Operating System Security
Security refers to providing computer system resources such as CPU, memory, disk, software programmes, and most importantly, data / information contained in the computer system, with a security system. If an unauthorised user is running a computer programme, then he/she can cause serious damage to the computer or the data stored in it.
- Authentication
- One Time passwords
- Program Threats
- System Threats
- Computer Security Classifications
Authentication
Authentication refers to defining each system user and associating those users with executing programmes. The Operating System is responsible for developing a protection system that ensures that a user who is running a specific application is authentic. Typically operating systems define/authenticate users using three ways.
- Username / Password − To login to the system, the user must enter a registered username and password with the operating system.
- User card / key − The user must punch the card in the slot of the card or enter the key created by the key generator in the operating system 's choice for logging into the system.
- User attribute - Fingerprint / eye retina pattern / signature — The user must transfer his / her attribute to the system through the specified input device used by the operating system.
One Time passwords
One-time passwords and standard authentication provide additional security. In the One-Time Password system, every time user tries to log in to the system, a unique password is needed. When you use a one-time password, it can not be used again. One-time passwords are adopted in different ways.
- Random numbers - Users are given cards having numbers printed along with corresponding alphabets. System asks for numbers corresponding to few alphabets randomly selected.
- Secret key − Users are equipped with a hardware system that can establish a secret I d mapped with an user identification. System asks for certain secret Id to be created each time before logging in.
- Network password - Some commercial applications give users one-time passwords on registered mobile / email that must be entered before logging in.
Program Threats
Processes and kernel of the operating system do the assigned role as instructed. If a user application has malicious tasks performed by this method, it is known as Program Threats. A programme installed on a computer that can store and send user credentials to some hackers through the network is one of the common instances of programme threat. A list of several well-known risks to the programme follows.
- Trojan Horse − Such a programme traps user login credentials and caches them to send them to malicious users who can later log in to a computer and access system resources.
- Trap Door − If a programme designed to function as necessary has a security hole in its code and performs illegal action without user knowledge then a trap door is called upon.
- Logic Bomb − Logic bomb is a situation where a programme only misconducts when certain conditions are met otherwise it would work like a genuine programme. It is more difficult to detect.
- Virus − Virus can replicate on the computer system, as the name implies. They are extremely dangerous and can alter / delete user files, crash systems. A virus is a small code generatlly embedded inside a programme. When user accesses the programme, the virus begins to be embedded in other files / programmes and can make the system user unusable.
System Threats
System threats refer to system facilities and network connections being abused in order to bring users in trouble. System threats may be used to initiate system threats, called system attacks, on a complete network. System threats build such an environment that resources / user files are misused for operating system. Below is a list of several well-known risks to the system.
- Worm − Worm is a process that by using system resources to severe levels can choked a system performance down. A Worm process generates its multiple copies in which each copy uses system resources and prevents all other processes from obtaining the resources needed. Processes in Worms can even shut down an entire network.
- Port Scanning − Port scanning is a process or method by which a hacker can detect vulnerabilities in the system to make an attack.
- Denial of Service − Denial of Service Attacks usually prevents the user from using the system legitimately. For example, if a denial of service attacks the content settings of the browser, a user will not be able to access the Internet.
Computer Security Classifications
The U.S., as per There are four protection classifications of computer systems: A, B , C, and D. Department of Defence Trusted Computer System's criteria Specifications for evaluating and analyzing the security of systems and security solutions are commonly used. A brief overview of each classification is given below.
Sr |
Classification Type |
Description |
1 |
Type A |
Highest Level. Uses structured requirements for design and techniques for verification. Gives high degree of process safety assurance. |
2 |
Type B |
Provides the mandatory system of protection. They have all the characteristics of a Class C2 system. Attaches every item to a sensitivity mark. It is composed of three types.
- B1 − Maintains the security mark of each system object. The label is used to make access control decisions.
- B2 − Extends the labels of sensitivity to any system resource, such as storage objects, supports covert channels, and event audit.
- B3 - Allows the creation of access-control lists or user groups to allow access or revoke access to a specified named object.
|
3 |
Type C |
Provides protection and user accountability using audit capabilities. It is of two types.
- C1 − Incorporates controls so that users can protect their private information and prevent other users from reading / deleting their data accidentally. Most UNIX versions are class Cl.
- C2 − Adds an individual-level access control to the capabilities of a Cl level system.
|
4 |
Type D |
Lowest level. Minimum protection. MS-DOS, Window 3.1 fall in this category. |