Security-and-ethics.pdf

Full Transcript

1
SECURITY
AND
ETHICS
Role of the Operating System in
Security, System Survivability, Levels
of Protection and Security Breaches.
▪ Operating systems play a crucial role in ensuring the security
and ethical use of computer systems. They provide a foundation
for managing hardware resources, running applications, and
controlling user access. Here's a short description of the security
and ethics considerations in operating systems:

▪ Security: Operating systems are responsible for protecting the
integrity, confidentiality, and availability of data and resources.
They employ various security mechanisms to achieve this, such
as user authentication, access control, encryption, and firewalls.
Security updates and patches are regularly released to address
vulnerabilities and protect against emerging threats. Additionally,
operating systems often include security features like antivirus
software, secure boot, and sandboxing to prevent malicious
activities and protect against unauthorized access.
Ethics: Operating systems also have ethical implications in
terms of how they handle user data, ensure privacy, and
respect user rights. Ethical considerations involve issues such
as data collection, surveillance, and the responsible use of user
information. Operating systems should strive to protect user
privacy, provide transparent data usage policies, and give users
control over their personal information. Additionally, they should
avoid discriminatory practices, promote accessibility, and adhere
to legal and ethical standards regarding content filtering and
censorship.
▪ Overall, operating systems must balance the need for robust
security measures with ethical considerations to provide a
secure and trustworthy computing environment. By
implementing strong security features, respecting user privacy,
and adhering to ethical guidelines, operating systems can foster
a safe and reliable computing experience for users.
 Discuss the roles of the
operating system with regards
to system security, the effects
of the system security practices
on overall system performance,
LEARNING the levels of system security
OUTCOMES that can be implemented and
the threats posed by evolving
technologies, and the
differences between computer
viruses and worms and how
they spread.
ROLE OF THE OPERATING
SYSTEM IN SECURITY
Operating system plays a key role in computer system
security
o Any vulnerability at the operating system level opens the entire
system to attack
o The more complex and powerful the operating system, the more
likely it is to have vulnerabilities to attack
System administrators must be on guard to arm their
operating systems with all available defenses against attack.
SYSTEM SURVIVABILITY

Capabilityof a system to fulfill its mission, in a timely manner, in the
presence of attacks, failures, or accidents
Key properties of survivable systems:
o Resistance to attacks
o Recognition of attacks and resulting damage o Recovery of essential services
after an attack
o Adaptation and evolution of system defense mechanisms to mitigate future
attacks
LEVELS OF PROTECTION

System administrator must
evaluate the risk of intrusion for
each computer configuration,
which in turn depends on the
level of connectivity given to
the system
BACKUP AND
RECOVERY
Backup and recovery policies are
essential for most computing systems
Many system managers use a
layered backup schedule
Backups, with one set stored off-site,
are crucial to disaster recovery
Written policies and procedures and
regular user training are essential
elements of system management
BACKUP AND
RECOVERY
Written security procedures should
recommend:
o Frequent password changes
o Reliable backup procedures
o Guidelines for loading new software
o Compliance with software licenses
o Network safeguards
o Guidelines for monitoring network
activity
o Rules for terminal access
SECURITY
BREACHES
A gap in system security can be
malicious or not
Intrusions can be classified as:
o Due to uneducated users and
unauthorized access to system
resources
o Purposeful disruption of the
system’s operation o Purely
accidental
▪ Examples: Hardware malfunctions,
undetected errors in OS or
applications, or natural disasters
Malicious or not, a breach of security
severely damages the system’s
credibility
UNINTENTIONAL
INTRUSIONS
Any breach of security or modification of data
that was not the result of a planned intrusion
Examples:
o Accidental incomplete modification of data
When non-synchronized processes access
data records and modify some but not all of a
record’s fields
o Errors due to incorrect storage of data
values
e.g., When the field isn’t large enough to hold
the numeric value stored there.
 ▪ Types of Intentional attacks:
o Intentional unauthorized access
o e.g., denial of service attacks,
browsing, wiretapping,
repeated trials, trap doors, and
trash collection
INTENTIONA
L ATTACKS ▪ Viruses and worms
▪ Trojan Horses
▪ Bombs
▪ Blended threats
INTENTIONAL
UNAUTHORIZED
ACCESS
▪Denial of service (DoS) attacks:
o Synchronized attempts to deny service to authorized
users by causing a computer to perform repeated
unproductive task
▪ Browsing:
o Unauthorized users gain access to search through
secondary storage directories or files for information
they should not have the privilege to read
▪ Wire Tapping: Unauthorized users monitor or modify a
user’s transmission
o Passive wiretapping: Refers to just listening to the
transmission but not changing the contents, and
reasons include:
▪ To copy data while bypassing any authorization
procedures
▪ To collect specific information such as password
INTENTIONAL
UNAUTHORIZED
ACCESS
Active wiretapping: Data being sent is modified
o

▪ Methods include “between lines transmission” and
“piggyback entry”
▪ Repeated Trials: To enter systems by guessing authentic
passwords
▪ Trap doors: An unspecified and undocumented entry
point to the system
o Installed by a system diagnostician or programmer for
future use
o Leaves the system vulnerable to future intrusion

▪ Trash collection: Use of discarded materials such as disks,
CDs, printouts, etc., to enter the system illegally.
VIRUSES
Small programs written to alter the way a computer operates, without permission of
the user
Must meet two criteria: It must be self-executing and self-replicating
Usually written to attack a certain operating system
Spread via a wide variety of applications
Macro virus works by attaching itself to a template (such as NORMAL.DOT), which in
turn is attached to word processing documents