Skip to main content

OS Protection and Security

 

 

Computer worms:

These programs can invade computers usually via a network and deny service to legitimate users by using inordinate of processing and communication resources for self-propagation.

Virus:

Viruses are pieces of code that infect the other programs and often perform harmful acts such as deletion of files or corruption of boot blocks.

Threats:

In computer security a threat is an event to cause harm to the system in the form of destruction, disclosure and modification of data or denial of service.

Intruders:

People who are creating troubles to others trough the violation of the security restrictions where they have no business being are called intruders.

Generally intruders are of two types:-

    1. Passive Intruders (Hackers)

    2. Active Intruders (Crackers)


  • The passive intruders just want to read data or copying the files without any permission from owner of the data.
  • Active intruders want to modify the data without any permission. Active intruders are more dangerous because we lose the original data permanently from crackers (hackers just copy the information).


Any computer security system has 4 general goals:

1. Data should be kept secret. The corresponding threat is exposure of data.

2. Data Integrity. It means unauthorised person should not modify the data without owner’s permission. The threat is tampering with data.

3. System availability. The threat for this goal is denial of service.

4. Authenticity. Not verifying the identity of user.

Types of threat:

Generally threats are of 4 types:

  1. Interruption: It is one type of threat; it means physically destroying the hardware resource, e.g. the cutting of a communication line, destruction of a hard disk, disabling the file management system, physically damaging the power cables.
  2. Interception: The person access the data without any proper permission from the owner of the data, this is an attack on the confidentiality, e.g. accessing the mailbox without permission, trace the password and enter into others login, illicit copying of data and files.
  3. Data modification: It is a very dangerous type of thread compared with interception. In this the unauthorised person gains the data and keeps the copy and then modifies the original data and send to destination.   
  4. Fabrication: It is also damaged one. The unauthorised person inserts the unusueful data to the system. This is attack on ‘system availability’ and “authenticity”.

Accidental data loss: In addition to threats caused by intruders, valuable data can be lost by accident. Some of the common causes of accidental data loss are:

  1.  Acts of God – Cyclone, floods, earth quake, fire, riots, war etc.
  2.  Hardware or Software errors – Accidental shut down of the system, disk readable errors, CPU malfunctions, telecommunication errors, program bugs etc.
  3. Human errors – All these types of data lose can be solved using backup.


Protection Mechanisms

  •  User authentication
  •  Password protection
  •  Authentication using biometric
  •  Digital signature
  •  Cryptography (Encryption and Decryption)

Digital Signature:

Once the sender creates a digital signature he cannot repudiate a letter. One common way is to first run the document through a one-way hashing algorithm that is very hard to invert. The hashing function produces a fixed-length result independent of the original doc size.

Two popular hashing functions are available:

  •  MD5 (Message Digest) – It produces the 16-byte result
  •  SHA (Secure Hash Algorithm ) – 20-byte result


(Cryptography can be applied in digital signature also)

Notes: - 1. Hashing means searching technique, it is a function popular hashing techniques are division world, mid square method, folding method.


User Authentication:  In networking supported OS (Windows 2000 server, windows NT and Unix) knows the identity of each user the problem of identifying the user when the login is called authentication.

  • All OS uses password for user authentication
  • Whenever the system turned on, Login program asked the user to type login name and password
  • Then password is immediately encrypted, the login program reads the password, it contains all the password, one password for one user then search the appropriate password for the login name
  • If the users entered password and the password in the password file matches, then the login is permitted otherwise it asked to enter password again (Unix system asks 3 times inly for the correct login and password)

Authentication using biometrics:

i) the physical characteristics of the user are hard to forge- so its call biometrics.

ii) the biometrics system, consisting of two part – enrollment, identification.

iii) In the first part users physical characteristics are measured and converted into digital form and stored into

iv) In the identification part, system asks for login name, after entered the login name, the system asks the user physical part for identification. If the parts are matched, then the login opened otherwise rejected.

Example 1- Fingerprint:

Fingerprint is a biometric option for its unique identifying characteristics. placed on a special reading pad a designated finger`s print is recognized by the computer. A similar biometrics device scans the users whole hand.

Example 1- Voice reader:

Voice reader can verify the user`s identity. the user speaks a specified word or sentence to gain access to a secured computer. distinct patterns , tones and other qualities in the voice must match the authorized user`s voice in the computer`s security system.


Cryptology:-

Cryptology is the study of code both creating and solving them.

Cryptography:-

  1. Cryptography is the art of creating code; it is a mechanism of providing security to the information from unauthorised people.
  2. A file or message in the source end is called plain text or clear text and it is converted to the cipher text with the help of key and sent to the destination. Only destination knows how to convert it back to the plain text.
  3. In cryptography key is secret, algorithm is open to all.

Encryption:-

It is the process of converting plain text to cipher text at the sending end, encryption algorithm applied on the key.

Decryption:-

It is the process of converting cipher text to plain text at the destination end. The decryption algorithm applied on the key.

Classification of cryptography:-

  1.  Private key algorithm (secret key)
  2.  Public key algorithm (asymmetric key)
  3.  Quantum cryptography

 Asymmetric key cryptography (Public Key algorithm)

Public key methods require two unique keys, one called the public key and other called the private key. The private key is mathematically linked to public key. While public keys are published, private keys are never exchanged and always kept secret. Example: RSA (Rivest Shamir Adelman)

Symmetric cryptography (Private Key algorithm)

Private Key encryption algorithm uses a single key for both encryption and decryption. In order to communicate using this class of cipher, the key must be known to both sender and receiver of the message. Example: DES (Data Encryption Standard), IDEA (International Data Encryption Algorithm).


Comments

Post a Comment

Popular posts from this blog

Operating System

What is an operating system?  An  Operating System  (OS) is an interface between a computer user and computer hardware. An  operating system  is a software that performs all the basic tasks like file management, memory management, process management, handling input and output, and controlling peripheral devices such as disk drives and printers.  The operating system's job  Process Management Memory Management CPU Scheduling File Management Security Types of Operating System  –   Batch Operating System- Sequence of jobs in a program on a computer without manual interventions. Time-sharing operating System- allows many users to share the computer resources. (Max utilization of the resources). Distributed operating System- Manages a group of different computers and makes appear to be a single computer. Network operating system- computers running in different operating systems can participate in a common network (It is used for security purposes)...
5 comments
Read more