Post on 03-Jun-2018
transcript
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
1/22
Department of Computer Science
DCS
COMSATS Institute ofInformation Technology
OS SecurityRab Nawaz adoonAssistant Professor
COMSATS University, Lahore
Pakistan
Operating System Concepts
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
2/22
Department of Computer Science
What is security?
Introduction Computer System Security
Internet Security
Remote Sharing
Software Installation
Operating System Security
Access Control
Supervision Resource Allocation
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
3/22
Department of Computer Science
Why we need security?
World Population roughly 6 billion Computers in this world roughly 2.25 billion
Internet user roughly 2 billions
Millions of computer are tied together viacommunication network (mostly telephonesystem)
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
4/22
Department of Computer Science
World internet usage
WORLD INTERNET USAGE AND POPULATION STATISTICS
World RegionsPopulation
( 2009 Est.)
Internet Users
Dec. 31, 2000
Internet Users
Latest Data
Penetration
(%
Population)
Growth
2000-2009
Users %
of Table
Africa 991,002,342 4,514,400 86,217,900 8.7 % 1,809.8 % 4.8 %
Asia 3,808,070,503 114,304,000 764,435,900 20.1 % 568.8 % 42.4 %
Europe 803,850,858 105,096,093 425,773,571 53.0 % 305.1 % 23.6 %
Middle East 202,687,005 3,284,800 58,309,546 28.8 % 1,675.1 % 3.2 %
North America 340,831,831 108,096,800 259,561,000 76.2 % 140.1 % 14.4 %
Latin
America/Caribbean 586,662,468 18,068,919 186,922,050 31.9 % 934.5 % 10.4 %
Oceania / Australia 34,700,201 7,620,480 21,110,490 60.8 % 177.0 % 1.2 %
WORLD TOTAL 6,767,805,208 360,985,492 1,802,330,457 26.6 % 399.3 % 100.0 %
http://www.internetworldstats.com/stats1.htmhttp://www.internetworldstats.com/stats3.htmhttp://www.internetworldstats.com/stats4.htmhttp://www.internetworldstats.com/stats5.htmhttp://www.internetworldstats.com/stats14.htmhttp://www.internetworldstats.com/stats10.htmhttp://www.internetworldstats.com/stats10.htmhttp://www.internetworldstats.com/stats6.htmhttp://www.internetworldstats.com/stats6.htmhttp://www.internetworldstats.com/stats10.htmhttp://www.internetworldstats.com/stats10.htmhttp://www.internetworldstats.com/stats14.htmhttp://www.internetworldstats.com/stats5.htmhttp://www.internetworldstats.com/stats4.htmhttp://www.internetworldstats.com/stats3.htmhttp://www.internetworldstats.com/stats1.htm8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
5/22
Department of Computer Science
Computer security
External Security (Interface Security) Physical Security
Operational Security
Classifications
Division of Responsibilities
Internal Security
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
6/22
Department of Computer Science
Operational security
Surveillance(mean: close observation, especially of a suspected spy or criminal)Authentication
Threat Monitoring
No Direct Access Surveillance Programs like supervisor
Amplification
Example: Taxpayers information
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
7/22
Department of Computer Science
Operational security
Password Protection Weaknesses
Solutions
Auditing
Audit Occasionally
Audit Log
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
8/22
Department of Computer Science
Operational Security
Access ControlsAccess based on Classifications
Security Kernels
Beginning rather than retrofitted
Hardware Security
Incorporate Operating System Functions
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
9/22
Department of Computer Science
Operational security
Fault-Tolerant Systems Hardware rather than Software
Major Portion of Operating System
Fault Detection
Multiple I/O subsystems
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
10/22
Department of Computer Science
Cryptography
What is Cryptography?A cryptographic Privacy System
Sender
Encryption Unit
Cipher text or cryptogram
Decryption Unit
Receiver
* Decryption Key
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
11/22
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
12/22
Department of Computer Science
Viruses
What are Viruses?
How they affect the system?
What are Antiviruses?
Detect Infections
Prevent Infections
Recover Infections
Antiviruses are watchdogs
Sweeper Programs
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
13/22
Department of Computer Science
Other Malwares
Computer Worms Network based objects
Virus/Worms
Trojan horse
Allows a hacker remote access to a targetcomputer system
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
14/22
Department of Computer Science
Other Malwares
Spyware What is spyware?
What are adware?
Adwares and Spyware
Spyware, Viruses and Worms
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
15/22
Department of Computer Science
Spyware
CoolWebSearch, a group of programs, takes advantage of Internet Explorer
vulnerabilities. The package directs traffic to advertisements on Web sites includingcoolwebsearch.com. It displays pop-up ads, rewrites search engine results, and altersthe infected computer's hosts file to direct DNS lookups to these sites.
HuntBar, aka WinTools or Adware.Websearch, was installed by an ActiveX drive-bydownload at affiliate Web sites, or by advertisements displayed by other spywareprogramsan example of how spyware can install more spyware. These programs add
toolbars to IE, track aggregate browsing behavior, redirect affiliate references, anddisplay advertisements.
MyWebSearch (of Fun Web Products) has a plugin that displays a search toolbar nearthe top of a browser window, and it spies to report user search-habits. MyWebSearch isnotable for installing over 210 computer settings, such as over 210 MS Windows registrykeys/values.[39][40] Beyond the browser plugin, it has settings to affect Outlook, email,HTML, XML, etc. Although tools exist to remove MyWebSearch, it can be hand-deletedin 1 hour, by users familiar with using Regedit to find and delete keys/values (namedwith "MyWebSearch"). After reboot, the browser returns to the prior displayappearance.
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
16/22
Department of Computer Science
Spyware
WeatherStudio has a plugin that displays a window-panel near the bottom of a
browser window. The official website notes that it is easy to remove (uninstall)WeatherStudio from a computer, using its own uninstall-program, such as underC:\Program Files\WeatherStudio. Once WeatherStudio is removed, a browser returns tothe prior display appearance, without the need to modify the browser settings.
Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages toadvertising. When users follow a broken link or enter an erroneous URL, they see apage of advertisements. However, because password-protected Web sites (HTTP Basicauthentication) use the same mechanism as HTTP errors, Internet Optimizer makes itimpossible for the user to access password-protected sites.
Zango (formerly 180 Solutions) transmits detailed information to advertisers about theWeb sites which users visit. It also alters HTTP requests for affiliate advertisementslinked from a Web site, so that the advertisements make unearned profit for the 180Solutions company. It opens pop-up ads that cover over the Web sites of competingcompanies (as seen in their [Zango End User License Agreement]).
Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec andreports information back to Control Server[citation needed]. Some information can bethe search-history, the Websites visited, and even keystrokes.[citation needed] Morerecently, Zlob has been known to hijack routers set to defaults.
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
17/22
Department of Computer Science
Best Security Suites 2010
avast! Internet Security 5.0 http://www.pcmag.com/article2/0,2817,2358467,00.asp
AVG Internet Security 9.0 http://www.pcmag.com/article2/0,2817,2355028,00.asp
BitDefender Total Security 2010 http://www.pcmag.com/article2/0,2817,2351546,00.asp
Kaspersky Internet Security 2010 http://www.pcmag.com/article2/0,2817,2351568,00.asp
McAfee Total Protection 2010 http://www.pcmag.com/article2/0,2817,2358902,00.asp
http://www.pcmag.com/article2/0,2817,2358467,00.asphttp://www.pcmag.com/article2/0,2817,2355028,00.asphttp://www.pcmag.com/article2/0,2817,2351546,00.asphttp://www.pcmag.com/article2/0,2817,2351568,00.asphttp://www.pcmag.com/article2/0,2817,2358902,00.asphttp://www.pcmag.com/article2/0,2817,2358902,00.asphttp://www.pcmag.com/article2/0,2817,2351568,00.asphttp://www.pcmag.com/article2/0,2817,2351546,00.asphttp://www.pcmag.com/article2/0,2817,2355028,00.asphttp://www.pcmag.com/article2/0,2817,2358467,00.asp8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
18/22
Department of Computer Science
Firewall
What is Firewall? Hardware Firewall
Broadband Routers
Software Firewall
Norton 360
Norton Internet Security
ESET Security Smart
Kaspersky Internet Security
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
19/22
Department of Computer Science
Phishing
What is phishing?
Five steps to avoid phishing
Secure Websites (https)
Authenticity of a Website (embedded links)
Thoroughly Investigate before submitting Keep track of your online accounts
Have proper computer protection software
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
20/22
Department of Computer Science
Summary
Day by day usage of computer systems Hacking risks
Need of protection software
And after that, keep you eyes open whenusing internet or transmitting something onthe network
8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
21/22
Department of Computer Science
Resources
http://howstuffworks.com/ http://pcmag.com/
http://net-security.org/
http://wikipedia.org/
Operating Systems by H.M. Deitel
Operating Systems Concepts by AbrahamSilberschatz, Peter B. Galvin
http://howstuffworks.com/http://pcmag.com/http://net-security.org/http://wikipedia.org/http://wikipedia.org/http://net-security.org/http://net-security.org/http://net-security.org/http://pcmag.com/http://howstuffworks.com/8/12/2019 Lecture 12 Operating System Security by Rab Nawaz Jadoon2
22/22
Department of Computer Science 22