Operating Systems

• Perform three main tasks:

• translates high-level languages into the
machine-level language
• allocates computer resources to user
applications
• manages the tasks of job scheduling and
multiprogramming

1
Requirements for Effective Operating Systems
Performance

• Protect against tampering by users

• Prevent users from tampering with the programs of
other users
• Safeguard users’ applications from accidental
corruption
• Safeguard its own programs from accidental
corruption
• Protect itself from power failures and other disasters

2
Operating Systems Security
• Log-On Procedure
• first line of defense – user IDs and passwords
• Access Token
• contains key information about the user
• Access Control List
• defines access privileges of users
• Discretionary Access Control
• allows user to grant access to another user

3
Operating Systems Controls
Access Privileges
• Audit objectives: verify that access privileges are
consistent with separation of incompatible
functions and organization policies
• Audit procedures: review or verify…
• policies for separating incompatible functions
• a sample of user privileges, especially access to data
and programs
• security clearance checks of privileged employees
• formal acknowledgements to maintain
confidentiality of data
• users’ log-on times

4
Operating Systems Controls
Password Control
• Audit objectives: ensure adequacy and
effectiveness of password policies for controlling
access to the operating system
• Audit procedures: review or verify…
• passwords required for all users
• password instructions for new users
• passwords changed regularly
• password file for weak passwords
• encryption of password file
• password standards
• account lockout policies
5
Operating Systems Controls
Malicious & Destructive Programs
• Audit objectives: verify effectiveness of
procedures to protect against programs such as
viruses, worms, back doors, logic bombs, and
Trojan horses
• Audit procedures: review or verify…
• training of operations personnel concerning
destructive programs
• testing of new software prior to being implemented
• currency of antiviral software and frequency of
upgrades

6
Operating System Controls
Audit Trail Controls
• Audit objectives: used to (1) detect unauthorized
access, (2) facilitate event reconstruction, and/or
(3) promote accountability
• Audit procedures: review or verify…
• how long audit trails have been in place
• archived log files for key indicators
• monitoring and reporting of security violations

7
Internet and Intranet Risks
• The communications component is a unique
aspect of computer networks:
• different than processing (applications) or data storage
(databases)
• Network topologies – configurations of:
• communications lines (twisted-pair wires, coaxial cable,
microwaves, fiber optics)
• hardware components (modems, multiplexers, servers,
front-end processors)
• software (protocols, network control systems)

8
 Intranet Risks
• Intercepting network messages
• sniffing: interception of user IDs, passwords,
confidential e-mails, and financial data files
• Accessing corporate databases
• connections to central databases increase the risk that
data will be accessible by employees
• Privileged employees
• override privileges may allow unauthorized access to
mission-critical data
• Reluctance to prosecute
• fear of negative publicity leads to such reluctance but
encourages criminal behavior

9
Internet Risks to Consumers
• How serious is the risk?
• National Consumer League: Internet fraud rose by
600% between 1997 and 1998
• SEC: e-mail complaints alleging fraud rose from 12 per
day in 1997 to 200-300 per day in 1999
• Major areas of concern:
• Theft of credit card numbers
• Theft of passwords
• Consumer privacy--cookies

10
Internet Risks to Businesses
 IP spoofing: masquerading to gain access to a
Web server and/or to perpetrate an unlawful act
without revealing one’s identity
 Denial of service (DOS) attacks: assaulting a Web
server to prevent it from servicing users
◦ particularly devastating to business entities that cannot
receive and process business transactions
 Other malicious programs: viruses, worms, logic
bombs, and Trojan horses pose a threat to both
Internet and Intranet users

11
Three Common Types of DOS Attacks
 SYN Flood – when the three-way handshake needed to
establish an Internet connection occurs, the final
acknowledgement is not sent by the DOS attacker,
thereby tying-up the receiving server while it waits.
 Smurf – the DOS attacker uses numerous intermediary
computer to flood the target computer with test
messages, “pings”.
 Distributed DOS (DDOS) – can take the form of Smurf
or SYN attacks, but distinguished by the vast number of
“zombie” computers hi-jacked to launch the attacks.

12
SYN FLOOD DOS ATTACK
Sender Receiver

Step 1: SYN messages

Step 2: SYN/ACK

Step 3: ACK packet code

 In a DOS Attack, the sender sends hundreds of messages, receives

the SYN/ACK packet, but does not response with an ACK packet.
This leaves the receiver with clogged transmission ports, and
legitimate messages cannot be received.

13
SMURF Attack

14
Distributed Denial of Service Attack

15
Risks from Equipment Failure
• Include:
• Disrupting, destroying, or corrupting
transmissions between senders and
receivers
• Loss of databases and programs stored
on network servers

16
IC for Subversive Threats
Firewalls provide security by channeling all
network connections through a control gateway.
 Network level firewalls
◦ Low cost and low security access control
◦ Do not explicitly authenticate outside users
◦ Filter junk or improperly routed messages
◦ Experienced hackers can easily penetrate the system
 Application level firewalls
◦ Customizable network security, but expensive
◦ Sophisticated functions such as logging or user
authentication

17
Dual-Homed Firewall

18
IC for Subversive Threats
 Denial-of-service (DOS) attacks
◦ Security software searches for
connections which have been half-open
for a period of time.
 Encryption
◦ Computer program transforms a clear
message into a coded (cipher) text form
using an algorithm.

19
Controlling DOS Attacks
 Controlling for three common forms of DOS attacks:
◦ Smurf attacks—organizations can program firewalls to ignore an
attacking site, once identified
◦ SYN flood attacks—two tactics to defeat this DOS attack
 Get Internet hosts to use firewalls that block invalid IP addresses
 Use security software that scan for half-open connections
◦ DDos attacks–many organizations use Intrusion Prevention
Systems (IPS) that employ deep packet inspection (DPI)
 IPS works with a firewall filter that removes malicious packets from the flow
before they can affect servers and networks
 DPI searches for protocol non-compliance and employs
predefined criteria to decide if a packet can proceed to its
destination

(See chapter 12 for more on DOS attacks)

Hall, 3e 20
Encryption
 The conversion of data into a secret code for storage and
transmission
 The sender uses an encryption algorithm to convert the
original cleartext message into a coded ciphertext.
 The receiver decodes / decrypts the ciphertext back into
cleartext.
 Encryption algorithms use keys
◦ Typically 56 to 128 bits in length
◦ The more bits in the key the stronger the encryption method.
 Two general approaches to encryption are private key and
public key encryption.

21
 IC for Subversive Threats
• Digital signature – electronic authentication technique
to ensure that…
• transmitted message originated with the authorized sender
• message was not tampered with after the signature was
applied
• Digital certificate – like an electronic identification
card used with a public key encryption system
• Verifies the authenticity of the message sender

22
IC for Subversive Threats
• Message sequence numbering – sequence number
used to detect missing messages
• Message transaction log – listing of all incoming and
outgoing messages to detect the efforts of hackers
• Request-response technique – random control
messages are sent from the sender to ensure
messages are received
• Call-back devices – receiver calls the sender back at
a pre-authorized phone number before transmission
is completed

23
Auditing Procedures for Subversive Threats

• Review firewall effectiveness in terms of flexibility,

proxy services, filtering, segregation of systems,
audit tools, and probing for weaknesses.
• Review data encryption security procedures
• Verify encryption by testing
• Review message transaction logs
• Test procedures for preventing unauthorized calls

24
IC for Equipment Failure
Line errors are data errors from
communications noise.
• Two techniques to detect and correct such
data errors are:
• echo check - the receiver returns the message
to the sender
• parity checks - an extra bit is added onto each
byte of data similar to check digits

25
Vertical and Horizontal Parity
using Odd Parity

26
Auditing Procedures for Equipment Failure

• Using a sample of messages from the

transaction log:
• examine them for garbled contents caused by
line noise
• verify that all corrupted messages were
successfully retransmitted

27
Electronic Data Interchange
• Electronic data interchange (EDI) uses computer-
to-computer communications technologies to
automate B2B purchases.
• Audit objectives:
1. Transactions are authorized, validated, and in
compliance with the trading partner agreement.
2. No unauthorized organizations can gain access to
database
3. Authorized trading partners have access only to
approved data.
4. Adequate controls are in place to ensure a complete
audit trail.
28
Advantages of EDI
Reduction or elimination of data entry
Reduction of errors
Reduction of paper
Reduction of paper processing and postage
Reduction of inventories (via JIT systems)

29
EDI Risks
• Authorization
• automated and absence of human
intervention
• Access
• need to access EDI partner’s files
• Audit trail
• paperless and transparent (automatic)
transactions

30
EDI Controls
Authorization
◦ use of passwords and value added networks
(VAN) to ensure valid partner
Access
◦ software to specify what can be accessed
and at what level
Audit trail
◦ control log records the transaction’s flow
through each phase of the transaction
processing

31
EDI System

32
EDI System using Transaction
Control Log for Audit Trail

33
Auditing Procedures for EDI
• Tests of Authorization and Validation Controls
• Review procedures for verifying trading partner identification
codes
• Review agreements with VAN
• Review trading partner files
• Tests of Access Controls
• Verify limited access to vendor and customer files
• Verify limited access of vendors to database
• Test EDI controls by simulation
• Tests of Audit Trail Controls
• Verify existence of transaction logs
• Review a sample of transactions

34
Personal Computer System
 PC operating systems
 PC systems risks & controls
 In general:
 Relatively simple to operate and program
 Controlled and operated by end users
 Interactive data processing vs. batch
 Commercial applications vs. custom
 Often used to access data on mainframe or
network
 Allows users to develop their own
applications
 Operating Systems:
 Are located on the PC (decentralized)
 O/S family dictates applications (e.g.,
Windows)
 Personal Computer Systems
 Controls
 Risk assessment
 Inherent weaknesses
 Weak access control
 Inadequate segregation of duties
 Multilevel password control – multifaceted access control
 Risk of physical loss
 Laptops, etc. can “walk off”
 Risk of data loss
 Easy for multiple users to access data
 End user can steal, destroy, manipulate
 Inadequate backup procedures
 Local backups on appropriate medium
 Dual hard drives on PC
 External/removable hard drive on PC
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a 36
publicly accessible website, in whole or in part.
 IC Personal Computer Systems

 Risk associated with virus infection

 Policy of obtaining software
 Policy for use of anti-virus software
 Verify no unauthorized software on PCs

 Risk of improper SDLC procedures

 Use of commercial software
 Formal software selection procedures

© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a 37
publicly accessible website, in whole or in part.
 Audit Objectives: Personal
Computer Systems
 Verify controls are in place to protect data, programs, and
computers from unauthorized access, manipulation, destruction,
and theft
 Verify that adequate supervision and operating procedures exist
to compensate for lack of segregation between the duties of
users, programmers, and operators
 Verify that backup procedures are in place to prevent data and
program loss due to system failures, errors
 Verify that systems selection and acquisition procedures produce
applications that are high quality, and protected from
unauthorized changes
 Verify the system is free from viruses and adequately protected
to minimize the risk of becoming infected with a virus or similar
© 2011 Cengage Learning. All Rights Reserved. Mayobject
not be scanned, copied or duplicated, or posted to a 38
publicly accessible website, in whole or in part.
 Audit Procedures: Personal
Computer Systems
 Verify that microcomputers and their files are physically
controlled
 Verify from organizational charts, job descriptions, and
observation that the programmers of applications
performing financially significant functions do not also
operate those systems.
 Confirm that reports of processed transactions, listings
of updated accounts, and control totals are prepared,
distributed, and reconciled by appropriate management
at regular and timely intervals.

© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a 39
publicly accessible website, in whole or in part.
 Audit Procedures: Personal Computer
Systems
 Determine that multilevel password control or
multifaceted access control is used to limit
access to data and applications, where
applicable.
 Verify that the drives are removed and stored in
a secure location when not in use, where
applicable.
 Verify that backup procedures are being
followed.
 Verify that application source code is physically
secured (such as in a locked safe) and that only
the compiled version is stored on the micro­
computer.
 Review systems selection and acquisition
controls
 Review virus control techniques.

© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a 40
publicly accessible website, in whole or in part.
 Appendix

Internet Technologies

41
Internet Technologies
• Packet switching
• messages are divided into small packets
• each packet of the message takes a different routes
• Virtual private network (VPN)
• a private network within a public network
• Extranets
• a password controlled network for private users
• World Wide Web
• an Internet facility that links users locally and globally
• Internet addresses
• e-mail address
• URL address
• IP address
42
 Protocol Functions…
facilitate the physical connection between the
network devices.
synchronize the transfer of data between
physical devices.
provide a basis for error checking and
measuring network performance.
promote compatibility among network
devices.
promote network designs that are flexible,
expandable, and cost-effective.

43
 Internet Protocols
• Transfer Control Protocol/Internet Protocol (TCP/IP)
- controls how individual packets of data are
formatted, transmitted, and received
• Hypertext Transfer Protocol (HTTP) - controls web
browsers
• File Transfer Protocol (FTP) - used to transfer files
across the internet
• Simple Network Mail Protocol (SNMP) - e-mail
• Secure Sockets Layer (SSL) and Secure Electronic
Transmission (SET) - encryption schemes

44
 Local Area Networks (LAN)
 A federation of computers located close together (on
the same floor or in the same building) linked
together to share data and hardware
 The physical connection of workstations to the LAN is
achieved through a network interface card (NIC)
which fits into a PC’s expansion slot and contains the
circuitry necessary for inter-node communications.
 A server is used to store the network operating
system, application programs, and data to be shared.

Hall, 3e 45
LAN Files

File Server

Node
Node
LAN

Node Printer Server

Printer
Node

46
Wide Area Network (WAN)
• A WAN is a network that is dispersed over a wider
geographic area than a LAN. It typically requires
the use of:
• gateways to connect different types of LANs
• bridges to connect same-type LANs
• WANs may use common carrier facilities, such as
telephone lines, or they may use a Value Added
Network (VAN).

47
 WAN
Bridge

LAN
LAN

Gateway
Gateway

LAN

WAN

48
Star Topology
• A network of IPUs with a large central
computer (the host)
• The host computer has direct connections to
smaller computers, typically desktop or laptop
PCs.
• This topology is popular for mainframe
computing.
• All communications must go through the host
computer, except for local computing.

49
 Star Network
Topeka St. Louis

Local Data Local Data

Kansas
City Central Data

POS

POS

Dallas
Tulsa
Local Data

POS

Local Data
POS
POS
50
 Hierarchical Topology
A host computer is connected to several levels
of subordinate smaller computers in a
master-slave relationship.
Corporate Production
Level Planning System

Production
Regional Scheduling
Regional
Level System Sales System

Sales Sales Sales

Warehouse Warehouse Production Production Local Processing Processing
Processing
System System System System Level System System
System

51
 Ring Topology
This configuration eliminates the central
site. All nodes in this configuration are of
equal status (peers).
Responsibility for managing
communications is distributed among the
nodes.
Common resources that are shared by all
nodes can be centralized and managed by
a file server that is also a node.

Hall, 3e 52
Ring Topology

Figure 12-10

53
 Bus Topology
• The nodes are all connected to a common
cable - the bus.
• Communications and file transfers between
workstations are controlled by a server.
• It is generally less costly to install than a ring
topology.

54
Bus Topology

55
Client-Server Topology
This configuration distributes the processing
between the user’s (client’s) computer and
the central file server.
Both types of computers are part of the
network, but each is assigned functions that it
best performs.
This approach reduces data communications
traffic, thus reducing queues and increasing
response time.

56
Client-Server Topology

57
Network Control Objectives
• establish a communications session between the
sender and the receiver
• manage the flow of data across the network
• detect errors in data caused by line failure or
signal degeneration
• detect and resolve data collisions between
competing nodes

58
Pooling Method of Controlling Data Collisions

59
Token-Passing Approach to Controlling Data
Collisions

60
Carrier Sensing
 A random access technique that detects collisions when
they occur
 This technique is widely used--found on Ethernets.
 The node wishing to transmit listens to the line to
determine if in use. If it is, it waits a pre-specified time to
transmit.
 Collisions occur when nodes listen, hear no
transmissions, and then simultaneously transmit. Data
collides and the nodes are instructed to hang up and try
again.
 Disadvantage: The line may not be used optimally when
multiple nodes are trying to transmit simultaneously.

61