Professional Documents
Culture Documents
Security For Upload
Security For Upload
INTRODUCTION
In the world of computer systems, security and protection are two techniques used to (prevent
any misbehavior or mischief) safeguard data/information stored in the computer system and
computer system resources such as disk, CPU, memory, software programs. Any resource can
be attacked (damaged) in either of two ways: external or internal. For instance, if a computer program
is run by an unauthorized user, then severe damage may be caused to the computer or data
stored in it.
To prevent threat or damage to any resource, there must be a protection; and security should
be in place (implemented). There are two types of threat to any computer system, namely:
internal and external. Protection techniques are used in dealing with internal threats while
security techniques deals with external threats. Protection puts in place mechanisms to
control the access of programs and processes defined by the operating system. Computer
systems must therefore be protected against unauthorized access, malicious access to system
memory, viruses, worms etc. Thus security is used in preventing malicious systems from
entering into a system.
Theft of Information: A malicious hacker will try to steal any part of the information.
Modification of data by an unauthorized user: A malicious user can try modifying
data on the system
Destruction of data: In this case data is destroyed and cannot be accessed
LEVELS OF SECURITY:
Generally there are different security levels with the following being the main ones:
Physical: This deals with the situation where security guards for instance are kept at the
site containing the computer system(Server rooms, etc)
Human: In this case, authorization or authentication mechanisms should be in place to
enable normal/recognised users have access to the system
Network: Data being transmitted on a network should get to the receiver as sent, thus
data being transmitted should be secured for example encryption.
Operating System Security: In this level, there should be a security system built into
the Operating System to help in protecting itself and the system.
1
Operating System
Authentication
One Time passwords
Program Threats
System Threats
Computer Security Classifications
Authentication
In authentication each user of a system is first identified and thereafter the users are connected to
the executing programs. One of the responsibilities of the Operating System is to create a
protection system which guarantees that a user who is running a particular program is
authentic. Operating Systems generally employ the following three ways in the
identification/authentication of users:
User card/key – To login into a system, the user punches a card in card slot; or enters
a key generated by key generator in option provided by operating
system.
User attributes (fingerprint / eye retina pattern/ signature etc) – To login into the
system, users passes their attributes via designated input device used by the
operating system. .
2. Secret key – In this case u sers are supplied with a hardware device which can
create a secret id mapped with user id. The system asks for the secret id
which is generated every time prior to login.
2
Operating System
THREATS
Program Threats
Any program that has the potential to cause serious damage to a system is a program threat. It
is generally a program written by a cracker to hijack the security or to change the behavior of
a normal process
Following is the list of some well-known program threats.
Trojan Horse - It is a code segment that misuses its environment. User login credentials
are trapped, stored and sent to a malicious user who uses them to login to computer
and access system resources. They pretend to be attractive and harmless cover
program but are a really harmful hidden program.
Trap Door – trap doors are like holes left by a designer of a program or system in
software. If a program designed to work as required, have a security hole in its code
which perform illegally without knowledge of user then it is called a trap door. The
They are quite difficult to detect and to analyze them, one needs to go through the
source code of all the components of the system.
Logic Bomb – It is a program that initiates a security attack only under specific
situation/condition. That is to say it is a program that misbehaves only when certain
conditions are met otherwise it works as a genuine program. It is harder to detect.
Virus - Virus can replicate itself on computer system. They are very dangerous and can
modify/delete user files; and even crash/destroy systems. It is generally a small code
embedded in a program. Generally, virus starts getting embedded in other files/
programs as user accesses the program containing the virus, and can make system
useless for user.
System Threats
These threats involve the abuse of system services and network connections. They try to
create situations or an environment in which an operating-system resources and user files are
misused. They are also used as a medium/base to launch program threats (also known as
program attack).
3
Operating System
resources and prevents all other processes to get the required resources. Worms’ processes can
even shut down a whole network.
In contrast to virus, they target mainly LANs. A computer affected by a worm attacks the
target system and writes a small program on it. This small program is further used to spread
the worm to the target computer. The process repeats recursively, and soon enough all the
systems of the LAN become affected.
Port Scanning –
Port scanning is a mechanism or means by which a cracker detects/identifies system
vulnerabilities and uses it to make an attack on the system. It is a means by which the cracker
identifies the vulnerabilities of the system to attack. Normally the process is automated and
involves creating a TCP/IP connection to a specific port. To protect the identity of the attacker,
port scanning attacks are launched from previously independent systems which systems were
also serving their owners while being used for such infamous purposes.
4
Operating System
Provides mandatory protection system. Have all the properties
of a class C2 system. Attaches a sensitivity label to each
object. It is of three types.
5
Operating System
https://www.tutorialspoint.com/operating_system/os_security.htm
https://www.geeksforgeeks.org/system-security/