Introduction to Operating Systems Protection
Data breaches have become a common problem for enterprises. An operating systems protection strategy is important for an organization to manage and protect confidentiality, integrity, availability as well as authenticity of information resources.
Business operations, transactions and communications depends on the four concepts. An understanding of those concepts are important to formulating good information technology goals.
Confidentiality is the protection of information from disclosure to unauthorized parties. A defense-in-depth strategy must be implemented to ensure the confidentiality of internal data, networks and users. An example of a confidentiality problem is a keylogging attack as it logs your keystrokes including passwords that may have been typed and then sends it to an unauthorized third party.
Integrity refers to the protection of information from being modified by unauthorized parties and to the trustworthiness of the information resources. The value of the information is good if it is guaranteed not to have been tampered with.
Availability means that information can be accessed when needed. The value of the information is valuable when authorized people can access it whenever required. If an information system is down, it is almost as bad as not having it at all. Website vandalism and denial of service attacks are examples of violations of this concept. The aim is to make sure that downtime is limited and that information is secured so that it is available.
Finally, authenticity ensures that the data was created or sent by the source it originated from. Authenticity problems are with spam, browser hijacking and man-in-the-middle attacks.
These are fundamental and critical concepts behind operating systems protection. All four of those concepts work together to provide adequate guidance to protect information systems. Without one or even all of them, it is not possible to provide and secure, reliable and consistent information.
The Advantages and Disadvantages of Security Policy and Education
It is important to have a written security policy and education regarding that policy for all users in the enterprise. Having a security policy helps to define a basic server/workstation build configuration, what is or what is not allowed on the network, identifying risks and needs management buy-in. Security policy leads to a better security awareness with employees. No matter the size, companies should have a security policy as it will contribute to the protection of the operating system.
There are many advantages to having a written security policy. It lays out expectations of the system administrators and the end users. There is a policy that has to be followed and if not followed, there will be problems at some point for all involved.
The security policy should lay out the configurations of the workstations and servers on the network. It is not helpful to have hundreds of different configurations for each workstation and server. An image (for instance of Windows Server 2008 and Windows 7 x64) should be created and deployed to machines with basic configurations and software already installed. Identify what type of task the machine needs to perform and configure it for that task. Install required components and disable unnecessary services or uninstall software that may introduce vulnerabilities. If there is not a need for it like IIS, FTP and SMTP services, then do not install it. Instructional sheets on how to do this should be created to make sure that it is done correctly for each machine on the network. Essentially by doing this, administrators are securing or hardening the network and improving the protection of the operating system against known attacks by not using services that are unneeded.
Before any machine is connected to the local area network (LAN), the machine should be configured as above. Once that is done, connect it to the network and update the operating system and antivirus software. Make sure that the monitoring software, Windows Server Update Services – WSUS or whatever other update service as well as the antivirus management software sees the machine on the network.
Know the machine and its expected behavior. Monitor the logs and determine if there is an anomaly in the system. Prepare a system characterization. That way an administrator will know when there are unexpected changes in the machine which might mean an intrusion.
End users need to be educated on the security policy. The security policy should detail what is expected of them. It should make clear what they can or cannot do. For instance, the end users might not be allowed to install software without the assitance of the information technology (IT) department. Software not already installed on the machine should be approved by the IT department before installation to make sure that there are not vulnerability issues. Another requirement may be that the end user is not allowed to use USB drives or maybe certain drives that have the company approved security encryption.
Management needs to be brought on board. Appropriate management outside of IT should add their input to the security policy process so that business policies and procedures align with IT’s expectations. It is also important as they will ultimately have to sign off on the security policy as well since it will impact the entire enterprise.
There really are not many disadvantages to this approach from a security perspective. From an end user perspective, there are some disadvantages. It will take longer to provision workstations and servers. End users will not be allowed to do this on their own as they will not know the specific security policies that must be adhered to. Software cannot be installed with prior approval and checking of vulnerabilities. Frustrations and delays for their work can be expected.
The Advantages and Disadvantages of Ensuring That Users Have Appropriate Access To Enterprise Resources
The advantages of ensuring that users have appropriate access to enterprise resources in an access control model are many. Each enterprise is different in terms of the number of people it employs and the level of security it requires.
With that in mind, there are three main access control models. Role Based Access Control (RBAC) assigns rights by a system administrator based on roles or jobs within the organization. Accountants would all be assigned rights based on their job. Marketing would have the same thing done for them. Both groups do different things and therefore would not have the same rights within the organization. The second access control method is the Mandatory Access Control (MAC). It is completely controlled by the System Administrator and is the most restrictive access control method. End users have no control over files and cannot grant access to others. It is tied to the security clearance required to access the information on a need to know basis. For organizations that require high security, the MAC model is the way to go.The third access control method is the Discretionary Access Control (DAC). It is the least restrictive with rights assigned by the end user that owns the object.
There are some disadvantages with the access control model. One size does not fit all enterprises so a careful consideration of each of the access control methods is warranted. Clearly if you are a small business of ten or fewer people, then the DAC is the way to go. It would not be the best method for a large enterprise. Administration would be too cumbersome. MAC would also be too difficult if not inconvenient to impose on a very small business. RBAC is the type of access control that could work for all business sizes but not in every single situation such as for the military. A careful consideration of which access control to use is necessary before blindly jumping in for a solution.
The Advantages and Disadvantages of Monitoring and Patch Management
It is advantageous for enterprises to have monitoring and patch management for operating systems protection. Network administrators monitor the network for unexpected behavior that may signal a possible system intrusion or compromise. They should look for port scanning and unsuccessful login attempts. The intrusion attempt should be contained and analyzed. Possible network changes may be necessary in response to the intrusion attempt.
Patch management is another important function. Unpatched systems are a serious libability and leave networks vulnerable to attack. It is important to implement a patch management system to correct security and flaws that are in the software. It is important to also take note of software that is not receiving updates as they might be too old and so therefore it might require a new purchase for updated software. It may also be necessary for certain government regulations to have patch management.
There are many disadvantages to monitoring and patch management. The concepts are great but problems begin when users are not at work, the software that is to be patched is on an old machine that might not work with the patch, machines are not connected to the network and if the users do not keep the machines connected long enough to receive the updates. This causes system administrators to spend an inordinate amount of time trying to patch systems and getting the cooperation of the end users.
Ease of Implementation and Associated Security Management Issues
The ease of the implementation of the operating systems protections depends on the associated security management issues. It is important that management down to the end users understand what is at stake in keeping a well run network.
Security policy, monitoring and patch management needs the cooperation of everyone in the enterprise. IT professionals have to not only be proficient technically in what they are supporting but they have to be excellent communicators to the end user community. Depending on the enterprise environment, the System Administrator should utilize the communication systems such as email or the internal website to communicate changes in security policy, patch management, software updates and monitoring problems. Communications should be direct to the point with no acronyms and technology lingo. There is always a possibility that patch management can have a problem and will change the user environment in a negative way. A disaster plan should be in place to undo the implementation if there is a problem. The end user community should be respected and listened to as they are essentially on the front lines in security.
Appropriate access to enterprise resources is not an easy task to implement and needs management input. Software installed on machines may use a variety of access controls. SQL for instance uses RBAC controls. It is important to verify that access controls that are different for one software package from the rest of the access controls in the enterprise will not have data leakage.
Ranking of Measures From Best to Worst
The easiest or best measure to implement is security policy although it can be the hardest to enforce. It does not have to be that difficult. As long as the end user community understands that security is everyone’s responsibility and not just IT, then it should not be a problem. Having a policy that everyone must follow including set configurations should make managing the network less difficult.
Just under the best ranking is monitoring and patch management. The bigger the network, the more headaches there are for the system administrator to manage the monitoring and patch management of all of the machines. Hardly anyone looks forward to “Patch Tuesday” from Microsoft knowing that the end users will need to be cajoled sometimes to let the updates install in a timely manner. Not only that but some users are afraid of updates thinking that it will break their machines. If all the machines are on the network, monitoring is easy. The same can be said for patching as well. But when some machines are missing from the network, a burden is placed on the system administrator to find those machines and patch them as quickly as possible. End user cooperation is needed but not always received in a timely manner.
The worst measure in terms of the hardest to implement is access control. Usually, the access control is RBAC but not always. In small organizations of ten or fewer, it will most likely be DAC. DAC though is still a bit hard to administer since the administration is decentralized. MAC is the hardest access control to implement due to the sensitive nature of the restrictions imposed on users. The system administrator cannot afford to give too much access to information. Occasionally due to how software is designed, some enterprises may find themselves with a mix of access controls. This increases the complexity of the overall access controls and the monitoring of the network.
Conclusion
An overall operating systems protection strategy is a must for all enterprises. Security vulnerabilities can be minimized when the operating systems are configured, monitored, patched and access controls are set properly. The entire enterprise from management to IT professionals and end users need to work together to implement a workable operating systems protection strategy.
References are available upon request.
© 2015 Michael Carr