Introduction to Cybersecurity and strategy

Operating System
Security And
Techniques
 Introduction to Cybersecurity and strategy

LEARNING OBJECTIVES
At the end of this lesson, you should be able to:

● Explain operating system and its function.

● Describe the steps for securing an operating system.

● Highlight the need for planning operating system security.
● Describe the techniques for securing operating system.
 Introduction to Cybersecurity and strategy

Operating System
What is an operating system?
An operating system is a program that acts as an intermediary between the user of a computer
and the computer hardware, providing a platform for eicient and secure execution of
programs.
The primary goal of an operating system is to manage system resources such as memory, CPU,
storage, and peripherals, allocating them to dierent processes, and ensuring fair and eicient
usage.
 Introduction to Cybersecurity and strategy

Operating System
Some examples of operating systems are Windows, Linux, UNIX and MacOS.
Operating systems are crucial components of computing devices, providing the foundational
software infrastructure necessary for their operation. When we talk about computers, we often
refer to the operating system when naming a device; for example, a Windows machine or an iOS
device.
 Introduction to Cybersecurity and strategy

Operating System
Operating systems play a critical role when it comes to protecting and securing the resources
present in our computer systems.
Additionally, it also functions to provide:
● Abstraction of hardware.
● Controlled hardware access.
● Process Isolation.
When we are looking at the arrangement of a computer system, we first start at the level of the
hardware.
 Introduction to Cybersecurity and strategy

Operating System
At the hardware layer, we have the CPU, physical memory, and other I/O devices. Direct use of
hardware is really diicult. Instead of managing the hardware explicitly, we run a "program"
called an operating system that handles the access and management of the low-level
hardware resources. As a mediator between applications and hardware resources, the
operating system unsurprisingly plays an important role in the security of computer systems.
 Introduction to Cybersecurity and strategy

Operating System security

Each of these layers is vulnerable to aack from below; should the lower layers not also be
secured appropriately? Therefore, there is a need for appropriate hardening measures to be
put in place to provide appropriate security services.
 Introduction to Cybersecurity and strategy

Operating System security

Operating System Hardening
The first critical step in securing a system is to secure the base operating system upon
which all other applications and services rely.
A good security foundation requires regular patching and good configuration of the
operating system. Unfortunately, the default configuration for many operating systems
often maximises ease of use and functionality rather than security.
The requirements for a system should be identified during the planning phase.
 Introduction to Cybersecurity and strategy

Operating System security

The following basic steps should be used to secure an operating
system:
● Update system by installing and patching the operating system.
● Harden and configure the operating system to adequately
address the identified security needs of the system by:
○ Removing unnecessary services, applications, and
protocols.
○ Configuring users, groups, and permissions.
○ Configuring resource controls.
● Deploy antivirus, anti-malware, and intrusion
detection/prevention systems to detect and mitigate malicious
software and unauthorised activities on the system.
 Introduction to Cybersecurity and strategy

Operating System security

Operating System Installation: Initial Setup and Patching
The initial installation should install the minimum necessary
for the desired system, with additional software packages
included only if they are required.

The overall boot process must also be secured.

Change-controlled systems should not run automatic
updates because security patches can, on rare but
significant occasions, introduce instability.
For systems in which availability and uptime are of
paramount importance, all patches must be staged and
validated on test systems before deploying them in
production.
 Introduction to Cybersecurity and strategy

Operating System security

Remove unnecessary services, applications, and
protocols
● Software packages running on a system may
contain software vulnerabilities. Therefore,
minimising the number of software packages can
potentially reduce some security risks.
● Eliminate software that is not required to improve
security. The default configuration for most
distributed systems is set to maximise ease of
use and functionality rather than security.

Therefore, when performing the initial installation, the

supplied defaults should not be used.
The installation should be customised so that only the
required packages are installed.
 Introduction to Cybersecurity and strategy

Operating System security

Configuration of users, groups, and authentication
User accounts can be configured with specific privileges and permissions, dictating what
actions they can perform on the system. All modern operating systems implement access
controls for data and resources.
During the system planning process, it’s essential to consider the dierent categories of
users who will interact with the system. Some users will have elevated privileges to
administer the system; others will be normal users.
Default accounts included during system installation should be secured. Those that are not
required should be either removed or disabled. Passwords installed by default should be
changed to new values.
 Introduction to Cybersecurity and strategy

Operating System security

Configure resource controls
Appropriate permissions can be set on data and resources to match the specified user policy.
This may be to limit which users can read, write, or execute (rwx) some programs, in certain
directory trees.
 Introduction to Cybersecurity and strategy

Operating System security

Install additional security controls
Installing additional security controls is a crucial step in enhancing the overall security posture
of a system with tools such as anti-virus software, host-based firewalls, IDS or IPS software, or
application white-listing. Some are part of the OS installation but not configured and enabled by
default.
Others are third-party products that are acquired and used.
 Introduction to Cybersecurity and strategy

Operating System security

Test the System Security
The final step in the process of initially securing the
base operating system is security testing.
The goal is to ensure that the previous security
configuration steps are correctly implemented.

Suitable checklists are included in many security

-hardening guides.
There are also programs specifically designed to
review a system to ensure that it meets the basic
security requirements.

Scan for known vulnerabilities and poor

configuration practices.
This should be done following the initial hardening
of the system and then repeated periodically.
 Introduction to Cybersecurity and strategy

Application Security
Once the base operating system is installed and appropriately secured, the required services
and applications can be installed and configured.
Software that provides remote access or service is of particular concern, since an aacker may
exploit this to gain remote access to the system.
Any such software needs to be carefully selected, configured, and updated to the most recent
version available. Any installed application must be patched to the most recent supported
secure version appropriate for the system.
 Introduction to Cybersecurity and strategy

Application Security
Application Configuration
● Applications that include default data, scripts, or user
accounts should be reviewed.
● As part of the configuration process, careful
consideration should be given to the access rights
granted to the application.

Encryption Technology
● Encryption is a key enabling technology that may be
used to secure data both in transit and when stored.
● If secure network services are provided, then suitable
public and private keys must be generated.
 Introduction to Cybersecurity and strategy

Security Maintenance
Once the system is appropriately built, secured, and deployed, it’s important to understand
that the process of maintaining security is continuous.
The process of security maintenance includes the following additional steps:
● Monitoring and analysing logging information helps detect and investigate security
incidents.
● Performing regular backups ensures that critical data is protected.
● Regularly testing system security to identify and address potential weaknesses in the
system’s defenses.
● Using appropriate software maintenance processes to patch and update all critical
software.
 Introduction to Cybersecurity and strategy

Security Maintenance
Logging
● Logging ensures that in the event of a system breach or
failure, administrators identify what happened and
focus their remedy and recovery eorts.
● The key is to ensure you capture the correct data in the
logs, and then appropriately monitor and analyse this
data.
● Logging information can be generated by the system,
network, and applications.
● Logging can generate significant volumes of
information. It is important that suicient space is
allocated for them.
 Introduction to Cybersecurity and strategy

Security Maintenance
Data Backup and Archive
● Performing regular backups of data on a system is a
critical control that assists with maintaining the
integrity of the system and user data.
● There are many reasons why data can be lost from a
system, including hardware or software failures, or
accidental or deliberate corruption.
● Backup involves creating duplicates of data to restore
it in case of loss or corruption, while archiving involves
storing copies of data for long-term retention,
typically for months or years.
● Archiving involves storing data for long-term
retention, typically for months or years, to meet legal,
regulatory, or business requirements.
 Introduction to Cybersecurity and strategy

Mid-lesson Questions

Question 1:
Describe what operating system hardening entails
in operating system security.

Answer

Operating system hardening refers to the process

of enhancing the security of an operating system
by reducing its aack surface and minimising
vulnerabilities.
 Introduction to Cybersecurity and strategy

Techniques for Securing Linux/UNIX OS

Resources are available to assist administrators of Linux

security system such as online resources, the “Linux
Documentation Project,” and specific system hardening
guides.

Patch Management
Ensuring that system and application code is kept up to
date with security patches.
Modern Unix and Linux include tools for automatically
downloading and installing software and security updates
to minimise the time a system is vulnerable to known
vulnerabilities for which patches exist.
 Introduction to Cybersecurity and strategy

Techniques for Securing Linux/UNIX OS

For example, Red Hat, Fedora, and CentOS include up2date or
yum; SuSE includes yast; and Debian uses apt-get.

Application and Service Configuration

Configuration of applications and services on Unix and Linux
systems is commonly implemented using separate text files for
each application and service. These configuration files are
typically stored in specific directories, such as /etc or
/usr/local/etc, and follow a specific syntax dictated by the
application or service.

The most critical changes required to enhance system security

involve disabling unnecessary services, particularly those
accessible remotely, as well as applications that are not
essential for system operation.
 Introduction to Cybersecurity and strategy

Techniques for Securing Linux/UNIX OS

Users, Groups, and Permissions
Access is specified by granting read, write, and execute
permissions to each of the user, group, and others, for
each resource.
These are set using the chmod command.
Guides to hardening Unix and Linux systems also often
recommend changing the access permissions for critical
directories and files, in order to further limit access to
them.
Other techniques include
● Logging and Log Rotation
● Security Testing
 Introduction to Cybersecurity and strategy

Techniques for Securing Windows OS

In Windows, system administrators have access to a wide range of resources to assist in
enhancing security. These include online references such as "Microsoft Security Tools and
Checklists" and specific system hardening guides. Globally, organisations are increasingly
adopting a Zero Trust security model, which operates under the principle that no person or
device should have access until safety and integrity are verified. Windows 11 is designed based
on Zero Trust principles, facilitating hybrid productivity and delivering new experiences securely
from any location.
 Introduction to Cybersecurity and strategy

Techniques for Securing Windows OS

Windows 11 raises the security baselines with new requirements for
advanced hardware and software protection that extends from chip to
cloud.
How Windows 11 enables Zero Trust protection
A Zero Trust security model gives the right people the right access at
the right time. Zero Trust security is based on three principles:
● Reduce risk by explicitly verifying data points such as user
identity, location, and device health for every access request,
without exception.
● When verified, give people and devices access to only necessary
resources for the necessary amount of time.
● Use continuous analytics to drive threat detection and improve
defenses.
 Introduction to Cybersecurity and strategy

Techniques for Securing Windows OS

Patch Management
● The “Windows Update” service and the “Windows Server Update Services” assist with
the regular maintenance of Microsoft software, and should be configured and used.
● Many other third-party applications also provide automatic update support, which
should be enabled for selected applications.
 Introduction to Cybersecurity and strategy

Techniques for Securing Windows OS

Users Administration and Access Controls
Users and groups in Windows systems are defined by Security ID (SID).
This information may be stored and used locally, on a single system, in the Security Account
Manager (SAM). It may also be centrally managed for a group of systems belonging to a domain,
with the information supplied by a central Active Directory (AD) system using the LDAP protocol.
Most organisations with multiple systems will manage them using domains.
Windows systems also define privileges, which are system wide and granted to user accounts.
 Introduction to Cybersecurity and strategy

Techniques for Securing Windows OS

Application and Service Configuration

Unlike Unix and Linux systems, much of the configuration information in Windows systems is
centralised in the Registry, This form a database of keys and values that may be queried and
interpreted by applications on these systems.
 Introduction to Cybersecurity and strategy

Techniques for Securing Windows OS

Other Security Controls
Given the predominance of malware that targets Windows systems, it is essential that suitable
anti-virus, anti-spyware, personal firewall, and other malware and aack detection and
handling software packages are installed and configured on such systems.
Windows systems also support a range of cryptographic functions that may be used where
desirable.
These include support for encrypting files and directories using the Encrypting File System
(EFS), and for full-disk encryption with AES using BitLocker.
 Introduction to Cybersecurity and strategy

SUMMARY
In this class, we have studied:
● Operating systems and its function
● Steps for securing operating system
● How to secure applications that sits on operating system
● Techniques for securing Linux/UNIX OS
● Techniques for securing Windows OS
 Introduction to Cybersecurity and strategy

Further reading
● Stalling, W. (2015). Computer security principles and practice.
● Whitman, M. E., & Maord, H. J. (2021). Principles of information security. Cengage
learning.
● Bishop, M. (2004). Introduction to computer security. Addison-Wesley Professional.
● Silberschatz, A; Galvin, P. B. & Gagne, G. (2012). Operating System John, N. J. (2015).
Concepts. Hoboken, Wiley & Sons. Silberschatz, G. & Gagne, G. (2014): Operating system
concept.
Introduction to Cybersecurity and strategy

Thank
You