System security by Amin Pathan
•Download as PPTX, PDF•
0 likes•366 views
This document discusses system security and password management. It describes how passwords authenticate users and determine their privileges. For example, in UNIX systems the password is encrypted using DES algorithm with a salt value to prevent duplicates. The document also discusses strategies for strong password selection, such as user education, computer-generated passwords, and reactive/proactive password checking. It provides guidelines for components of a good password. Additionally, it covers operating system hardening techniques like disabling unneeded services/accounts, updating software, and removing unneeded programs/utilities. Specific steps are outlined for securing Windows and UNIX systems.
Report
Share
More Related Content
What's hot
What's hot (18)
Viewers also liked
Viewers also liked (11)
Similar to System security by Amin Pathan
Similar to System security by Amin Pathan (20)
More from aminpathan11
More from aminpathan11 (15)
Recently uploaded
Recently uploaded (20)
System security by Amin Pathan
- 1. System Security By Mr. Amin Pathan (M.Tech-CSE Pursuing, BE-IT) Lecturer, MGM`s Polytechnic, Aurangabad.
- 2. Password Management Password Security The important protection against Intruders is the password system. The password serves in used to authenticate the ID of the individual who logs on to the system. ID determines whether the user is authorized or unauthorized to gain access to a system. ID determines the privileges according to the user. ID is used as unrestricted access control.
- 3. Example UNIX Operating System User selects a password of up to eight printable characters in length. This password is then converted into a 56 bit value that serves as the key input to an encryption process based on DES. DES Algorithm is modified using a 12 bit salt value. This way, it prevents duplicate password.
- 4. Password Selection Strategies (Policies) 1. User Education 2. Computer Generated Password 3. Reactive password checking 4. Proactive password checking
- 5. 1. User Education Tell the importance of hard-to-guess password to the users & provide guidelines for selecting strong password. This strategy is unlikely to be successful at most installation, particularly where there is a large user population. Many users will simply ignore the guidelines, which may not be good judgement of what is a strong password.
- 6. 2. Computer Generated Password Users will not be able to remember the computer generated password, even though the password is pronounceable. The passwords are reasonably random in nature. So many times users write it down.
- 7. 3. Reactive password Checking The system periodically runs its own password cracker program to find out guessable passwords. If the system find any such a password then cancels it & notifies the user
- 8. 4. Proactive password checking User is allowed to select his/her own password. At the time of selection, the system checks the password if the password is allowable then allow otherwise reject it.
- 9. Components of Good password As a password is meant to protect access and resources from intruders, it should not be easy for some one else to guess. Followings are the some guidelines to make a password more difficult to guess or obtain. 1. Password should be at least eight characters long 2. It should have at least three elements among following elements (one or more uppercase, one or more lowercase, one or more numerals, one or more special characters). 3. It should not consist of dictionary words. 4. It should not at all be the same as the users login name
- 10. Operating System Hardening OS is the system software which handles input, output, display, memory management & all highly tasks. OS Example :Microsoft (95, 98, NT, 2000, ME, XP, Vista, 7, 8) Apple Mac OS, Sun Solaris, UNIX NOS includes additional functions and capabilities to help in connecting computers & devices like printers to LAN Example :- Windows Server 2003, Windows Server 2008. OS Manufactures will not provide security but some recommendations or simplified tools & settings to facilitate security of the system.
- 11. Operating System Hardening cont... Removing unnecessary applications and utilities, disabling unnecessary services, setting of appropriate permissions on files and updating the OS and application code to the latest version. This process of securing an OS is known as OS hardening and it is intended to make the system more secure.
- 12. Step for securing Windows OS 1. Disable all unnecessary Service 2. Restrict permissions on files and access to the Registry 3. Remove unnecessary Programs. 4. Apply the latest patches and fix 5. Remove unnecessary user accounts and ensure password guidelines are in place
- 13. Weaknesses of Windows OS MS Windows is not open source Windows OS installation is insecure because it includes hidden shares, blank passwords & it will not provide protection for known vulnerabilities. It is difficult for administrator to understand how to properly use & configure the software on various hardware setups. It slows down after running 24 hours. Many users don`t understand the security risk related to system while configuring it, so this will cause for different attacks. Less actual control over files.
- 14. UNIX OS Hardening The process of securing UNIX OS to make the system more secure is called as UNIX OS Hardening. It means it disable unnecessary services, restrict permissions on files and directories, apply password guidelines, remove unnecessary software, apply patches, and remove unnecessary users. UNIX system is very powerful and flexible. This is all depending on the skill and knowledge of the system administrator because so much control is placed in the administrators hand. UNIX systems are easier to secure and baseline when they are providing a single service or performing a single function, like acting as SMTP or web Server.
- 15. UNIX OS Hardening Cont... During installation process, it is easy to select which services and applications are placed on the system. On UNIX System by using the process status or by ps command, you can see which processes, applications and services are running. An administrator can identify the service by its unique process identifier or PID. To stop a running service the process is identified by PID and then kill command id used to stop the services.
- 16. Updates To the standard user or system administrator is constant stream of updates designed to correct problems, replace sections of code, or even add new features to an installed OS. Vendors typically follows a hierarchy for software updates given below:1. Hotfix 2. Patch 3. Service Pack
- 17. Updates Cont... 1. Hotfix This term is given to small software update designed to address particular problem. Hotfixes are typically developed in reaction to a discovered problem. 2. Patch This term is given to large software updates designed to address particular problem. Patches contain improvements or additional capabilities ans fixes for known bugs. They are usually developed over a longer period of time.
- 18. Updates Cont.. 3. Service Pack This term is given to a large collection of patches and hotfixes that are rolled into a single. Service packs are designed to bring a system up to the latest known rather than requiring the user or system administrator to download several of updates separately.
- 19. Thanks...!