Scribd
Upload
126 views

Operating System Security

This document lists 11 group members working on a project about operating system security. It then covers various topics related to security including definitions of security and common problems. It discusses authentication methods like usernames/passwords, encryption of passwords, and one-time passwords. It also outlines approaches to prevention, detection, correction and identification of security issues. Finally, it examines threats like trojan horses, trap doors, worms and viruses.

Uploaded by

M Mudarrak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
126 views

Operating System Security

This document lists 11 group members working on a project about operating system security. It then covers various topics related to security including definitions of security and common problems. It discusses authentication methods like usernames/passwords, encryption of passwords, and one-time passwords. It also outlines approaches to prevention, detection, correction and identification of security issues. Finally, it examines threats like trojan horses, trap doors, worms and viruses.

Uploaded by

M Mudarrak
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 18

GROUP MEMBERS:

M.MUDARRAK JAVED 1436


HUSNAIN MURTAZA 1458
M.KALEEM 1445
USMAN SADIQ 1413
M.ZAIN 1449
ATEEQ-UR-REHMAN 1467
SHAHID MAQBOOL 1441
M.SHAHZAR 1428
IRFAN BABAR 1440
USMAN ATEEQ 1443
SHAHZAIB 1453
OPERATING SYSTEM
SECURITY
Contents:
 What is security?
 Problems of security?
 Authentication?
 Passwords?
 Encrypted passwords
 Onetime passwords
Prevention
Detection
Correction
Identification
Programs threads
System threads
What is security?

Computer security or IT security is the protection of computer


systems from the theft and damage to their hardware, software
or information, as well as from disruption or misdirection of the
services they provide.
Problems of security:

 Security must consider external environment of the system, and


protect it from:
✦ Unauthorized access.
✦ Unauthorized modification of data
✦ Unauthorized destruction of data
 Easier to protect against accidental than malicious misuse.
Authentication:
Authentication is the major security problem for operating system. Protection of the
system depends on identifying programs and process that are executing. Each user
using the system should also be identified.

Three steps of authentication:


 Username / Password− User need to enter a registered username and password
with Operating system to login into the system.
 User card/key − User need to punch card in card slot, or enter key generated by
key generator in option provided by operating system to login into the system.
 User attribute - fingerprint/ eye retina pattern/ signature − User need to pass
his/her attribute via designated input device used by operating system to login into the
system.
Password:
 A password is a string of characters used to verify the identity of a user
during the authentication process.

 Passwords are typically used in conjuncture with a username; they are


designed to be known only to the user and allow that user to gain
access to a device, application or website.

 Passwords can vary in length and can contain letters, numbers and
special characters.
Encrypted password:
 Encryption refers to any process used to make sensitive data more
secure and less likely to be intercepted by those unauthorized to view
it.

 If a device is encrypted, then an attacker can’t access your phone data


easily, because an encryption stores your phone’s data in an
unreadable, seemingly scrambled form.

 There are several modern types of encryption used to protect sensitive


electronic data, such as emails, files, folders and entire drives.
Onetime password:
 A one-time password or pin (OTP) is a password that is valid for only
one login session or transaction, on a computer system or other digital
device.

 The most important advantage that is addressed by OTPs is that, in


contrast to static passwords, they are not vulnerable to replay attacks.

 A second major advantage is that a user who uses the same (or similar)
password for multiple systems, is not made vulnerable on all of them, if
the password for one of these is gained by an attacker.
Prevention:
Preventing measures include the following:

 Passwords should be used after a series of quality checks. Software are


available that can check a password for length and diversity of characters
etc.
 Passwords should be changed at periodic intervals .
 Data should b encrypted when it is transmitted or when it is stored.
 The system entry points should be reduced.
 An interval firewall should be implemented to deny network access from
remote locations.
Detection:

 Detection is a technique of detecting unauthorized access to a


computer system or a computer network.

 An intrusion into a system is an attempt by an outsider to the system


to illegally gain access to the system. Intrusion prevention, on the
other hand, is the art of preventing an unauthorized access of a
system’s resources.
Correction:
if a system has been penetrated, it is necessary to take corrective action.

 Periodic backup should be performed to rollback the system to a


previous state.

 If backup does not exist or its integrity is unknown, entire system may
be reloaded.

 It may be necessary to change all security information. All users may be


required to change their passwords.
Identification:
 Identification is the ability to identify uniquely a user of a system or an
application that is running in the system.

 For example, consider a user who logs on to a system by entering a


user ID and password. The system uses the user ID to identify the user.

 The system authenticates the user at the time of logon by checking


that the supplied passwords is correct.
Program threads:
 Trojan Horse
> Code segment that misuses its environment.
> Exploits mechanisms for allowing programs written by
users to be executed by other users.
> A famous Trojan horse was the so-called “Love Bug”.
 Trap Door
> Specific user identifier or password that circumvents
normal security procedures.
>Could be included in a compiler.
System threads:
 Worms – use spawn mechanism; standalone program Internet worm
✦ Exploited UNIX networking features (remote access) and
bugs in finger and send mail programs.
✦ Grappling hook program uploaded main worm program.
 Viruses – fragment of code embedded in a legitimate program.
✦ Mainly effect microcomputer systems.
✦ Downloading viral programs from public bulletin boards or
exchanging flash drives containing an infection.
✦ Safe computing.
DO YOU HAVE ANY
QUESTION?

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy