Operating system security is the practice of securing an operating system from unauthorized access, use, disclosure, disruption, modification, or destruction. Protection refers to a mechanism that controls the access of programs, processes, or users to the resources defined by a computer system. We can take protection as a helper to multiprogramming operating system so that many users might safely share a common logical namespace such as a directory or files.
OS uses two sets of techniques to counter threats to information namely:
- Protection
- Security
Protection
Protection refers to the mechanisms and techniques used to secure an operating system, computer system, or network from unauthorized access, use, disclosure, disruption, modification, or destruction. Protection mechanisms are designed to prevent or mitigate the impact of security threats, such as malware, viruses, hackers, or other malicious actors.
For example, a common protection mechanism is user authentication, which requires users to provide a username and password to log in to the system. This ensures that only authorized users can access the system and its resources.
Security
Security refers to the measures taken to protect the information, systems, and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. The goal of security is to ensure the confidentiality, integrity, and availability of data and resources.
For example, one common security measure is access control, which is used to control access to a system or network. Access control can be implemented through the use of usernames and passwords, biometric authentication, or security tokens. This helps to ensure that only authorized users can access the system or network.
Here are some examples of OS protection and security measures:
- User authentication: Users are required to provide a username and password to log in to the system. This ensures that only authorized users can access the system and its resources.
- File permissions: The operating system assigns permissions to files and directories, determining who can read, write, and execute them. This prevents unauthorized users from accessing or modifying sensitive data.
- Firewall: A firewall is software or hardware that monitors and controls incoming and outgoing network traffic, blocking unauthorized or malicious traffic.
- Encryption: Data can be encrypted to protect it from unauthorized access or manipulation. This is particularly useful for sensitive data that is stored on the system or transmitted over a network.
- Antivirus software: Antivirus software scans the system for known malware and viruses, and can help prevent them from infecting the system.
- Updates and patches: Operating systems and software applications are regularly updated to fix security vulnerabilities and improve performance. It’s important to keep all software up to date to prevent potential exploits.
- Virtualization: Isolation of different environments using software to run multiple operating systems on the same physical hardware, this can help to prevent malware from spreading between different parts of the system.
- Sandboxing: Isolation of an application or process, which can help to prevent malware or other malicious code from affecting the rest of the system.
Difference between Protection and Security
| Protection | Security |
|---|---|
| Protection deals with who has access to the system resources. | Security gives the system access only to authorized users. |
| Protection tackles the system’s internal threats. | Security tackles the system’s external threats. |
| Protection addresses simple queries. | More complex queries are addressed in security. |
| It specifies which files a specific user can access or view and modify. | It defines who is permitted to access the system. |
| An authorization mechanism is used in protection. | Encryption and certification (authentication) mechanisms are implemented. |
| Protection provides a mechanism for controlling access to processes, programs, and user resources. | While security provides a mechanism to safeguard the system resources and the user resources from all external users. |
Threats to Protection and Security
A program that is malicious in nature and has harmful impacts on a system is called a threat. Protection and security in an operating system refer to the measures and procedures that can ensure the confidentiality, integrity, and availability (CIA) of operating systems. The main goal is to protect the OS from various threats, and malicious software such as trojans, worms, and other viruses, misconfigurations, and remote intrusions.
Common Threats That Occur in a System
In a system, some common threats include the following:
- Trojan: A Trojan is a type of malware that disguises itself as a legitimate program or file in order to trick users into installing it on their system. Once installed, a Trojan can grant hackers remote access to the system, steal sensitive information, or perform other malicious actions.
- Virus: A virus is a type of malware that attaches itself to a legitimate program or file in order to replicate and spread to other systems. A virus can cause damage to the system, disrupt performance, or steal sensitive information.
- Worm: A worm is a type of malware that replicates and spreads to other systems over a network, without requiring any action from the user. A worm can cause damage to the system, disrupt network performance, or steal sensitive information.
- Trap door: A trap door is a type of security vulnerability that allows an attacker to bypass normal security measures and gain unauthorized access to a system or network. A trap door can be a software bug, an intentional back door, or a configuration mistake.
- DDoS (Distributed Denial of Service): A DDoS attack is a type of cyber attack that aims to disrupt the availability of a network or system by overwhelming it with traffic from multiple sources. The goal of a DDoS attack is to make the targeted system or network unavailable to its intended users by overloading its resources.
Methods to Ensure Protection and Security in Operating System
There are several methods that can be used to ensure protection and security in an operating system, including:
- Access Control: Implementing access control mechanisms such as usernames and passwords, biometric authentication, or security tokens to control access to the system and protect it from unauthorized access.
- Encryption: Using encryption to protect data stored on the system or transmitted over a network, preventing unauthorized access or disclosure of sensitive information.
- Firewall: Implementing a firewall to monitor and control incoming and outgoing network traffic, blocking unauthorized or malicious traffic and protecting the system from external threats.
- Intrusion Detection and Prevention Systems (IDPS): Deploying IDPS to monitor the system for signs of unauthorized access or malicious activity and alert the administrator, preventing or mitigating cyber attacks.
- Patch Management: Keeping the operating system and all software up-to-date with the latest security patches to fix vulnerabilities and protect the system from known threats.
- Network Segmentation: Segmenting the network into smaller subnets or VLANs and implementing strict access controls can help to limit the scope of any security breaches and isolate potentially infected systems.
- Anti-malware: Installing and regularly updating anti-malware software can help to detect and remove malware from the system, preventing damage and protecting against cyber threats.
- Security Policies and Procedures: Implementing security policies and procedures, such as security awareness training and incident response plans, can help to ensure that employees are aware of security risks and know how to respond to security incidents.
The CIA triad:
The CIA triad is a model for information security that stands for Confidentiality, Integrity, and Availability. It represents the three core principles of information security that organizations must consider to protect their sensitive data and systems.
- Confidentiality: Ensuring that sensitive information is accessible only to authorized individuals or systems. This can be achieved through access controls, encryption, and other security measures.
- Integrity: Ensuring that information is accurate and has not been tampered with or modified without authorization. This can be achieved through data validation, checksums, and other mechanisms.
- Availability: Ensuring that information and systems are accessible to authorized individuals or systems when needed. This can be achieved through disaster recovery planning, load balancing, and other measures.
By ensuring the CIA triad, organizations can protect sensitive information and systems from unauthorized access, modification, and disruption, and maintain the trust and confidence of customers, partners, and regulators.
The AAA triad:
The AAA triad is an extension of the CIA triad and is a model for information security that stands for Authentication, Authorization, and Accounting (AAA).
- Authentication: The process of verifying the identity of a user, device or other entities that are trying to access a system or network. This can be achieved through various methods such as password, biometric, certificate-based, or multi-factor authentication.
- Authorization: The process of granting or denying access to specific resources or functionality based on the authenticated identity. This can be achieved through role-based access control (RBAC) or attribute-based access control (ABAC) mechanisms.
- Accounting: The process of logging and tracking user activity, such as login attempts, access to resources, and system changes. This information is used to monitor and report on security-relevant events, detect suspicious activity and enable compliance with regulatory requirements.
By ensuring the AAA triad, organizations can protect sensitive information and systems from unauthorized access and ensure only authorized individuals are able to access the resources they need to perform their job. It also allows organizations to detect and respond to security incidents, and meet compliance requirements.