Chapter 11 Security and Ethics

1
Chapter 11Security and Ethics

• Understanding Operating Systems, Fourth Edition

2
Objectives

• You will be able to describe
• The role of the operating system with regard to
  system security
• The effects of system security practices on
  overall system performance
• The levels of system security that can be
  implemented and the threats posed by evolving
  technologies
• The differences between computer viruses and
  worms, and how they spread
• The difficulties of teaching ethics to user
  groups and the role of education in system
  security

3
Role of the Operating System in Security

• Operating system plays a key role in computer
  system security
• Any vulnerability at the operating system level
  opens the entire system to attack
• The more complex and powerful the operating
  system, the more likely it is to have
  vulnerabilities to attack
• System administrators must be on guard to arm
  their operating systems with all available
  defenses against attack

4
System Survivability

• Capability of a system to fulfill its mission, in
  a timely manner, in the presence of attacks,
  failures, or accidents
• Key properties of survivable systems
• Resistance to attacks
• Recognition of attacks and resulting damage
• Recovery of essential services after an attack
• Adaptation and evolution of system defense
  mechanisms to mitigate future attacks

5
System Survivability (continued)
Table 11.1 Four key properties of a survivable
system
6
Levels of Protection
System administrator must evaluate the risk of
intrusion for each computer configuration, which
in turn depends on the level of connectivity
given to the system
Table 11.2 A simplified comparison of security
protection required for three typical computer
configurations
7
Backup and Recovery

• Backup and recovery policies are essential for
  most computing systems
• Many system managers use a layered backup
  schedule
• Backups, with one set stored off-site, are
  crucial to disaster recovery
• Written policies and procedures and regular user
  training are essential elements of system
  management

8
Backup and Recovery

• Written security procedures should recommend
• Frequent password changes
• Reliable backup procedures
• Guidelines for loading new software
• Compliance with software licenses
• Network safeguards
• Guidelines for monitoring network activity
• Rules for terminal access

9
Security Breaches

• A gap in system security can be malicious or not
• Intrusions can be classified as
• Due to uneducated users and unauthorized access
  to system resources
• Purposeful disruption of the systems operation
• Purely accidental
• Examples Hardware malfunctions, undetected
  errors in OS or applications, or natural
  disasters
• Malicious or not, a breach of security severely
  damages the systems credibility

10
Unintentional Intrusions

• Any breach of security or modification of data
  that was not the result of a planned intrusion
• Examples
• Accidental incomplete modification of data
• When nonsynchronized processes access data
  records and modify some but not all of a records
  fields
• Errors due to incorrect storage of data values
• e.g., When the field isnt large enough to hold
  the numeric value stored there

11
Unintentional Intrusions (continued)
Figure 11.1 (a) Original data value in a field
large enough to hold it. If the field is too
small, (b) FORTRAN replaces the data with
asterisks, (c) COBOL truncates the higher order
digits and stores only the digits that remain
12
Intentional Attacks

• Types of Intentional attacks
• Intentional unauthorized access
• e.g., denial of service attacks, browsing, wire
  tapping, repeated trials, trap doors, and trash
  collection
• Viruses and worms
• Trojan Horses
• Bombs
• Blended threats

13
Intentional Unauthorized Access

• Denial of service (DoS) attacks
• Synchronized attempts to deny service to
  authorized users by causing a computer to perform
  repeated unproductive task
• Browsing
• Unauthorized users gain access to search through
  secondary storage directories or files for
  information they should not have the privilege to
  read

14
Intentional Unauthorized Access (continued)

• Wire Tapping Unauthorized users monitor or
  modify a users transmission
• Passive wire tapping Refers to just listening to
  the transmission but not changing the contents,
  and reasons include
• To copy data while bypassing any authorization
  procedures
• To collect specific information such as password
• Active wire tapping Data being sent is modified
• Methods include between lines transmission and
  piggyback entry

15
Intentional Unauthorized Access (continued)

• Repeated Trials To enter systems by guessing
  authentic passwords
• Trap doors An unspecified and undocumented entry
  point to the system
• Installed by a system diagnostician or programmer
  for future use
• Leaves the system vulnerable to future intrusion
• Trash collection Use of discarded materials such
  as disks, CDs, printouts, etc., to enter the
  system illegally

16
Intentional Unauthorized Access (continued)
Table 11.3 Average time required to guess
passwords up to ten alphabetic characters (A-Z)
using brute force
17
Intentional Unauthorized Access (continued)

• Malicious attacks on computers may violate state
  and federal law under the Federal Computer Fraud
  and Abuse Act of 1986
• Those convicted have been sentenced to
  significant fines and jail terms, as well as
  confiscation of their computer equipment
• In the U.S., attempts to intrude into your system
  should be reported to the FBI

18
Viruses

• Small programs written to alter the way a
  computer operates, without permission of the user
  
• Must meet two criteria It must be self-executing
  and self-replicating
• Usually written to attack a certain operating
  system
• Spread via a wide variety of applications
• Macro virus works by attaching itself to a
  template (such as NORMAL.DOT), which in turn is
  attached to word processing documents

19
Viruses (continued)
Figure 11.2 A file infector virus attacks a
clean file (a) by attaching a small program to it
(b)
20
Viruses (continued)
Table 11.4 Types of viruses
21
Viruses (continued)
Table 11.4 (continued) Types of viruses
22
Worms and Trojan Horses

• Worm A memory-resident program that copies
  itself from one system to the next without
  requiring the aid of an infected program file
• Results in slower processing time of real work
• Especially destructive on networks
• Trojan Horse A destructive program thats
  disguised as a legitimate or harmless program
• Allows the programs creator to secretly access
  users system

23
Bombs and Blended Threats

• Logic bomb A destructive program with a fuse a
  certain triggering event (such as a keystroke or
  connection with the Internet)
• Spreads unnoticed throughout a network
• Time bomb A destructive program triggered by a
  specific time, such as a day of the year
• Blended Threat Combines into one program the
  characteristics of other attacks
• e.g., including a virus, worm, Trojan Horse,
  spyware, and other malicious code into a single
  program

24
Blended Threats (continued)

• Blended Threats (continued)
• Characteristics of blended threat
• Harms the affected system
• Spreads to other systems using multiple methods
• Attacks other systems from multiple points
• Propagates without human intervention
• Exploits vulnerabilities of target systems
• Protection Combination of defenses in
  combination with regular patch management

25
System Protection

• No single guaranteed method of protection
• System vulnerabilities include
• File downloads, e-mail exchange
• Vulnerable firewalls
• Improperly configured Internet connections, etc.
• Need for continuous attention to security issues
• System protection is multifaceted and protection
  methods include
• Use of antivirus software, firewalls, restrictive
  access and encryption

26
Antivirus Software

• Software to combat viruses can be preventive,
  diagnostic, or both
• Preventive programs may calculate a checksum for
  each production program
• Diagnostic software compares file sizes, looks
  for replicating instructions or unusual file
  activity
• Can sometimes remove the infection and leave the
  remainder intact
• Unable to repair worms, Trojan horses, or blended
  threats as they are malicious code in entirety

27
Antivirus Software (continued)
Table 11.5 Websites containing current
information on systems security
28
Antivirus Software (continued)
Figure 11.4 (a) Uninfected file (b) file
infected with a virus (c) a Trojan horse or worm
consists entirely of malicious code
29
Firewalls

• A set of hardware and/or software designed to
  protect a system by disguising its IP address
  from unauthorized users
• Sits between the Internet and network
• Blocks curious inquiries and potentially
  dangerous intrusions from outside the system
• Mechanisms used by the firewall to perform
  various tasks include
• Packet filtering
• Proxy servers

30
Firewalls (continued)
Figure 11.5 Firewall sitting between campus
networks and Internet, filtering
requests for access
31
Firewalls (continued)

• Typical tasks of the firewall are to
• Log activities that access the internet
• Maintain access control based on senders or
  receivers IP addresses
• Maintain access control based on services that
  are requested
• Hide internal network from unauthorized users
• Verify that virus protection is installed and
  enforced
• Perform authentication based on the source of a
  request from the Internet

32
Firewalls (continued)

• Packet filtering
• Firewall reviews header information for incoming
  and outgoing Internet packets to verify
  authenticity of source address, destination
  address, and protocol
• Proxy server
• Hides important network information from
  outsiders by making network server invisible
• Determines if request for access to the network
  is valid
• Proxy servers are invisible to users but are
  critical to the success of the firewall

33
Authentication

• Authentication A verification that an individual
  trying to access a system is authorized to do so
• Kerberos A network authentication protocol
• Need for password encryption to improve network
  security led to development of Kerberos
• Designed to provide strong authentication for
  client/server applications
• Uses strong cryptography
• Requires systematic revocation of access rights
  from clients who no longer deserve to have access

34
Authentication (continued)
Figure 11.6 Using Kerberos, when client A
attempts to access server B, user is
authenticated (a) and receives a ticket for the
session (b). Once the ticket is issued, client
and server can communicate at will (c). Without
the ticket, access is not granted
35
Encryption

• Most extreme protection method for sensitive data
  where data is put into a secret code
• To communicate with another system, data is
  encrypted, transmitted, decrypted, and processed
• Sender inserts public key with the message
• Message receiver required to have private key to
  decode the message
• Disadvantages
• Increases systems overhead
• System becomes totally dependent on encryption
  process itself

36
Sniffers and Spoofing

• Sniffers Programs that reside on computers
  attached to the network
• Peruse data packets as they pass by, examine each
  one for specific information
• e.g., Particularly problematic in wireless
  networks
• Spoofing Assailant fakes IP addresses of an
  Internet server by changing the address recorded
  in packets it sends over the Internet
• Used when unauthorized users want to disguise
  themselves as friendly sites

37
Password Management

• Most basic techniques used to protect hardware
  and software investments include
• Good passwords
• Careful user training
• Password Construction
• Good password is unusual, memorable, and changed
  often
• Password files normally stored in encrypted form
• Password length has a direct effect on the
  ability of password to survive password cracking
  attempts

38
Password Construction (continued)
Figure 11.8 Password verification flowchart
39
Password Construction (continued)
Table 11.6 Number of combinations of passwords
depending on their length and available character
set
40
Password Construction (continued)

• Reliable techniques for generating a good
  password
• Use minimum of eight characters, including
  numbers and nonalphanumeric characters
• Create a misspelled word or join bits of phrases
  into a word thats easy to remember
• Follow a certain pattern on the keyboard
• Create acronyms from memorable sentences
• Use upper and lowercase characters if allowed
• Never use a word thats included in any dictionary

41
Password Construction (continued)

• Dictionary attack A method of breaking encrypted
  passwords
• Requirements
• A copy of the encrypted password file
• Algorithm used to encrypt the passwords
• Prevention
• Some operating systems salt user passwords with
  extra random bits to make them less vulnerable to
  dictionary attacks

42
Password Alternatives

• Use of a smart card
• A credit card-sized calculator that requires both
  something you have and something you know
• Displays a constantly changing multidigit number
  synchronized with an identical number generator
  in the system
• User must type in the number that appears at that
  moment on the smart card
• For added protection, user then enters a secret
  code
• User is admitted to the system only if both
  number and code are validated

43
Password Alternatives (continued)

• Biometrics
• The science and technology of identifying
  individuals based on unique biological
  characteristics of each person
• Current research focuses on
• Analysis of the human face, fingerprints, hand
  measurements, iris/retina, and voice prints
• Positively identifies the person being scanned
• Critical factor is reducing the margin of error
• Presently, biometric authentication is expensive

44
Social Engineering

• A technique whereby system intruders gain access
  to information about a legitimate user to learn
  active passwords by
• Looking in and around the users desk for a
  written reminder
• Trying the user logon ID as the password
• Searching logon scripts
• Telephoning friends and co-workers to learn the
  names of users family members, pets, vacation
  destinations, favorite hobbies, car model, etc.

45
Social Engineering (continued)

• Phishing Intruder pretends to be a legitimate
  entity and contacts unwary users asking them to
  reconfirm their personal and/or financial
  information
• Example 2003 incident involving eBay customers
• Default passwords
• Pose unique vulnerabilities because they are
  widely known
• Routinely shipped with hardware or software
• Routinely passed from one hacker to the next
• Should be changed immediately

46
Ethics

• Ethical behavior Be good. Do good.
• IEEE and ACM issued a standard of ethics in 1992
• Apparent lack of ethics in computing is a
  significant departure from other professions
• Consequences of ethical lapses
• Illegally copied software can result in lawsuits
  and fines
• Plagiarism is illegal and punishable by law
• Eavesdropping on e-mail, data, or voice
  communications is sometimes illegal and usually
  unwarranted

47
Ethics (continued)

• Consequences of ethical lapses (continued)
• Cracking (malicious hacking) causes systems
  owner and users to question the validity of
  systems data
• Unethical use of technology is clearly the wrong
  thing to do
• Specific activities to teach ethics can include
• Publish policies that clearly state which actions
  will and will not be condoned
• Teach a regular seminar on the subject including
  real-life case histories
• Conduct open discussions of ethical questions

48
Summary

• Cant overemphasize the importance of keeping the
  system secure
• System is only as good as the integrity of the
  data thats stored on it
• A single breach of security whether
  catastrophic or not, whether accidental or not
  damages the systems integrity
• Damaged integrity threatens the viability of the
  best-designed system, its managers, its
  designers, and its users
• Vigilant security precautions are essential