Lecture 12 Operating System Security by Rab Nawaz Jadoon2

8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2

1/22

Department of Computer Science

DCS

COMSATS Institute ofInformation Technology

OS SecurityRab Nawaz adoonAssistant Professor

COMSATS University, Lahore

Pakistan

Operating System Concepts


2/22


What is security?

Introduction Computer System Security

Internet Security

Remote Sharing

Software Installation

Operating System Security

Access Control

Supervision Resource Allocation


3/22


Why we need security?

World Population roughly 6 billion Computers in this world roughly 2.25 billion

Internet user roughly 2 billions

Millions of computer are tied together viacommunication network (mostly telephonesystem)


4/22


World internet usage

WORLD INTERNET USAGE AND POPULATION STATISTICS

World RegionsPopulation

( 2009 Est.)

Internet Users

Dec. 31, 2000

Internet Users

Latest Data

Penetration

(%

Population)

Growth

2000-2009

Users %

of Table

Africa 991,002,342 4,514,400 86,217,900 8.7 % 1,809.8 % 4.8 %

Asia 3,808,070,503 114,304,000 764,435,900 20.1 % 568.8 % 42.4 %

Europe 803,850,858 105,096,093 425,773,571 53.0 % 305.1 % 23.6 %

Middle East 202,687,005 3,284,800 58,309,546 28.8 % 1,675.1 % 3.2 %

North America 340,831,831 108,096,800 259,561,000 76.2 % 140.1 % 14.4 %

Latin

America/Caribbean 586,662,468 18,068,919 186,922,050 31.9 % 934.5 % 10.4 %

Oceania / Australia 34,700,201 7,620,480 21,110,490 60.8 % 177.0 % 1.2 %

WORLD TOTAL 6,767,805,208 360,985,492 1,802,330,457 26.6 % 399.3 % 100.0 %
http://www.internetworldstats.com/stats1.htmhttp://www.internetworldstats.com/stats3.htmhttp://www.internetworldstats.com/stats4.htmhttp://www.internetworldstats.com/stats5.htmhttp://www.internetworldstats.com/stats14.htmhttp://www.internetworldstats.com/stats10.htmhttp://www.internetworldstats.com/stats10.htmhttp://www.internetworldstats.com/stats6.htmhttp://www.internetworldstats.com/stats6.htmhttp://www.internetworldstats.com/stats10.htmhttp://www.internetworldstats.com/stats10.htmhttp://www.internetworldstats.com/stats14.htmhttp://www.internetworldstats.com/stats5.htmhttp://www.internetworldstats.com/stats4.htmhttp://www.internetworldstats.com/stats3.htmhttp://www.internetworldstats.com/stats1.htm


5/22


Computer security

External Security (Interface Security) Physical Security

Operational Security

Classifications

Division of Responsibilities

Internal Security


6/22


Operational security

Surveillance(mean: close observation, especially of a suspected spy or criminal)Authentication

Threat Monitoring

No Direct Access Surveillance Programs like supervisor

Amplification

Example: Taxpayers information


7/22



Password Protection Weaknesses

Solutions

Auditing

Audit Occasionally

Audit Log


8/22


Operational Security

Access ControlsAccess based on Classifications

Security Kernels

Beginning rather than retrofitted

Hardware Security

Incorporate Operating System Functions


9/22



Fault-Tolerant Systems Hardware rather than Software

Major Portion of Operating System

Fault Detection

Multiple I/O subsystems


10/22


Cryptography

What is Cryptography?A cryptographic Privacy System

Sender

Encryption Unit

Cipher text or cryptogram

Decryption Unit

Receiver

* Decryption Key


11/22


12/22


Viruses

What are Viruses?

How they affect the system?

What are Antiviruses?

Detect Infections

Prevent Infections

Recover Infections

Antiviruses are watchdogs

Sweeper Programs


13/22


Other Malwares

Computer Worms Network based objects

Virus/Worms

Trojan horse

Allows a hacker remote access to a targetcomputer system


14/22


Other Malwares

Spyware What is spyware?

What are adware?

Adwares and Spyware

Spyware, Viruses and Worms


15/22


Spyware

CoolWebSearch, a group of programs, takes advantage of Internet Explorer

vulnerabilities. The package directs traffic to advertisements on Web sites includingcoolwebsearch.com. It displays pop-up ads, rewrites search engine results, and altersthe infected computer's hosts file to direct DNS lookups to these sites.

HuntBar, aka WinTools or Adware.Websearch, was installed by an ActiveX drive-bydownload at affiliate Web sites, or by advertisements displayed by other spywareprogramsan example of how spyware can install more spyware. These programs add

toolbars to IE, track aggregate browsing behavior, redirect affiliate references, anddisplay advertisements.

MyWebSearch (of Fun Web Products) has a plugin that displays a search toolbar nearthe top of a browser window, and it spies to report user search-habits. MyWebSearch isnotable for installing over 210 computer settings, such as over 210 MS Windows registrykeys/values.[39][40] Beyond the browser plugin, it has settings to affect Outlook, email,HTML, XML, etc. Although tools exist to remove MyWebSearch, it can be hand-deletedin 1 hour, by users familiar with using Regedit to find and delete keys/values (namedwith "MyWebSearch"). After reboot, the browser returns to the prior displayappearance.


16/22


Spyware

WeatherStudio has a plugin that displays a window-panel near the bottom of a

browser window. The official website notes that it is easy to remove (uninstall)WeatherStudio from a computer, using its own uninstall-program, such as underC:\Program Files\WeatherStudio. Once WeatherStudio is removed, a browser returns tothe prior display appearance, without the need to modify the browser settings.

Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages toadvertising. When users follow a broken link or enter an erroneous URL, they see apage of advertisements. However, because password-protected Web sites (HTTP Basicauthentication) use the same mechanism as HTTP errors, Internet Optimizer makes itimpossible for the user to access password-protected sites.

Zango (formerly 180 Solutions) transmits detailed information to advertisers about theWeb sites which users visit. It also alters HTTP requests for affiliate advertisementslinked from a Web site, so that the advertisements make unearned profit for the 180Solutions company. It opens pop-up ads that cover over the Web sites of competingcompanies (as seen in their [Zango End User License Agreement]).

Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec andreports information back to Control Server[citation needed]. Some information can bethe search-history, the Websites visited, and even keystrokes.[citation needed] Morerecently, Zlob has been known to hijack routers set to defaults.


17/22


Best Security Suites 2010

avast! Internet Security 5.0 http://www.pcmag.com/article2/0,2817,2358467,00.asp

AVG Internet Security 9.0 http://www.pcmag.com/article2/0,2817,2355028,00.asp

BitDefender Total Security 2010 http://www.pcmag.com/article2/0,2817,2351546,00.asp

Kaspersky Internet Security 2010 http://www.pcmag.com/article2/0,2817,2351568,00.asp

McAfee Total Protection 2010 http://www.pcmag.com/article2/0,2817,2358902,00.asp
http://www.pcmag.com/article2/0,2817,2358467,00.asphttp://www.pcmag.com/article2/0,2817,2355028,00.asphttp://www.pcmag.com/article2/0,2817,2351546,00.asphttp://www.pcmag.com/article2/0,2817,2351568,00.asphttp://www.pcmag.com/article2/0,2817,2358902,00.asphttp://www.pcmag.com/article2/0,2817,2358902,00.asphttp://www.pcmag.com/article2/0,2817,2351568,00.asphttp://www.pcmag.com/article2/0,2817,2351546,00.asphttp://www.pcmag.com/article2/0,2817,2355028,00.asphttp://www.pcmag.com/article2/0,2817,2358467,00.asp


18/22


Firewall

What is Firewall? Hardware Firewall

Broadband Routers

Software Firewall

Norton 360

Norton Internet Security

ESET Security Smart

Kaspersky Internet Security


19/22


Phishing

What is phishing?

Five steps to avoid phishing

Secure Websites (https)

Authenticity of a Website (embedded links)

Thoroughly Investigate before submitting Keep track of your online accounts

Have proper computer protection software


20/22


Summary

Day by day usage of computer systems Hacking risks

Need of protection software

And after that, keep you eyes open whenusing internet or transmitting something onthe network


21/22


Resources

http://howstuffworks.com/ http://pcmag.com/

http://net-security.org/

http://wikipedia.org/

Operating Systems by H.M. Deitel

Operating Systems Concepts by AbrahamSilberschatz, Peter B. Galvin
http://howstuffworks.com/http://pcmag.com/http://net-security.org/http://wikipedia.org/http://wikipedia.org/http://net-security.org/http://net-security.org/http://net-security.org/http://pcmag.com/http://howstuffworks.com/


22/22

Department of Computer Science 22

Lecture 12 Operating System Security by Rab Nawaz Jadoon2

Documents

Transcript of Lecture 12 Operating System Security by Rab Nawaz Jadoon2