SlideShare a Scribd company logo

COMPUTER SECURITY AND OPERATING SYSTEM

โ€ขDownload as PPTX, PDFโ€ข
โ€ข
faraz hussain
faraz hussain

1. The document discusses computer security and operating systems. It defines operating systems and their functions in managing computer resources and processes. 2. It then covers various operating systems like Linux, Windows, iOS and Android. It discusses computer security in terms of operating systems, defining it as preventing unauthorized access. 3. The document outlines several common security threats like viruses, trojan horses, trap doors, logic bombs and buffer overflows. It describes different types of each threat and how they exploit systems. It also discusses security techniques used in operating systems like authentication, access control and intrusion detection.

Engineering
1 of 26
COMPUTER SECURITY AND OPERATING SYSTEM Design by Faraz Hussain Compile and edited by Saqib Iqbal
Security Operating System Computer SecurityMEET OUR TEAM Faraz Hussain Saqib Iqbal Muhammad Taha Saad Abbasi Ahmed Usman
INTRODUCTION Definitions of Operating System and Computer Security
Security Operating System Computer SecurityWHAT IS AN OPERATING SYSTEM It manages the computer's memory, processes, and all of its software and hardware It also allows you to communicate with the computer without knowing how to speak the computer's language An operating system is the most important software that runs on a computer The operating system coordinates all of this to make sure each program gets what it needs.
Security Operating System Computer SecurityMOSTLY USED OPERATING SYSTEMS OS Linux Windows FreeRTOS Bsd iOS Android Debian OS X Blackberry
Security Operating System Computer SecuritySECURITY (OPERATING SYSTEM) GARFRINKEL โ€œa computer is secure if you can depend on it and its software to behave as you expectโ€ GOLLMEN โ€œdeals with the prevention and detection of unauthorized actions by users of a computer systemโ€ ROSS โ€œthe ability of a system to protect information and system resources with respect to confidentiality and integrityโ€
Security Operating System Computer Security STANDARD SECURITY ATTACKS 01 Computer System 02 Screening 04 Capability 03 Modern Computing Physical Human Network OS โ€ข Physical โ€“ Physical protection of the computer system. โ€ข Human โ€“ Screening of users given access to the computer system. e.g. Phishing, Dumpster Diving, Password Cracking. โ€ข Network โ€“ As network communications become ever more important and pervasive in modern computing environments, it becomes ever more important to protect this area of the system. โ€ข Operating System โ€“ OS must be capable of protecting itself from accidental or intentional security breaches .
8 SECURITY THREATS The first part of presentation outlines security threats and briefly describes the methods, tools, and techniques that intruders use to exploit vulnerabilities in systems to achieve their goals. The section discusses a theoretical model and provides some real life scenarios. The appendixes give detailed analyses of the various aspects and components that are discussed in this presentation.
01Program threats They attack specific programs or are carried and distributed in programs. 02 System and Network threats They attack the operating system or the network itself, or leverage those systems to launch their attacks. 03 Rootkits A rootkit is a type of malicious software that is activated each time your system boots up. TYPES OF SECURITY THREATS
VIRUSES 5 BUFFEROVERFLOW 4LOGICBOMB 3 TRAP DOOR 2 TROJAN HORSE 1 PROGRAM THREATS
Security Operating System Computer Security1.TROJAN HORSE IT INLCUDES Data Modification Deletion Blocking Modifying Copying Distraction Performance โ€œThe primary role of Trojan horses is to perform various actions that were not explicitly allowed by the user.โ€
Security Operating System Computer SecurityTROJAN HORSE CLASSIFICATION 01EXPLOIT 02 BACKDOOR 03RANSOM Exploit Trojans are applications that seek security vulnerabilities of software and operating systems already installed on a computer for malicious intent. Trojan-Ransoms will modify or block data on a computer either so it doesnโ€™t work properly or so certain files canโ€™t be accessed. These are created to give an unauthorized user remote control of a computer. 04 05 06 SPY This type of Trojan horse will be invisible to the user while he or she goes about their daily routines. They can collect keyboard data, monitor program usage and take screenshots of the activity performed on the computer.DDoS A sub sect of backdoor Trojans, denial of service (DDoS) attacks are made from numerous computers to cause a web address to fail. BANKER Trojan-bankers are created for the sole purpose of gathering usersโ€™ bank, credit card, debit card and e-payment information.
โ€ขA Trap Door is when a designer or a programmer ( or hacker ) deliberately inserts a security hole that they can use later to access the system. โ€ขBecause of the possibility of trap doors, once a system has been in an untrustworthy state, that system can never be trusted again. Even the backup tapes may contain a copy of some cleverly hidden back door. TRAP DOOR โ€ขA Logic Bomb is code that is not designed to cause havoc all the time, but only when a certain set of circumstances occurs, such as when a particular date or time is reached or some other noticeable event. โ€ขA classic example is the Dead-Man Switch, which is designed to check whether a certain person ( e.g. the author ) is logging in every day, and if they don't log in for a long time ( presumably because they've been fired ), then the logic bomb goes off and either opens up security holes or causes other problems. LOGIC BOMB STACK AND BUFFER OVERFLOW โ€ขA Buffer Overflow is a flaw that occurs when more data is written to a block of memory, or buffer, than the buffer is allocated to hold. Exploiting a buffer overflow allows an attacker to modify portions of the target processโ€™ address space.
Security Operating System Computer SecurityVIRUS A A virus is a fragment of code embedded in an otherwise genuine program, designed to replicate itself ( by infecting other programs ), and ( eventually ) causing destruction. B Viruses are delivered to systems in a virus dropper, usually some form of a Trojan Horse, and usually via e- mail or unsafe downloads. C Viruses are more likely to infect PCs than UNIX or other multi-user systems, because programs in the latter systems have limited authority to modify other programs or to access critical system structure.
Security Operating System Computer SecurityTYPES OF VIRUSES 03 04 05 06 โ€ขMacro - exist as a script that are run automatically by certain macro-capable programs โ€ขSource code - viruses look for source code and infect it in order to spread โ€ขPolymorphic - viruses change every time they spread โ€ขEncrypted - viruses travel in encrypted form to escape detection 01 02 โ€ขFile โ€“ A virus attaches itself to an executable file (.exe) โ€ขBoot - virus occupies the boot sector, and runs before the OS is loaded 07 โ€ขStealth - viruses try to avoid detection by modifying parts of the system that could be used to detect it. Lorem Ipsum Lorem ipsum dolor sit amet, consectetur adipiscing.
Security Operating System Computer SecurityFORMS OF VIRUSES 1 2 3 4 5 6 File โ€“ A virus attaches itself to an executable file (.exe) Boot - virus occupies the boot sector, and runs before the OS is loaded. Macro - exist as a script that are run automatically by certain macro-capable programs Source code - viruses look for source code and infect it in order to spread Encrypted - viruses travel in encrypted form to escape detection Stealth - viruses try to avoid detection by modifying parts of the system that could be used to detect it.
Security Operating System Computer SecuritySystem and Network Threats 1 2 3 DOS attacks do not attempt to actually access or damage systems, but merely to block them up so badly that they cannot be used for any useful work. Tight loops that repeatedly request system services are an obvious form of this attack. DENIAL OF SERVICE (DOS) Port scanning is technically not an attack, but rather a search for vulnerabilities to attack. PORT SCANNING A worm is a process that uses the fork / spawn process to make copies of itself in order to cause havoc(disorder) on a system. Worms consume system resources, often blocking out other, valid processes. WORMS
Security Operating System Computer SecurityROOTKITS Persistent โ€“ Activates each time the system boots. The rootkit must store code in a persistent store, such as the registry or file system and configure a method by which the code executes without user intervention. ROOTKITS 1 2 3 4 Memory Based โ€“ Has no persistent mode and therefore cannot survive a reboot. User Mode โ€“ Intercepts calls to APIโ€™s(Application Program Interface) and modifies returned results. Kernel Mode โ€“ Can intercept calls to native APIโ€™s in kernel mode. The rootkit can also hide the presence of a malware process by removing it from the kernelโ€™s list of active processes. A Rootkit virus is a stealth type of malware that is designed to hide the existence of certain processes or programs on your computer from regular detection methods, so as to allow it or another malicious process privileged access to your computer.
SECURITY TECHNIQUES Security is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secureโ€”the destination we all strive for. Even Fort Knox, the White House and the New York Stock Exchange are vulnerable.
Security Operating System Computer SecuritySECURITY TECHNIQUES TECHNIQUES FOR SECURING SYSTEM Authentication Access Control Intrusion Detection One Time passwords โ€ข The operating system is the physical environment where your application runs. Any vulnerability in the operating system could compromise the security of the application. By securing the operating system, you make the environment stable, control access to resources, and control external access to the environment. โ€ข The physical security of the system is essential. Threats can come through the Web, but they can also come from a physical terminal. Even if the Web access is very secure, if an attacker obtains physical access to a server, breaking into a system is much easier.
Security Operating System Computer SecurityAUTHENTICATION PASSWORDCARD BIOMETRIC User need to enter a registered username and password with Operating system to login into the system. User need to punch card in card slot, or enter key generated by key generator in option provided by operating system to login into the system. User need to pass his/her attribute via designated input device used by operating system to login into the system. Authentication refers to identifying the each user of the system and associating the executing programs with those users. It is the responsibility of the Operating System to create a protection system which ensures that a user who is running a particular program is authentic.
Security Operating System Computer SecurityACCESS CONTROL LIST CREATIVE An access control model is a framework that dictates how subjects access objects. It uses access control technologies and security mechanisms to enforce the rules and objectives of the model. Discretionary Access List Role-based Access List Mandatory Access List
Security Operating System Computer SecurityTYPES OF ACCESS CONTROL MODELS DAC MAC RBAC The control of access is based on the discretion (wish) of the owner. A system that uses DAC enables the owner of the resource to specify which subjects can access specific resources The most common implementation of DAC is through ACLโ€™s which are dictated and set by the owners and enforced by the OS. This model is very strict and is based on a security label attached to all objects. The subjects are given security clearance by classifying the subjects as secret, top secret, confidential etc.) and the objects are also classified similarly. This model is used and is suitable for military systems where classifications and confidentiality is of at most important. A RBAC is based on user roles and uses a centrally administered set of controls to determine how subjects and objects interact. The RBAC approach simplifies the access control administration It is a best system for a company that has high employee turnover
Security Operating System Computer SecurityONE TIME PASSWORDS THREE TYPES RANDOM NUMBERS Users are provided cards having numbers printed along with corresponding alphabets. System asks for numbers corresponding to few alphabets randomly chosen. SECRET KEY User are provided a hardware device which can create a secret id mapped with user id. System asks for such secret id which is to be generated every time prior to login. NETWORK PASSWORD Some commercial applications send one time password to user on registered mobile/ email which is required to be entered prior to login. One time passwords provides additional security along with normal authentication. In One-Time Password system, a unique password is required every time user tries to login into the system. Once a one-time password is used then it can not be used again. One time password are implemented in various ways.
Security Operating System Computer SecurityREERENCES โ€ข Book: operating systems internals and design principles by william stallings 7th edition โ€ข https://www.cs.uic.edu/~jbell/coursenotes/operatingsystems/15_security.html โ€ข http://www.tutorialspoint.com/operating_system/os_security.htm โ€ข https://en.wikibooks.org/wiki/fundamentals_of_information_systems_security/access_control_systems โ€ข http://www.computerworld.com/article/2572130/security0/buffer-overflow.html โ€ข http://pcunleashed.com/different-types-of-trojan-horse-malware/ โ€ข http://support.kaspersky.com/viruses/general/614
Thank You Thanks for coming Have a nice day Ask your questions in comment

Recommended

zero day exploits
zero day exploitszero day exploits
zero day exploits
Adv. Prashant Mali โ™› [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
ย 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
ย 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
ย 
System security
System securitySystem security
System security
sommerville-videos
ย 
Network security
Network securityNetwork security
Network security
Nandini Raj
ย 
Honeypots
HoneypotsHoneypots
Honeypots
Jayant Gandhi
ย 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
ย 
Information Security
Information SecurityInformation Security
Information Security
Dr. Himanshu Gupta
ย 

Recommended

zero day exploits
zero day exploitszero day exploits
zero day exploits
Adv. Prashant Mali โ™› [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
ย 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
ย 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
ย 
System security
System securitySystem security
System security
sommerville-videos
ย 
Network security
Network securityNetwork security
Network security
Nandini Raj
ย 
Honeypots
HoneypotsHoneypots
Honeypots
Jayant Gandhi
ย 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
ย 
Information Security
Information SecurityInformation Security
Information Security
Dr. Himanshu Gupta
ย 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy
ย 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
ย 
SIEM
SIEMSIEM
SIEM
vikasraina
ย 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
ย 
Malicious software
Malicious softwareMalicious software
Malicious software
CAS
ย 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
Information Technology
ย 
Security operation center.pdf
Security operation center.pdfSecurity operation center.pdf
Security operation center.pdf
Skillmine Technology Consulting
ย 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
ย 
Fundamentals of IoT Security
Fundamentals of IoT SecurityFundamentals of IoT Security
Fundamentals of IoT Security
SHAAMILIVARSAGV
ย 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
Rasool Irfan
ย 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
Splunk
ย 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
ย 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Goutham Shetty
ย 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
ย 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
ย 
Honeypots
HoneypotsHoneypots
Honeypots
J. Scott Christianson
ย 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
ย 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin
ย 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
shusrusha
ย 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
AHM Pervej Kabir
ย 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
Abou Bakr Ashraf
ย 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
sohaildanish
ย 

More Related Content

What's hot

Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
ย 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
Information Technology
ย 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
ย 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
ย 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
Rizwan S
ย 

What's hot (20)

Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
ย 
Information security threats
Information security threatsInformation security threats
Information security threats
ย 
SIEM
SIEMSIEM
SIEM
ย 
Mobile security
Mobile securityMobile security
Mobile security
ย 
Malicious software
Malicious softwareMalicious software
Malicious software
ย 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
ย 
Security operation center.pdf
Security operation center.pdfSecurity operation center.pdf
Security operation center.pdf
ย 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
ย 
Fundamentals of IoT Security
Fundamentals of IoT SecurityFundamentals of IoT Security
Fundamentals of IoT Security
ย 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
ย 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
ย 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
ย 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
ย 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
ย 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
ย 
Honeypots
HoneypotsHoneypots
Honeypots
ย 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
ย 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
ย 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
ย 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
ย 

Viewers also liked

Operating system security
Operating system securityOperating system security
Operating system security
Sarmad Makhdoom
ย 
Operating system security
Operating system securityOperating system security
Operating system security
Rachel Jeewa
ย 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)
cnokia
ย 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
Anne Nicolas
ย 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation final
adrigee12
ย 
Operating Systems
Operating SystemsOperating Systems
Operating Systems
Harshith Meela
ย 

Viewers also liked (20)

Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
ย 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
ย 
Operating system security
Operating system securityOperating system security
Operating system security
ย 
Operating system security
Operating system securityOperating system security
Operating system security
ย 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
ย 
Operating system security
Operating system securityOperating system security
Operating system security
ย 
Chapter 14 - Protection
Chapter 14 - ProtectionChapter 14 - Protection
Chapter 14 - Protection
ย 
Operating system security (a brief)
Operating system security (a brief)Operating system security (a brief)
Operating system security (a brief)
ย 
Computer Operating System
Computer Operating System Computer Operating System
Computer Operating System
ย 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
ย 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
ย 
SELinux basics
SELinux basicsSELinux basics
SELinux basics
ย 
System security
System securitySystem security
System security
ย 
Intro to IronWASP
Intro to IronWASPIntro to IronWASP
Intro to IronWASP
ย 
Introduction To SELinux
Introduction To SELinuxIntroduction To SELinux
Introduction To SELinux
ย 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems
ย 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
ย 
Security threats
Security threatsSecurity threats
Security threats
ย 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation final
ย 
Operating Systems
Operating SystemsOperating Systems
Operating Systems
ย 

Similar to COMPUTER SECURITY AND OPERATING SYSTEM

Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
Mirza Adnan Baig
ย 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
Umang Gupta
ย 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Yousef Bahaa
ย 
Computer viruses
Computer virusesComputer viruses
Computer viruses
Yousef Bahaa
ย 
Malicious software
Malicious softwareMalicious software
Malicious software
msdeepika
ย 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
Reddhi Basu
ย 

Similar to COMPUTER SECURITY AND OPERATING SYSTEM (20)

Mitppt
MitpptMitppt
Mitppt
ย 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
ย 
Computer viruses
Computer virusesComputer viruses
Computer viruses
ย 
Basics of hacking
Basics of hackingBasics of hacking
Basics of hacking
ย 
Introduction to computer virus
Introduction to computer virusIntroduction to computer virus
Introduction to computer virus
ย 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
ย 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
ย 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
ย 
Computer viruses
Computer virusesComputer viruses
Computer viruses
ย 
Computer viruses
Computer virusesComputer viruses
Computer viruses
ย 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
ย 
Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linux
ย 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
ย 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
ย 
System tThreats
System tThreatsSystem tThreats
System tThreats
ย 
Malicious software
Malicious softwareMalicious software
Malicious software
ย 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
ย 
Software security
Software securitySoftware security
Software security
ย 
Computer Virus
Computer VirusComputer Virus
Computer Virus
ย 
Computer Virus
Computer VirusComputer Virus
Computer Virus
ย 

Recently uploaded

Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Christo Ananth
ย 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
ย 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
ย 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
ย 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
ย 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
ranjana rawat
ย 
Call Now โ‰ฝ 9953056974 โ‰ผ๐Ÿ” Call Girls In New Ashok Nagar โ‰ผ๐Ÿ” Delhi door step de...
Call Now โ‰ฝ 9953056974 โ‰ผ๐Ÿ” Call Girls In New Ashok Nagar โ‰ผ๐Ÿ” Delhi door step de...Call Now โ‰ฝ 9953056974 โ‰ผ๐Ÿ” Call Girls In New Ashok Nagar โ‰ผ๐Ÿ” Delhi door step de...
Call Now โ‰ฝ 9953056974 โ‰ผ๐Ÿ” Call Girls In New Ashok Nagar โ‰ผ๐Ÿ” Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
ย 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
ย 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
ย 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
ย 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
ย 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
ย 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
ย 

Recently uploaded (20)

Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
ย 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
ย 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
ย 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ย 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
ย 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
ย 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
ย 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
ย 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ย 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
ย 
Call Now โ‰ฝ 9953056974 โ‰ผ๐Ÿ” Call Girls In New Ashok Nagar โ‰ผ๐Ÿ” Delhi door step de...
Call Now โ‰ฝ 9953056974 โ‰ผ๐Ÿ” Call Girls In New Ashok Nagar โ‰ผ๐Ÿ” Delhi door step de...Call Now โ‰ฝ 9953056974 โ‰ผ๐Ÿ” Call Girls In New Ashok Nagar โ‰ผ๐Ÿ” Delhi door step de...
Call Now โ‰ฝ 9953056974 โ‰ผ๐Ÿ” Call Girls In New Ashok Nagar โ‰ผ๐Ÿ” Delhi door step de...
ย 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
ย 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
ย 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
ย 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
ย 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
ย 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
ย 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
ย 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
ย 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
ย 

COMPUTER SECURITY AND OPERATING SYSTEM

  • 1. COMPUTER SECURITY AND OPERATING SYSTEM Design by Faraz Hussain Compile and edited by Saqib Iqbal
  • 2. Security Operating System Computer SecurityMEET OUR TEAM Faraz Hussain Saqib Iqbal Muhammad Taha Saad Abbasi Ahmed Usman
  • 3. INTRODUCTION Definitions of Operating System and Computer Security
  • 4. Security Operating System Computer SecurityWHAT IS AN OPERATING SYSTEM It manages the computer's memory, processes, and all of its software and hardware It also allows you to communicate with the computer without knowing how to speak the computer's language An operating system is the most important software that runs on a computer The operating system coordinates all of this to make sure each program gets what it needs.
  • 5. Security Operating System Computer SecurityMOSTLY USED OPERATING SYSTEMS OS Linux Windows FreeRTOS Bsd iOS Android Debian OS X Blackberry
  • 6. Security Operating System Computer SecuritySECURITY (OPERATING SYSTEM) GARFRINKEL โ€œa computer is secure if you can depend on it and its software to behave as you expectโ€ GOLLMEN โ€œdeals with the prevention and detection of unauthorized actions by users of a computer systemโ€ ROSS โ€œthe ability of a system to protect information and system resources with respect to confidentiality and integrityโ€
  • 7. Security Operating System Computer Security STANDARD SECURITY ATTACKS 01 Computer System 02 Screening 04 Capability 03 Modern Computing Physical Human Network OS โ€ข Physical โ€“ Physical protection of the computer system. โ€ข Human โ€“ Screening of users given access to the computer system. e.g. Phishing, Dumpster Diving, Password Cracking. โ€ข Network โ€“ As network communications become ever more important and pervasive in modern computing environments, it becomes ever more important to protect this area of the system. โ€ข Operating System โ€“ OS must be capable of protecting itself from accidental or intentional security breaches .
  • 8. 8 SECURITY THREATS The first part of presentation outlines security threats and briefly describes the methods, tools, and techniques that intruders use to exploit vulnerabilities in systems to achieve their goals. The section discusses a theoretical model and provides some real life scenarios. The appendixes give detailed analyses of the various aspects and components that are discussed in this presentation.
  • 9. 01Program threats They attack specific programs or are carried and distributed in programs. 02 System and Network threats They attack the operating system or the network itself, or leverage those systems to launch their attacks. 03 Rootkits A rootkit is a type of malicious software that is activated each time your system boots up. TYPES OF SECURITY THREATS
  • 11. Security Operating System Computer Security1.TROJAN HORSE IT INLCUDES Data Modification Deletion Blocking Modifying Copying Distraction Performance โ€œThe primary role of Trojan horses is to perform various actions that were not explicitly allowed by the user.โ€
  • 12. Security Operating System Computer SecurityTROJAN HORSE CLASSIFICATION 01EXPLOIT 02 BACKDOOR 03RANSOM Exploit Trojans are applications that seek security vulnerabilities of software and operating systems already installed on a computer for malicious intent. Trojan-Ransoms will modify or block data on a computer either so it doesnโ€™t work properly or so certain files canโ€™t be accessed. These are created to give an unauthorized user remote control of a computer. 04 05 06 SPY This type of Trojan horse will be invisible to the user while he or she goes about their daily routines. They can collect keyboard data, monitor program usage and take screenshots of the activity performed on the computer.DDoS A sub sect of backdoor Trojans, denial of service (DDoS) attacks are made from numerous computers to cause a web address to fail. BANKER Trojan-bankers are created for the sole purpose of gathering usersโ€™ bank, credit card, debit card and e-payment information.
  • 13. โ€ขA Trap Door is when a designer or a programmer ( or hacker ) deliberately inserts a security hole that they can use later to access the system. โ€ขBecause of the possibility of trap doors, once a system has been in an untrustworthy state, that system can never be trusted again. Even the backup tapes may contain a copy of some cleverly hidden back door. TRAP DOOR โ€ขA Logic Bomb is code that is not designed to cause havoc all the time, but only when a certain set of circumstances occurs, such as when a particular date or time is reached or some other noticeable event. โ€ขA classic example is the Dead-Man Switch, which is designed to check whether a certain person ( e.g. the author ) is logging in every day, and if they don't log in for a long time ( presumably because they've been fired ), then the logic bomb goes off and either opens up security holes or causes other problems. LOGIC BOMB STACK AND BUFFER OVERFLOW โ€ขA Buffer Overflow is a flaw that occurs when more data is written to a block of memory, or buffer, than the buffer is allocated to hold. Exploiting a buffer overflow allows an attacker to modify portions of the target processโ€™ address space.
  • 14. Security Operating System Computer SecurityVIRUS A A virus is a fragment of code embedded in an otherwise genuine program, designed to replicate itself ( by infecting other programs ), and ( eventually ) causing destruction. B Viruses are delivered to systems in a virus dropper, usually some form of a Trojan Horse, and usually via e- mail or unsafe downloads. C Viruses are more likely to infect PCs than UNIX or other multi-user systems, because programs in the latter systems have limited authority to modify other programs or to access critical system structure.
  • 15. Security Operating System Computer SecurityTYPES OF VIRUSES 03 04 05 06 โ€ขMacro - exist as a script that are run automatically by certain macro-capable programs โ€ขSource code - viruses look for source code and infect it in order to spread โ€ขPolymorphic - viruses change every time they spread โ€ขEncrypted - viruses travel in encrypted form to escape detection 01 02 โ€ขFile โ€“ A virus attaches itself to an executable file (.exe) โ€ขBoot - virus occupies the boot sector, and runs before the OS is loaded 07 โ€ขStealth - viruses try to avoid detection by modifying parts of the system that could be used to detect it. Lorem Ipsum Lorem ipsum dolor sit amet, consectetur adipiscing.
  • 16. Security Operating System Computer SecurityFORMS OF VIRUSES 1 2 3 4 5 6 File โ€“ A virus attaches itself to an executable file (.exe) Boot - virus occupies the boot sector, and runs before the OS is loaded. Macro - exist as a script that are run automatically by certain macro-capable programs Source code - viruses look for source code and infect it in order to spread Encrypted - viruses travel in encrypted form to escape detection Stealth - viruses try to avoid detection by modifying parts of the system that could be used to detect it.
  • 17. Security Operating System Computer SecuritySystem and Network Threats 1 2 3 DOS attacks do not attempt to actually access or damage systems, but merely to block them up so badly that they cannot be used for any useful work. Tight loops that repeatedly request system services are an obvious form of this attack. DENIAL OF SERVICE (DOS) Port scanning is technically not an attack, but rather a search for vulnerabilities to attack. PORT SCANNING A worm is a process that uses the fork / spawn process to make copies of itself in order to cause havoc(disorder) on a system. Worms consume system resources, often blocking out other, valid processes. WORMS
  • 18. Security Operating System Computer SecurityROOTKITS Persistent โ€“ Activates each time the system boots. The rootkit must store code in a persistent store, such as the registry or file system and configure a method by which the code executes without user intervention. ROOTKITS 1 2 3 4 Memory Based โ€“ Has no persistent mode and therefore cannot survive a reboot. User Mode โ€“ Intercepts calls to APIโ€™s(Application Program Interface) and modifies returned results. Kernel Mode โ€“ Can intercept calls to native APIโ€™s in kernel mode. The rootkit can also hide the presence of a malware process by removing it from the kernelโ€™s list of active processes. A Rootkit virus is a stealth type of malware that is designed to hide the existence of certain processes or programs on your computer from regular detection methods, so as to allow it or another malicious process privileged access to your computer.
  • 19. SECURITY TECHNIQUES Security is a journey, not a destination. This is a security industry axiom that means we can strive for security, and by making this effort, we can put ourselves on a path to security. But while we may achieve a relative degree of security, our businesses will never be 100 percent secureโ€”the destination we all strive for. Even Fort Knox, the White House and the New York Stock Exchange are vulnerable.
  • 20. Security Operating System Computer SecuritySECURITY TECHNIQUES TECHNIQUES FOR SECURING SYSTEM Authentication Access Control Intrusion Detection One Time passwords โ€ข The operating system is the physical environment where your application runs. Any vulnerability in the operating system could compromise the security of the application. By securing the operating system, you make the environment stable, control access to resources, and control external access to the environment. โ€ข The physical security of the system is essential. Threats can come through the Web, but they can also come from a physical terminal. Even if the Web access is very secure, if an attacker obtains physical access to a server, breaking into a system is much easier.
  • 21. Security Operating System Computer SecurityAUTHENTICATION PASSWORDCARD BIOMETRIC User need to enter a registered username and password with Operating system to login into the system. User need to punch card in card slot, or enter key generated by key generator in option provided by operating system to login into the system. User need to pass his/her attribute via designated input device used by operating system to login into the system. Authentication refers to identifying the each user of the system and associating the executing programs with those users. It is the responsibility of the Operating System to create a protection system which ensures that a user who is running a particular program is authentic.
  • 22. Security Operating System Computer SecurityACCESS CONTROL LIST CREATIVE An access control model is a framework that dictates how subjects access objects. It uses access control technologies and security mechanisms to enforce the rules and objectives of the model. Discretionary Access List Role-based Access List Mandatory Access List
  • 23. Security Operating System Computer SecurityTYPES OF ACCESS CONTROL MODELS DAC MAC RBAC The control of access is based on the discretion (wish) of the owner. A system that uses DAC enables the owner of the resource to specify which subjects can access specific resources The most common implementation of DAC is through ACLโ€™s which are dictated and set by the owners and enforced by the OS. This model is very strict and is based on a security label attached to all objects. The subjects are given security clearance by classifying the subjects as secret, top secret, confidential etc.) and the objects are also classified similarly. This model is used and is suitable for military systems where classifications and confidentiality is of at most important. A RBAC is based on user roles and uses a centrally administered set of controls to determine how subjects and objects interact. The RBAC approach simplifies the access control administration It is a best system for a company that has high employee turnover
  • 24. Security Operating System Computer SecurityONE TIME PASSWORDS THREE TYPES RANDOM NUMBERS Users are provided cards having numbers printed along with corresponding alphabets. System asks for numbers corresponding to few alphabets randomly chosen. SECRET KEY User are provided a hardware device which can create a secret id mapped with user id. System asks for such secret id which is to be generated every time prior to login. NETWORK PASSWORD Some commercial applications send one time password to user on registered mobile/ email which is required to be entered prior to login. One time passwords provides additional security along with normal authentication. In One-Time Password system, a unique password is required every time user tries to login into the system. Once a one-time password is used then it can not be used again. One time password are implemented in various ways.
  • 25. Security Operating System Computer SecurityREERENCES โ€ข Book: operating systems internals and design principles by william stallings 7th edition โ€ข https://www.cs.uic.edu/~jbell/coursenotes/operatingsystems/15_security.html โ€ข http://www.tutorialspoint.com/operating_system/os_security.htm โ€ข https://en.wikibooks.org/wiki/fundamentals_of_information_systems_security/access_control_systems โ€ข http://www.computerworld.com/article/2572130/security0/buffer-overflow.html โ€ข http://pcunleashed.com/different-types-of-trojan-horse-malware/ โ€ข http://support.kaspersky.com/viruses/general/614
  • 26. Thank You Thanks for coming Have a nice day Ask your questions in comment