School of Information Systems

THREATS TO OPERATING SYSTEMS

13 Sep 2024

Operating systems face various threats, including:

  1. Malware, Malware includes viruses, worms, trojan horses, and other harmful software. These malicious codes can corrupt files, delete data, replicate themselves, and crash systems. Often, malware operates unnoticed while extracting sensitive information from the victim’s system.
  2. Network Intrusion, Network intruders can be categorized into masqueraders, misfeasors, and unauthorized users. A masquerader is an unauthorized person who gains access by using another’s account. A misfeasor is a legitimate user who misuses programs, data, or resources. Rogue users are those who bypass access controls and auditing mechanisms to exploit system resources.
  3. Buffer Overflow, Also known as buffer overrun, this is a prevalent and dangerous security issue. It occurs when more data is placed into a buffer than it can hold, overwriting adjacent memory. Attackers exploit this to crash systems or insert malicious code, potentially taking control of the system.

Ensuring Operating System Security

To ensure operating system security, several measures can be taken:

  1. Authentication, Authentication involves verifying the identity of users and associating programs with authenticated users. Operating systems typically use the following methods:
    • Username/Password. Users must enter a unique username and password correctly to gain access.
    • User Attribution. Biometric methods like fingerprints and retina scans verify users based on unique biological traits compared to stored samples.
    • User Card and Key. Users log in by inserting a card or entering a key generated by a hardware device.
  2. One-Time Passwords (OTP), OTPs add an extra security layer by requiring a unique password for each login attempt, which cannot be reused. Methods include:
    • Secret Key. A hardware device generates a secret ID linked to the user, which must be provided at login.
      • Random Numbers. Users have cards with numbers and letters; the system prompts for specific characters based on random criteria.
      • Network Password. Applications send OTPs to registered mobile numbers or email addresses, required for logging in.
  1. Firewalls, Firewalls monitor and control incoming and outgoing network traffic based on predetermined security rules, effectively protecting against network-based threats. The aim of using a firewall is to protect computer systems and networks from security threats by monitoring and controlling incoming and outgoing network traffic. Here are the key objectives of a firewall :  Prevent Unauthorized Access, Protect Against External Threats, Regulate Network Traffic, Enhance Security Policies, Monitor and Log Activity, safeguard Sensitive Data and Prevent Network-based Attacks
  2. Physical Security, Physical security is crucial, as an attacker with physical access can modify, delete, or steal files. Ensuring physical protection of systems is fundamental to maintaining OS security. The aim of using physical security is to protect the physical infrastructure of computer systems, networks, and associated resources from unauthorized access, damage, theft, and other physical threats.

Joni Suhartono