Skip to main content

Patch third-party applications

Operating System Security
CHAPTER 12
2808ICT INFORMATION MANAGEMENT
1
Bigger Picture
Security Technologies
Cryptographic Tools
(Chapter 2)
Access Control
(Chapter 4)
User Authentication
(Chapter 3)
Security Planning
(Chapter 15)
Risk Assessment
(Chapter 14)
Software Security
(Chapter 11)
Web Security
Operating System
Security
(Chapter 12)
Computer Security Overview (Chapter 1)
Week 1
Week 2
Week 3
Week 6
Week 4
Week 5
Week 3
Week 2
Week 1
Security Management Security Domains
2
Learning Objectives
At the end of this lecture, you should be able to:
 List the top 4 security strategies
 Describe the steps required for operating system hardening
 Explain the concept of the Bell-LaPadula model
 Identify security maintenance tasks
3
Strategies
 The 2017 Australian Signals Directorate (ASD): Over 85% of the targeted
cyber intrusions investigated by ASD could be mitigated by four strategies:
 White-list approved applications
 Patch third-party applications (Flash, browsers, MS Office, Java)
 Restrict administrative privileges
 Patch operating systems
https://ift.tt/2wqF6kF
mitigationstrategies.htm
4
Operating System Security Layers
Operating System (OS) Configuration
 Default OS configuration maximises ease of use and
functionality, rather than security
 Configuration needs differ according to the needs of different
organisations
5
Operating Systems Security
1. Install and patch the operating system
6
Initial Setup and Patching
Ideally new
systems
should be
constructed
on a
protected
network
Initial
installation
should install
the minimum
necessary for
the desired
system
Overall boot
process must
also be
secured
Take care with
installing thirdparty device
drivers
Critical that the
system be kept
up to date, with
all critical
security related
patches installed
Patch on a test
system before
deploying in
production
7
Operating Systems Security
1. Install and patch the operating system
2. Harden and configure the operating system to adequately address the
identified security needs of the system by:
 Removing unnecessary services, applications, and protocols
8
If fewer software packages
are available to run, then
the risk is reduced
System planning process
should identify what is
actually required for a
given system
When performing the initial
installation the supplied
defaults should not be used
If additional packages are
needed later they can be
installed when they are
required
Remove
Unnecessary
Services,
Applications,
Protocols
9
Operating Systems Security
1. Install and patch the operating system
2. Harden and configure the operating system to adequately address the
identified security needs of the system by:
 Removing unnecessary services, applications, and protocols
 Configuring users, groups, and permissions
 Configuring resource controls
10
Bell-LaPadula (BLP) Model
 Formal model for access control
 Subjects and objects are assigned a security class (security level)
 top secret > secret > confidential > restricted > unclassified
 strategic > sensitive > confidential > public
 A subject has a security clearance
 An object has a security classification
11
BLP Model Properties
 No read up
 Subject can only read an object of equal or lower security level
 Referred to as the simple security property (ss-property)
 No write down
 Subject can only write into an object of equal or greater security level
 Referred to as the *-property
12
13
14
15
16
17
Operating Systems Security
1. Install and patch the operating system
2. Harden and configure the operating system to adequately address the
identified security needs of the system by:
 Removing unnecessary services, applications, and protocols
 Configuring users, groups, and permissions
 Configuring resource controls
3. Install and configure additional security controls, such as anti-virus, hostbased firewalls, and intrusion detection system (IDS)
18
Anti-virus software
 Host-based firewalls
 IDS or IPS software
Install
Additional
Security
Controls
19
 Application white-listing:
 only applications specified explicitly on a list are allowed to run
 suitable for environments where set of required applications is
reasonably fixed
Further security possible by installing and configuring additional security tools:
Operating Systems Security
1. Install and patch the operating system
2. Harden and configure the operating system to adequately address the
identified security needs of the system by:
 Removing unnecessary services, applications, and protocols
 Configuring users, groups, and permissions
 Configuring resource controls
3. Install and configure additional security controls, such as anti-virus, hostbased firewalls, and intrusion detection system (IDS)
4. Test the security of the basic operating system to ensure that the steps
taken adequately address its security needs and to identify outstanding
vulnerabilities
20
Security Maintenance
 Monitoring and analyzing log files
 Performing regular backups
 Recovering from security compromises
 Regularly testing system security
 Patching and updating all critical software,
 Monitoring and revising configuration as needed
21
Summary
 Top four security strategies
 Operating system security
 Bell-LaPadula model
 Security maintenance
22

The post Patch third-party applications appeared first on My Assignment Tutor.



Logo GET THIS PAPER COMPLETED FOR YOU FROM THE WRITING EXPERTS  CLICK HERE TO ORDER 100% ORIGINAL PAPERS AT PrimeWritersBay.com

Comments

Post a Comment

Popular posts from this blog

Should pit bull terriers be banned in my community

 Discussion Forum: Counterarguments (Should pit bull terriers be banned in my community) You created a question about the topic for your W6 Rough Draft. For this discussion, you will give an answer to that question in the form of a thesis statement. "Dieting Makes People Fat" Main Post: Share your thesis statement with your classmates. Please note: As with last week’s discussion, nothing here is set in stone. Be open to changing everything about your topic, including your position and audience, as you research it and get feedback from your classmates. Topic + Position/Purpose + Supporting Points =Thesis Statement Example: Suppose the question you posed in the Week 5 discussion was something like, “Should pit bull terriers be banned in my community?” After doing some preliminary research, you have concluded that pit bulls, if raised properly, are no more dangerous than other breeds of dogs. Your thesis statement can be something like, “Pitbulls should not be banned
Post a Comment
Read more

Controversy Associated With Dissociative Disorders

 Assignment: Controversy Associated With Dissociative Disorders The  DSM-5-TR  is a diagnostic tool. It has evolved over the decades, as have the classifications and criteria within its pages. It is used not just for diagnosis, however, but also for billing, access to services, and legal cases. Not all practitioners are in agreement with the content and structure of the  DSM-5-TR , and dissociative disorders are one such area. These disorders can be difficult to distinguish and diagnose. There is also controversy in the field over the legitimacy of certain dissociative disorders, such as dissociative identity disorder, which was formerly called multiple personality disorder. In this Assignment, you will examine the controversy surrounding dissociative disorders. You will also explore clinical, ethical, and legal considerations pertinent to working with patients with these disorders. Photo Credit: Getty Images/Wavebreak Media To Prepare · Review this week’s Learning
Post a Comment
Read more

CYBER SECURITY and how it can impact today's healthcare system and the future

 Start by reading and following these instructions: Create your Assignment submission and be sure to cite your sources, use APA style as required, and check your spelling. Assignment: Recommendations Document Due Week 6 (100 pts) Main Assignment Recommendations Document The 1250 to 1500-word deliverable for this week is an initial draft of your recommendations. Note that this is a working document and may be modified based on insights gained in module eight and your professor's feedback. This document should contain the following elements: Summary of your problem or opportunity definition A list of possible recommendation alternatives. In this section, you are not yet at the point of suggesting the best set of recommendations but you are trying to be creative and explore all the different ways that the problem or opportunity might best be addressed. The end result here will be a list of alternatives among which you will choose your final recom
Post a Comment
Read more