Download Operating System Security - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!
Lecture 18
Operating System Security
Operating System
• An OS allows different users to access
different resources in a shared way
• The OS needs to control
- the sharing and
- provide an interface to allow the access
- Identification and authentication are required for access control
Separation
- Keep one user's objects separate from other users
- Physical separation
- Use different physical resources for different users
- Easy to implement, but expensive and inefficient
- Temporal separation
- Execute different users' programs at different times
- Logical separation
- User is given the impression that no other users exist
- As done by an operating system
- Cryptographic separation
- Encrypt data and make it unintelligible to outsiders
- Complex
Sharing
- Sometimes, users want to share resources
- Library routines (e.g., libc)
- Files or database records
- OS should allow flexible sharing , not “all or nothing”
- Which files or records?
- Which part of a file/record?
- Which other users?
- Can other users share objects further?
- What uses are permitted?
- Read but not write, view but not print (feasibility?)
- Aggregate information only
- For how long?
Measures
- the 2010 Australian Defense Signals Directorate (DSD)
list the “ Top 35 Mitigation Strategies ”
- over 70% of the targeted cyber intrusions investigated by DSD in 2009 could have been prevented
- the top four measures for prevention are:
- patch operating systems and applications using auto-update
- patch third-party applications
- restrict admin privileges to users who need them
- white-list approved applications
Operating System Security
- possible for a system to be compromised during the
installation process
- before it can install the latest patches
- building and deploying a system should be a planned process designed to counter this threat
- process must:
- assess risks and plan the system deployment
- secure the underlying operating system and then the key applications
- ensure any critical content is secured
- ensure appropriate network protection mechanisms are used
- ensure appropriate processes are used to maintain security
NIST System Security Planning
- the purpose of the system, the type of information stored, the applications and services provided, and their security requirements
- the categories of users of the system, the privileges they have, and the types of information they can access
- how the users are authenticated
- how access to the information stored on the system is managed
- what access the system has to information stored on other hosts, such as file or database servers, and how this is managed
- who will administer the system, and how they will manage the system (via local or remote access)
- any additional security measures required on the system, including the use of host firewalls, anti-virus or other malware protection mechanisms, and logging
OPERATING SYSTEM HARDENING
Initial Setup and Patching
- system security begins with the installation of the OS
- ideally new systems should be constructed on a protected network
- full installation and hardening process should occur before the system is deployed to its intended location
- initial installation should install the minimum necessary for the desired system
- overall boot process must also be secured
- the integrity and source of any additional device driver code must be carefully validated
- critical that the system be kept up to date, with all critical security related patches installed - should stage and validate all patches on the test systems before deploying them in production
Remove Unnecessary Services, Applications, Protocols
- if fewer software packages are available to run the risk is reduced - system planning process should identify what is actually required for a given system
- when performing the initial installation the supplied defaults should not be used - default configuration is set to maximize ease of use and functionality rather than security - if additional packages are needed later they can be installed when they are required
- not installing unwanted software
- many uninstall scripts fail to completely remove all components
- disabled service might be enabled by an attacker who got in
Configure Resource Controls
• once the users and groups are defined,
appropriate permissions can be set on data
and resources
• many of the security hardening guides provide
lists of recommended changes to the default
access configuration
Install Additional Security Controls
- further security possible by installing and
configuring additional security tools:
- anti-virus software
- host-based firewalls
- IDS or IPS software
- application white-listing
APPLICATION SECURITY
Application Configuration
- may include:
- creating and specifying appropriate data storage areas for application
- making appropriate changes to the application or service default configuration details
- some applications or services may include:
- default data, scripts, user accounts
- of particular concern with remotely accessed
services such as Web and file transfer services
- risk from this form of attack is reduced by ensuring that most of the files can only be read by the server