Chapter 3- Operating Systems Security.pdf

Full Transcript

1

Kingdom of Saudi Arabia
Ministry of Higher Education
Al-Imam Muhammad Ibn Saud Islamic University
College of Computer and Information Sciences

IS 380 Cybersecurity
Chapter 3: Operating Systems Security
2024

Dr. Taher Alzahrani

1
Operating System Functions
Users

User Interface
Synchronization,
Concurrency
Control, Deadlock
Operating Services Management,
System
Communication,
Accounting

Resource Allocation

Data

CPU
Memory

Program
Libraries
I/O Devices

Chapter 3: Operating System Security
2
OS Layered Design
Subprocesses of User Processes

User Processes

Compilers, Database Managers

Utility Functions

File Systems, Device Allocation
Operating
System Scheduling, Sharing,
Memory Management

Synchronization, Allocation
Operating
System Security Functions
Kernel
Security
Kernel Hardware

3
Chapter 3: Operating System Security
Operating System Security

Possible for a system to be compromised during the
installation process before it can install the latest patches
Building and deploying a system should be a planned
process designed to counter this threat
Process must:
Assess risks and plan the system deployment
Secure the underlying operating system and then the key
applications
Ensure any critical content is secured
Ensure appropriate network protection mechanisms are used
Ensure appropriate processes are used to maintain security

Chapter 3: Operating System Security
4
Operating System Security

The first step in deploying
Plan needs to a new system is planning
identify
appropriate
personnel and Planning should
training to install include a wide
and manage the security
system assessment of the
organization

Planning process needs
to determine security
requirements for the Aim is to maximize
system, applications, security while
data, and users minimizing costs

Chapter 3: Operating System Security
5
Operating System Security Process
The purpose of the system, the type of information stored, the
applications and services provided, and their security
requirements
The categories of users of the system, the privileges they have, and
the types of information they can access
How the users are authenticated
How access to the information stored on the system is managed
What access the system has to information stored on other hosts,
such as file or database servers, and how this is managed
Who will administer the system, and how they will manage the
system (via local or remote access)
Any additional security measures required on the system, including
the use of host firewalls, anti-virus or other malware protection
mechanisms, and logging

Chapter 3: Operating System Security
6
Operating System Hardening
First critical step in securing a system is to secure the base
operating system
Basic steps
Install and patch the operating system
Harden and configure the operating system to adequately address the
indentified security needs of the system by:
Removing unnecessary services, applications, and
protocols
Configuring users, groups, and permissions
Configuring resource controls
Install and configure additional security controls, such as anti-virus,
host-based firewalls, and intrusion detection system (IDS)
Test the security of the basic operating system to ensure that the steps
taken adequately address its security needs
Chapter 3: Operating System Security
7
Security Maintenance

Process of maintaining security is continuous
Security maintenance includes:
Monitoring and analyzing logging information
Performing regular backups
Recovering from security compromises
Regularly testing system security
Using appropriate software maintenance processes to patch and
update all critical software, and to monitor and revise configuration
as needed

Chapter 3: Operating System Security
8
 Data Backup and Archive
Performing regular Needs and policy
backups of data is Backup Archive
relating to backup
a critical control and archive
that assists with should be
maintaining the The process of determined
The process of
integrity of the making copies of retaining copies of during the system
system and user data at regular data over extended
planning stage
intervals periods of time in
data order to meet legal
and operational
requirements to
access past data
May be legal or
operational Kept online or
requirements for offline
the retention of
data

Stored locally or
transported to a
remote site
Trade-offs
include ease of
implementation
and cost versus
greater security
and robustness
against different
threats

Chapter 3: Operating System Security
9
Virtualization
With virtualization, the OS presents each user with just
the resources that user should see
The user has access to a virtual machine (VM), which
contains those resources
The user cannot access resources that are available to
the OS but exist outside the VM
A hypervisor, or VM Monitor, is the software that
implements a VM
Translates access requests between the VM and the OS
Can support multiple OSs in VMs simultaneously
Honeypot: A VM meant to lure an attacker into an
environment that can be both controlled and monitored
Chapter 3: Operating System Security
10
Kernelized Design
A kernel is the part of the OS that performs the lowest-
level functions
Synchronization
Interprocess communication
Message passing
Interrupt handling

A security kernel is responsible for enforcing the security
mechanisms of the entire OS
Typically contained within the kernel

Chapter 3: Operating System Security
11
Kernelized Design

Chapter 3: Operating System Security
12
Security Virtualization System

Carefully plan the
security of the
Organizations virtualized system
Secure all elements
using of a full virtualization
solution and
virtualization maintain their
security
should: Ensure that the
hypervisor is
properly secured
Restrict and protect
administrator access
to the virtualization
solution

Chapter 3: Operating System Security
13
Virtualization Infrastructure Security

Access to VM
image and
snapshots must
be carefully
controlled

Access must
be limited to
just the
appropriate
guest
Systems
manage
access to
hardware
resources

Chapter 3: Operating System Security
14
Rootkits
A rootkit is a malicious software package that
attains and takes advantage of root status or
effectively becomes part of the OS
Rootkits often go to great length to avoid being
discovered or, if discovered and partially
removed, to reestablish themselves
This can include intercepting or modifying basic OS
functions

Chapter 3: Operating System Security
15
Rootkit Evading Detection

Will call’s
Intercepted Yes
result reveal
function call
rootkit?

No

Pass call to Execute call but
operating system monitor result and
function adjust as necessary

Chapter 3: Operating System Security
16
Linux/Unix Security

Patch management
Keeping security patches up to date is a widely recognized and
critical control for maintaining security
Application and service configuration
Most commonly implemented using separate text files for each
application and service
Generally located either in the /etc directory or in the installation
tree for a specific application
Individual user configurations that can override the system defaults
are located in hidden “dot” files in each user’s home directory
Most important changes needed to improve system security are to
disable services and applications that are not required

Chapter 3: Operating System Security
17
Linux/Unix Security

Users, groups, and permissions
Access is specified as granting read, write, and execute
permissions to each of owner, group, and others for each resource
Guides recommend changing the access permissions for critical
directories and files
Local exploit
Software vulnerability that can be exploited by an
attacker to gain elevated privileges
Remote exploit
Software vulnerability in a network server that could
be triggered by a remote attacker

Chapter 3: Operating System Security
18
Linux/Unix Security

Remote access controls Logging and log rotation
Several host firewall programs Should not assume that the
may be used default setting is necessarily
Most systems provide an appropriate
administrative utility to select
which services will be permitted
to access the system

Chapter 3: Operating System Security
19
Windows Security

Users administration
Patch management and access controls
“Windows Update” and Systems implement
“Windows Server Update discretionary access controls
Service” assist with regular resources
maintenance and should be
used Vista and later systems include
mandatory integrity controls
Third party applications also
provide automatic update Objects are labeled as being of
support low, medium, high, or system
integrity level
System ensures the subject’s
integrity is equal or higher than
the object’s level
Implements a form of the Biba
Integrity model

Chapter 3: Operating System Security
20
Windows Security:
User Administration and Access Control
Windows systems also
define privileges Combination of share and
System wide and granted to user NTFS permissions may be
accounts used to provide additional
security and granularity
when accessing files on a
shared resource

User Account Control (UAC) Low Privilege Service
Provided in Vista and later Accounts
systems Used for long-lived service
Assists with ensuring users with processes such as file, print, and
administrative rights only use DNS services
them when required, otherwise
accesses the system as a normal
user

21
Windows Security

Application and service
configuration

Much of the configuration information
is centralized in the Registry
Forms a database of keys and values that may be
queried and interpreted by applications
Registry keys can be directly modified
using the “Registry Editor”
More useful for making bulk changes

Chapter 3: Operating System Security
22
Windows Security
Other security controls
Essential that anti-virus, anti-spyware, personal firewall, and other
malware and attack detection and handling software packages are
installed and configured
Current generation Windows systems include basic firewall and
malware countermeasure capabilities
Important to ensure the set of products in use are compatible

Windows systems also support a range of cryptographic
functions:
Encrypting files and directories using the Encrypting File System (EFS)
Full-disk encryption with AES using BitLocker

“Microsoft Baseline Security Analyzer”

Free, easy to use tool that checks for compliance with Microsoft’s
security recommendations 23
Chapter 3: Operating System Security
Summary
OSs have evolved from supporting single users and
single programs to many users and programs at once
Resources that require OS protection: memory, I/O
devices, programs, and networks
OSs use layered and modular designs for simplification
and to separate critical functions from noncritical ones
Resource access control can be enforced in a number of
ways, including virtualization, segmentation, hardware
memory protection, and reference monitors
Rootkits are malicious software packages that attain root
status or effectively become part of the OS

Chapter 3: Operating System Security
24