1

Operating system Security

What is Operating System Security?

The process of ensuring OS availability, confidentiality, integrity is known as operating
system security. OS security refers to the processes or measures taken to protect the

operating system from dangers, including viruses, worms, malware, and remote hacker
intrusions. Operating system security comprises all preventive-control procedures that

protect any system assets that could be stolen, modified, or deleted if OS security is
breached.

Security refers to providing safety for computer system resources like software, CPU,

memory, disks, etc. It can protect against all threats, including viruses and unauthorized
access.

The three cores level of operating system security are:

➢ Integrity
➢ Secrecy
➢ availability

1
 2

Integrity ensures that unauthorized users must not be allowed to access the system’s

objects, and users with insufficient rights should not modify the system’s critical files and
resources.

Secrecy ensures that the system’s objects must only be available to a small number of

authorized users. The system files should not be accessible to everyone; system files
control how data is being stored and retrieved. Examples of system files are:

▪ Device drivers

▪ Dynamic link libraries

▪ Executables

Availability ensures that the system is available to authorized users when they need it

It can be enforced by assuring the operating system's integrity, confidentiality,

and availability. If an illegal user runs a computer application, the computer or data
stored may be seriously damaged.

System security may be threatened through two violations, and these are as follows:

1. Threat: A program that has the potential to harm the system seriously.

2. Attack: A breach of security that allows unauthorized access to a resource.

There are two types of security breaches that can harm the system:

✓ malicious

✓ accidental.

Malicious threats are a type of destructive computer code or web script that is

designed to cause system vulnerabilities that lead to back doors and security breaches.
On the other hand, Accidental Threats are comparatively easier to protect against.

2
 3

Security may be compromised through the breaches. Some of the breaches are as

follows:

1. Breach of integrity

This violation has unauthorized data modification.

2. Theft of service

It involves the unauthorized use of resources.

3. Breach of confidentiality

It involves the unauthorized reading of data.

4. Breach of availability

It involves the unauthorized destruction of data.

5. Denial of service

It includes preventing legitimate use of the system. Some attacks may be accidental.

Types of Threats

There are mainly two types of threats that occur. These are as follows:

Program threats
The operating system's processes and kernel carry out the specified task as directed.
Program Threats occur when a user program causes these processes to do malicious
operations. The common example of a program threat is that when a program is

3
 4

installed on a computer, it could store and transfer user credentials to a hacker. There

are various program threats. Some of them are as follows:

1.Virus

A virus may replicate itself on the system. Viruses are extremely dangerous and can

modify/delete user files as well as crash computers. A virus is a little piece of code that is
implemented on the system program. As the user interacts with the program, the virus

becomes embedded in other files and programs, potentially rendering the system
inoperable.

2. Trojan Horse

This type of application captures user login credentials. It stores them to in order to

transfer to a malicious user who can then log in to the computer and access system
resources.

3. Logic Bomb

A logic bomb is a situation in which software only misbehaves when particular criteria

are met; otherwise, it functions normally.

4. Trap Door

A trap door is when a program that is supposed to work as expected has a security
weakness in its code that allows it to do illegal actions without the user's knowledge.

System Threats
System threats are described as the misuse of system services and network connections
to cause user problems. These threats may be used to trigger the program threats over
an entire network, known as program attacks. System threats make an environment in

4
 5

which OS resources and user files may be misused. There are various system threats.

Some of them are as follows:

1. Port Scanning

It is a method by which the cracker determines the system's vulnerabilities for an attack.
It is a fully automated process that includes connecting to a specific port via TCP/IP. To
protect the attacker's identity, port scanning attacks are launched through Zombie
Systems, which previously independent systems now serve their owners while being

utilized for such terrible purposes.

2. Worm

The worm is a process that can choke a system's performance by exhausting all system
resources. A Worm process makes several clones, each consuming system resources and

preventing all other processes from getting essential resources. Worm processes can
even bring a network to a halt.

3. Denial of Service

Denial of service attacks usually prevents users from legitimately using the system. For

example, if a denial-of-service attack is executed against the browser's content settings,

a user may be unable to access the internet.

Threats to Operating System

There are various threats to the operating system. Some of them are as follows:

5
 6

Malware

It contains viruses, worms, trojan horses, and other dangerous software. These are
generally short code snippets that may corrupt files, delete the data, replicate to

propagate further, and even crash a system. The malware frequently goes unnoticed by
the victim user while criminals silently extract important data.

Network Intrusion

Network intruders are classified as masqueraders, misfeasors, and unauthorized users. A

masquerader is an unauthorized person who gains access to a system and uses an

authorized person's account. A misfeasor is a legitimate user who gains unauthorized

access to and misuses programs, data, or resources. A rascal user takes supervisory
authority and tries to evade access constraints and audit collection.

Buffer Overflow

It is also known as buffer overrun. It is the most common and dangerous security issue
of the operating system. It is defined as a condition at an interface under which more

input may be placed into a buffer and a data holding area than the allotted capacity,
and it may overwrite other information. Attackers use such a situation to crash a system

or insert specially created malware that allows them to take control of the system.

How to ensure Operating System Security?

There are various ways to ensure operating system security. These are as follows:

Authentication

The process of identifying every system user and associating the programs executing
with those users is known as authentication. The operating system is responsible for

6
 7

implementing a security system that ensures the authenticity of a user who is executing

a specific program. In general, operating systems identify and authenticate users in

three ways.

1. Username/Password

Every user contains a unique username and password that should be input correctly
before accessing a system.

2. User Attribution

These techniques usually include biometric verification, such as fingerprints, retina scans,
etc. This authentication is based on user uniqueness and is compared to database

samples already in the system. Users can only allow access if there is a match.

3. User card and Key

To login into the system, the user must punch a card into a card slot or enter a key

produced by a key generator into an option provided by the operating system.

One Time passwords

Along with standard authentication, one-time passwords give an extra layer of security.
Every time a user attempts to log into the One-Time Password system, a unique

password is needed. Once a one-time password has been used, it cannot be reused.
One-time passwords may be implemented in several ways.

1. Secret Key

7
 8

The user is given a hardware device that can generate a secret id that is linked to the
user's id. The system prompts for such a secret id, which must be generated each time
you log in.

2. Random numbers

Users are given cards that have alphabets and numbers printed on them. The system
requests numbers that correspond to a few alphabets chosen at random.

3. Network password

Some commercial applications issue one-time passwords to registered mobile/email

addresses, which must be input before logging in.

Firewalls

Firewalls are essential for monitoring all incoming and outgoing traffic. It imposes local

security, defining the traffic that may travel through it. Firewalls are an efficient way of
protecting network systems or local systems from any network-based security threat.

Physical Security

The most important method of maintaining operating system security is physical

security. An attacker with physical access to a system may edit, remove, or steal

important files since operating system code and configuration files are stored on the
hard drive.

Operating System Security Policies and Procedures

Various operating system security policies may be implemented based on the

organization that you are working in. In general, an OS security policy is a document
that specifies the procedures for ensuring that the operating system maintains a specific

level of integrity, confidentiality, and availability.

OS Security protects systems and data from worms, malware, threats, ransomware,

backdoor intrusions, viruses, etc. Security policies handle all preventative activities and
8
 9

procedures to ensure an operating system's protection, including steal, edited, and

deleted data.

As OS security policies and procedures cover a large area, there are various techniques
to addressing them. Some of them are as follows:

1. Installing and updating anti-virus software

2. Ensure the systems are patched or updated regularly.
3. Implementing user management policies to protect user accounts and privileges.
4. Installing a firewall and ensuring that it is properly set to monitor all incoming
and outgoing traffic.

OS security policies and procedures are developed and implemented to ensure that you

must first determine which assets, systems, hardware, and date are the most vital to
your organization. Once that is completed, a policy can be developed to secure and

safeguard them properly.

HOW TO FIND A SUSPICIOUS PROCESS IN AN OPERATING SYSTEM.

When you are looking for an unwanted program running in your operating system you
should pay attention to the following:

1. When a program lacks an icon or have an icon belonging to a different, popular

program.
2. Lack a description.
3. Lack a vendor name.
4. Have a file that present themselves as Microsoft’s, but don’t have a right
signature (Code signing is the process of
digitally signing executables and scripts to confirm the software author
and guarantee that the code has not been altered or corrupted since it was
signed.).
5. Pay attention to files stored in the windows or window system32 directory, the
system folder should only contain Microsoft applications.
6. Always critically look at compressed or packaged files, Packaging a file or
compressed file is a popular process of bypassing an antivirus programs.

9
 10

7. Have a file that contains suspicious strings or URL.

8. Programs that run behind popular programs such as svchost.exe or Rundll32.exe
processes the programs are used to run processes or run libraries.

It is not always an option to rely on an antivirus and antimalware software. You need to
know how to detect and remove unsolicited programs yourself.

If you suspect that your computer is running a malware, you should do the following:

1. Disconnect it from a network.

2. Identify suspicious process and drivers.
3. Stop unwanted programs.
4. Block the unwanted programs from running automatically at system start.
5. Find and delete program files and registry entries made by programs.
6. Restart the computer and repeat steps 2 to 5.

KNOWN VULNERABILTY ATTACK ON OS

Daily several security holes and vulnerability are being detected on windows OS. If you
fail to install security patches as soon as they become available, you network OS will
cease to be yours. Some of these bugs that may attack your system can put your OS or
the entire system in a jeopardy.

What is Cyber Security?

Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information
technology security or electronic information security. The term applies in a variety of
contexts, from business to mobile computing, and can be divided into a few common
categories.

Objective of cyber security

✓ Identify threat , mitigate threat and reduce vulnerabilities

✓ To establish quantified information security goals annually through management
and reviewed meetings.
✓ To ensure that information assets is always available for use.
✓ To ensure that information integrity is maintained.

10
 11

✓ To prevent data/information theft/data breaches.

✓ Safeguard the security and confidentiality of customer dat.
✓ Anticipate and protect IT systems against threats or hazard.

· Network security is the practice of securing a computer network from intruders,

whether targeted attackers or opportunistic malware.
· Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
· Information security protects the integrity and privacy of data, both in storage and in
transit.
· Operational security includes the processes and decisions for handling and protecting
data assets. The permissions users have when accessing a network and the procedures
that determine how and where data may be stored or shared all fall under this umbrella.
· Disaster recovery and business continuity define how an organization responds to a
cyber-security incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
· End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing to
follow good security practices. Teaching users to delete suspicious email attachments, not
plug in unidentified USB drives, and various other important lessons is vital for the
security of any organization.

Types of cyber threats

11
 12

The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial gain or to
cause disruption.

2. Cyber-attack often involves politically motivated information gathering.

3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common
methods used to threaten cyber-security:

Malware

Malware means malicious software. One of the most common cyber threats, malware is
software that a cybercriminal or hacker has created to disrupt or damage a legitimate
user’s computer. Often spread via an unsolicited email attachment or legitimate-looking
download, malware may be used by cybercriminals to make money or in politically
motivated cyber-attacks.

There are a number of different types of malware, including:

· Virus: A self-replicating program that attaches itself to clean file and spreads
throughout a computer system, infecting files with malicious code.
· Trojans: A type of malware that is disguised as legitimate software.
Cybercriminals trick users into uploading Trojans onto their computer where they
cause damage or collect data.
· Spyware: A program that secretly records what a user does, so that
cybercriminals can make use of this information. For example, spyware could
capture credit card details.
· Ransomware: Malware which locks down a user’s files and data, with the
threat of erasing it unless a ransom is paid.
· Adware: Advertising software which can be used to spread malware.

12
 13

· Botnets: Networks of malware infected computers which cybercriminals use to

perform tasks online without the user’s permission.

What is Vulnerability?
A vulnerability in information system is a flaw or weakness that leaves a system open to
attack that can be exploited by hazards, attacks vectors or cybercriminals to perpetrate an
authorized action or security breach.

Types of vulnerabilities
▪ Hardware vulnerabilities
▪ Software vulnerabilities
▪ Network and Protocol vulnerabilities
▪ Human resource vulnerabilities
▪ Physical and environmental vulnerabilities
▪ Unsecure Data Center and IT facilities

Human resource vulnerabilities

• Irresponsible Employees
• Uninformed Employees
• Unmotivated and disgruntled Employees
• Malicious insider
• Exploited insider
• Careless Insider
▪ Careless slip up
▪ Accidental slip up
▪ Untrained personnel

SQL injection
▪ SQL injection attack is the insertion of nefarious SQL code into a database for
execution.

13
 14

▪ The aim of this attack is to give the cyber criminal control of a data base driven
application.
▪ When access is gained to the database the attacker can then access or delete data,
change an application’s data driven behavior and perform operation that suites the
desire of the attacker.
▪ An SQL injection attack mostly occurs when a software uses data from untrusted
source.

Phishing

Phishing is when cybercriminals target victims with emails that appear to be from a
legitimate company asking for sensitive information. Phishing attacks are often used to
dupe people into handing over credit card data and other personal information.

Man-in-the-middle attack

A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts

communication between two individuals in order to steal data. For example, on an
unsecure WiFi network, an attacker could intercept data being passed from the victim’s
device and the network.

Denial-of-service attack

A denial-of-service attack is where cybercriminals prevent a computer system from

fulfilling legitimate requests by overwhelming the networks and servers with traffic. This
renders the system unusable, preventing an organization from carrying out vital functions.

Zero Day Vulnerability attack

o Zero-day attack is an threat of unknown security vulnerability in an IT resources
for which a patch or fix has not been developed and released or system admin is
unaware of.

14
 15

o An attacker spots the zero-day vulnerability before a fix is developed for it.

o The vulnerability window is time between when the vulnerability is identified and
when it is fixed.

Cyber safety tips - protect yourself against cyberattacks

How can businesses and individuals guard against cyber threats? Here are some cyber
safety tips:

1. Update your software and operating system: This means you benefit from the
latest security patches.
2. Use anti-virus software: Security solutions like Kaspersky Total Security will
detect and removes threats. Keep your software updated for the best level of
protection.
3. Use strong passwords: Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders: These could be
infected with malware.
5. Do not click on links in emails from unknown senders or unfamiliar
websites:This is a common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places: Unsecure networks
leave you vulnerable to man-in-the-middle attacks.

15