SlideShare a Scribd company logo

Chapter Last.ppt

Download as PPT, PDF
M
miki304759

- Operating systems use various methods like usernames/passwords, security keys, and biometric scans to authenticate users. They also employ techniques such as antivirus software, firewalls, and regular patches to protect against malware, network intrusions, and other threats. Memory protection, access controls, and encryption further help secure operating systems and their resources.

Engineering
Related topics:
Cloud Computing Insights
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
Chapter Last Security and Protection
Overview • Security refers to providing a protection system to computer system resources such as CPU, memory, disk, software programs and most importantly data/information stored in the computer system. • a computer system must be protected against unauthorized access, malicious access to system memory, viruses, worms etc. Authentication : Authentication refers to identifying each user of the system and associating the executing programs with those users.
Overview….. • Operating Systems generally identifies/authenticates users using following three ways : – Username / Password – User card/key – User attribute – fingerprint/ eye retina pattern/signature One Time passwords: a unique password is required every time user tries to login into the system. It can be implemented by : – Random numbers – Secrete Key – Network password
• Program Threats: If a user program made these process do malicious tasks, then it is known as Program Threats. • well-known program threats are as follows: – Trojan Horse – Trap Door – Logic Bomb – Virus • System Threats : System threats refers to misuse of system services and network connections to put user in trouble well-known system threats. – Worm – Port Scanning – DoS Overview…..
Security methods and devices What is OS Security? • The term operating system (OS) security refers to practices and measures that can ensure the confidentiality, integrity, and availability (CIA) of operating systems. • Involves the implementation of control techniques that can protect your assets from unauthorized modification and deletion or theft. • The goal of OS security is to protect the OS from: – various threats – malicious software such as worms, Trojans and other viruses, – misconfigurations, and remote intrusions.
Cont.… • The most common techniques used to protect operating systems include – the use of antivirus software and other endpoint protection measures, – regular OS patch updates, – a firewall for monitoring network traffic, and – enforcement of secure access through least privileges and user controls.
Cont.… • Here are a few of the most common threat vectors that can affect an operating system. • Malware is injected into a system without the owner’s consent, or by masquerading as legitimate software, with the objective of stealing, destroying or corrupting data, or compromising the device. • A Denial of Service (DoS) attack is intended to clog a system with fake requests so it becomes overloaded, and eventually stops serving legitimate requests. • Network intrusion occurs when an individual gains access to a system for improper use. It can be Careless insiders, malicious insiders, Masqueraders, Clandestine users. • Buffer Overflow: During a buffer overflow attack, the buffer or other temporary data stores are overflowing with data.
Here are a few ways that improve operating system security: • Authentication Measures – Security keys – Username-password combinations – Biometric signatures – Multi-factor authentication • Using One-Time Passwords – Network passwords – Random numbers – Secret keys • Virtualization enables you to abstract software from hardware, effectively separating the two. • OS virtualization enables you to multiple isolated user environments using the same OS kernel. The technology that creates and enables this type of isolation is called a “hypervisor” Cont.…
Here are a few testing methods you can use. • Vulnerability assessment involves testing for weaknesses that may be lying undetected in an operating system. – Scanning for known vulnerabilities – Scanning the software and applications on an OS – Scanning for malware – Scanning for missing patches and updates – Patch testing – Port scanning • Penetration testing, or pentesting, is a security assessment strategy that uses vulnerability assessment to identify how an attacker may successfully exploit vulnerabilities in the system. the testing will be White Box, Grey Box and Black Box testing Cont.…
Protection, access, and authentication • Authentication mechanism determines the user’s identity before revealing the sensitive information. • It is very crucial for the system or interfaces where the user priority is to protect the confidential information. • Authentication does not determine what tasks the individual can do or what files the individual can see. Authentication merely identifies and verifies who the person or system is. • Access control for an operating system determines how the operating system implements accesses to system resources by satisfying the security objectives of integrity, availability, and secrecy. • Protection refers to a mechanism which controls the access of programs, processes, or users to the resources defined by a computer system.
Models of protection • Protection models represent the protected objects in a system – how users or subjects may request access to them, – how access decisions are made, and – how the rules governing access decisions may be altered. • Access Matrix is a security model of protection state in computer system. • It is represented as a matrix. • Access matrix is used to define the rights of each process executing in the domain with respect to each object. • The rows of matrix represent domains and columns represent objects. • Each cell of matrix represents set of access rights which are given to the processes of domain means each entry (i, j) defines the set of operations that a process executing in domain Di can invoke on object Oj.
Cont.…
Cont.…. • Memory protection is a way to manage access rights to the specific memory regions. It is used by the majority of multi-tasking operating systems. • The main goal of the memory protection appears to be a banning of a process to access the part of memory which is not allocated to that process. • Encryption is a method of securing data by scrambling the bits of a computer’s files so that they become illegible. • The only method of reading the encrypted files is by decrypting them with a key; the key is unlocked with a password. • Recovery Management is the process of planning, testing, and implementing the recovery procedures ad standards required to restore service in the event of a component failure; – either by returning the component to normal operation, or – taking alternative actions to restore service.

More Related Content

PPT
operating system Security presentation vol 2
qacaybagirovv
 
PPTX
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
PDF
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
PDF
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
PPT
Venture name Basics
Sathishkumar Vasudevan
 
PPT
Regression
Sathishkumar Vasudevan
 
PPT
Thur Venture
Sathishkumar Vasudevan
 
PPT
Venture name Basics
Sathishkumar Vasudevan
 
operating system Security presentation vol 2
qacaybagirovv
 
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
Venture name Basics
Sathishkumar Vasudevan
 
Regression
Sathishkumar Vasudevan
 
Thur Venture
Sathishkumar Vasudevan
 
Venture name Basics
Sathishkumar Vasudevan
 

Similar to Chapter Last.ppt (20)

PPT
Sangeetha Venture
Sathishkumar Vasudevan
 
PPT
Security (IM).ppt
GooglePay16
 
PPTX
Introduction to cyber security
Geevarghese Titus
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
PPTX
Cyber security presentation by Mr Navneet baboo, RN College Hajipur.pptx
kamleshabss
 
PPT
Information Security Audit and Analysis Module
AvinashAvuthu2
 
PDF
Security.pdf
Karthick Panneerselvam
 
PPT
3. security architecture and models
7wounders
 
PDF
OPERATING SYSTEM SECURITY
RohitK71
 
PPTX
Security and management
ArtiSolanki5
 
PPTX
Chapter 7
Seth Nurul
 
PPTX
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
PDF
Intruders
Dr.Florence Dayana
 
PPTX
Protection and security of operating system
Abdullah Khosa
 
PPTX
Protection and security
mbadhi
 
PPTX
Computer Security
AkNirojan
 
PPTX
Security Architectures and Models.pptx
RushikeshChikane2
 
PPTX
Metasploit
Parth Sahu
 
PDF
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
PDF
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
Sangeetha Venture
Sathishkumar Vasudevan
 
Security (IM).ppt
GooglePay16
 
Introduction to cyber security
Geevarghese Titus
 
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Cyber security presentation by Mr Navneet baboo, RN College Hajipur.pptx
kamleshabss
 
Information Security Audit and Analysis Module
AvinashAvuthu2
 
Security.pdf
Karthick Panneerselvam
 
3. security architecture and models
7wounders
 
OPERATING SYSTEM SECURITY
RohitK71
 
Security and management
ArtiSolanki5
 
Chapter 7
Seth Nurul
 
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
Intruders
Dr.Florence Dayana
 
Protection and security of operating system
Abdullah Khosa
 
Protection and security
mbadhi
 
Computer Security
AkNirojan
 
Security Architectures and Models.pptx
RushikeshChikane2
 
Metasploit
Parth Sahu
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
dadkhah077
 
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 

More from miki304759 (9)

PPTX
Software Evolution and maintenance chapter 1
miki304759
 
PPTX
Software Evolution and maintenance chapter 3
miki304759
 
PPT
Advanced Programming, Java Programming, Applets.ppt
miki304759
 
PPT
Chapter 1- Introduction.ppt
miki304759
 
PPTX
Elements of Graph Theory for IS.pptx
miki304759
 
PPT
Chapter one_oS.ppt
miki304759
 
PPTX
Chapter 3 SE 2015.pptx
miki304759
 
PPTX
Chapter One Function.pptx
miki304759
 
PPTX
4_5809869271378954936.pptx
miki304759
 
Software Evolution and maintenance chapter 1
miki304759
 
Software Evolution and maintenance chapter 3
miki304759
 
Advanced Programming, Java Programming, Applets.ppt
miki304759
 
Chapter 1- Introduction.ppt
miki304759
 
Elements of Graph Theory for IS.pptx
miki304759
 
Chapter one_oS.ppt
miki304759
 
Chapter 3 SE 2015.pptx
miki304759
 
Chapter One Function.pptx
miki304759
 
4_5809869271378954936.pptx
miki304759
 

Recently uploaded (20)

PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PPTX
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
web development for engineering and engineering
keshriji700
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PDF
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPT on Performance Review to get promotions
prashant593122
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
Lesson 3_Tessellation.pptx finite Mathematics
quakeplayz54
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
Project quality management in manufacturing
BarMusaTetik
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
web development for engineering and engineering
keshriji700
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
Welding lecture in detail for understanding
sahilpoonia10
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 

Chapter Last.ppt

  • 2. Overview • Security refers to providing a protection system to computer system resources such as CPU, memory, disk, software programs and most importantly data/information stored in the computer system. • a computer system must be protected against unauthorized access, malicious access to system memory, viruses, worms etc. Authentication : Authentication refers to identifying each user of the system and associating the executing programs with those users.
  • 3. Overview….. • Operating Systems generally identifies/authenticates users using following three ways : – Username / Password – User card/key – User attribute – fingerprint/ eye retina pattern/signature One Time passwords: a unique password is required every time user tries to login into the system. It can be implemented by : – Random numbers – Secrete Key – Network password
  • 4. • Program Threats: If a user program made these process do malicious tasks, then it is known as Program Threats. • well-known program threats are as follows: – Trojan Horse – Trap Door – Logic Bomb – Virus • System Threats : System threats refers to misuse of system services and network connections to put user in trouble well-known system threats. – Worm – Port Scanning – DoS Overview…..
  • 5. Security methods and devices What is OS Security? • The term operating system (OS) security refers to practices and measures that can ensure the confidentiality, integrity, and availability (CIA) of operating systems. • Involves the implementation of control techniques that can protect your assets from unauthorized modification and deletion or theft. • The goal of OS security is to protect the OS from: – various threats – malicious software such as worms, Trojans and other viruses, – misconfigurations, and remote intrusions.
  • 6. Cont.… • The most common techniques used to protect operating systems include – the use of antivirus software and other endpoint protection measures, – regular OS patch updates, – a firewall for monitoring network traffic, and – enforcement of secure access through least privileges and user controls.
  • 7. Cont.… • Here are a few of the most common threat vectors that can affect an operating system. • Malware is injected into a system without the owner’s consent, or by masquerading as legitimate software, with the objective of stealing, destroying or corrupting data, or compromising the device. • A Denial of Service (DoS) attack is intended to clog a system with fake requests so it becomes overloaded, and eventually stops serving legitimate requests. • Network intrusion occurs when an individual gains access to a system for improper use. It can be Careless insiders, malicious insiders, Masqueraders, Clandestine users. • Buffer Overflow: During a buffer overflow attack, the buffer or other temporary data stores are overflowing with data.
  • 8. Here are a few ways that improve operating system security: • Authentication Measures – Security keys – Username-password combinations – Biometric signatures – Multi-factor authentication • Using One-Time Passwords – Network passwords – Random numbers – Secret keys • Virtualization enables you to abstract software from hardware, effectively separating the two. • OS virtualization enables you to multiple isolated user environments using the same OS kernel. The technology that creates and enables this type of isolation is called a “hypervisor” Cont.…
  • 9. Here are a few testing methods you can use. • Vulnerability assessment involves testing for weaknesses that may be lying undetected in an operating system. – Scanning for known vulnerabilities – Scanning the software and applications on an OS – Scanning for malware – Scanning for missing patches and updates – Patch testing – Port scanning • Penetration testing, or pentesting, is a security assessment strategy that uses vulnerability assessment to identify how an attacker may successfully exploit vulnerabilities in the system. the testing will be White Box, Grey Box and Black Box testing Cont.…
  • 10. Protection, access, and authentication • Authentication mechanism determines the user’s identity before revealing the sensitive information. • It is very crucial for the system or interfaces where the user priority is to protect the confidential information. • Authentication does not determine what tasks the individual can do or what files the individual can see. Authentication merely identifies and verifies who the person or system is. • Access control for an operating system determines how the operating system implements accesses to system resources by satisfying the security objectives of integrity, availability, and secrecy. • Protection refers to a mechanism which controls the access of programs, processes, or users to the resources defined by a computer system.
  • 11. Models of protection • Protection models represent the protected objects in a system – how users or subjects may request access to them, – how access decisions are made, and – how the rules governing access decisions may be altered. • Access Matrix is a security model of protection state in computer system. • It is represented as a matrix. • Access matrix is used to define the rights of each process executing in the domain with respect to each object. • The rows of matrix represent domains and columns represent objects. • Each cell of matrix represents set of access rights which are given to the processes of domain means each entry (i, j) defines the set of operations that a process executing in domain Di can invoke on object Oj.
  • 13. Cont.…. • Memory protection is a way to manage access rights to the specific memory regions. It is used by the majority of multi-tasking operating systems. • The main goal of the memory protection appears to be a banning of a process to access the part of memory which is not allocated to that process. • Encryption is a method of securing data by scrambling the bits of a computer’s files so that they become illegible. • The only method of reading the encrypted files is by decrypting them with a key; the key is unlocked with a password. • Recovery Management is the process of planning, testing, and implementing the recovery procedures ad standards required to restore service in the event of a component failure; – either by returning the component to normal operation, or – taking alternative actions to restore service.