System Reliability, Security, and Access Control in Computing
What is a System?
A system is a set of organized elements that interact.
System Failure Tolerance
What does it mean to be tolerant to system failure? It allows a system to continue operating properly in case of a failure. This is achieved by doubling every system component.
Reliability
Attributes:
- Reliability: Continuity of service.
- Availability: Percentage of time the service is operational.
- Safety: Avoidance of catastrophic consequences.
- Security: Prevention of unauthorized access or intrusion.
System Reliability
- Fault Prevention: Use methods to prevent failures that occur in the components.
- Fault Tolerance: Use protective redundancy to mask faults.
Types of Failures
- Transient Failures: They are short-lived and difficult to detect.
- Operational Failures: They have physical causes and are easier to tolerate than design failures.
Phases of Fault Tolerance
- Detection of Errors: Errors are detected by screening.
- Confinement of Damage: Since there is a period from when something goes wrong until the wrong state is detected.
- Recovery of Damage: This phase tries to return the system to a consistent state. There are two techniques: “Backward and Forward Recovery.”
- Treatment of Failure: If the fault is permanent, it is not enough just with error recovery; we need a phase of treatment failures. This phase has two parts:
- Location of the failure.
- Repair of the system.
Monolithic Systems
A monolithic kernel operating system concentrates all possible functionalities (planning, file system, networking, device drivers, memory management, etc.) within a major program. It can be quite large and must be completely rebuilt by adding new functionality. Examples include MS-DOS and UNIX. Both began as small operating systems. The problem with such systems lies in how difficult it is to modify the operating system to add new features and services.
Master/Slave Systems
- Multiprocessing Configurations: Typical configurations are master/slave, loosely coupled, and asymmetric.
- Master/Slave System Configuration: A processor with additional slave processors, each of which is administered by the primary master processor.
This administers the system: all files, devices, memory, and processors. Therefore, it maintains the state of the processors in the system.
Processors: Front and Back
- Front: It deals with interactive users and works fast.
- Back: Handles long-running jobs in batch mode.
Disadvantages
- Their reliability is not the highest.
- It can lead to misuse of resources.
- It increases the number of interruptions, as all slave processors must interrupt the master when they need the OS.
Access Control
What is Access Control? A security system considered second-tier or layer.
What is Computer Access Control? It is divided into three main forms:
- Authentication
- Authorization
- Review (Audit)
Physical Access Control
- Biometric Scanners
- Physical Barriers
- Geological Barriers
How does Computer Access Control work?
It relies mainly on a subject-object model where the access control is the barrier between them. In this model, the entity that will always be able to perform actions is designated as the Subject (User), and the entities representing resources are the Objects.
Identification and Authentication
Determines who may enter a system (log in) and Subject-Object associations.
Authentication is based on at least one of these concepts:
- Something you know (password)
- Something you have (ID card)
- Something you are (retina, fingerprint)
- Somewhere you are (physical perimeter of the company)
Authorization
- Read (R): The subject can read the contents of the directory and list its contents.
- Write (W): The subject can add, edit, delete, and rename.
- Execute (X): The subject can run a program if it is executable.
Relationship with the Operating System
Access Control is fundamental to modern operating systems to maintain subject-level security in Windows. NT introduced this concept to a higher level by assigning user roles. In UNIX (GNU/Linux, Mac OS X) and similar (Solaris), it is its main feature, as it has fairly strict relations between subject and object.
Cryptography
Cryptography is based on arithmetic that transforms the letters that make up the message into bits and then performs calculations with them to modify and make them understandable.
Symmetric Cryptography
All security is based on the confidentiality of the password, called symmetric because it is the same for the sender and receiver.
Public Key Cryptography or Asymmetric
This type of cryptography is based on using different keys to encrypt and decrypt, one of which is made public and the other is private for each user.
- Confidentiality: The sender encrypts the text with the recipient’s public key, and the receiver decrypts it with its private key.
- Authentication: It encrypts the message or a summary thereof with the private key, and anyone can verify its source using the sender’s public key.
- Digital Signature: Same as authentication, but always encrypts the message digest, which is the signature cryptogram of the issuer.
Password Protection
- Protection: Protection is a mechanism for access control of programs, processes, or users to the system or resources.
- Password: A password is a form of authentication using secret information to control access to some resource.
- Authentication: Authentication is the process of attempting to verify the identity of a person and/or particular user, either within a particular organization or PC.
What should you consider when creating and maintaining a password? No password is one hundred percent secure; it can always be guessed or found out.
Disadvantages of a Password
Password protection has many weaknesses. Users usually choose easy-to-remember passwords, such as the name of a friend or relative.
Microkernel Systems
A microkernel is a type of kernel of an operating system that provides a set of primitive or minimal system calls to implement basic services such as address spaces, interprocess communication (http://es.wikipedia.org/ wiki/%C3% Comunicaci B3n_entre_procesos> , disk I/O, etc.), which are generally provided by the kernel, run as server processes in user space. The main advantages of its use are reducing the complexity, decentralization of failures (a failure in one part of the system will not collapse it completely), and facilitation to create and debug device drivers.
IT Security
IT security ensures that an organization’s information system resources (hardware or software) are used in the manner decided and that access to the information contained therein, as well as its modification, is only possible for those persons who are accredited and within the limits of their authorization.
Categorization of Security Problems (STRIDE Model)
- Spoofing Identity (Identity Theft): A malicious user impersonates another.
- Tampering (Forgery): An authorized user gains unauthorized access.
- Repudiation: A system administrator or security officer is unable to prove an action was performed by a user.
- Denial of Service: A product of an attack on a server that blocks it.
- Escalation of Privileges: When a vulnerability allows a user to escalate their permissions or modify their user role.
Data Protection and Attacks
- Interception
- Manufacturing
- Modification
- Adjournment
User Status
- White hat and Black hat
- Cracker (decrypts passwords and cryptographic systems)
- Samurai (Fights Hackers)
- Phreaker (Phone Expert)
- Wannabe (advanced user who aspires to be a Hacker)
- Lammer or Script Kiddies
- Newbie (New Kid)
- Luser (User Policy)
Avoiding Security Problems
To address safety concerns, there are mainly 3 techniques:
- Lock: Once security systems have detected an intrusion attempt, block access permissions from the possible identification of the user.
- Register: Once security systems have detected an intrusion attempt, record all possible user data.
- Deter: Once security systems have detected an intrusion attempt, cause a false positive attempt to deter the attacker.
Types of Attacks
- Attacks on operating systems.
- Attacks on applications.
- Attacks on servers.
Why the Attacks?
- To demonstrate knowledge and abilities or for personal challenges.
- To express their displeasure.
Regarding Authentication, There Are Three Types
- Something you are: Biometric Systems
- Something you have: Certificates, Digital Keychain, Token Keychain
- Something you know: Password, secret question
Authentication Methods and Hacking
The vast majority of protocols provide a proper authentication system called an Authentication Protocol.
THCHydra: This software is a tool for password cracking, supporting POP3, IMAP, HTTP, HTTPS, FTP, TFTP, SSH, etc. (Great).
Client/Server
- Client: A user is responsible for sending software applications through various channels, either by internet or through a local area network (TCP/IP).
- Server: The server is a program that receives a request, performs the requested service, and returns the results as an answer.
What is an Architecture?
An architecture is a network of functional components that utilize different standards, conventions, rules, and processes.
Types of Servers
- File Servers: Servers that store files and productivity applications.
- Database Servers: Servers where databases are stored.
- Transaction Servers: Servers that meet or process all transactions.
- Groupware Servers: Servers used to monitor transactions within the network.
- Object Servers: They contain objects that should be outside the database server.
- Web Servers: Used as a clever way for companies to communicate over the Internet.
Definition of Middleware
Middleware is a term that encompasses the entire distributed software needed to support interaction between clients and servers. It is a link that allows a client to obtain a service from a server. Middleware abstracts the complexity and heterogeneity of underlying communications networks, operating systems, and programming languages, providing for easy programming and managing distributed applications.
Security Architecture Client/Server
- Security Issues: Must support access control, confidentiality, integrity, etc.
- Restrictions on Ergonomics (Usability) and Security: To avoid compromising the other ingredients.
- Often have special restrictions regarding performance, reliability, scalability, and security.
Functions of a Server
- Wait for requests from customers.
- Run many applications simultaneously.
- Prioritize VIP customers.
Advantages of Client/Server Architecture
The client/server model is recommended, particularly for networks that require high reliability. The main advantages are:
- Centralized Resources: Can manage resources that are shared by all users.
- Improved Security: Allows access to data that is not important.
- Administration at the Server Level: As clients do not play an important role in this model, they require less administration.
Protection: Key-Lock
An intermediate mechanism between access lists and capabilities.
- Lock: Unique bit patterns in the system. Each lock is associated with a set of rights.
- Key: Unique bit patterns, each of which “fits” with a key in the system.
When the user wants to access an object, they must submit the pair (object, key) and the type of access they want. If the key matches the lock of the object and the right order is in the pair, access will be allowed.
One advantage of this protection is that it simplifies the deletion of objects associated with the building.