Introduction
Computer or network operating systems are faced by various security vulnerabilities that can cause a breach of data or loss of important information. These risks usually arise from networks whereby an unwarranted user can access an operating system without the necessary credentials.
It becomes important that computer systems apply various security strategies to ensure the safety of their operating systems and users of these computers.
There are various mechanisms that have been established for computers to be used in the control of access to various resources within computer operating systems.
These mechanisms are involved in ensuring that various security policies are followed. They are known as access control policies that are effective in improving an operating system’s security (Kizza, 2009).
The three measures that can be used for an operating system’s security are: principle of least privilege, full disclosure, and audit trails. Operating systems are designed in a way that it is easy to establish, operate, and service any of the above security measures.
This is done so that when threats do occur, it will be as a result of improper use of security features or failure to use the measures properly. Various security measures are also utilized at the same time to improve the security of the operating system.
Least Privilege
The principle of least privilege is one of the most popular techniques in securing operating systems. It is known as the system’s access control feature. This method is advantageous because it involves establishing various levels within a computer or a network operating system.
Thus, each part within the system has specific levels with which they can be accessed by an individual. If a security breach occurs, then the attacker will only have access to that part of the operating system, thereby preventing access to the entire system (McNab, 2008).
Only parts of the system will be affected by the security breach. This makes it easier to secure the operating system once the cause of the breach is established.
One of the disadvantages of this method is that many security breaches arise primarily through employees of an organization. Employees have the security credentials necessary to access the operating system. This information can easily be accessed by unauthorized personnel.
The employees of an organization have access to all or most of the organization’s valuable information. Thus, their actions determine the safety and protection of the resources within a computer operating system.
This happens despite the high level controls that have been put in place to control user access (Bosworth, Kabay, & Whyne, 2009). Employees have become the target of social engineering attacks arising from outsiders.
These attacks will easily steal the necessary information from employees and use it to access the computer system. In some cases, employees that are unhappy about the workplace will use the organization’s information for their own personal gain, or for revenge.
Some employees can also make mistakes in handling their computers, leading to the destruction of information stored within the operating system databases. For instance, an employee can mistakenly delete a company database that they have complete access to.
Audit Trail
An audit trail is a measure of protecting operating systems whereby system activity is constantly tracked. This is a major advantage as causes or threats of security breaches can easily be identified.
In case of a security breach, audit trails will be able to determine how the breach occurred and its extent. Thus, the audit is able to provide information on how effective the breach was or if it failed (Kizza, 2009).
The audit trail can then be used during investigations after the loss of data from the operating system. This system is also used together with the principle of least privilege.
Thus, audit trails will prevent further harm or security breach to the computer operating system when a security breach occurs when the security access control has failed to deny unauthorized access.
The audit trail will be able to provide conclusive information on the details of the security breach and its effect on the operating system.
One major disadvantage of this system is that it may conduct an audit regularly even when there is no security breach. Thus, system administrators will find it harder to use the audit trail to quickly determine the cause of a problem.
Moreover, a security breach may occur without the system administrator’s knowledge, thus it will be ignored without action being taken because the audit trail does not have a warning mechanism (Bosworth, Kabay, & Whyne, 2009).
All these disadvantages are also attributed to the amount of information collected from the audit trail. Even though it is useful, it becomes harder to know any useful information unless it is specific in nature.
Some systems also do not make an audit trail when there is an unsuccessful login attempt. Thus, such records that may be meaningful in establishing a hacker are not captured by the audit log.
Full Disclosure
Full disclosure is a security measure whereby the vulnerabilities that exist within an operating system are openly reported. Operating systems always have vulnerabilities that developers are unaware of.
These vulnerabilities are easier to expose during the normal functioning of the operating system. Thus, this is advantageous as it encourages security experts to look into the security code and find ways to make the operating system more secure.
Many of these vulnerabilities can be attributed to bugs or weaknesses within the operating system. Thus, a solution in the form of a software patch is released by security experts or hardware vendors when security loopholes within the system are found.
It entails shortening the vulnerability window, thereby preventing an attack as vulnerable elements of the operating system are made more secure within a short time. This method makes the operating system more secure as frequent security updates will occur.
Making the information public encourages more security experts to look into the vulnerability, thereby speeding up the process of finding a solution. Users and system administrators will also push for more updates as they are aware of the vulnerabilities.
It also prevents issues that arose as a result of disclosure. For instance, malicious security researchers may use the vulnerabilities to their advantage since few system administrators will be aware that such weaknesses exist (Kizza, 2009).
One major disadvantage is that the information can be used for ulterior motives. Criminals can use the knowledge of the vulnerabilities and attack the organization before a security update is released.
While it influences frequent security updates, it also encourages the development of new methods of hacking the operating system.
The Ease of Implementation of the Measures
Least privilege
The principle of least privilege is easy to implement within an operating system. Basically, it involves establishing a system administrator who is the only individual with access to higher functions within the system.
The system administrator is a privileged user who can establish, maintain, and protect the operating system from unwarranted access. System administrators monitor the activities within the operating system and ensure it functions as expected.
The system administrator is also involved in determining the identities of users and the conditions under which they are allowed to access the system. In many cases, controlling user access is dependent on user identification.
Thus, every user is given a unique identification credential to be used for accessing the computer network.
Time is also used to control access to the system. In this case, a user will only be allowed to access the system for a specific duration and during specific times.
For instance, users in a large organization may not be allowed to access the system at night when it is expected that they are away from the workplace.
The administrator can view this security breach when the computer is accessed at this time by a user (Kizza, 2009). Location is also a variable that can be used to determine user access.
Thus, the system can only be accessed by users within a specific region, thereby blocking users from other regions. Method of access can also be determined by the system administrator as a security measure.
A computer may only be accessible through the work computers and access from computer systems not within the workplace will be blocked, unless warranted by the system administrator. These strategies are easy to implement.
This is why the principle of least control is a popular method of securing computer networks. This method is effective since it determines what a user can access within a system.
It tries to prevent access to resources that users are not allowed to access. If it occurs, then the system will display a warning about the unauthorized attempts in trying to access the system (Dhamdhere, 2006).
Full disclosure
Full disclosure is an easy method to implement as a security measure. Operating systems always have various flaws existing within the source code. Thus, a security expert, a system administrator, or a hacker will try to check all the weaknesses that exist within the system.
With this knowledge, they can disclose the details to the security experts’ community who can then come up with a solution to the problem. Moreover, full disclosure should be within the security policies established by the organization.
Some security vulnerabilities may only be applicable to the organization’s operating system. Disclosing such information may put the organization at risk, thus full disclosure will depend on the organization’s policy on what vulnerabilities should be disclosed.
Potential risks that may arise due to exposure should be analyzed when coming up with a security policy. This will ensure that the security measure will be applicable and defined by specific rules (McNab, 2008).
Audit trails
Audit trails involve the collection and recording of all activities occurring within the computer operating system in an organization. The information is maintained in a log record and provides evidence of an occurrence within the operating system.
This measure runs in privileged mode within the computer system, thus it can collect any and all information that it requires. Furthermore, only the system administrator is allowed to view this log, thus ensuring security and privacy of the audit log is easy.
Audit trails can be implemented in two ways. The first is an event-oriented log that records all the system events, user events, and application events occurring within the organization’s network. The second is keystroke monitoring where all the keystrokes made on a computer are recorded.
Audit trails are important since they contain all information necessary to establish the events that occurred. They also provide the reason to why the security breach occurred, thus a solution is easier to achieve in case of problems.
With the records of the user ID accessing the system, the audit record can determine who accessed the system (McNab, 2008). For instance, the time and date records can help determine if the user was the actual person, or an unwarranted user.
The Associated Security Management Issues Related to the Measures
Least privilege
The principle of least privilege leads to various security management issues within the organization. These issues usually arise during the creation of user accounts and determining the level of security each account requires. Some users might require a higher level within the security protocols.
These users may pose a risk to the system if the information they access is sensitive but is necessary for their work. An organization will be forced to take all their employees through security clearance, but it might be expensive for a large organization.
Thus, it is hard to determine what each employee should be allowed to access within the system. It is also an issue whether to tie an employee’s user ID to the positions that they hold within the organization or their individual identities.
If their positions are considered, then it becomes harder to trace the activities of an employee within the operating system (Sharma & Gupta, 2002). On the other hand, issues will arise when the employee changes positions within the organization if their individual identities are considered.
Full disclosure
Full disclosure leads to various security management issues. Disclosure leads to the evolution of new risks to the organization. The organization is likely to be faced with increased attacks because the extent of the operating system’s vulnerability is known.
The attacks may be severe if the vulnerability is harder to solve. Thus, the company would have undergone losses before a solution is found. The company may also be forced to avoid the use of its operating system until the problem is solved.
In many cases, vulnerabilities are discovered by people who want to do harm or gain from a security system. Such people are already aware of a system’s weakness before system administrators and security experts, thus they can cause extensive harm before a patch for the exploit is released.
Sensitive security information may also be released. This can impact negatively on an organization’s networking infrastructure. Thus, the organization should determine what kind of information is disclosed to prevent losses.
Audit trails
An issue that arises with audit trails is that the data collected requires protection. The data collected is very useful and has security implications. For instance, the audit log can contain information about a user’s financial transaction.
This information, can lead to various risks for the organization if accessed by the wrong hands. The audit logs should be protected with strong access controls and be encrypted as an added level of security. The audit log is also not useful if it is not reviewed in a timely manner.
Thus, system administrators have to determine how much data should be collected and for what period of time. Furthermore, they should determine the length of time that audit logs will be stored within the system or in the archives.
Tools also have to be developed to go through the audit trails and determine useful information from the raw data.
The information collected may be quite large and hard to be analyzed by a system administrator in very large systems. The use of special tools will reduce the time used for analysis in order to determine useful information.
The Ranking of the Measures from Best to Worst with Supporting Rationale
The principle of least privilege can be ranked as the best measure for protecting operating systems. The principle is easy to implement and it offers the basic protection mechanism that an operating system requires.
Many people can have access to the operating systems or networks within an organization. The principle of least privilege is a security measure that will give a large number of people access to the operating systems, but each with a different security level clearance.
The use of n user ID to identify an employee of the organization makes it easier for employees to use the system. There are also fewer risks of the operating system if employees follow the established security policies.
Audit trails can be ranked second due to the effectiveness of the security measure it offers. While it provides audit logs for a system administrator, it is also the best measure to determine the activities that occur within an operating system.
These activities can then be analyzed, thereby providing useful information for the administrator. Many organizations do not always use it due to immense amounts of data involved with audit logs. Thus, security breaches can occur and would be hard to determine the causes.
For instance, some companies turn off audit trails to improve productivity within the organization. This is attributed to the lack of workers who can go through the audit trails to determine important information (McNab, 2008).
Full disclosure can be ranked as the worst of three security measures because it is at a level that the system administrator may not easily control. Furthermore, it increases the risk of an attack if a malicious individual exploits the vulnerabilities.
Without a solution to the security risk, operations within large organizations may be stalled without its computer networks to control its activities.
Experts in dealing with system security are also not keen on providing a solution since they do not gain financially from this approach (Dhamdhere, 2006).
A security expert may also choose not to reveal the vulnerabilities and, instead, use the vulnerabilities for personal gain. Thus, a company’s operating system may be entirely insecure without the company’s knowledge.
Conclusion
Computer and network operating systems are faced with various security threats from outside sources. Thus, it is a tasking duty to ensure the security of these systems as threats are constantly emerging. This has led to the development of different measures to ensure their security.
Moreover, more than one measure is used to ensure that all techniques applied are effective and offer a secure environment for the operating system. The principle of least privilege, full disclosure, and audit trails can be used as security measures in operating systems.
Although the three measures have their pros and cons, full disclosure scores poorly, while the principle of least privilege is the most secure.
References
Bosworth, S., Kabay, M. E., & Whyne, E. (2009). Computer security handbook (5th ed.). Hoboken, NJ: John Wiley & Sons
Dhamdhere, D. M. (2006). Operating systems: a concept-based approach (2nd ed.). Boston, MA: McGraw-Hill.
Kizza, J. M. (2009). A guide to computer network security. London: Springer.
McNab, C. (2008). Network security assessment (2nd ed.). Beijing, China: O’Reilly Media, Inc.
Sharma, S. K., & Gupta, J. N. D. (2002). Securing information infrastructure from information warfare. Logistics Information Management, 15(5/6), 56-68.