used to securely
store cryptographic keys and protect the integrity of the system.
• Software Auditing: Use static and dynamic analysis tools to detect vulnerabilities in
the software before deployment.

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
7
SECURITY
File Sharing
File sharing allows multiple users to access and work on the same files across a network.
However, it introduces security challenges that must be mitigated:
• Access Control: Apply role-based access control (RBAC) to ensure that only authorized
users can view, edit, or delete shared files. Use permissions at both the file and folder
level.
• Encryption: Ensure that sensitive data is encrypted both in transit (using protocols like
TLS/SSL) and at rest (using tools like BitLocker or FileVault).
• Audit Trails: Keep logs of who accessed or modified files to track potential security
breaches.
• Secure Sharing Protocols: Use secure file sharing protocols like SMB (with
encryption), NFS (with strong access control), or cloud-based solutions that offer secure
sharing (e.g., OneDrive, Google Drive with encryption).

Protection Mechanisms
Protection mechanisms are built into the OS to control access and safeguard system resources
from unauthorized use.
• Access Control Lists (ACLs): Define who can access a resource and what operations
they can perform (read, write, execute). ACLs can be applied to files, folders, or network
resources.
• Capabilities: Tokens or keys assigned to users or processes that grant them specific
rights over system resources. They are more granular than traditional user-based
permissions.
• Mandatory Access Control (MAC): Enforces security policies where access control is
strictly enforced by the system, and users cannot change it. Examples include SELinux
and AppArmor.
• Discretionary Access Control (DAC): The owner of a resource decides who can access
it and what actions they can perform.
• Encryption: Protect sensitive data by converting it into an unreadable format for
unauthorized users. This can be applied to files, disk volumes, or network
communications.
• Isolation and Sandboxing: Prevent one process from affecting the execution of another
process. Sandboxing isolates applications, limiting the scope of potential damage.

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
8
SECURITY
Applying Security Descriptors to Secure Sensitive Files in a Shared Environment
(Windows 2000)

Security Descriptors Overview:

Security descriptors in Windows contain the security information for securable objects, such
as files or directories. They define who owns the object, who has access, and what kind of
access is allowed. Security descriptors consist of:

• Owner: The account that owns the file and can modify permissions.
• Discretionary Access Control List (DACL): Specifies which users or groups have
access and the type of access (read, write, execute).
• System Access Control List (SACL): Used for auditing access attempts.
• Group: Specifies the primary group associated with the object.

Real-World Scenario:

Consider a financial institution where sensitive customer data is stored in shared directories
accessible by multiple departments. Using security descriptors, the system administrator
would:

1. Assign ownership to the department head.

2. Set up DACLs, ensuring only authorized employees (e.g., managers) can modify the
files.
3. Apply SACLs to log all access attempts for auditing purposes.

This is critical in ensuring that sensitive data isn’t exposed to unauthorized employees or
outsiders in a shared environment.

Potential Vulnerabilities with Default Access Masks:

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
9
SECURITY
 • Overly Broad Access: Default access masks may give more permissions than
required (e.g., full control where read-only is sufficient).
• Unintentional Privilege Escalation: If users inadvertently inherit excessive rights,
this can lead to unauthorized access or modifications.

Recommendations for Improving Access Control:

• Principle of Least Privilege: Ensure that users only have the minimum necessary
permissions to perform their job.
• Regular Auditing: Regularly review access control lists and log access attempts for
anomalies.
• Custom Access Masks: Replace default masks with custom settings that limit access
to essential functions (e.g., read or modify, but not delete).

Applying Security Design Principles to Develop a New Operating System

When developing a new operating system, security must be embedded at every level of the
design process. This is crucial to withstand common cyber threats such as malware, insider
attacks, and privilege escalation.

Security Design Principles:

1. Least Privilege: Each component (process, user) should have the minimum set of
privileges needed to perform its function.
2. Separation of Duties: Tasks should be divided so that no single user has control over
the entire process, minimizing the risk of insider threats.
3. Defense in Depth: Multiple layers of security mechanisms should be applied (e.g.,
authentication, encryption, and firewalls).
4. Fail-Safe Defaults: Default configurations should be secure (e.g., deny access by
default and grant only when explicitly specified).
5. Security through Abstraction: Critical security functions should be isolated from the
user and application space to prevent tampering (e.g., kernel-mode vs. user-mode
execution).
6. Open Design: Security mechanisms should not rely on secrecy but on robust design
principles.

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
10
SECURITY
By applying these principles, the new operating system can resist attacks by reducing the
attack surface, limiting exposure of sensitive components, and implementing secure-by-
design practices.

Safeguarding Sensitive Data in a Financial Institution

A financial institution needs to protect sensitive customer data from unauthorized access.
This requires a mix of technical measures, policies, and enforcement mechanisms.

Security Measures:

1. Access Control Policies: Use role-based access control (RBAC) where access to
customer data is restricted based on job functions (e.g., only customer service reps can
view account info).
2. Encryption: Data at rest and in transit should be encrypted to protect against
interception or breaches.
3. Multi-Factor Authentication (MFA): Enforce MFA for all systems accessing
sensitive data.
4. Intrusion Detection Systems (IDS): Set up monitoring for anomalous access patterns,
especially around critical assets.
5. Regular Audits and Compliance: Implement regular security audits and ensure
compliance with relevant regulations (e.g., General Data Protection Regulation
(GDPR) and Payment Card Industry Data Security Standard (PCI DSS)).

These measures prevent unauthorized access while ensuring that authorized users can access
the data they need for their tasks.

Key Requirements for Ensuring the Security of an Operating System

The security of an operating system (OS) is foundational to the security of the overall
system it controls. Key requirements include:

1. User Authentication: Strong user authentication (passwords, biometrics, MFA)

ensures that only legitimate users access the system.
2. Access Control: Use access control mechanisms (e.g., DACLs, RBAC) to define what
actions users can perform on system resources.

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
11
SECURITY
 3. Data Integrity: Ensure that system data cannot be altered or corrupted without
authorization (use file permissions, checksums, etc.).
4. Confidentiality: Protect sensitive information through encryption, ensuring only
authorized users can access it.
5. Auditing and Logging: Track user actions and system events to detect unauthorized
activities or anomalies.
6. System Hardening: Disable unused services and features, apply security patches, and
minimize the OS’s attack surface.

These requirements ensure that the OS remains secure, controls who can access resources,
and detects security breaches or threats.

Managing Access Rights in a Multi-User Environment for Collaboration

To ensure both security and collaboration among users, access rights must be carefully
managed.

Applying Access Rights:

1. Role-Based Access Control (RBAC): Assign access based on roles. For example,
editors can modify files, viewers can read them, and administrators can delete or move
them.
2. Shared Folders with Group Permissions: Create shared folders with specific group
permissions. For example, a finance group can access financial documents, while a
marketing group can access marketing-related files.
3. Version Control: Use file versioning to keep track of modifications made by different
users. This helps track changes and prevent conflicts in collaborative environments.
4. Fine-Grained Permissions: Apply fine-grained permissions to specific files (e.g.,
read-only for some, read-write for others) depending on the collaboration needs.

File Sharing in a Secure Way:

• Windows Security: Apply NTFS permissions to control who can access shared files.
• Linux/Unix Security: Use user groups and permissions (chmod, chown) to manage
file access securely.
• MAC Security: Apply Access Control Lists (ACLs) to ensure controlled file sharing
between users.

UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
12
SECURITY
UNIT 4 NOTES CCT302 COMPUTER SECURITY BY FIRDOUS SADAF FOR FIFTH SEMESTER CSE CYBER
13
SECURITY