Operating System Security

Questions and Answers

What is the primary role of an operating system in ensuring security?

To control user access to hardware resources

To manage hardware resources efficiently

To provide a foundation for running applications

To protect the integrity, confidentiality, and availability of data and resources (correct)

What is the purpose of security updates and patches in operating systems?

To fix hardware-related issues

To improve system performance

To add new features to the operating system

To address vulnerabilities and protect against emerging threats (correct)

What is an important ethical consideration in operating systems?

To protect user privacy and provide transparent data usage policies (correct)

To prioritize system performance over user privacy

To collect user data for marketing purposes

To restrict user access to certain features

What is the purpose of sandboxing in operating systems?

To prevent malicious activities and protect against unauthorized access

Why is it important for operating systems to balance security measures with ethical considerations?

To provide a secure and trustworthy computing environment

What is an example of a security feature in operating systems?

Antivirus software

What should operating systems avoid in terms of ethical considerations?

Discriminatory practices

What is the ultimate goal of an operating system in terms of security and ethics?

To foster a safe and reliable computing experience for users

What is the primary reason that a complex operating system is more likely to have vulnerabilities?

Complex systems are more likely to have bugs or flaws that attackers can exploit.

Which of the following is NOT a key property of a survivable system?

Immediate shutdown and isolation of the affected system.

What does the level of connectivity of a system influence?

The risk of intrusion.

What is the primary purpose of off-site backups?

To ensure data recovery in case of a disaster.

Which of the following is NOT a recommendation for written security procedures?

Regular system performance monitoring.

What is the primary difference between an intentional and unintentional intrusion?

Intentional intrusions are planned and targeted, while unintentional intrusions are accidental.

Which of the following is an example of an unintentional intrusion?

A user accidentally deleting critical data.

What is the most significant consequence of a security breach?

Reputational damage.

What is the primary reason for emphasizing frequent password changes?

To prevent unauthorized access.

Which of the following is NOT a type of unintentional intrusion?

A malicious program infecting a system.

Study Notes

Role of the Operating System in Security

• Operating systems play a crucial role in ensuring the security and ethical use of computer systems.
• They provide a foundation for managing hardware resources, running applications, and controlling user access.
• Security mechanisms used by operating systems include user authentication, access control, encryption, and firewalls.

System Survivability

• System survivability refers to a system's capability to fulfill its mission in a timely manner, despite attacks, failures, or accidents.
• Key properties of survivable systems include resistance to attacks, recognition of attacks and resulting damage, recovery of essential services after an attack, and adaptation and evolution of system defense mechanisms.

Levels of Protection

• System administrators must evaluate the risk of intrusion for each computer configuration, depending on the level of connectivity given to the system.

Backup and Recovery

• Backup and recovery policies are essential for most computing systems.
• Many system managers use a layered backup schedule, with one set stored off-site, crucial to disaster recovery.
• Written policies and procedures, and regular user training, are essential elements of system management.

Security Breaches

• A gap in system security can be malicious or not.
• Intrusions can be classified into three categories: due to uneducated users and unauthorized access, purposeful disruption of the system's operation, and purely accidental.
• Examples of security breaches include hardware malfunctions, undetected errors in OS or applications, and natural disasters.
• Malicious or not, a breach of security severely damages the system's credibility.

Unintentional Intrusions

• Unintentional intrusions refer to any breach of security or modification of data that was not the result of a planned intrusion.
• Examples of unintentional intrusions include accidental incomplete modification of data, errors due to incorrect storage of data values, and hardware malfunctions.

Intentional Attacks

• Types of intentional attacks include intentional unauthorized access, viruses, worms, Trojan horses, bombs, blended threats, denial of service attacks, browsing, wiretapping, repeated trials, trap doors, and trash collection.

Intentional Unauthorized Access

• Denial of service (DoS) attacks involve synchronized attempts to deny service to authorized users by causing a computer to perform repeated unproductive tasks.
• Browsing refers to unauthorized users gaining access to search through secondary storage directories or files for information they should not have the privilege to read.
• Wire tapping involves unauthorized users monitoring or modifying a user's transmission, which can be classified into passive wiretapping (listening to the transmission but not changing the contents) and active wiretapping (modifying the data being sent).

Description

Learn about the role of operating systems in ensuring security and ethical use of computer systems. Topics include user authentication, access control, encryption, and firewalls.