UNIT II

Active and Passive attack

Active attacks: An Active attack attempts to alter system resources or effect their operations. Active attack
involves some modification of the data stream or creation of false statement.
Types of active attacks are as following:
1. Masquerade – Masquerade attack takes place when one entity pretends to be different entity. A
Masquerade attack involves one of the other forms of active attacks.
2. Modification of messages – It means that some portion of a message is altered or that message is

delayed or reordered to produce an unauthorised effect. For example, a message meaning “Allow JOHN
to read confidential file X” is modified as “Allow Smith to read confidential file X”.
3. Repudiation – This attack is done by either sender or receiver. The sender or receiver can deny later that
he/she has send or receive a message. For example, customer ask his Bank “To transfer an amount to
someone” and later on the sender(customer) deny that he had made such a request. This is repudiation.
4. Replay – It involves the passive capture of a message and its subsequent the transmission to produce an
authorized effect.
5. Denial of Service – It prevents normal use of communication facilities. This attack may have a specific

target. For example, an entity may suppress all messages directed to a particular destination. Another
form of service denial is the disruption of an entire network wither by disabling the network or by
overloading it by messages so as to degrade performance.
Passive attacks: A Passive attack attempts to learn or make use of information from the system but does not
affect system resources. Passive Attacks are in the nature of eavesdropping on or monitoring of transmission.
The goal of the opponent is to obtain information is being transmitted.
Types of Passive attacks are as following:
1. The release of message content – Telephonic conversation, an electronic mail message or a transferred
file may contain sensitive or confidential information. We would like to prevent an opponent from
learning the contents of these transmissions.
2. Traffic analysis – Suppose that we had a way of masking (encryption) of information, so that the

attacker even if captured the message could not extract any information from the message. The
opponent could determine the location and identity of communicating host and could observe the
frequency and length of messages being exchanged. This information might be useful in guessing the
nature of the communication that was taking place.
Cybercrime prevention methods
1. Use Strong Passwords - Use different user ID / password combinations for different accounts and avoid
writing them down. Make the passwords more complicated by combining letters, numbers, special
characters (minimum 10 characters in total) and change them on a regular basis.
2. Secure your computer -
• Activate your firewall - Firewalls are the first line of cyber defence; they block connections
to unknown or bogus sites and will keep out some types of viruses and hackers.
• Use anti-virus/malware software - Prevent viruses from infecting your computer by installing
and regularly updating anti-virus software.
• Block spyware attacks - Prevent spyware from infiltrating your computer by installing and
updating anti-spyware software.
3. Be Social-Media Savvy - Make sure your social networking profiles (e.g., Facebook, Twitter, YouTube,
MSN, etc.) are set to private. Check your security settings. Be careful what information you post online.
Once it is on the Internet, it is there forever!
4. Secure your Mobile Devices - Be aware that your mobile device is vulnerable to viruses and hackers.
Download applications from trusted sources.
5. Install the latest operating system updates - Keep your applications and operating system (e.g.
Windows, Mac, Linux) current with the latest system updates. Turn on automatic updates to prevent
potential attacks on older software.
6. Protect your Data - Use encryption for your most sensitive files such as tax returns or financial records,
make regular back-ups of all your important data, and store it in another location.
7. Secure your wireless network - Wi-Fi (wireless) networks at home are vulnerable to intrusion if they
are not properly secured. Review and modify default settings. Public Wi-Fi, a.k.a. “Hot Spots”, are also
vulnerable. Avoid conducting financial or corporate transactions on these networks.
8. Protect your e-identity - Be cautious when giving out personal information such as your name, address,
phone number or financial information on the Internet. Make sure that websites are secure (e.g., when
making online purchases) or that you’ve enabled privacy settings (e.g. when accessing/using social
networking sites).
9. Avoid being scammed - Always think before you click on a link or file of unknown origin. Don’t feel
pressured by any emails. Check the source of the message. When in doubt, verify the source. Never reply
to emails that ask you to verify your information or confirm your user ID or password.
10. Call the right person for help - Don’t panic! If you are a victim, if you encounter illegal Internet content
(e.g., child exploitation) or if you suspect a computer crime, identity theft or a commercial scam, report
this to your local police. If you need help with maintenance or software installation on your computer,
consult with your service provider or a certified computer technician.

Application Security (Database, Email and Internet)

• Application security is the process of making apps more secure by finding, fixing, and enhancing the
security of apps. In other words, it is the process of developing, adding, and testing security features
within applications to prevent security vulnerabilities against threats such as unauthorized access and
modification.
• It describes security measures at the application level that aim to prevent data or code within the app from
being stolen or hijacked. It encompasses the security considerations that happen during application
development and design, but it also involves systems and approaches to protect apps after they get
deployed.
• Application security may include hardware, software, and procedures that identify or minimize security
vulnerabilities. A router that prevents anyone from viewing a computer’s IP address from the Internet is
a form of hardware application security. But security measures at the application level are also typically
built into the software, such as an application firewall that strictly defines what activities are allowed and
prohibited. Procedures can entail things like an application security routine that includes protocols such
as regular testing.
Application security tools
 • Static testing, which analyses code at fixed points during its development. This is useful for developers
to check their code as they are writing it to ensure that security issues are being introduced during
development.
• Dynamic testing, which analyses running code. This is more useful, as it can simulate attacks on
production systems and reveal more complex attack patterns that use a combination of systems.
• Interactive testing, which combines elements of both static and dynamic testing.
• Mobile testing is designed specifically for the mobile environments and can examine how an attacker
can leverage the mobile OS and the apps running on them in its entirety.

Types of application security

Different types of application security features include authentication, authorization, encryption, logging, and
application security testing. Developers can also code applications to reduce security vulnerabilities.
1. Authentication: When software developers build procedures into an application to ensure that only
authorized users gain access to it. Authentication procedures ensure that a user is who they say they are.
This can be accomplished by requiring the user to provide a user name and password when logging in to
an application. Multi-factor authentication requires more than one form of authentication—the factors
might include something you know (a password), something you have (a mobile device), and something
you are (a thumb print or facial recognition).
2. Authorization: After a user has been authenticated, the user may be authorized to access and use the
application. The system can validate that a user has permission to access the application by comparing
the user’s identity with a list of authorized users. Authentication must happen before authorization so that
the application matches only validated user credentials to the authorized user list.
3. Encryption: After a user has been authenticated and is using the application, other security measures can
protect sensitive data from being seen or even used by a cybercriminal. In cloud-based applications,
where traffic containing sensitive data travels between the end user and the cloud, that traffic can be
encrypted to keep the data safe.
4. Logging: If there is a security breach in an application, logging can help identify who got access to
the data and how. Application log files provide a time-stamped record of which aspects of the application
were accessed and by whom.
5. Application security testing: A necessary process to ensure that all of these security controls work
properly.

Data Security Considerations – Backups

• Data security is the protection of programs and data in computers and communication systems against
unauthorized access, modification, destruction, disclosure or transfer whether accidental or intentional
by building physical arrangements and software checks.
• It refers to the right of individuals or organizations to deny or restrict the collection and use of information
about unauthorized access. Data security requires system managers to reduce unauthorized access to the
systems by building physical arrangements and software checks.

Data security uses various methods to make sure that the data is correct, original, kept confidentially and is
safe. It includes-
• Ensuring the integrity of data.
• Ensuring the privacy of the data.
 • Prevent the loss or destruction of data.

Data security consideration involves the protection of data against unauthorized access, modification,
destruction, loss, disclosure or transfer whether accidental or intentional. Some of the important data security
consideration are described below:

Backups
Data backup refers to save additional copies of our data in separate physical or cloud locations from data files
in storage. It is essential for us to keep secure, store, and backup our data on a regular basis.

Securing of the data will help us to prevent from-

• Accidental or malicious damage/modification to data.
• Theft of valuable information.
• Breach of confidentiality agreements and privacy laws.
• Premature release of data which can avoid intellectual properties claims.
• Release before data have been checked for authenticity and accuracy.

Keeping reliable and regular backups of our data protects against the risk of damage or loss due to power
failure, hardware failure, software or media faults, viruses or hacking, or even human errors.
To use the Backup 3-2-1 Rule is very popular. This rule includes:
• Three copies of our data
• Two different formats, i.e., hard drive+tape backup or DVD (short term)+flash drive
• One off-site backup, i.e., have two physical backups and one in the cloud

Some important backup options are as follows-

1. Hard drives - personal or work computer
2. Departmental or institution server
3. External hard drives
4. Tape backups
5. Discipline-specific repositories
6. University Archives
7. Cloud storage

Some of the top considerations for implementing secure backup and recovery are-
1. Authentication of the users and backup clients to the backup server.
2. Role-based access control lists for all backup and recovery operations.
3. Data encryption options for both transmission and the storage.
4. Flexibility in choosing encryption and authentication algorithms.
5. Backup of a remote client to the centralized location behind firewalls.
6. Backup and recovery of a client running Security-Enhanced Linux (SELinux).
7. Using best practices to write secure software.

Archival Storage
• Data archiving is the process of retaining or keeping of data at a secure place for long-term storage.
• The data might be stored in safe locations so that it can be used whenever it is required.
• The archive data is still essential to the organization and may be needed for future reference.
• Also, data archives are indexed and have search capabilities so that the files and parts of files can be
easily located and retrieved.
• The Data archival serve as a way of reducing primary storage consumption of data and its related costs.
• Data archival is different from data backup in the sense that data backups created copies of data and used
as a data recovery mechanism to restore data in the event when it is corrupted or destroyed. Onthe
other hand, data archives protect the older information that is not needed in day-to-day operations but
may have to be accessed occasionally.
Data archives may have many different forms. It can be stored as Online, offline, or cloud storage-
 • Online data storage places archive data onto disk systems where it is readily accessible.
• Offline data storage places archive data onto the tape or other removable media using data archiving
software. Because tape can be removed and consumes less power than disk systems.
• Cloud storage is also another possible archive target. For example, Amazon Glacier is designed for
data archiving. Cloud storage is inexpensive, but its costs can grow over time as more data is added to
the cloud archive.

The following list of considerations will help us to improve the long-term usefulness of our archives:
1. Storage medium
2. Storage device
3. Revisiting old archives
4. Data usability
5. Selective archiving
6. Space considerations
7. Online vs. offline storage

Storage medium - The first thing is to what storage medium we use for archives. The archived data will be
stored for long periods of time, so we must need to choose the type of media that will be lost as long as our
retention policy dictates.

Storage device - This consideration takes into account about the storage device we are using for our archives
which will be accessible in a few years. There is no way to predict which types of storage devices will standthe
best. So, it is essential to try to pick those devices that have the best chance of being supported over the long
term.

Revisiting old archives - Since we know our archive policies and the storage mechanisms we use for archiving
data would change over time. So we have to review our archived data at least once a year to see thatif anything
needs to be migrated into a different storage medium.
For example, about ten years ago, we used Zip drives for archival then we had transferred all of my archives
to CD. But in today?s, we store most of our archives on DVD. Since modern DVD drives can also read CDs,
so we haven't needed to move our extremely old archives off CD onto DVD.

Data usability - In this consideration, we have seen one major problem in the real world is archived data which
is in an obsolete format.
For example, a few years ago, document files that had been archived in the early 1990s were created by an
application known as PFS Write. The PFS Write file format was supported in the late 80s and early 90s, but
today, there are not any applications that can read that files. To avoid this situation, it might be helpful to archive
not only the data but also copies the installation media for the applications that created the data.

Selective archiving - In this consideration, we have to sure about what should be archived. That means we will
archive only a selective part of data because not all data is equally important.

Space considerations - If our archives become huge, we must plan for the long-term retention of all our data.
If we are archiving our data to removable media, capacity planning might be simple which makes sure that there
is a free space in the vault to hold all of those tapes, and it makes sure that there is a room in our ITbudget
to continue purchasing tapes.

Online vs. offline storage - In this consideration, we have to decide whether to store our archives online (on
a dedicated archive server) or offline (on removable media). Both methods of archival contain advantages and
disadvantages. Storing of data online keeps the data easily accessible. But keeping data online may bevulnerable
to theft, tampering, corruption, etc. Offline storage enables us to store an unlimited amount of data, but it is not
readily accessible.

Disposal of Data
 • Data destruction or disposal of data is the method of destroying data which is stored on tapes, hard disks
and other electronic media so that it is completely unreadable, unusable and inaccessible for unauthorized
purposes.
• It also ensures that the organization retains records of data for as long as they are needed.
• When it is no longer required, appropriately destroys them or disposes of that data in some other way,
for example, by transfer to an archives service.

The managed process of data disposal has some essential benefits-

• It avoids the unnecessary storage costs incurred by using office or server space in maintaining records
which is no longer needed by the organization.
• Finding and retrieving information is easier and quicker because there is less to search.

The disposal of data usually takes place as part of the normal records management process. There are two
essential circumstances in which the destruction of data need to be handled as an addition to this process-
• The quantity of a legacy record requires attention.
• The functions are being transferred to another authority and disposal of data records becomes part of
the change process.

The following list of considerations will help us for the secure disposal of data-
1. Eliminate access
2. Destroy the data
3. Destroy the device
4. Keep the record of which systems have been decommissioned
5. Keep careful records
6. Eliminate potential clues
7. Keep systems secure until disposal

Eliminate access - In this consideration, we have to ensure that eliminating access account does not have any
rights to re access the disposed of data again.

Destroy the Data - In this consideration, there is not necessary to remove data from storage media will be
safe. Even these days reformatting or repartitioning a drive to "erase" the data that it stores is not good enough.
Today's many tools available which can help us to delete files more securely. To encrypt the data on the drive
before performing any deletion can help us to make data more difficult to recover later.

Destroy the device - In the most cases, storage media need to be physically destroyed to ensure that our sensitive
data is not leaked to whoever gets the drives next. In such cases, we should not destroy them itself. To do this,
there should be experts who can make probably a lot better at safely and effectively rendering any data on our
drives unrecoverable. If we can't trust this to an outsider agency that specializes in the secure destruction of
storage devices, we should have a specialized team within our organization who has the same equipment and
skills as outside contractors.

Keep the record of which systems have been decommissioned - In this, we have to make sure that the storage
media has been fully decommissioned securely and they do not consist of something easily misplaced or
overlooked. It is best if storage media that have not been fully decommissioned are kept in a specific location,
while decommissioned equipment placed somewhere else so that it will help us to avoid making mistakes.

Keep careful records - In this consideration, it is necessary to keep the record of whoever is responsible for
decommissioning a storage media. If more than one person is assigned for such responsibility, he should sign off
after the completion of the decommissioning process. So that, if something happened wrong, we know who to
talk to find out what happened and how bad the mistake is.
Eliminate potential clues - In this consideration, we have to clear the configuration settings from networking
equipment. We do this because it can provide crucial clues to a security cracker to break into our network and
the systems that reside on it.

Keep system secure until disposal of data - In this consideration, we should have to make clear guidelines for
who should have access to the equipment in need of secure disposal. It will be better to ensure that nobody should
have access authentication to it before disposal of data won't get his or her hands on it.

Security Technology – Firewall and VPNs

Firewall - A Firewall is a network security device that monitors and filters incoming and outgoing network
traffic based on an organization’s previously established security policies. At its most basic, a firewall is
essentially the barrier that sits between a private internal network and the public Internet. A firewall’s main
purpose is to allow non-threatening traffic in and to keep dangerous traffic out.

Types of Firewalls
• Packet filtering - A small amount of data is analyzed and distributed according to the filter’s
standards.
• Proxy service - Network security system that protects while filtering messages at the application layer.
• Stateful inspection - Dynamic packet filtering that monitors active connections to determine which
network packets to allow through the Firewall.
• Next Generation Firewall (NGFW) - Deep packet inspection Firewall with application-level
inspection.

Work of Firewall
A Firewall is a necessary part of any security architecture and takes the guesswork out of host level protections
and entrusts them to your network security device. Firewalls, and especially Next Generation Firewalls, focus
on blocking malware and application-layer attacks, along with an integrated intrusion prevention system (IPS),
these Next Generation Firewalls can react quickly and seamlessly to detect and react to outside attacks across
the whole network. They can set policies to better defend your network and carry out quick assessments to detect
invasive or suspicious activity, like malware, and shut it down.

Need of Firewall
Firewalls, especially Next Generation Firewalls, focus on blocking malware and application-layer attacks. Along
with an integrated intrusion prevention system (IPS), these Next Generation Firewalls are able to react quickly
and seamlessly to detect and combat attacks across the whole network. Firewalls can act on previously set
policies to better protect your network and can carry out quick assessments to detect invasive or suspicious
activity, such as malware, and shut it down. By leveraging a firewall for your security infrastructure, you’re
setting up your network with specific policies to allow or block incoming and outgoing traffic.

VPNs - A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a
network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized
people from eavesdropping on the traffic and allows the user to conduct work remotely. VPN technology is
widely used in corporate environments.

Working of VPN
When you connect your computer (or another device, such as a smartphone or tablet) to a VPN, the computer
acts as if it’s on the same local network as the VPN. All your network traffic is sent over a secure connection
to the VPN. Because your computer behaves as if it’s on the network, this allows you to securely access local
network resources even when you’re on the other side of the world. You’ll also be able to use the Internet as
if you were present at the VPN’s location, which has some benefits if you’re using pubic Wi-Fi or want to access
geo-blocked websites.
When you browse the web while connected to a VPN, your computer contacts the website through the encrypted
VPN connection. The VPN forwards the request for you and forwards the response from the website
back through the secure connection. If you’re using a USA-based VPN to access Netflix, Netflix will see your
connection as coming from within the USA.

Types of VPNs
• Remote access - A remote access VPN securely connects a device outside the corporate office. These
devices are known as endpoints and may be laptops, tablets, or smartphones. Advances in VPN
technology have allowed security checks to be conducted on endpoints to make sure they meet a certain
posture before connecting. Think of remote access as computer to network.
• Site-to-site - A site-to-site VPN connects the corporate office to branch offices over the Internet. Site-
to-site VPNs are used when distance makes it impractical to have direct network connections between
these offices. Dedicated equipment is used to establish and maintain a connection. Think of site-to-site
access as network to network.

Uses of VPN
VPNs are a fairly simple tool, but they can be used to do a wide variety of things:
• Access a Business Network While Traveling
• Access Your Home Network While Travelling
• Hide Your Browsing Activity From Your Local Network and ISP
• Access Geo-Blocked Websites
• Bypass Internet Censorship
• Downloading Files

Intrusion Detections
Intrusion Detection System - is a system that monitors network traffic for suspicious activity and issues alerts
when such activity is discovered. It is a software application that scans a network or a system for harmful activity
or policy breaching. Any malicious venture or violation is normally reported either to an administrator or
collected centrally using a security information and event management (SIEM) system. A SIEM system
integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity
from false alarms.
Intrusion prevention systems also monitor network packets inbound the system to check the malicious activities
involved in it and at once sends the warning notifications.

Classification of Intrusion Detection System:

IDS are classified into 5 types:
1. Network Intrusion Detection System (NIDS): Network intrusion detection systems (NIDS) are set up
at a planned point within the network to examine traffic from all devices on the network. It performs an
observation of passing traffic on the entire subnet and matches the traffic that is passed on the subnets to
the collection of known attacks. Once an attack is identified or abnormal behavior is observed, the alert
can be sent to the administrator. An example of an NIDS is installing it on thesubnet where firewalls
are located in order to see if someone is trying crack the firewall.
2. Host Intrusion Detection System (HIDS): Host intrusion detection systems (HIDS) run on independent
hosts or devices on the network. A HIDS monitors the incoming and outgoing packetsfrom the device
only and will alert the administrator if suspicious or malicious activity is detected. It takes a snapshot of
existing system files and compares it with the previous snapshot. If the analytical system files were edited
or deleted, an alert is sent to the administrator to investigate. An example of HIDS usage can be seen on
mission critical machines, which are not expected to change their layout.
3. Protocol-based Intrusion Detection System (PIDS): Protocol-based intrusion detection system (PIDS)
comprises of a system or agent that would consistently resides at the front end of a server, controlling
and interpreting the protocol between a user/device and the server. It is trying to secure the web server
by regularly monitoring the HTTPS protocol stream and accept the related HTTP protocol. As HTTPS is
un-encrypted and before instantly entering its web presentation layer then this system would need to
reside in this interface, between to use the HTTPS.
4. Application Protocol-based Intrusion Detection System (APIDS): Application Protocol-based
Intrusion Detection System (APIDS) is a system or agent that generally resides within a group of
 servers. It identifies the intrusions by monitoring and interpreting the communication on application
specific protocols. For example, this would monitor the SQL protocol explicit to the middleware as it
transacts with the database in the web server.
5. Hybrid Intrusion Detection System : Hybrid intrusion detection system is made by the combination
of two or more approaches of the intrusion detection system. In the hybrid intrusion detection system,
host agent or system data is combined with network information to develop a complete view of the
network system. Hybrid intrusion detection system is more effective in comparison to the other intrusion
detection system. Prelude is an example of Hybrid IDS.

Detection Method of IDS:

1. Signature-based Method: Signature-based IDS detects the attacks on the basis of the specific patterns
such as number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on the
basis of the already known malicious instruction sequence that is used by the malware. The detected
patterns in the IDS are known as signatures.
Signature-based IDS can easily detect the attacks whose pattern (signature) already exists in system but
it is quite difficult to detect the new malware attacks as their pattern (signature) is not known.
2. Anomaly-based Method: Anomaly-based IDS was introduced to detect the unknown malware attacks
as new malware are developed rapidly. In anomaly-based IDS there is use of machine learning to create
a trustful activity model and anything coming is compared with that model and it is declared suspicious
if it is not found in model. Machine learning based method has a better generalized property in
comparison to signature-based IDS as these models can be trained according to the applications and
hardware configurations.

Access Control
Access control is a method of restricting access to sensitive data. Only those that have had their identity verified
can access company data through an access control gateway.

Components of Access control –

At a high level, access control is about restricting access to a resource. Any access control system, whether
physical or logical, has five main components:
1. Authentication: The act of proving an assertion, such as the identity of a person or computer user. It
might involve validating personal identity documents, verifying the authenticity of a website with a
digital certificate, or checking login credentials against stored details.
2. Authorization: The function of specifying access rights or privileges to resources. For example,human
resources staff are normally authorized to access employee records and this policy is usually formalized
as access control rules in a computer system.
3. Access: Once authenticated and authorized, the person or computer can access the resource.
4. Manage: Managing an access control system includes adding and removing authentication and
authorization of users or systems. Some systems will sync with G Suite or Azure Active Directory,
streamlining the management process.
5. Audit: Frequently used as part of access control to enforce the principle of least privilege. Over time,
users can end up with access they no longer need, e.g., when they change roles. Regular audits minimize
this risk.

Types of Access Control

Access control can be split into two groups designed to improve physical security or cybersecurity:
• Physical access control: limits access to campuses, building and other physical assets, e.g., a
proximity card to unlock a door.
• Logical access control: limits access to computers, networks, files and other sensitive data, e.g., a
username and password.

Access control Models

The main models of access control are:
 • Attribute-based Access Control (ABAC): In this model, access is granted or declined by evaluating
a set of rules, policies, and relationships using the attributes of users, systems and environmental
conditions.
• Discretionary Access Control (DAC): In DAC, the owner of data determines who can access specific
resources.
• History-Based Access Control (HBAC): Access is granted or declined by evaluating the history of
activities of the inquiring party that includes behavior, the time between requests and content of requests.
• Identity-Based Access Control (IBAC): By using this model network administrators can more
effectively manage activity and access based on individual requirements.
• Mandatory Access Control (MAC): A control model in which access rights are regulated by a central
authority based on multiple levels of security. Security Enhanced Linux is implemented using MACon
the Linux operating system.
• Organization-Based Access control (OrBAC): This model allows the policy designer to define a
security policy independently of the implementation.
• Role-Based Access Control (RBAC): RBAC allows access based on the job title. RBAC eliminates
discretion on a large scale when providing access to objects. For example, there should not be permissions
for human resources specialist to create network accounts.
• Rule-Based Access Control (RAC): RAC method is largely context based. Example of this would be
only allowing students to use the labs during a certain time of day.

Hardware Protection Mechanisms

A computer contains various hardware like processor, RAM, monitor etc. So, OS must ensure that these
devices remain intact (not directly accessible by the user).

Types –
1. CPU Protection: CPU protection is referred to as we cannot give CPU to a process forever, it should
be for some limited time otherwise other processes will not get the chance to execute the process. So, for
that, a timer is used to get over from this situation. which is basically give a certain amount of timea
process and after the timer execution a signal will be sent to the process to leave the CPU. hence process
will not hold CPU for more time.
2. Memory Protection: In memory protection, we are talking about that situation when two or more
processes are in memory and one process may access the other process memory. and to protecting this
situation we are using two registers as:
1. Bare register
2. Limit register
So basically, Base register store the starting address of program and limit register store the size of the
process, so when a process wants to access the memory then it is checked that it can access or can not
access the memory.
3. I/O Protection: So when we ensuring the I/O protection then some cases will never have occurred in the
system as:
1. Termination I/O of other process
2. View I/O of other process
3. Giving priority to a particular process I/O
If an application process wants to access any I/O device then it will be done through system call so
that OS will monitor the task.
Like In C language write() and read() is a system call to read and write on file. There are two modes
in instruction execute:
• User mode - The system performs a task on behalf of user application this instruction. In this
mode, the user cannot directly access hardware and reference memory.
• Kernel mode - Whenever a direct access to hardware is required a system call is used by the
application program.
We know that when an application process wants to access any I/O device it should be done through system
call so that the Operating system will monitor the task.
OS Security
• Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and
availability.
• OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms,
malware or remote hacker intrusions.
• Security refers to providing a protection system to computer system resources such as CPU, memory,
disk, software programs and most importantly data/information stored in the computer system.
• If a computer program is run by an unauthorized user, then he/she may cause severe damage to computer
or data stored in it. So, a computer system must be protected against unauthorized access, malicious
access to system memory, viruses, worms etc.
• OS security encompasses all preventive-control techniques, which safeguard any computer assetscapable
of being stolen, edited or deleted if OS security is compromised.
• OS security may be approached in many ways, including adherence to the following:
• Performing regular OS patch updates
• Installing updated antivirus engines and software
• Scrutinizing all incoming and outgoing network traffic through a firewall
• Creating secure accounts with required privileges only (i.e., user management)

Ways to achieve OS security –

Authentication - Authentication refers to identifying each user of the system and associating the executing
programs with those users. It is the responsibility of the Operating System to create a protection system which
ensures that a user who is running a particular program is authentic. Operating Systems generally
identifies/authenticates users using following three ways −
• Username / Password − User need to enter a registered username and password with Operating
system to login into the system.
• User card/key − User need to punch card in card slot, or enter key generated by key generator in
option provided by operating system to login into the system.
• User attribute - fingerprint/ eye retina pattern/ signature − User need to pass his/her attribute via
designated input device used by operating system to login into the system.

One Time passwords - One-time passwords provide additional security along with normal authentication. In
One-Time Password system, a unique password is required every time user tries to login into the system. Once
a one-time password is used, then it cannot be used again. One-time password are implemented in various ways.
• Random numbers − Users are provided cards having numbers printed along with corresponding
alphabets. System asks for numbers corresponding to few alphabets randomly chosen.
• Secret key − User are provided a hardware device which can create a secret id mapped with user id.
System asks for such secret id which is to be generated every time prior to login.
• Network password − Some commercial applications send one-time passwords to user on registered
mobile/ email which is required to be entered prior to login.

Program Threats - Operating system's processes and kernel do the designated task as instructed. If a user
program made these process do malicious tasks, then it is known as Program Threats. One of the common
examples of program threat is a program installed in a computer which can store and send user credentials via
network to some hacker. e.g. Trojan Horse, trap door, logic bomb, virus, etc

System Threats - System threats refers to misuse of system services and network connections to put user in
trouble. System threats can be used to launch program threats on a complete network called as program attack.
System threats creates such an environment that operating system resources/ user files are misused. e.g. worm,
port scanning, DoS, etc