IS Security and the Operating Systems - Essay Example

? IS Security IS Security Introduction Security in both operating 1systems and applications is extremely crucial due to the increased threat of outside or inside attack. An exploit of the operating system or application allows hackers to access operating systems and steal data or worse still destroy the hardware or software. Therefore, manufacturers have come up with security systems that protect the operating system and application from attackers, but this system do not ensure 100 percent security guarantee. However, those produced for operating system are proving more effective than those developed for application due to various factors addressed in this paper. This has made most people come to a conclusion that there is less attention to applications compared to the operating system, which is not the case. Why a good level of security is achieved in operating systems than applications The frequent patching and updating of operating system limits the chances of attackers from attacking the system. On the contrary, it appears that operating systems get more attention than applications. This section provides information on why there is a perception that operating systems have higher levels of security than applications. Security issues from applications are by far more complicated and dynamic compared to security issues from operating systems. Furthermore, it is easier to detect and mitigate a security threat in an operating system than that of an application. The loopholes that can occur in software are numerous, considering that software (whether new or updated) has to join with an existing integration of new and old systems to create a string of systems that are uptight with vulnerabilities.1 There are different applications that are in use by users adding to the problem of security threat; this is because not many users do not have the know-how of recognizing and handling vulnerabilities in the event when an application suffers attacks. The main reason is because they do not take time to learn the security repercussions of how the application is designed, operated, architected and developed, especially in those applications that are in a network or web based models. In operating systems, security depends on confidentiality, integrity, availability and authenticity of all the computer systems assets. On2 the same note, other types of threats that should be considered are interceptions, modification, fabrication and interruptions, which are similar to the threats experienced in computer applications.2 Applications run on the operating systems. Therefore, it is easy for an attacker to use the application file or vulnerability to attack the operating system either through one application or by infecting other applications. This enables the user or system administrator to detect the attack before affecting the operating system, hence the misconception that security threats are more prevalent in applications than operating systems. One difference between operating system security issue and application is file permissions. An example of this is when an application misunderstands the semantics of an operating system file or totally omits a check. This problem does not occur in operating systems; this stems from the fact that any attempt to open a given file will prompt a permission check as the file permissions link to individual files.2 On the other hand, some operating systems mechanisms result to complex security issues for the applications used today. Operating systems are not flexible in offering support, resulting to a compromised security issue. An example of such operating system is that of UNIX, which violates some privileges by only supporting a two level privilege that includes root and user. To limit these 3limitations, it introduces “set user id”, “set group id” and “chroot (2)” that are particularly limiting and inadequate. These applications aim to become responsible for granting permissions, accepting requests, and managing resources, which are primary functions of an operating system that creates a number of security threats.3 Application based servers are highly prone to attacks, and it is advisable that they be isolated from internet access. These servers are more prone to viruses, worms, Trojan horses, network eavesdropping and unauthorized access. In an event where the application server faces a network eavesdropping attack, the attacker has the privileges of modifying and viewing all the data transferred from the application server to the database servers. The attacker captures traffic from the network by using a packet sniffing tool. On the other hand, without using a firewall on the application server, an attacker can gain direct access to the server and allow outsiders to communicate directly with the application server. The most common and dangerous attacks are viruses, worms and Trojan horses, which get detected once they start to affect the resources in the system; they are exceedingly common in application servers hosting the IIS.3 Operating system companies are keen in eliminating any security loopholes that may occur by ensuring there is a continuous publishing of updates for the sake of system stability. The same occurs in applications, but users are not keen at installing them; this increases the vulnerability of the applications. On the other hand, the authentication of operating system is a remarkably precise authentication process that features a login, which separates users and the privileges they have in the computer.3 It also incorporates user names and passwords that ensure that there are controlled access by different users on memory and the hard drive. However, this has not proven to be the best security solver, but when well-crafted offers some degree of security to the operating system. Risks associated with a populated workstation or server and how to mitigate it When networked workstations and servers become populated with a set of user applications, there are numerous threats that come with it, especially to 4the data being stored or communicated. A good example of this problem is the botnet, which is a group of compromised machines. This problem worsens due to increased usage of the internet and the number of networked computers all over the globe. The compromised machines are usually under the control and command of the botmaster, which installs spyware and malicious codes. Furthermore, it will also try to steal identity data and fraud extortion by launching a denial of service attack on the host servers. These are the worst forms of attacks as they are highly dynamic and easy to the commission for any hacker. Additionally, the adaptive behavior makes them hard to detect as they evade any security defenses that might be put in place. Creation of botnet starts by downloading a file from either the internet or email embedded with the software program. It will install itself in the system and contact the public server through various techniques such as Internet Relay Chat, SMTP and TCP, Secure Hypertext Transfer Protocol, and User Datagram Protocol. The other thing that makes this security threat extremely dangerous is because they are not static, but moves from one place to the other to avoid detection. After the software gets installed into the machine, it starts to source for other machines that are vulnerable. Within a span of few hours, the number of botnet will be in millions and spread across the globe. The attack of Botnet is remarkably diverse and includes email services, antispasm, IT security vendors, DNS, websites and hosting providers.4 5Losing of information is particularly common in zombies and comes in the form of identity theft and phishing. In Phishing, the botnet impersonates legit services such as banking websites for the purpose of stealing password and other personal information. The other way that information can be lost through botnet is by identity theft. In this case, once the botnet gets launched into your computer system, it steals passwords, financial information and personal details directly from the computer. Therefore, it is highly prudent to eliminate it once detected, or put appropriate measures in place to reduce the vulnerability of your system. However, this is difficult because they launch in various vectors and no single security tool can be used against them all.5 It easy to detect them through the use of available botnet detection tools, which analyze flow of data traffic through the routers. Furthermore, DNS log analysis, anomaly detection and honeypots apply in detection of botnet. In flow data monitoring, various protocols function to identify and monitor the network for any compromised server or workstations. On the other hand, DNS log analysis uses the fact that botnets use free DNS hosting and have hard-coded references. Therefore, the DNS log analysis spots the hard-coded references and is crippled by directing them to dead IP address. DNS log analysis is the most effective tool but at the same time extremely difficult to implement as it involves different parties.5 In addition, anomaly detection is a tool that marks or characterizes traffic as normal and flags off those that have a deviation from the normal traffic. This detection and mitigation technique blocks any detected traffic from zombie machines and is highly effective when used on the network or at the endpoint. The other effective technique is the honeypot, which mimics a legit resource so that it can detect any intrusions. This technique is effective in surveillance and warning system. Therefore, implementing well-planned and systematic software should be executed so that trustworthiness and predictable execution is attained. Bibliography Cole, Eric. Network Security Bible. New Jersey: John Wiley & Sons, 2011. Read More