System Security

ByMr. Amin Pathan

(M.Tech-CSE Pursuing, BE-IT)

Lecturer, MGM`s Polytechnic, Aurangabad.

Password Management

Password SecurityThe important protection against Intruders is the password system.The password serves in used to authenticate the ID of the individual who logs on to the system.ID determines whether the user is authorized or unauthorized to gain access to a system.ID determines the privileges according to the user.ID is used as unrestricted access control.

Example

UNIX Operating SystemUser selects a password of up to eight printable characters in length.This password is then converted into a 56 bit value that serves as the key input to an encryption process based on DES.DES Algorithm is modified using a 12 bit salt value.This way, it prevents duplicate password.

Password Selection Strategies (Policies)

1. User Education

2. Computer Generated Password

3. Reactive password checking

4. Proactive password checking

1. User Education

Tell the importance of hard-to-guess password to the users & provide guidelines for selecting strong password.This strategy is unlikely to be successful at most installation, particularly where there is a large user population.Many users will simply ignore the guidelines, which may not be good judgement of what is a strong password.

2. Computer Generated Password

Users will not be able to remember the computer generated password, even though the password is pronounceable.The passwords are reasonably random in nature.So many times users write it down.

3. Reactive password Checking

The system periodically runs its own password cracker program to find out guessable passwords.If the system find any such a password then cancels it & notifies the user

4. Proactive password checking

User is allowed to select his/her own password.At the time of selection, the system checks the password if the password is allowable then allow otherwise reject it.

Components of Good password

As a password is meant to protect access and resources from intruders, it should not be easy for some one else to guess.Followings are the some guidelines to make a password more difficult to guess or obtain.1. Password should be at least eight characters long2. It should have at least three elements among following elements (one or more uppercase, one or more lowercase, one or more numerals, one or more special characters).3. It should not consist of dictionary words.4. It should not at all be the same as the users login name

Operating System Hardening

OS is the system software which handles input, output, display, memory management & all highly tasks.OS Example :- Microsoft (95, 98, NT, 2000, ME, XP, Vista, 7, 8)Apple Mac OS, Sun Solaris, UNIXNOS includes additional functions and capabilities to help in connecting computers & devices like printers to LANExample :- Windows Server 2003, Windows Server 2008.OS Manufactures will not provide security but some recommendations or simplified tools & settings to facilitate security of the system.

Operating System Hardening cont...

Removing unnecessary applications and utilities, disabling unnecessary services, setting of appropriate permissions on files and updating the OS and application code to the latest version.This process of securing an OS is known as OS hardening and it is intended to make the system more secure.

Step for securing Windows OS

1. Disable all unnecessary Service2. Restrict permissions on files and access to the Registry3. Remove unnecessary Programs.4. Apply the latest patches and fix5. Remove unnecessary user accounts and ensure password guidelines are in place

Weaknesses of Windows OS

MS Windows is not open sourceWindows OS installation is insecure because it includes hidden shares, blank passwords & it will not provide protection for known vulnerabilities.It is difficult for administrator to understand how to properly use & configure the software on various hardware setups.It slows down after running 24 hours.Many users don`t understand the security risk related to system while configuring it, so this will cause for different attacks.Less actual control over files.

UNIX OS Hardening

The process of securing UNIX OS to make the system more secure is called as UNIX OS Hardening.It means it disable unnecessary services, restrict permissions on files and directories, apply password guidelines, remove unnecessary software, apply patches, and remove unnecessary users.UNIX system is very powerful and flexible.This is all depending on the skill and knowledge of the system administrator because so much control is placed in the administrators hand.UNIX systems are easier to secure and baseline when they are providing a single service or performing a single function, like acting as SMTP or web Server.

UNIX OS Hardening Cont...

During installation process, it is easy to select which services and applications are placed on the system.On UNIX System by using the process status or by ps command, you can see which processes, applications and services are running.An administrator can identify the service by its unique process identifier or PID. To stop a running service the process is identified by PID and then kill command id used to stop the services.

Updates

To the standard user or system administrator is constant stream of updates designed to correct problems, replace sections of code, or even add new features to an installed OS.Vendors typically follows a hierarchy for software updates given below:-1. Hotfix2. Patch3. Service Pack

Updates Cont...

1. HotfixThis term is given to small software update designed to address particular problem.Hotfixes are typically developed in reaction to a discovered problem.2. PatchThis term is given to large software updates designed to address particular problem.Patches contain improvements or additional capabilities ans fixes for known bugs. They are usually developed over a longer period of time.

Updates Cont..

3. Service PackThis term is given to a large collection of patches and hotfixes that are rolled into a single.Service packs are designed to bring a system up to the latest known rather than requiring the user or system administrator to download several of updates separately.

Thanks...!