You are on page 1of 9

ASSIGNMENT

III
ON
INFORMATION
PRESENTEDSECURITY
BY: SUMITTED TO:
(Operating System
Dickson Onyedumekwu
1532706
Security)
Ramanjyot Maam
(Asst. Professor)
M.Sc. (IT)
4th Semester DATE: 7th April,
2017
OPERATING SYSTEM
System software that manages computerhardware
and software resources and provides common
services forcomputerprograms

An interface between users and computer hardware


NEED FOR OPERATING SYSTEM SECURITY
Clients and
Servers
IT Core IT
INFRASTRUCTURE
Serv infrastructure
er components
Carry operating
systems
May hold critical
data and
applications
Client
necessary for
Client
1 3 organizational
functions
Client
2
Operating
Systems
OPERATING SYSTEM SECURITY
The process of providing systems security as a
hardening process that includes the following:
System security planning
Operating system installation (initial setup and
patching)
Installation customization and optimization
Configuration of users, groups and authentication
Configuration of resource and security controls
Application Security
System Update
Security testing and maintenance
(1) System Security Planning
The first step in deploying a new system
Involves the process of determining the security
requirements of the system, its applications and
data, and of its users.
System security planning considers the following:
System purpose
User categories and privileges
User authentication
User information access management
System information access management
System administration
Additional security measures
(2) Operating System Initial Setup and
Patching
The following are ensured:
Installation of minimum system requirements
Security of the boot process
Selection and installation of validated device driver
codes
System update and security patch installation
(3) Installation Customization and
Optimization
The following are ensured:
Installation of required packages only
Removal of unnecessary services, applications and
protocols
(4) Configuration of Users, Groups and
Authentication
The following are ensured:
User categorization
User privilege definition and assignment
User access authentication
(5) Configuration of Resource and Security
controls
The following are ensured:
Setting of permissions on data and resources
Application white/black listing
Installation and configuration of anti-virus software,
host-based firewalls, IDS or IPS software
(6) Application Security
The following are ensured:
Application default configuration modification
Application storage area specification
Application access right specification
Application data and service encryption
(7) System Update
The following are ensured:
Regular system and application update with security
patches
(7) System Testing and Maintenance
The following are ensured:
Regular testing to identify and correct possible
vulnerabilities
Information logging and monitoring
Information backup and archive
System recovery from security compromises
System configuration management
THAN
K
YOU