This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
From the instant you boot your computer (after the BIOS loads), you are interacting with the operating system. This primary piece of software defines what you can do with the computer system and how you do it. Whether you're interacting with the file system or chatting with someone on an instant messenger program, the operating system is working at the back to provide you with a (hopefully) flawless experience as it interprets your actions and converts them into something your computer can process.
While operating systems differ on many levels, the most common operating systems provide much more than a simple interface between user and machine. Included are programs that offer the user with numerous extras, from simple screen savers to complex file-encryption schemes. Though, it's important to understand that these programs are extras that are added to the OS and are not necessary for the computer to operate.
Numerous users become intimately familiar with the operating system's accessories (such as Solitaire), but forget about the security features that are included to help the user maintain a safe and reliable operating environment. As a result, various information systems exist in an insecure state that leaves the system at risk to a virus infection or a complete compromise by an attacker.
This segment is dedicated to operating system security issues. From setting up a protected home network to creating strong passwords, it's important to understand the details of using an operating system in a safe and secure manner. In today's connected world, it's reckless to set up a computer without regard to security. It takes only one virus or Trojan horse to generate a ripple effect of infected computers and compromised systems.
7.2 WINDOWS COMPONENTS
Control Panel: Allows users to view and manipulate basic system settings and controls, such as adding hardware, adding and removing software, controlling user accounts, changing accessibility options, and so on. Introduced in Windows 1.0
Device Manager: Allows the user to display and control the hardware attached to the computer, and control what device drivers are used.
Windows Mobility Center: Centralizes the most relevant information related to mobile computing.
Windows Security Center: Centralizes and reports on the status of anti-virus, Automatic Updates, Windows Firewall, and other security-related components of the operating system.
7.2.1 Administrative Tools:
Microsoft Management Console: Provides system administrators and advanced users with a flexible interface through which they may configure and monitor the system.
Windows System Assessment Tool: A built-in benchmarking tool that analyzes the different subsystems (graphics, memory, etc), and uses the results to allow for comparison to other Windows Vista systems, and for software optimizations. It rates the computer's concert using the Windows Experience Index.
System Restore: Allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of a system failure.
Windows Recovery Environment: Helps diagnose and recover from serious errors which may be preventing Windows from booting successfully, or restore the computer to a previous state using System Restore or a backup image.
Windows Disk Defragmenter: Rearranges files stored on a hard disk to occupy contiguous storage locations in order to optimize computer performance.
Event Viewer: Lets administrators and users view the event logs on a local or remote machine.
Reliability and Performance Monitor: Lets administrator's analysis current system reliability and performance trends over time.
Logical Disk Manager: A logical volume manager developed by Microsoft in conjunction with Veritas Software. Windows NT 4.0 (as a separate Tool) 2000 (integrated in the Management Console)
Registry Editor: Edits the Windows registry.
Task Scheduler: Allows users to script tasks for running during scheduled intervals Microsoft Plus! for Windows 95
7.2.2 Windows Server components:
Windows Server domain: A logical group of computers that share a central directory and user database. All Windows NT-based versions
Active Directory: (AD) A set of technologies introduced with Windows 2000 that allows administrators to assign enterprise-wide policies, deploy programs to many computers, and apply critical updates to an entire organization. Active Directory stores information and settings linking to an organization in a central, organized, accessible database. Networks can differ from a small installation with a few objects, to global-scale directories with millions of objects.
Domain controller (DC, PDC, BDC): A server that responds to security authentication requests (logging in, checking permissions, etc.) within a Windows Server domain. Earlier to Windows 2000, a domain controller was either a Primary Domain Controller (PDC), of which there could only be one with this role; or a Backup Domain Controller (BDC). In Windows 2000 and later the thought of primary and secondary domain controllers were eliminated, partially to emphasize the multi-master replication technology available in Windows. All Windows NT-based versions
Group Policy (GP, GPO): Provides centralized management of user and computer settings in an Active Directory environment. Group policy can manage a target object's registry, NTFS security, audit and security policy, software installation, logon/logoff scripts, folder redirection, and Internet Explorer settings. Policy settings are stored in Group Policy Objects (GPOs), and may be connected to one or more sites, domains or organizational units.
Internet Information Services (IIS): Web server which is supported by Windows NT family
7.2.3 Core components:
Ntoskrnl.exe: The Windows kernel image. Provides the kernel and supervisory layers of the kernel architecture, and is responsible for services such as hardware virtualization, process and memory management, etc.
hal.dll (HAL): Provides and handles the communication between software and hardware via the Hardware Abstraction Layer.
Core processes (Windows NT):
System idle process (SIP): A counter which measures how much idle capacity the CPU has at any given time. The process runs in the background and monitors processing bandwidth, engaged memory and the Windows virtual paging file.
Session Manager Subsystem (SMSS): Performs several critical boot-time operations, such as the creation of environment variables, starting CSRSS, and performing file-copy operations that were queued up from before the system was booted (pending file rename operations). Through system operation, it handles Windows File Protection and the creation of logon sessions via Winlogon.
Client/Server Runtime Subsystem (CSRSS): User-mode side of the Win32 subsystem. Provides the ability for applications to use the Windows API.
Local Security Authority Subsystem Service (LSASS): Responsible for enforcing the security policy on the system. Verifies users logging on to the computer and generates security tokens.
Winlogon: Responsible for handling the secure attention key, loading the user profile on logon, and optionally locking the computer when a screensaver is running. On Windows NT systems previous to Windows Vista, Winlogon is also responsible for loading GINA libraries which are responsible collecting logon credentials from the user.
Svchost.exe: A generic host process name for services that run from dynamic-link libraries (DLLs). Numerous Svchost processes are typically present on a Windows machine, each running in a different security context, depending on what privileges the contained services require.
Windows on Windows and WOW64 (WoW): An abstraction layer that allows legacy code to operate on more modern versions of Windows; typically this means running 16-bit Windows applications on 32-bit Windows, and 32-bit applications on 64-bit Windows.
Virtual DOS machine (NTVDM): Allows MS-DOS programs to run on Intel 80386 or higher computers when there is already another operating system running and controlling the hardware. Introduced in Windows 2.1; not existing in any 64-bit edition of Windows.
Alerter service: Sends administrative alerts over the network to client computers, administrators and users.
Application Layer Gateway service: Provides support for plugins that allow network protocols to pass through Windows Firewall and work behind Internet Connection Sharing.
Application Management: Processes requests to enumerate, install, and remove applications that are installed on the computer or deployed through an organization's network.
Background Intelligent Transfer Service: Transfers files between machines using idle network bandwidth. Used by Windows Update, Windows Server Update Services, and Systems Management Server to distribute software updates to clients, as well as by Windows Messenger.
Event Log: Stores and retrieves events that can be viewed in the event viewer. Part of services.exe.
Indexing Service: Indexes contents and properties of files on local and remote computers; provides quick access to files through flexible querying language.
Security Account Manager: Manages user account security information.
System Event Notification: Monitors system events, such as network, power, logon, logoff, terminal services session connection and disconnection, and delivers these to applications and other system components.
Messenger service: Allows users to send pop-up messages to other computers over the network.
SELF CHECK 7.2
Define the importance of the windows components?
Illustrate the important services used in WIN systems?
7.3 LINUX COMPONENTS
Linux itself is not innately security-focused; however, many distributions and projects attempt to make Linux secure.
Adamantix is a Debian-based, security-focused Linux distribution (formerly named Trusted Debian). It employs a PaX and ProPolice protected base, and uses the RSBAC Mandatory access control system.
Annvix was originally forked from Mandriva to provide a security-focused server distribution that employs ProPolice protection, hardened configuration, and a small footprint. Plans are to comprise full support for the RSBAC Mandatory access control system in the near future.
EnGarde Secure Linux
EnGarde Secure Linux is a secure platform designed for servers. It has boasted a browser-based tool for MAC with SELinux since 2003. In addition, it can be accompanied with Web, DNS, and Email enterprise applications, specifically focusing on security without any unnecessary software. The community platform of EnGarde Secure Linux is the bleeding-edge version freely obtainable for download.
Fedora is a free, Red Hat sponsored society developed Linux distribution. It is the only mainstream Linux distribution with a concentrated effort to improve system security, as a consequence it boasts a fully integrated SELinux MAC and fine-grained executable memory permission system (Exec Shield) and all binaries compiled with GCC's standard stack-smashing protection, as well as focusing on getting security updates into the system in a timely manner.
Hardened Gentoo is a subproject of the Gentoo Linux project. Hardened Gentoo offers a ProPolice sheltered and Position Independent Executable base using the exact same package tree as Gentoo. Executable space security in Hardened Gentoo is handled by PaX.
The Hardened Gentoo project is a tremendously modular project, and also provides subprojects to integrate other intrusion-detection and Mandatory access control systems into Gentoo. All of these can be optionally installed in any amalgamation, with or without PaX and a ProPolice base.
Hardened Linux is a small distribution for firewalls, intrusion detection systems, VPN-gateways and authentication jobs that is still under heavy development. It consists of GRSecurity, PaX and GCC stack smashing protection.
Immunix is a commercial distribution of Linux focused heavily on security. They provide many systems of their own making, including StackGuard; cryptographic signing of executables; race condition patches; and format string exploit guarding code. Immunix conventionally releases older versions of their distribution free for non-commercial use.
Note that the Immunix allocation itself is licensed under two licenses: The Immunix commercial and non-commercial licenses. Numerous tools within are GPL, however; as is the kernel.
Owl by a developer known as Solar Designer was the first distribution to have a non-executable userspace stack, /tmp race condition protection and access control restrictions to /proc data, by way of a kernel patch. It also features a per-user tmp directory via the pam_mktemp PAM module, and provides the Blowfish password encryption.
Red Hat Enterprise Linux
Red Hat Enterprise Linux - offers the similar security benefits as Fedora with the additional support of back-porting security fixes to the released versions of the packages (particularly the kernel) so the sys-admin does not have to perform a significant (and risky) upgrade to get a security fix.
SELF CHECK 7.3
Define how linux components used in operating system?
How Linux system is differing from the WIN system?
7.4 ACCOUNT SECURITY
7.4.1 Security Accounts Manager:
The Security Accounts Manager (SAM) is a database stored as a registry file in Windows 2000, Windows NT, and later versions of Windows which stores users' passwords in a hashed format (in LM hash and NTLM hash). Because a hash function is one-way, this provides some measure of security for the storage of the passwords.
In an effort to improve the security of the SAM database against offline software cracking, Microsoft introduced the SYSKEY function in Windows NT 4.0. When SYSKEY is enabled, the on-disk copy of the SAM file is moderately encrypted, so that the password hash values for all local accounts stored in the SAM are encrypted with a key (usually also referred to as the "SYSKEY").
In the case of online attacks, it is not likely to simply copy the SAM file to another location. The SAM file cannot be stimulated or copied while Windows is running, since the Windows kernel obtains and keeps an exclusive filesystem lock on the SAM file, and will not release that lock until the operating system has shut down or a blue screen exception has been thrown. Though, the in-memory copy of the contents of the SAM can be dumped using various techniques, making the password hashes available for offline brute-force attack.
Removing LM Hash:
The majority versions of Windows can be configured to disable the creation and storage of valid LM hashes when the user changes their password. This is the evasion setting in Windows Vista, but was disabled by default in previous versions of Windows. Note: enabling this setting does not instantly clear the LM hash values from the SAM, but rather enables an additional check during password change operations that will instead store a "dummy" value in the location in the SAM database where the LM hash is otherwise stored. (This dummy value has no relationship to the user's password - it is the same value used for all user accounts.)
As well, LM hashes cannot be calculated when the user chooses a password of over 14 characters in length. Therefore, when a user (or administrator) sets a password of 15 characters or longer, the LM hash value is set to a "dummy" value, which is not valid for authentication purposes.
7.4.2 UNIX Computer Account Security:
If your accounts are not safe, then your other steps won't help much. There is common password security as well as special steps to take for each type of account.
You want to make sure all accounts have a non-guessable password.
To make sure that the passwords are not guessable, use crack on a regular basis. In addition, be sure that passwords are changed from time to time. Preferably, use one time passwords such as skey.
Accounts ought to be disabled when there are several bad logins in a row. An easy way to execute password security on HP systems is using HP's trusted system package (via SAM). This is only accessible if you are NOT running NIS or NIS+.
Be sure that passwords are not written down. Frequently people will use their license plate numbers or children's names. Unfortunately, these are very simple to guess passwords. Also, they will employ passwords from their favorite hobby. Have your password dictionary comprise checking these passwords.
It is easiest to track changes and security violations when very few people who have root access, The root password needs to be a strong non-guessable password. In addition, alter the root password every 3 months & whenever someone leaves company. Constantly logout of root shells; never leave root shells unattended.
The merely place where root should be able to log onto directly should be the console (as specified in /etc/securetty). Just root should have UID 0.
Check root dot files for security weakness. Aliases should have complete pathnames. Root ought to NEVER have "." in path. The root dot files must ONLY have 700 permissions. The negligible umask for root is 022 (rwxr-xr-x). It is better to contain a umask of 077 (rwx------) but often this isn't practical.
To keep away from trojan horse programs, always use full pathnames. Also, by no means allow non-root write access to ANY directories in root's path. If possible, do not make root's tmp files in publicly writable directories.
As with any account, only create guest accounts for the time it s required. Remove the account when its use is completed. Use substandard account names for guest accounts. Do not use "guest". Instead employ account names such as: "fixomni" or "oratmp".
Guest accounts should have a strong password and a limited shell. If logical, give guest accounts a strong umask such as 077.
User accounts should not be shared. Eradicate user accounts upon termination. Disable login for well identified accounts that do not need direct login access (bin,daemon,sys,uucp,lp,adm).
User accounts must have a strong password and in some cases, a restricted shell. If logical, give guest accounts a strong umask such as 077.
7.4.3 Windows XP Secure User Accounts
User Account Settings
The first thing you must do is determine how complex user accounts need to be. Operating the computer as the default administrator on a regular basis is not advisable. This opens up an array of possible vulnerabilities. I'll illustrate you a command to access admin functions as a regular user shortly. I suggest only one administrative account per computer and one limited user account for each person having access to the computer.
Start menu > control panel > user accounts > create a new account for each person who will use the computer. Prefer limited account type for each user.
Go into every account and have the user choose a unique password. Six to Eight characters alpha and numeric is perfect.
Having limited access users adds to the safety of the system, but includes a small hurdle when attempting to run certain applications, install software, or apply updates. Run As is a authority that runs a program as an administrator from a limited account.
Locate the icon of the program you wish to run
Hold down SHIFT and right click the icon
Click Run as
Run the program as the following user
Choose the username of the admin account and type in the password
The program will commence as if the administrator account was logged in.
Now we'll require configuring folder options for each user.
File Extensions and Association
File extensions are the three letters following the period in a file name. The alliance is the program that opens those files relative to their extension.
.html - Internet Explorer
.doc - Microsoft Word
.txt - Notepad
By defaulting Windows hides these extensions from the user. So, a file named "Homework.exe" (exe = executable) would be seen only as "Homework". This is a camouflaged technique of viruses and such. To cure this problem we'll need to change the folder options for each user.
Start menu > control panel > folder options > view tab
Uncheck "Hide file extension for known file types"
Now we can recognize what type of file we are clicking on.
Click on File Types tab
Click on the extensions JS, JSE, OTF, REG, SCT, SHB, SHS, VBE, VBS, WSC, WSF, and WSH
For each click the Change button and select notepad
The most common malicious software uses those extensions. If you mistakenly click on "virus-name.jse", it will now open in notepad and not execute the code.
Secure Windows XP registry, logs, and passwords
Windows XP stores security related items in the folders C:\Windows\Repair and C:\Windows\System32\config. Browse to their location and permit only the administrator and the system access.
My computer > C drive (windows installation drive) > Windows
Right click over the Repair folder
Click on the Security tab
Uncheck Allow for all but "List Folder Contents"
Each user has a password protected account
Admin rights are not active during daily use
The Run As command is a safe way to administer the computer
File extensions are readily identified to the user
File association's link to safe programs
Important Windows folders are protected from general users
This was a basic security configuration tutorial related to user accounts for the Windows XP Home operating system.
Keep in mind all the security configurations in the world won't help a user with careless activity.
SELF CHECK 7.4
Define the usage of SAM in Windows system?
Define the Win XP account security system?
This is the seventh module for the internet security course. This module explains the security aspects of the operating system.
In this chapter you have learnt security aspects of windows operating system which includes admin components, and also this chapter clearly brief about the windows server components and the core components which is used by the operating system.
In addition, this chapter also explains about the linux components which explains about the Adamantix and fedora security aspects.
Finally this chapter illustrates about the account security policy which is used by windows as well as UNIX system, and also this chapter gives outline about the SAM aspects in windows platform.
A. True/False Questions
Operating system security policies have been enforced to protect the whole network which is using the same vendor OS. (TRUE/FALSE)
When we boot the system initially the BIOS systems will helps to interact with the operating system. (TRUE/FALSE)
Device Manager is used to reinstall the hardware components of the system. (TRUE/FALSE)
System Restore helps users to roll back of system files, registry keys, and installed programs. (TRUE/FALSE)
Windows Disk Defragmenter is introduced in Windows 95. (TRUE/FALSE)
Registry Editor is very much helpful to edit the registry setup of the operating system. (TRUE/FALSE)
Active Directory technology is introduced with Windows 2000. (TRUE/FALSE)
Win logon helps the user to login to the password protected computer with out using the administrator password. (TRUE/FALSE)
Event Log methodology is manages the user account security information. (TRUE/FALSE)
Annvix provide a security-focused server distribution in linux environment. (TRUE/FALSE)
B. Multiple Choice Questions
___________ allows users to view and manipulate basic system settings and controls.
Automatic Updates, Windows Firewall, and other security-related components of the operating system is controlled by
Windows Security Center
B and C
Active Directory is a set of technologies which is introduced in ___________
Which one is a well know web server which is operates in windows platform?
None of the above
Which one is Stores and retrieves events that can be viewed in the event viewer?
Event Log - ans
B and C
Which database stored as a registry file in Windows 2000, Windows NT, and later versions of Windows?
None of the above
Which method allows users to send pop-up messages to other computers over the network?
Which one formerly named Trusted Debian on linux platform?
Which technique is used to encrypt SAM file?
__________ is an abstraction layer that allows legacy code to operate on more modern versions of Windows.
All of the above