Page 306 - DCAP103_Principle of operating system
P. 306
Unit 9: System Security
are collected, records linking a user to his or her IP address should be kept long enough Notes
for misuse to be reported and investigated. Staff and students of the organization should
have their own local accounts. Visitors may also have local accounts, or authorized staff
may be enabled to set up daily accounts for their guests. Visitors from other organizations
may be authenticated by their home organization if both organizations are members of
JANET Roaming or another partner in the teReNA (trans-European Research and education
Network Association) eduroam federation.
Even if individual identities are not checked, access to the JANET network must still be limited
to those who are known to the organization. Knowingly providing network access to strangers
is likely to be a breach of JANET policies and to be considered irresponsible by other users of the
network. Access may be limited by physical barriers, although this does not work for wireless
networks, or by providing temporary access codes to guests such as conference delegates.
Organizations may wish to arrange their networks so that these visitors do not accidentally
obtain access to internal resources controlled or licensed by IP address.
Organizations that provide access to networks, and users who benefit from that access, should
regard it as normal to require an individual identity. Systems for establishing electronic identity
are becoming easier to use and manage. In a few situations there may be a justification for not
checking and recording identity but this should only be done after a rational assessment of the
risks and benefits.
Explain how to change the user authentication password in the computer.
9.5.1 Implementation of Defenses
Several layers of security can be built on the top of the database. This article primarily focuses
on use of encryption and stored procedures at the database level. While the use of encryption
techniques prevents eavesdropping and interception of the traffic at the network level, the use
of stored procedures protects against attacks involving tampering of data sent to the server.
9.5.1.1 First Layer of Defense (Encryption)
When encryption is used, the traffic between the database driver and the database server
is encrypted. This makes it difficult for the attackers to intercept the data in transit, thereby
preventing successful execution of several attacks such as injection based attacks on two-tier
thick client applications.
The two most used encryption techniques are Internet Protocol Security (IPSEC) and Secure
Socket Layer (SSL). Many of the latest versions of the databases support both types of encryption
techniques. While IPSEC encryption works on the network layer, SSL encryption works at the
transport layer leading to an easier implementation. Currently, SSL encryption is the more
popular one due to its ease of implementation. Let us see a few examples of using SSL encryption
on popular databases.
9.5.1.2 The SSL Handshake
When a client (database driver) initiates a connection to the server over SSL, a SSL handshake
occurs between the client and server. During this handshake, both the client and the server agree
upon a specific cipher suite that specifies the encryption algorithm to be used. Then the server
authenticates itself to the client by providing its certificate signed by a trusted CA. Later, both
the client and server generate a session key and exchange it using a public key cryptography.
Any further communication happens in an encrypted form.
LOVELY PROFESSIONAL UNIVERSITY 299
