Chapter 1ObjectivesWhat Is Operating System and Network Security?Operating Systems and SecurityOperating System ComponentsOperating System Functions and ComponentsComputer Networks and SecurityTypes of NetworksResources in an Enterprise NetworkCareers in Information SecurityWhy Security Is NecessaryProtecting Information and ResourcesEnsuring PrivacyFacilitating WorkflowAddressing Security Holes or Software BugsCompensating for Human Error or NeglectSetting Up Local Security PoliciesCost FactorsTypes of AttacksStandalone Workstation or Server AttacksAttacks Enabled by Access to PasswordsAttempting to Log On to a Telnet AccountVirusesWormTrojan HorseBuffer AttacksDenial of Service (DoS) AttacksSource Routing AttackSpoofingE-mail AttackPort ScanningSample TCP PortsUsing the kill Command in Red Hat LinuxManaging Mac OS X Sharing ServicesWireless AttacksOrganizations That Help Prevent Attacks (Continued)Slide 37Hardening Your SystemGeneral Steps to Harden a System (Continued)Slide 40Overview of Operating System Security FeaturesLogon SecurityObjects in a DomainDigital Certificate SecurityFile and Folder SecurityShared Resource SecurityUsing an Access ListSecurity PoliciesRemote Access SecurityWireless SecurityDisaster RecoveryOverview of Network Security FeaturesAuthenticationEncryptionFirewallsTopologyMonitoringSummaryGuide to Operating System SecurityChapter 1Operating Systems Security – Keeping Computers and Networks Secure2 Guide to Operating System SecurityObjectivesExplain what operating system and network security meansDiscuss why security is necessaryExplain the cost factors related to securityDescribe the types of attacks on operating systems and networksDiscuss system hardening, including features in operating systems and networks that enable hardening3 Guide to Operating System SecurityWhat Is Operating System and Network Security?Ability to reliably store, modify, protect, and grant access to information, so that information is only available to designated users4 Guide to Operating System SecurityOperating Systems and SecurityOperating systemsProvide basic programming instructions to computer hardwareInterface with user application software and computer’s BIOS to allow applications to interact with hardwareSecurity issuePotential to provide security functions at every level of operation5 Guide to Operating System SecurityOperating System ComponentsApplication programming interface (API)Basic input/output system (BIOS)Basic form of security: Configure BIOS password securityKernelResource managersDevice drivers6 Guide to Operating System SecurityOperating System Functions and Components7 Guide to Operating System SecurityComputer Networks and SecurityComputer networkSystem of computers, print devices, network devices, and computer software linked by communications cabling or radio and microwavesSecurity issueAll networks have vulnerable points that require security8 Guide to Operating System SecurityTypes of NetworksClassified by reach and complexityLocal area networks (LANs)Metropolitan area networks (MANs)Wide area networks (WANs)Enterprise networks9 Guide to Operating System SecurityResources in an Enterprise Network10 Guide to Operating System SecurityCareers in Information SecurityNumber of jobs has increased by 100% per year since 1998Potential for healthy salaries and organizational advancement11 Guide to Operating System SecurityWhy Security Is NecessaryProtects information and resourcesEnsures privacyFacilitates workflowAddresses security holes and software bugsCompensates for human error or neglect12 Guide to Operating System SecurityProtecting Information and ResourcesSecurity protects information and resources of:BusinessesEducational institutionsGovernmentTelecommutersPersonal users13 Guide to Operating System SecurityEnsuring PrivacyPotential for serious legal and business consequences when an intruder accesses private information14 Guide to Operating System SecurityFacilitating WorkflowPotential for loss of money, data, or both if a step in the work process is compromised due to a security problem15 Guide to Operating System SecurityAddressing Security Holes or Software BugsAfter purchasing a new OS, software, or hardware:Test rigorously for security and reliabilityCheck security defaultsInstall patches immediately16 Guide to Operating System SecurityCompensating forHuman Error or NeglectUse an OS that enables the organization to set up security policiesDevelop written security policiesImplement trainingTest security of new operating systems and software17 Guide to Operating System SecuritySetting Up Local Security Policies18 Guide to Operating System SecurityCost FactorsCost of deploying securityShould be an element in total cost of ownership (TCO)Cost of not deploying security19 Guide to Operating System SecurityTypes of AttacksStandalone workstation or server attacksAttacks enabled by access to passwordsViruses, worms, and Trojan horsesBuffer attacksDenial of serviceSource routing attackSpoofingE-mail attackPort scanningWireless attacks20 Guide to Operating System SecurityStandalone Workstationor Server AttacksEasy to take advantage of a logged-on computer that is unattended and unprotectedAvoid by setting up a password-protected screen saver21 Guide to Operating System SecurityAttacks Enabled by Access to PasswordsUsers defeat password protection bySharing them with othersWriting them down and displaying themAttackers have sophisticated ways of gaining password access22 Guide to Operating System SecurityAttempting to Log On to a Telnet Account23 Guide to Operating System SecurityVirusesVirusAble to replicate throughout a systemInfects a disk/file, which infects other disks/filesSome cause damage; some don’t Virus hoaxE-mail falsely warning of a virus24 Guide to Operating System SecurityWormEndlessly replicates on the same computer, or sends itself to many other computers on a networkContinues to create new files but does not infect existing files25 Guide to Operating System SecurityTrojan HorseAppears useful and harmless, but does harmCan provide hacker with access to or control of the computer26 Guide to Operating System SecurityBuffer AttacksAttacker tricks buffer software into attempting to store more
View Full Document