Department of Computer Science

DCS
COMSATS Institute of
Information Technology
OS Security
Assistant Professor
COMSATS University, Lahore
Pakistan
Operating System Concepts
Department of Computer Science
What is security?
Introduction
Computer System Security
Internet Security
Remote Sharing
Software Installation
Operating System Security
Access Control
Supervision
Resource Allocation
Department of Computer Science
Why we need security?
World Population roughly 6 billion
Computers in this world roughly 2.25 billion
Internet user roughly 2 billions
Millions of computer are tied together via
communication network (mostly telephone
system)
Department of Computer Science
World internet usage
WORLD INTERNET USAGE AND POPULATION STATISTICS
World Regions
Population
( 2009 Est.)
Internet Users
Dec. 31, 2000
Internet Users
Latest Data
Penetration
(%
Population)
Growth
2000-2009
Users %
of Table
Africa 991,002,342 4,514,400 86,217,900 8.7 % 1,809.8 % 4.8 %
Asia 3,808,070,503 114,304,000 764,435,900 20.1 % 568.8 % 42.4 %
Europe 803,850,858 105,096,093 425,773,571 53.0 % 305.1 % 23.6 %
Middle East 202,687,005 3,284,800 58,309,546 28.8 % 1,675.1 % 3.2 %
North America 340,831,831 108,096,800 259,561,000 76.2 % 140.1 % 14.4 %
Latin
America/Caribbean
586,662,468 18,068,919 186,922,050 31.9 % 934.5 % 10.4 %
Oceania / Australia 34,700,201 7,620,480 21,110,490 60.8 % 177.0 % 1.2 %
WORLD TOTAL 6,767,805,208 360,985,492 1,802,330,457 26.6 % 399.3 % 100.0 %
Department of Computer Science
Computer security
External Security (Interface Security)
Physical Security
Operational Security
Classifications
Division of Responsibilities
Internal Security
Department of Computer Science
Operational security
Surveillance
(mean: close observation, especially of a suspected spy or criminal)
Authentication
Threat Monitoring
No Direct Access
Surveillance Programs like supervisor
Amplification
Example: Taxpayers information
Department of Computer Science
Operational security
Password Protection
Weaknesses
Solutions
Auditing
Audit Occasionally
Audit Log
Department of Computer Science
Operational Security
Access Controls
Access based on Classifications
Security Kernels
Beginning rather than retrofitted
Hardware Security
Incorporate Operating System Functions
Department of Computer Science
Operational security
Fault-Tolerant Systems
Hardware rather than Software
Major Portion of Operating System
Fault Detection
Multiple I/O subsystems
Department of Computer Science
Cryptography
What is Cryptography?
A cryptographic Privacy System
Sender
Encryption Unit
Cipher text or cryptogram
Decryption Unit
Receiver
* Decryption Key
Department of Computer Science
Cryptography
Cryptanalysis
A process of attempting to regenerate plaintext
from cipher text but without knowing the
decryption key
Public Key Systems
Different Keys
Digital Signature
Department of Computer Science
Viruses
What are Viruses?
How they affect the system?
What are Antiviruses?
Detect Infections
Prevent Infections
Recover Infections
Antiviruses are watchdogs
Sweeper Programs
Department of Computer Science
Other Malwares
Computer Worms
Network based objects
Virus/Worms
Trojan horse
Allows a hacker remote access to a target
computer system
Department of Computer Science
Other Malwares
Spyware
What is spyware?
What are adware?
Adwares and Spyware
Spyware, Viruses and Worms
Department of Computer Science
Spyware
CoolWebSearch, a group of programs, takes advantage of Internet Explorer
vulnerabilities. The package directs traffic to advertisements on Web sites including
coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters
the infected computer's hosts file to direct DNS lookups to these sites.
HuntBar, aka WinTools or Adware.Websearch, was installed by an ActiveX drive-by
download at affiliate Web sites, or by advertisements displayed by other spyware
programsan example of how spyware can install more spyware. These programs add
toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and
display advertisements.
MyWebSearch (of Fun Web Products) has a plugin that displays a search toolbar near
the top of a browser window, and it spies to report user search-habits. MyWebSearch is
notable for installing over 210 computer settings, such as over 210 MS Windows registry
keys/values.[39][40] Beyond the browser plugin, it has settings to affect Outlook, email,
HTML, XML, etc. Although tools exist to remove MyWebSearch, it can be hand-deleted
in 1 hour, by users familiar with using Regedit to find and delete keys/values (named
with "MyWebSearch"). After reboot, the browser returns to the prior display
appearance.
Department of Computer Science
Spyware
WeatherStudio has a plugin that displays a window-panel near the bottom of a
browser window. The official website notes that it is easy to remove (uninstall)
WeatherStudio from a computer, using its own uninstall-program, such as under
C:\Program Files\WeatherStudio. Once WeatherStudio is removed, a browser returns to
the prior display appearance, without the need to modify the browser settings.
Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to
advertising. When users follow a broken link or enter an erroneous URL, they see a
page of advertisements. However, because password-protected Web sites (HTTP Basic
authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it
impossible for the user to access password-protected sites.
Zango (formerly 180 Solutions) transmits detailed information to advertisers about the
Web sites which users visit. It also alters HTTP requests for affiliate advertisements
linked from a Web site, so that the advertisements make unearned profit for the 180
Solutions company. It opens pop-up ads that cover over the Web sites of competing
companies (as seen in their [Zango End User License Agreement]).
Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec and
reports information back to Control Server[citation needed]. Some information can be
the search-history, the Websites visited, and even keystrokes.[citation needed] More
recently, Zlob has been known to hijack routers set to defaults.
Department of Computer Science
Best Security Suites 2010
avast! Internet Security 5.0
http://www.pcmag.com/article2/0,2817,2358467,00.asp
AVG Internet Security 9.0
http://www.pcmag.com/article2/0,2817,2355028,00.asp
BitDefender Total Security 2010
http://www.pcmag.com/article2/0,2817,2351546,00.asp
Kaspersky Internet Security 2010
http://www.pcmag.com/article2/0,2817,2351568,00.asp
McAfee Total Protection 2010
http://www.pcmag.com/article2/0,2817,2358902,00.asp
Department of Computer Science
Firewall
What is Firewall?
Hardware Firewall
Broadband Routers
Software Firewall
Norton 360
Norton Internet Security
ESET Security Smart
Kaspersky Internet Security
Department of Computer Science
Phishing
What is phishing?
Five steps to avoid phishing
Secure Websites (https)
Authenticity of a Website (embedded links)
Thoroughly Investigate before submitting
Keep track of your online accounts
Have proper computer protection software
Department of Computer Science
Summary
Day by day usage of computer systems
Hacking risks
Need of protection software
And after that, keep you eyes open when
using internet or transmitting something on
the network
Department of Computer Science
Resources
http://howstuffworks.com/
http://pcmag.com/
http://net-security.org/
http://wikipedia.org/
Operating Systems by H.M. Deitel
Operating Systems Concepts by Abraham
Silberschatz, Peter B. Galvin
Department of Computer Science 22