Chapter 1ObjectivesWhat Is Operating System and Network Security?Operating Systems and SecurityOperating System ComponentsOperating System Functions and ComponentsComputer Networks and SecurityTypes of NetworksResources in an Enterprise NetworkCareers in Information SecurityWhy Security Is NecessaryProtecting Information and ResourcesEnsuring PrivacyFacilitating WorkflowAddressing Security Holes or Software BugsCompensating for Human Error or NeglectSetting Up Local Security PoliciesCost FactorsTypes of AttacksStandalone Workstation or Server AttacksAttacks Enabled by Access to PasswordsAttempting to Log On to a Telnet AccountVirusesWormTrojan HorseBuffer AttacksDenial of Service (DoS) AttacksSource Routing AttackSpoofingE-mail AttackPort ScanningSample TCP PortsUsing the kill Command in Red Hat LinuxManaging Mac OS X Sharing ServicesWireless AttacksOrganizations That Help Prevent Attacks (Continued)Slide 37Hardening Your SystemGeneral Steps to Harden a System (Continued)Slide 40Overview of Operating System Security FeaturesLogon SecurityObjects in a DomainDigital Certificate SecurityFile and Folder SecurityShared Resource SecurityUsing an Access ListSecurity PoliciesRemote Access SecurityWireless SecurityDisaster RecoveryOverview of Network Security FeaturesAuthenticationEncryptionFirewallsTopologyMonitoringSummaryGuide to Operating System SecurityChapter 1Operating Systems Security – Keeping Computers and Networks Secure2 Guide to Operating System SecurityObjectivesExplain what operating system and network security meansDiscuss why security is necessaryExplain the cost factors related to securityDescribe the types of attacks on operating systems and networksDiscuss system hardening, including features in operating systems and networks that enable hardening3 Guide to Operating System SecurityWhat Is Operating System and Network Security?Ability to reliably store, modify, protect, and grant access to information, so that information is only available to designated users4 Guide to Operating System SecurityOperating Systems and SecurityOperating systemsProvide basic programming instructions to computer hardwareInterface with user application software and computer’s BIOS to allow applications to interact with hardwareSecurity issuePotential to provide security functions at every level of operation5 Guide to Operating System SecurityOperating System ComponentsApplication programming interface (API)Basic input/output system (BIOS)Basic form of security: Configure BIOS password securityKernelResource managersDevice drivers6 Guide to Operating System SecurityOperating System Functions and Components7 Guide to Operating System SecurityComputer Networks and SecurityComputer networkSystem of computers, print devices, network devices, and computer software linked by communications cabling or radio and microwavesSecurity issueAll networks have vulnerable points that require security8 Guide to Operating System SecurityTypes of NetworksClassified by reach and complexityLocal area networks (LANs)Metropolitan area networks (MANs)Wide area networks (WANs)Enterprise networks9 Guide to Operating System SecurityResources in an Enterprise Network10 Guide to Operating System SecurityCareers in Information SecurityNumber of jobs has increased by 100% per year since 1998Potential for healthy salaries and organizational advancement11 Guide to Operating System SecurityWhy Security Is NecessaryProtects information and resourcesEnsures privacyFacilitates workflowAddresses security holes and software bugsCompensates for human error or neglect12 Guide to Operating System SecurityProtecting Information and ResourcesSecurity protects information and resources of:BusinessesEducational institutionsGovernmentTelecommutersPersonal users13 Guide to Operating System SecurityEnsuring PrivacyPotential for serious legal and business consequences when an intruder accesses private information14 Guide to Operating System SecurityFacilitating WorkflowPotential for loss of money, data, or both if a step in the work process is compromised due to a security problem15 Guide to Operating System SecurityAddressing Security Holes or Software BugsAfter purchasing a new OS, software, or hardware:Test rigorously for security and reliabilityCheck security defaultsInstall patches immediately16 Guide to Operating System SecurityCompensating forHuman Error or NeglectUse an OS that enables the organization to set up security policiesDevelop written security policiesImplement trainingTest security of new operating systems and software17 Guide to Operating System SecuritySetting Up Local Security Policies18 Guide to Operating System SecurityCost FactorsCost of deploying securityShould be an element in total cost of ownership (TCO)Cost of not deploying security19 Guide to Operating System SecurityTypes of AttacksStandalone workstation or server attacksAttacks enabled by access to passwordsViruses, worms, and Trojan horsesBuffer attacksDenial of serviceSource routing attackSpoofingE-mail attackPort scanningWireless attacks20 Guide to Operating System SecurityStandalone Workstationor Server AttacksEasy to take advantage of a logged-on computer that is unattended and unprotectedAvoid by setting up a password-protected screen saver21 Guide to Operating System SecurityAttacks Enabled by Access to PasswordsUsers defeat password protection bySharing them with othersWriting them down and displaying themAttackers have sophisticated ways of gaining password access22 Guide to Operating System SecurityAttempting to Log On to a Telnet Account23 Guide to Operating System SecurityVirusesVirusAble to replicate throughout a systemInfects a disk/file, which infects other disks/filesSome cause damage; some don’t Virus hoaxE-mail falsely warning of a virus24 Guide to Operating System SecurityWormEndlessly replicates on the same computer, or sends itself to many other computers on a networkContinues to create new files but does not infect existing files25 Guide to Operating System SecurityTrojan HorseAppears useful and harmless, but does harmCan provide hacker with access to or control of the computer26 Guide to Operating System SecurityBuffer AttacksAttacker tricks buffer software into attempting to store more