OS Security

What is OS Security?

measures and mechanisms implemented to protect the OS

What are User Identifiers (UIDs)?

unique numerical values assigned to users in an OS to identify and manage their access to system resources

How can a User Open a File?

use a process to open it

What is the UID of the Root User?

0

How do UIDs and GIDs work?

when a user logs in, the system assigns their UID and GID to the session

What is a GID?

unique number assigned to a group of users

How many Groups can Users belong to?

1 or more

What is a Effective UID?

used to determine access rights for processes

a process can temporarily assume the privileges of another user

What is a Real UID?

the UID of the user who started the process

What is a Saved UID?

allows a process to switch back to a privileged UID aster temporarily dropping privileges

What are the Potential Threats of UIDs?

• attackers may exploit misconfigured UIDs to gain elated privileges

• reassigning a UID to a new user can lead to unintended access to files owned by the previous user

• not having least privilege levels

What are some of the Components of OS Security?

• access control

• user management

• file system security

• process and memory protection

• physical security

• patch management

• auditing and logging

• malware protection

What is User Management?

creating and managing user accounts with appropriate privileges

implementing least privilege

What is File System Security?

protecting files and directories through file permissions

What are File Permissions?

each file and directory is owned by a specific user and group, they have control over its permissions

a ‘-’ indicates a right isn’t granted

What are FIle Permission Types?

• r - allows viewing/reading

• w - allows modifying/deleting

• x - allows running the file as a program/accessing the directory

What are File Permission Levels?

• user/owner

• group - members of files group

• others - all other users

What is Process and Memory Protection?

isolating processes to prevent interference/exploitation

What are the Potential Threats of Process and Memory Protection?

• buffer overflows

• privilege escalation

• denial of service

What is a Buffer Overflow?

program writes more data to a buffer than it can hold

excess data can overwrite adjacent memory locations

What is a Buffer?

location where data is stored - contiguous block of memory

What is Physical Security?

protecting hardware and physical access to systems

What is Patch Management?

regularly updating the OS to fix vulnerabilities and bugs and applying security patches to address known exploits

What are the Types of Patches?

• security patches

• bug fixes

• feature updates

• performance patches

What is Auditing?

reviewing and analysing logs and records to ensure compliance, detect anomalies and investigate security incidents

What are the Types of Audits?

• security - evaluate effectiveness of security controls and identify vulnerabilities

• compliance - ensure adherence to regulatory requirements

• operational - assess efficiency and effectiveness of operational processes

• forensic - investigate security incidents/breaches to determine cause and impact

What is Logging?

recording events, activities and transactions that occur within a system/application/network

What are the Types of Logs?

• system - recording OS events

• application - track events in a specific app

• security - capture related events

• network - monitor network traffic and connections

• audit - user activities and changes

What is Malware Protection?

using anti-virus and anti-malware tools to detect and remove malicious software