Operating system hardening
|
|
- Berniece Sparks
- 6 years ago
- Views:
Transcription
1 Operating system Comp Sci 3600 Security
2 Outline
3 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications in use Today, we will provide a general overview, and next week, we will go over the process, from start to finish, of ing and a personal computing setup, along with software choices for secure data storage and transmission.
4 OS architecture User s and Utilities Operating Kernel Physical Hardware BIOS / SMM Figure 12.1 Operating Security Layers Each of these layers of code needs appropriate measures in place to provide appropriate services. And each layer is vulnerable to attack from below, should the lower layers not also be secured appropriately.
5 Outline
6 Things to consider during enterprise The purpose of the system, the type of information stored, the applications and services provided, and their requirements. The categories of users of the system, the privileges they have, and the types of information they can access. How the users are authenticated. How access to the information stored on the system is managed. What access the system has to information stored on other hosts, such as file or database servers, and how this is managed. Who will administer the system, and how they will manage the system (via local or remote access). Any additional measures required on the system, including the use of host firewalls, anti-virus or other malware protection mechanisms, and logging.
7 Outline
8 Operating system Install and patch the operating system. Harden and ure the operating system to adequately address the identified needs of the system by: Removing unnecessary services, applications, and protocols. Configuring users, groups, and permissions. Configuring resource. Install and ure additional, such as host-based firewalls or intrusion detection systems (IDS), if needed. Test the of the basic operating system to ensure that the steps taken adequately address its needs.
9 Outline
10 Secure ation procedures begins with the ation of the operating system. Check hash of media to insure validity Encrypt full hard disk during ation Install only the minimum needed software Install in an isolated environment (OS is vulnerable until patched) Setup BIOS boot and uration password Avoid ing non-open binary drivers, especially with kernel access Patch operating system to most current, and enable updates
11 Outline
12 Minimizing attack surface Ideally, only the minimum ed software needed However, if a standard is required, then remove extras Further, disable any unneeded protocols and services
13 Outline
14 Users, groups, authentication Determine the needed permissions for each user of the system Map user permissions to groups of users Minimize the time that administrators will work under the state of elevated privilege Remove any default or guest accounts, change any default passwords
15 Outline
16 Configure resource Once the users and their associated groups are defined, appropriate permissions can be set on data and resources to match the specified policy. Some users access limited software Some users access limited directories or files
17 Outline
18 Install or ure extra -related software Host based firewall (e.g., iptables/netfilter) White-list applications, allowing only a specific list
19 Test you Check assumptions about system behavior Test non-whitelisted applications nmap and wireshark to probe network behavior, etc.
20 Outline
21 Once the base operating system is ed and appropriately secured, the required services and applications must next be ed and ured.
22 Outline
23 Which software to? may be from additional packages provided with the operating system distribution, or from a separate third-party package. As with the base operating system, utilizing an isolated, secure build network is preferred. OS repositories employ secure signature and hashing on files to insure integrity; use it For third party applications, always check signature reported by developer Do not un-trusted applications, with the minimum requirement excluding anything closed source or for which you do not have access to the source code, and the ideal being highly scrutinized open projects
24 Outline
25 Configure applications Check default urations For example permissions granted to the web serving software on your server may allow the software merely serving a static site to write files
26 Outline
27 level encryption In addition to the whole disk, you can encrypt particular folders, or an entire home directory. Setup key exchange and signing, for example for your website s certificate, by getting a CA to sign your keys Setup and choose secure options for your SSH uration, create and exchange keys with clients
28 Outline
29 Security maintenance Monitoring and analyzing logging information Performing regular s Recovering from compromises Regularly testing system Using appropriate software maintenance processes to patch and update all critical software, and to monitor and revise uration as needed
30 Logging Logging is a reactive control that can only inform you about bad things that have already happened. But effective logging helps ensure that in the event of a system breach or failure, system administrators can more quickly and accurately identify what happened and thus most effectively focus their remediation and recovery efforts.
31 Backup and archive Are s on-site or off? Are s encrypted? Does the procedure transfer data across the network, how?
32 Outline
33 Most servers will be Extensive documentation base for
34 Outline
35 updates Modern Unix and Linux distributions typically include tools for automatically downloading and ing software updates, including updates, which can minimize the time a system is vulnerable to known vulnerabilities for which patches exist. Packages are cryptographically signed by packager and signatures are checked before ation Red Hat / Fedora uses dnf, Open SuSE uses yast, debian uses apt-get, etc
36 Outline
37 and service uration of applications and services on Unix and Linux systems is most commonly implemented using separate text files for each application and service. -wide uration details are generally located either in the /etc directory or in the ation tree for a specific application. Where appropriate, individual user urations that can override the system defaults are located in hidden dot files in each user s home directory. The name, format, and usage of these files are very much dependent on the particular system version and applications in use.
38 Outline
39 Set permissions on Unix and Linux systems implement discretionary access control to all file system resources. These include not only files and directories but devices, processes, memory, and indeed most system resources, like devices, etc use chmod, chown, getfacl, setfacl, and other user and group management commands to ure permissions and access Information on user accounts and group membership are traditionally stored in the /etc/passwd and /etc/group files Remove default or guest users, change default passwords, if any Minimize the number of programs that need to run as root
40 Outline
41 Setup remote access Minimize the ability to access your system remotely, if at all Close unnecessary incoming ports Use iptables/netfilter for Linux, or pf for BSD-based systems
42 Outline
43 jail Restricts a running process to a subset of the file system by mapping the processes view of root to a sub-directory of the real root Not all processes tolerate this well, and it can require including more directories into the jail If a process can run as root, it is possible to break out of the jail
44 Outline
45 Software simulates hardware, so that an operating system can run inside of software Full virtualization almost complete simulation of the actual hardware to allow software, which typically consists of a guest operating system, to run unmodified. Paravirtualization a hardware environment is not simulated; however, the guest programs are executed in their own isolated domains, as if they are running on a separate system. Guest programs need to be specifically modified to run in this environment.
46 Hypervisors A hypervisor or virtual machine monitor (VMM) is computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine.
47 Outline
48 Hypervisor types
49 Hypervisor types Type-1, native or bare-metal hypervisors: These hypervisors run directly on the host s hardware to control the hardware and to manage guest operating systems. For this reason, they are sometimes called bare metal hypervisors. Xen for example. These are more secure than type 2 Type-2 or hosted hypervisors: These hypervisors run on a conventional operating system (OS) just as other computer programs do. A guest operating system runs as a process on the host. Type-2 hypervisors abstract guest operating systems from the host operating system. VirtualBox for example
50 Type 1: bare metal / native hypervisor User Apps Guest O/S 1 Kernel User Apps Guest O/S 2 Kernel... Hypervisor/ VMM Physical Hardware User Apps Guest O/S n Kernel BIOS / SMM Figure 12.2 Native Security Layers
51 Type 2: hosted hypervisor Other User Apps User Apps Guest O/S 1 Kernel Host Operating Kernel Physical Hardware User Apps Guest O/S n Kernel BIOS / SMM Figure 12.3 Hosted Security Layers... Hypervisor/ VMM
52 Virtualbox: Type 2
53 Third type: Containers (OS-level virtualization) Kernel allows the existence of multiple isolated user-space instances. Such instances, called containers, partitions, virtualization engines (VEs) or jails (FreeBSD jail or jail), may look like real computers from the point of view of programs running in them. Typical program can see all resources (connected devices, files and folders, network shares, CPU power, quantifiable hardware capabilities) of that computer, but programs running inside a container can only see the container s contents and devices assigned to the container. Can be seen as an advanced implementation of the standard mechanism, which changes the apparent root folder for the current running process and its children. Kernel provides resource-management features to limit the impact of one container s activities on other containers.
54 Example container: Docker
55 Container options
56 SubGraph OS: docker containers for isolation
57 Qubes OS: bare metal with full VM for isolation
58 Qubes OS: detailed
59 Outline
60 Security and virtualization Guest OS isolation, ensuring that programs executing within a guest OS may only access and use the resources allocated to it, and not covertly interact with programs or data either in other guest OSs or in the hypervisor. Guest OS monitoring by the hypervisor, which has privileged access to the programs and data in each guest OS, and must be trusted as secure from subversion and compromised use of this access. Virtualized environment, particularly image and snapshot manage- ment, which attackers may attempt to view or modify. Minimize access to the hypervisor
CS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More informationModule 1: Virtualization. Types of Interfaces
Module 1: Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform
More informationLecture 5: February 3
CMPSCI 677 Operating Systems Spring 2014 Lecture 5: February 3 Lecturer: Prashant Shenoy Scribe: Aditya Sundarrajan 5.1 Virtualization Virtualization is a technique that extends or replaces an existing
More informationThe only open-source type-1 hypervisor
Monika Danikáková What is Xen? The only open-source type-1 hypervisor For Unix and Unix-like OS Linux, NetBSD and OpenSolaris From ancient greek term Xenos (ξένος), guest-friends Developed by the University
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationConfinement. Steven M. Bellovin November 1,
Confinement Steven M. Bellovin November 1, 2016 1 Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many
More informationVirtualization. Michael Tsai 2018/4/16
Virtualization Michael Tsai 2018/4/16 What is virtualization? Let s first look at a video from VMware http://www.vmware.com/tw/products/vsphere.html Problems? Low utilization Different needs DNS DHCP Web
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationThe Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
More informationINF3510 Information Security. Lecture 6: Computer Security. Universitetet i Oslo Audun Jøsang
INF3510 Information Security Lecture 6: Computer Security Universitetet i Oslo Audun Jøsang Lecture Overview Secure computer architectures Virtualisation architectures Trusted computing Security Evaluation
More informationCompTIA A+ Certification ( ) Study Guide Table of Contents
CompTIA A+ Certification (220-902) Study Guide Table of Contents Course Introduction About This Course About CompTIA Certifications Module 1 / Supporting Windows 1 Module 1 / Unit 1 Windows Operating System
More informationCyber Essentials Questionnaire Guidance
Cyber Essentials Questionnaire Guidance Introduction This document has been produced to help companies write a response to each of the questions and therefore provide a good commentary for the controls
More informationSecuring the Data Center against
Securing the Data Center against vulnerabilities & Data Protection Agenda Virtual Virtualization Technology How Virtualization affects the Datacenter Security Keys to a Secure Virtualized Deployment and
More informationNested Virtualization and Server Consolidation
Nested Virtualization and Server Consolidation Vara Varavithya Department of Electrical Engineering, KMUTNB varavithya@gmail.com 1 Outline Virtualization & Background Nested Virtualization Hybrid-Nested
More informationTable of Contents. Course Introduction. Table of Contents Getting Started About This Course About CompTIA Certifications. Module 1 / Server Setup
Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Server Setup Module 1 / Unit 1 Servers and Racks Server Hardware and Software
More informationChapter 5 C. Virtual machines
Chapter 5 C Virtual machines Virtual Machines Host computer emulates guest operating system and machine resources Improved isolation of multiple guests Avoids security and reliability problems Aids sharing
More informationDeploying Application and OS Virtualization Together: Citrix and Virtuozzo
White Paper Deploying Application and OS Virtualization Together: Citrix and Virtuozzo www.swsoft.com Version 1.0 Table of Contents The Virtualization Continuum: Deploying Virtualization Together... 3
More informationPrivilege Escalation
Privilege Coleman Kane Coleman.Kane@ge.com February 9, 2015 Security Vulnerability Assessment Privilege 1 / 14 root, or Privilege or Elevation is the act of gaining access to resources which were intended
More informationParallels Virtuozzo Containers
Parallels Virtuozzo Containers White Paper Deploying Application and OS Virtualization Together: Citrix and Parallels Virtuozzo Containers www.parallels.com Version 1.0 Table of Contents The Virtualization
More informationLecture 09: VMs and VCS head in the clouds
Lecture 09: VMs and VCS head in the Hands-on Unix system administration DeCal 2012-10-29 1 / 20 Projects groups of four people submit one form per group with OCF usernames, proposed project ideas, and
More informationSecuring your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
More informationHost. Computer system #1. Host Hardening
Host Hardening Series of actions to be taken in order to make it hard for an attacker to successfully attack computers in a network environment (March 28, 2016) Abdou Illia Spring 2016 Host In network
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationOUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE
CONTENTS 1 ABOUT THIS PART... 2 2 GENERAL... 2 3 CLOUD INFRASTRUCTURE (FORMERLY UTILITY HOSTING)... 2 4 TAILORED INFRASTRUCTURE (FORMERLY DEDICATED HOSTING)... 3 5 COMPUTE... 3 6 BACKUP & RECOVERY... 8
More informationUnit 2: Manage Files Graphically with Nautilus Objective: Manage files graphically and access remote systems with Nautilus
Linux system administrator-i Unit 1: Get Started with the GNOME Graphical Desktop Objective: Get started with GNOME and edit text files with gedit Unit 2: Manage Files Graphically with Nautilus Objective:
More informationAcronis Backup Advanced Version 11.5 Update 6
Acronis Backup Advanced Version 11.5 Update 6 APPLIES TO THE FOLLOWING PRODUCTS Advanced for Windows Server Advanced for Linux Server Advanced for PC Advanced for VMware / Hyper-V / RHEV / Citrix XenServer
More informationDistributed Systems COMP 212. Lecture 18 Othon Michail
Distributed Systems COMP 212 Lecture 18 Othon Michail Virtualisation & Cloud Computing 2/27 Protection rings It s all about protection rings in modern processors Hardware mechanism to protect data and
More informationIntroduction to UNIX/LINUX Security. Hu Weiwei
Introduction to UNIX/LINUX Security Hu Weiwei Operation System Security The Security Problems in Operation Systems become more and more important The Security techniques improved rapidly The number of
More informationEE 660: Computer Architecture Cloud Architecture: Virtualization
EE 660: Computer Architecture Cloud Architecture: Virtualization Yao Zheng Department of Electrical Engineering University of Hawaiʻi at Mānoa Based on the slides of Prof. Roy Campbell & Prof Reza Farivar
More informationGSE/Belux Enterprise Systems Security Meeting
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 1 In the news Microsoft Exposes Scope of Botnet Threat By Tony Bradley, October 15, 2010 Microsoft's
More informationAcronis Backup & Recovery 11.5
Acronis Backup & Recovery 11.5 Installation Guide Applies to the following editions: Update 2 Advanced Server Server for Windows Virtual Edition Server for Linux Advanced Server SBS Edition Workstation
More informationVirtualization. Dr. Yingwu Zhu
Virtualization Dr. Yingwu Zhu Virtualization Definition Framework or methodology of dividing the resources of a computer into multiple execution environments. Types Platform Virtualization: Simulate a
More informationSpring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand
Introduction to Virtual Machines Nima Honarmand Virtual Machines & Hypervisors Virtual Machine: an abstraction of a complete compute environment through the combined virtualization of the processor, memory,
More informationOperating Systems 4/27/2015
Virtualization inside the OS Operating Systems 24. Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view
More informationvsphere Security VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 EN
VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationvsphere Security Modified on 21 JUN 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7
Modified on 21 JUN 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationTHREAT PROTECTION FOR VIRTUAL SYSTEMS #ILTACON #ILTA156
THREAT PROTECTION FOR VIRTUAL SYSTEMS #ILTACON #ILTA156 JIM P. NIXON Application Support Manager Seyfarth Shaw LLP jnixon@seyfarth.com IN THE PAST, TRADITIONAL SOLUTIONS DIDN T THINK ABOUT VIRTUAL WORKLOADS
More informationWhat is Cloud Computing? Cloud computing is the dynamic delivery of IT resources and capabilities as a Service over the Internet.
1 INTRODUCTION What is Cloud Computing? Cloud computing is the dynamic delivery of IT resources and capabilities as a Service over the Internet. Cloud computing encompasses any Subscriptionbased or pay-per-use
More informationCeedo Client Family Products Security
ABOUT THIS DOCUMENT Ceedo Client Family Products Security NOTE: This document DOES NOT apply to Ceedo Desktop family of products. ABOUT THIS DOCUMENT The purpose of this document is to define how a company
More informationINF3510 Information Security Spring Lecture 4 Computer Security. University of Oslo Audun Jøsang
INF3510 Information Security Spring 2015 Lecture 4 Computer Security University of Oslo Audun Jøsang Lecture Overview Fundamental computer security concepts CPU and OS kernel security mechanisms Virtualization
More informationBacula Systems Virtual Machine Performance Backup Suite
Bacula Systems Virtual Machine Performance Backup Suite Bacula Systems VM Performance Backup Suite is part of Bacula Enterprise Edition. It comprises of modules that can be utilized to perfectly fit any
More informationVMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway
VMware AirWatch Content Gateway for Linux VMware Workspace ONE UEM 1811 Unified Access Gateway You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationStorage and File System
COS 318: Operating Systems Storage and File System Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Topics Storage hierarchy File
More informationDesigning the Stable Infrastructure for Kernel-based Virtual Machine using VPN-tunneled VNC
Designing the Stable Infrastructure for Kernel-based Virtual Machine using VPN-tunneled VNC presented by : Berkah I. Santoso Informatics, Bakrie University International Conference on Computer Science
More informationDocker for HPC? Yes, Singularity! Josef Hrabal
Docker for HPC? Yes, Singularity! Josef Hrabal IT4Innovations josef.hrabal@vsb.cz support@it4i.cz Virtual Machine Hardware (CPU, Memory, NIC, HDD) Host OS (Windows, Linux, MacOS) Hypervisor (VirtualBox,
More informationvsphere Security Update 2 Modified on 22 JUN 2018 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5
Update 2 Modified on 22 JUN 2018 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you
More informationVirtualization. Pradipta De
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationCOMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy
COMPUTER ARCHITECTURE Virtualization and Memory Hierarchy 2 Contents Virtual memory. Policies and strategies. Page tables. Virtual machines. Requirements of virtual machines and ISA support. Virtual machines:
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationUsing a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles
Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationVirtualization. join, aggregation, concatenation, array, N 1 ühendamine, agregeerimine, konkateneerimine, massiiv
Virtualization abstraction of computer resources may, but does not have to change the interface end-user has limited or no knowledge about the real resources behind the virtualization layer original /
More informationVirtualization. ...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania.
Virtualization...or how adding another layer of abstraction is changing the world. CIS 399: Unix Skills University of Pennsylvania April 6, 2009 (CIS 399 Unix) Virtualization April 6, 2009 1 / 22 What
More informationChapter 8 Operating Systems and Utility Programs أ.أمل زهران
Chapter 8 Operating Systems and Utility Programs Chapter 8 Objectives Identify the types of system software Summarize the startup process on a personal computer Summarize the features of several stand-alone
More informationTechnology in Action. Chapter 5 System Software: The Operating System, Utility Programs, and File Management
Technology in Action Chapter 5 System Software: The Operating System, Utility Programs, and File Management Chapter Topics Operating System Fundamentals What the Operating System Does The Boot Process:
More informationLINUX Virtualization. Running other code under LINUX
LINUX Virtualization Running other code under LINUX Environment Virtualization Citrix/MetaFrame Virtual desktop under Windows NT. aka Windows Remote Desktop Protocol VNC, Dameware virtual console. XWindows
More informationBACKUP APP V7 MICROSOFT SYSTEM BACKUP AND RESTORE GUIDE
V7 MICROSOFT SYSTEM BACKUP AND RESTORE GUIDE Revision History Date Descriptions Type of modification 27 July 2016 First Draft New 3 Feb 2017 Added instructions and screen shots for Encryption New key handling
More informationHP Sure Start Gen3. Table of contents. Available on HP Elite products equipped with 7th generation Intel Core TM processors September 2017
Technical white paper Gen3 7th generation Intel Core TM processors September 2017 Table of contents 1 Gen3... 2 1.1 Background... 2 1.2 Gen3 overview... 2 1.3 Runtime Intrusion Detection (RTID)... 2 1.3.1
More informationEnhance your Cloud Security with AMD EPYC Hardware Memory Encryption
Enhance your Cloud Security with AMD EPYC Hardware Memory Encryption White Paper October, 2018 Introduction Consumers and enterprises are becoming increasingly concerned about the security of their digital
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More information1 Virtualization Recap
1 Virtualization Recap 2 Recap 1 What is the user part of an ISA? What is the system part of an ISA? What functionality do they provide? 3 Recap 2 Application Programs Libraries Operating System Arrows?
More informationCOS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy
Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients
More information18-642: Security Mitigation & Validation
18-642: Security Mitigation & Validation 11/27/2017 Security Migitation & Validation Anti-Patterns for security mitigation & validation Poorly considered password policy Poorly considered privilege management
More informationVirtualization for Embedded Systems
Is an open source solution right for you? 6/26/2013 Julia Keffer Page i Table of Contents Table of Contents Introduction... 1 What is Virtualization?... 1 Virtualization Applications... 2 Operating Systems
More informationServer Security Checklist
Server identification and location: Completed by (please print): Date: Signature: Manager s signature: Next scheduled review date: Date: Secure Network and Physical Environment 1. Server is secured in
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationvsphere Security Update 1 Modified 03 NOV 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5
Update 1 Modified 03 NOV 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have
More informationReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay
ReVirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay Or We Can Remember It for You Wholesale (with apologies to Philip K. Dick) George Dunlap, Sam King, SukruCinar, MurtazaBasraiand
More informationSecure Sharing of an ICT Infrastructure Through Vinci
Secure Sharing of an ICT Infrastructure Through Vinci Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
More informationVirtualization and memory hierarchy
Virtualization and memory hierarchy Computer Architecture J. Daniel García Sánchez (coordinator) David Expósito Singh Francisco Javier García Blas ARCOS Group Computer Science and Engineering Department
More informationOriginally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison
Virtualization Originally prepared by Lehigh graduate Greg Bosch; last modified April 2016 by B. Davison I. Introduction to Virtualization II. Virtual liances III. Benefits to Virtualization IV. Example
More informationSecurity Fundamentals for your Privileged Account Security Deployment
Security Fundamentals for your Privileged Account Security Deployment February 2016 Copyright 1999-2016 CyberArk Software Ltd. All rights reserved. CAVSEC-PASSF-0216 Compromising privileged accounts is
More informationBACKUP APP V7 MICROSOFT SYSTEM STATE BACKUP AND RESTORE GUIDE
V7 MICROSOFT SYSTEM STATE BACKUP AND RESTORE GUIDE Revision History Date Descriptions Type of modification 26 July 2016 First Draft New 3 Feb 2017 Added instructions and screen shots for Encryption New
More informationServer Hardening Title Author Contributors Date Reviewed By Document Version
Server Hardening The University of Waikato Title Server Hardening Author Milton Markose (Systems Administrator Security) Contributors Information Security Forum (ISF) Date 21-08-2014 Reviewed By Information
More informationUnit 5: Distributed, Real-Time, and Multimedia Systems
Unit 5: Distributed, Real-Time, and Multimedia Systems Unit Overview Unit 5 provides an extension to the core topics of operating systems. It introduces distributed systems and special-purpose operating
More informationCLOUD COMPUTING IT0530. G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University
CLOUD COMPUTING IT0530 G.JEYA BHARATHI Asst.Prof.(O.G) Department of IT SRM University What is virtualization? Virtualization is way to run multiple operating systems and user applications on the same
More informationSystems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees
Trustworthy Computing s View -- Current Trent Jaeger February 18, 2004 Process 1 Web server Process 2 Mail server Process 3 Java VM Operating Hardware (CPU, MMU, I/O devices) s View -- Target TC Advantages
More informationBackup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.
Glossary A Active Directory a directory service that inventories, secures and manages the users, computers, rules and other components of a Microsoft Windows network. This service is typically deployed
More informationZadara Enterprise Storage in
Zadara Enterprise Storage in Google Cloud Platform (GCP) Deployment Guide March 2017 Revision A 2011 2017 ZADARA Storage, Inc. All rights reserved. Zadara Storage / GCP - Deployment Guide Page 1 Contents
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 4: My First Linux System Tian Guo University of Massachusetts Amherst CICS 1 Reminders Assignment 2 was due before class Assignment 3 will be posted soon
More informationfor Kerrighed? February 1 st 2008 Kerrighed Summit, Paris Erich Focht NEC
Virtualization for Kerrighed? February 1 st 2008 Kerrighed Summit, Paris Erich Focht NEC Why virtualization? Virtualization means many things! Multi-programming any UNIX is virtualizing resources to allow
More informationIMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP
IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP North America Latin America Europe 877.224.8077 info@coalfire.com coalfire.com Coalfire sm and CoalfireOne sm are registered service
More informationCSC- Bioweek 2018 Using cpouta for cloud computing Kimmo Mattila, Shubham Kapoor, Ari-Matti Saren (Jukka Nousiainen)
CSC- Bioweek 2018 Using cpouta for cloud computing 8.2.2018 Kimmo Mattila, Shubham Kapoor, Ari-Matti Saren (Jukka Nousiainen) CSC Finnish research, education and public administration ICT knowledge centre
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationClient Computing Security Standard (CCSS)
Client Computing Security Standard (CCSS) 1. Background The purpose of the Client Computing Security Standard (CCSS) is to (a) help protect each user s device from harm, (b) to protect other users devices
More informationVirtualization Introduction
Virtualization Introduction Simon COTER Principal Product Manager Oracle VM & VirtualBox simon.coter@oracle.com https://blogs.oracle.com/scoter November 21 st, 2016 Safe Harbor Statement The following
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationCompTIA A+ Accelerated course for & exams
CompTIA A+ Accelerated course for 220-901 & 220-902 exams Course overview Target Audience This course is for Participants wishing to take and pass both CompTIA A+ exams (220-901 and 220-902) exam. It is
More informationHOW TO SECURELY CONFIGURE A LINUX HOST TO RUN CONTAINERS
HOW TO SECURELY CONFIGURE A LINUX HOST TO RUN CONTAINERS How To Securely Configure a Linux Host to Run Containers To run containers securely, one must go through a multitude of steps to ensure that a)
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationThe next step in IT security after Snowden
The next step in IT security after Snowden Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.internet-sicherheit.de
More informationWindows 10 Security & Audit
Windows 10 Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC, CSX-P jtannahi@rogers.com Windows 10 Editions Home Pro Enterprise Education Mobile IoT Editions 1 Windows 10 Builds Windows 10 (initial
More information