Security
Security is important in any computer system. The operating system provides a level of security that can protect your computer and the data on it.
System security is based on two principles:
- That the operating system provides access to many resources either directly or indirectly. That could mean files on a local disk, privileged system calls, person information about user, and the services offered by the programs running on the system.
- That the operating system is capable of distinguishing between those who are allowed to access the resource and those who are forbidden to do so. While some systems may simply distinguish between privileged and non-privileged, most commonly have a form of register identity such as a user name.
Requesters of information are further divided into two categories:
- Internal security in an already running program. On some systems, once a program is running, it has no limitations, but commonly, the program has an identity which it keeps. That identity is used to check all of its requests for resources.
- External security as in a new request from outside the computer. This could be in the form of a new request from outside the system such as a login at a connected console or some kind of network connection. To establish identity, there may be a process of authentication.
Often a username must be entered and every username should have a password. Other methods of authentication such as magnetic cards or biometric data may be used instead. In some cases, especially connections from the network, resources may be accessed with no authentication at all.
In addition to the allow/disallow model of security, a system with a high level of security will also offer auditing options. These would allow tracking of requests for access to resources as in who has been reading this file?
Operating system security has long been a concern of programmers because of highly sensitive data held on some computers. This is both of a commercial and a military nature.
The US Government Department of Defense created their own criteria of standards that sets basic requirement for assessing the effectiveness of OS security. This became of vital importance to operating system makers because this system was used to classify and select system being considered for the processing, storage ad retrieval of sensitive or classified information.
Types of Security
Internal Security
Internal security can be thought of as a way to protect the computer's resources from the programs concurrently running on the system. Most operating systems set programs running natively on the computer's processor. That brings on the problem of how to stop these programs from doing the same task and having the same privileges as the operating system which is just a program too.
Processors used for general purpose operating systems are automatically blocked from using certain hardware instructions such as those to read or write from external devices like disks. Instead, they have to ask the privileged program, or operating system kernel) to read to write. The operating system, therefore, gets the chance to check the program's identity and allow or refused the request.
An alternative strategy available in systems that don't meet pre-set requirements is the operating will not run user programs as native code. Instead, they either emulate a processor or provide a host for a p-Code based system such as Java.
Internal security is especially important with multi-user systems as it allows each user of the system to have private files that the other users cannot tamper with or read. Internal security is also vital if auditing is to be of any use since a program can potentially bypass the operating system without bypass auditing.
External Security
Typically, an operating system offers various services to other network computers and users. These services are usually provided through ports or numbered access points beyond the operating systems network address. These services include offerings such as file sharing, print services, e-mail, web sites, and file transfer protocols (FTP).
At the front line of security are hardware devices known as firewalls. At the operating system level, there are a number of software firewalls available. Most modern operating systems include a software firewall which is enabled by default.
A software firewall can be configured to allow or deny network traffic to or from a service or application running on the operating system. Therefore, one can install and be running an insecure service such as Telnet or FTP and not have to be threatened by a security breach because the firewall would deny all traffic trying to connect to the service on that port.
Thanks for reading...
0 comments:
Post a Comment