Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

One of the first tasks in the development of operating system security policies

ID: 3762685 • Letter: O

Question

One of the first tasks in the development of operating system security policies is to identify the tools that can be used for the detection and prevention of security threats to the organization's operating systems. The operating systems form the core of the system operations, and security violations at the operating system-level could compromise every aspect of the system's and organization's IT resources.

For this assignment, you will conduct an analysis and selection of tools that would be appropriate for the detection of operating system security threats in the organization’s systems. You will also summarize the strengths and weaknesses of the built-in security of each of the 3 OS categories (UNIX, open source, and Windows) so that you will be able to determine which areas may need additional security support from other tools.

The following are the project deliverables:

Update the Operating Systems Security Policies document title page with a new date and project name.

Update the previously completed sections based on the instructor's feedback.

New Content: Security Threat DetectionSecurity Tool Analysis

Review and identify at least 3 tools that would be effectively used in the detection and prevention of operating system security threats in the organization’s systems.

Include the types of threats that the tools identify.

Discuss the total threat coverage for the operating systems provided by these tools.

Given that implementation of security tools requires significant investment, management will likely be reluctant to approve them unless the investment can be justified. As part of your analysis, describe why these tools are necessary for the company and how the investment can be justified to management.

Built-in Security Analysis

Summarize the strengths and weaknesses of the built-in security of each of the 3 major OS categories (UNIX, open source, and Windows).

Discuss how the weaknesses can be strengthened using the tools identified in the Security Tool Analysis section.

Be sure to update your table of contents before submission.

Name the document "yourname_CS652_IP2.doc."

Submit the document for grading.

Please submit your assignment.

Explanation / Answer

Computers and networks originally were built to ease the exchange of information. information technology (IT) infrastructures were built around central computers or mainframe solutions while others were developed around the personal computer.

What some thought impossible became reality and today businesses are being driven by the power of the personal computer that users access with just a user name and password.

Unified Threat Management (aka UTM) is the combination of various technologies which make easy to use appliance-based tools to provide thorough and comprehensive security coverage.

UTM is to create powerful, customized processing computer architectures inspect, block large amounts of network traffic at or near wire speeds.

The same data that must be reviewed to look for blacklisted IP addresses or URLs must also be inspected for malware signatures, proofed against data leakage, and checked to make sure that the protocols, applications, and data involved are both allowed and benign.

That’s why typical UTM solutions typically bundle a great many functions, including:

Proxy services, to block revealing details of internal IP addressing on networks, and to examine communications and data transfers at the application level

State ful packet inspection, to distinguish legitimate network communications from suspect or known malicious forms of communication

Deep packet inspection, to enable the data portion or payload of network packets to be checked. This facility not only enables protection against malware, but also permits data checks to block leakage of classified, proprietary, or private/confidential data across network boundaries.

This kind of technology is called data loss or data leak protection. In addition, deep packet inspection technology also supports all kinds of content filtering.

Real-time packet decryption exploits special hardware (which essentially reproduces software programs in the form of high-speed circuitry to perform complex data analysis) to permit deep inspection to occur at or near network wire speeds. This lets organizations apply content level controls even to encrypted data, and to screen such data for policy compliance, malware filtering, and more.

E-mail handling, which included malware detection and removal as well as spam filtering and content checks for phishing, malicious Web sites, and blacklisted IP addresses and URLs.

Intrusion detection and blockage, which observes incoming traffic patterns to detect and respond to denial of service attacks, and to more nuanced and malicious attempts to breach network and system security, and obtain unauthorized access to systems and data.

Application controls (or filtering) which observes applications in use – especially Web-based applications and services – and applies security policy to block or starve unwanted or unauthorized applications from consuming network resources, or accomplishing unauthorized access to (or transfer of) data

Virtual private network or remote access devices enable remote users to establish secure private connections over public network links (including the Internet). Most organizations use such technologies to protect network traffic from snooping while it’s en route from sender to receiver.

Modern UTM devices incorporate all of these kinds of functions, and more, by combining fast, powerful special-purpose network circuitry with general-purpose computing facilities. The custom circuitry that opens up network traffic to detailed and painstaking analysis and intelligent handling does not slow benign packets down in transit. But it can, however, remove suspicious or questionable packets from ongoing traffic flows, and turn them over to programs and filters to perform complex or sophisticated analysis to recognize and foil attacks, filter out unwanted or malicious content, prevent data leakage, and make sure that security policy applies to all network traffic.

Network Intrusion Detection Systems (NIDS) are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network.

It performs an analysis of passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator.

An example of an NIDS would be installing it on the subnet where firewalls are located in order to see if someone is trying to break into the firewall. Ideally one would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. OPNET and NetSim are commonly used tools for simulation network intrusion detection systems.

NID Systems are also capable of comparing signatures for similar packets to link and drop harmful detected packets which have a signature matching the records in the NIDS.

When we classify the designing of the NIDS according to the system interactivity property, there are two types: on-line and off-line NIDS. On-line NIDS deals with the network in real time and it analyses the Ethernet packet and applies it on the some rules to decide if it is an attack or not.

Off-line NIDS deals with a stored data and pass it on a some process to decide if it is an attack or not.

Host Intrusion Detection Systems

Main article: Host-based intrusion detection system

Host Intrusion Detection Systems (HIDS) run on individual hosts or devices on the network. A HIDS monitors the inbound and outbound packets from the device only and will alert the user or administrator if suspicious activity is detected.

It takes a snapshot of existing system files and matches it to the previous snapshot. If the critical system files were modified or deleted, an alert is sent to the administrator to investigate.

An example of HIDS usage can be seen on mission critical machines, which are not expected to change their configurations.

Intrusion detection systems can also be system-specific using custom tools and honey pots.

Windows operating system

Pro’s

Con’s

Apple’s OSX just does a better job of helping to create and manage content.

UNIX base

Pro’s

Con’s

Ubuntu isn’t your only choice. Google Linux Live CD and check out the other options.

OSX. Linux

Pros

Cons

Related Questions

One of the current barriers to widespread use of solar energy is the storage of
Question #637865
One of the curses of 2-liter bottles is that when carbonated beverages are store
Question #2283115
One of the detrimental effects of the \"thermal pollution\" of water supplies is
Question #587109
One of the devs on my team believes that it is necessary to write a javadoc comm
Question #639650
One of the differences between a voltaic cell and an electrolytic cell is that i
Question #966886
One of the differences in pro vs. eukaryotic protein translation is in the proce
Question #841337
One of the different statistics reported by the Centers for Disease Control rega
Question #3053338
One of the difficulties I\'m running into with my current project is that the pr
Question #647426
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
One of the first sophisticated uses of the electronic computer was to perform si
Next
One of the first things I learned after being appointed president of Strong Memo

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.