Q1>What are the requirements of secure operating system

Most modern information computer systems provide concurrent execution of

multiple applications in a single physical computing hardware (which may contain
multiple processing units). Within such a multitasking, time-sharing environment,
individual application jobs share the same resources of the system, e.g., CPU,
memory, disk, and I/O devices, under the control of the operating system. In order
to protect the execution of individual application jobs from possible interference and
attack of other jobs, most contemporary operating systems implement some
abstract property of containment, such as process (or task) and TCB (Task Control
Block), virtual memory space, file, port, and IPC (Inter Process Communication), etc.
An application is controlled that only given resources (e.g., file, process, I/O, IPC) it
can access, and given operations (e.g., execution or read-only) it can perform.
Use of unprotected system resources illegitimately. For example, a worm program
launches attack via emails to all targets in the address book of a user after it gets
control in a user account.
Subversion of application enforced protection through the control of underneath
system. For example, to deface a Web site by gaining the control of the Web server
of the site, say changing a virtual directory in Microsoft IIS.
Gain direct access to protected system resources by misusing privileges. For
example, a compromised sendmail program running as root on a standard Unix
OS will result in super user privileges for the attacker and uncontrolled accesses to
all system resources.
Furnish of bogus security decision-making information. For example, spoof of a file
handle of Suns NFS may easily give remote attackers gaining access to files on the
remote file server.
Q2>what does database security mean.

Database security refers to the collective measures used to protect and secure a database or
database management software from illegitimate use and malicious threats and attacks.
It is a broad term that includes a multitude of processes, tools and methodologies that ensure
security within a database environment.
Database security concerns the use of a broad range of information security controls to protect
databases (potentially including the data, the database applications or stored functions, the
database systems, the database servers and the associated network links) against compromises of
their confidentiality, integrity and availability. It involves various types or categories of controls, such

as technical, procedural/administrative and physical. Database security is a specialist topic within the
broader realms of computer security, information security and risk management.

Database security is generally planned, implemented and maintained by a database administrator

and or other information security professional.
Some of the ways database security is analyzed and implemented include:

Restricting unauthorized access and use by implementing strong and multifactor access and
data management controls.

Load/stress testing and capacity testing of a database to ensure it does not crash in a
distributed denial of service (DDoS) attack or user overload.

Physical security of the database server and backup equipment from theft and natural
disasters

Reviewing existing system for any known or unknown vulnerabilities and defining and
implementing a road map/plan to mitigate them.

Security risks to database systems include, for example:

Unauthorized or unintended activity or misuse by authorized database users, database

administrators, or network/systems managers, or by unauthorized users or hackers (e.g.
inappropriate access to sensitive data, metadata or functions within databases, or inappropriate
changes to the database programs, structures or security configurations);

Malware infections causing incidents such as unauthorized access, leakage or disclosure of

personal or proprietary data, deletion of or damage to the data or programs, interruption or
denial of authorized access to the database, attacks on other systems and the unanticipated
failure of database services;

Overloads, performance constraints and capacity issues resulting in the inability of

authorized users to use databases as intended;

Physical damage to database servers caused by computer room fires or floods, overheating,
lightning, accidental liquid spills, static discharge, electronic breakdowns/equipment failures and
obsolescence;

Design flaws and programming bugs in databases and the associated programs and
systems, creating various security vulnerabilities (e.g. unauthorized privilege escalation), data
loss/corruption, performance degradation etc.;

Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in
database or system administration processes, sabotage/criminal damage etc.

Q3>what is SSL and SET.

1.

SSL (Secure Sockets Layer) is the standard security technology for establishing
an encrypted link between a web server and a browser. This link ensures that all data
passed between the web server and browsers remain private and integral.
The Secure Socket Layer (SSL) and Transport Layer Security (TLS) is the most widely
deployed security protocol used today. It is essentially a protocol that provides a secure
channel between two machines operating over the Internet or an internal network. In todays
Internet focused world, the SSL protocol is typically used when a web browser needs to
securely connect to a web server over the inherently insecure Internet.
Technically, SSL is a transparent protocol which requires little interaction from the end user
when establishing a secure session. In the case of a browser for instance, users are alerted
to the presence of SSL when the browser displays a padlock, or, in the case of Extended
Validation SSL, when the address bar displays both a padlock and a green bar. This is the
key to the success of SSL it is an incredibly simple experience for end users

Secure Electronic Transaction- Although the technology already is in place, Icommerce (Internet Commerce) hasnt really taken off. The primary reason for this
reluctance is that most consumers still consider financial transactions over the
Internet unsafe. In Europe the use of credit cards online is further hindered by
national legislation, that in some countries prohibit online credit card transactions
because these are considered not fulfill the requirement that all card transactions
must be physically signed by the cardholder. In order to eliminate this barrier to the
evolution of Icommerce, a consortium headed by Visa and MasterCard has
developed a standard for secure electronic transactions (SET). SET is a complex
standard combining advanced cryptography for safe data transfer, and hashing
technologies for data integrity, with digital certificates for authentication of the
parties involved in the transaction. Being such a complicated standard there have
been quite some problems with developing and now with implementing it. Another
is the issue of systems integration between merchant side SET-applications and the

business systems already in use. These and many 8 other must be answered before
we can expect SET to become a widely implemented standard.
The purpose of this Project is to research how Internet commerce applications can
be made SET compliant, and to develop a prototype that clarifies the systems
integration process and the main problem areas of the technology involved.. The
task is to develop a prototype to evaluate the difficulties of systems integration
between the SET application and the merchant I-commerce system.
Q4>what is antivirus software and how does it work
An anti-virus software program is a computer program that can be used to scan files to identify and
eliminate computer viruses and other malicious software(malware).
Anti-virus software typically uses two different techniques to accomplish this:

Examining files to look for known viruses by means of a virus dictionary

Identifying suspicious behavior from any computer program which might indicate infection
Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus
dictionary approach.
Virus dictionary approach
In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary
of known viruses that have been identified by the author of the anti-virus software. If a piece of code
in the file matches any virus identified in the dictionary, then the anti-virus software can then either
delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to
spread, or attempt to repair the file by removing the virus itself from the file.
To be successful in the medium and long term, the virus dictionary approach requires periodic online
downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically
minded and technically inclined users can send their infected files to the authors of anti-virus software,
who then include information about the new viruses in their dictionaries.
Dictionary-based anti-virus software typically examines files when the computer's operating system
creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be
detected immediately upon receipt. The software can also typically be scheduled to examine all files
on the user's hard disk on a regular basis.
There are various methods of encrypting and packing malicious software which will make even wellknown viruses undetectable to anti-virus software. Detecting these "camouflaged" viruses requires a
powerful unpacking engine, which can decrypt the files before examining them. Unfortunately, many
popular anti-virus programs do not have this and thus are often unable to detect encrypted viruses.

Companies that sell anti-virus software seem to have a financial incentive for viruses to be written and
to spread, and for the public to panic over the threat.

Q5 write short note

1> Embedded operating system
An embedded operating system is an operating system for embedded computer systems. These
operating systems are designed to be compact, efficient at resource usage, and reliable, forsaking
many functions that non-embedded computer operating systems provide, and which may not be
used by the specialized applications they run. They are frequently also referred to as real-time
operating systems, and the term RTOS is often used as a synonym for embedded operating system.
Usually, the hardware running an embedded operating system is very limited in resources such
as RAM and ROM therefore systems made for embedded hardware tend to be very specific, which
means that due to the available resources (low if compared to non-embedded systems) these
systems are created to cover specific tasks or scopes. In order to get advantage of the processing
power of the main (or only) CPU, system creators often write them in assembly. This machine
efficient language "squeezes" the potentiality in terms of speed and determinism, which means
maximizing the responsiveness of the operating system. Though, it is not an absolute rule that all
embedded operating systems are written in assembly language, as many of them are written in more
portable languages, like C.
An important difference between most embedded operating systems and desktop operating systems
is that the application, including the operating system, is usually statically linked together into a
single executable image. Unlike a desktop operating system, the embedded operating system does
not load and execute applications.[1] This means that the system is only able to run a single
application.

2> Compnents of wireless network

Wireless networking equipment includes wireless hubs, switches, routers, and cards.
Each type of wireless networking component use an Ethernet connection to interface with
a computer, printer, or other wired devices. Most desktop and laptop computers come
with built-in Ethernet adapters and simply need to be connected to a dial-up, cable, or
DSL modem. A wired computer can be connected to a modem through a wireless hub or
wireless switch instead, to create a wireless network.

Wireless networking routers are wireless networking components that act as a gateway between an
Internet connection, such as a cable modem, and a wireless network. Broadband routers are a
combination of an access point and a switch, usually consisting of four Ethernet ports to allow more
devices on the network, such as a printer, and a wide area network (WAN) port for the broadband
connection. Broadband wireless routers include built-in dynamic host configuration protocol (DHCP)
servers, which automatically assign IP addresses to each device connected to the router. The benefit of a
wireless networking router over a wireless hub is the multiple connection capability and additional security
features, such as a firewall.

Most computers produced today come with built-in wireless adapters that automatically detect a wireless
network. Older computers can be outfitted with wireless network components such as a wireless
networking card. Wireless networking cards detect and interface with a wireless network and come in a
variety of networking standards.

he key hardware components of a wireless computer

network includeadapters, routers and access points, antennas andrepeaters.