Operating System Security (PPT 7)

Question 1

What is Security?

Answer 1

It is the collective name given to tools, resources and administrative procedures that are designed to protect computing data and services

Question 2

What are the four key areas to protect?

Answer 2

Protection
-Access to the data must be controlled

User Authentication
-Access to the computer facility must be controlled

Network Security
-Data must be securely transmitted through networks

File Security
-Sensitive files must be secure

Question 3

What are the four types of generic computer threat?

Answer 3

Interruption
-System assets become unavailable (e.g. cutting off connection)

Interception
-Unauthorized access to system asset (e.g. hacker copying files)

Modification
-Unauthorized modification to a system asset (e.g. virus changing a program or destroying data)

Fabrication
-Unauthorized faking of an object in the system (e.g. adding records to a file)

Question 4

What is a virus?

Answer 4

It is a small program that can attach itself to an existing program. When the infected program is run, the virus code is also run. When a virus is run, it can try and replicate itself. If it runs fast enough, the user is unlikely to notice it

Question 5

What is a Stealth Virus?

Answer 5

It is a virus which attempts to cover itself up. One way is to compress the original file so it still appears to be the same size

Question 6

What are five security design principles?

Answer 6

• Least privilege
• Small, uniform security
• Acceptability of the security measures
• Complete mediation
• Open design

Question 7

What is Least Privilege Security?

Answer 7

• processes operate using the smallest number of privileges possible
• default is “no access allowed”
• privileges gained by explicit permission

Question 8

What is Small, Uniform security?

Answer 8

• small and uniform implies easy to verify their correctness

- part of design, rather than ad-hoc

Question 9

What is Acceptability of security measures taken?

Answer 9

• shouldn’t get in the way of the user’s work

- if security mechanisms are difficult to use, they might be ignored

Question 10

What is Complete Mediation?

Answer 10

• every access checked against access rights

- including those during maintenance

Question 11

What is Open Design?

Answer 11

• the effectiveness of security measures should not depend upon secrecy of the design of the mechanisms themselves
• people will eventually discover the mechanism anyway
• mechanisms can be reviewed by several experts if they are not secret

Question 12

What are the two types of protection?

Answer 12

• User-oriented control of access

- Data-oriented control of access

Question 13

What is User-oriented control of access?

Answer 13

Most common version of this is login. Where control access is down to the user.
Can be bad as passwords can be forgotten or easily hacked as people make easy to guess passwords

Question 14

What is Data-Oriented Access control?

Answer 14

We try to control which processes can do which operations to which files and programs. We define an object to be anything which access is being controlled.

Question 15

How does Windows do Data oriented access control?

Answer 15

Each process has an access token and each object has a security descriptor. When a process tries to perform an operation on an object, Windows uses the process’s Access token to check the security descriptor to ensure that this operation is allowed.

Question 16

What is an Access Token store?

Answer 16

-Security ID (SID)
A unique number which identifies the user uniquely across all machines on the network
-Group SIDS
A list of the groups to which the user belongs
-Information on privileges, owner

Question 17

What does a Security Descriptor store?

Answer 17

• Owner (the SID or Group SID of the owner)
• Flags indicating what is all present in the Security Descriptor
• Discretionary Access Control List (DACL)
• System Access Control List (SACL)

Question 18

What does DACL do?

Answer 18

Discretionary Access Control List

-Determines which users or groups can access an object

Question 19

What does SACL do?

Answer 19

System Access Control List

-Specifies what kinds of object should generate audit messages

Question 20

What does DACL store?

Answer 20

-Header
-SID or Group SID plus an Access Mask (as many as needed)
Access mask states the way in which that SID can operate on this object

Question 21

How is DACL used?

Answer 21

When a process tries to perform an operation on an object, Windows does the following:

• gets this process’s SID and Group SID from the Access Token
• Looks down the Discretionary Access Control List in the object’s Security Descriptor to try and find a matching SID in the list
• When found, the Access Mask is consulted to see if the requested operation is permitted

Question 22

What are the basic PC security items?

Answer 22

Firewall and Malware protection. Some of this is provided by your local network and some will have to be on the workstation

Question 23

What types of malware protection do you need?

Answer 23

• On access scan to prevent malware getting in the system in the first place
• Off line scan ability to run system scans to detect and delete or quarantine malware that has got onto the system

Question 24

What does an Integrated Package for security contain?

Answer 24

• malware protection
• firewall
• program control
• spam control, anti-phishing strategy
• parental control, privacy & cookie control