Discussion

Operating Sys & App Security - Week 1/Operating Sys & App Security - Week 1.docx

Discussion 1

Operating System Design and Vulnerabilities

Microsoft Windows has been the market leader in operating systems for desktops and servers for decades; however, that is not the whole story in the operating system arena. UNIX, LINUX, and other "NIX" variants also have areas where they are more dominant, such as Apache servers that connect organizations to the Internet; the Cisco IoS operating system that runs routers, switches, and an array of networking devices; and mobile devices that run on Android and Apple operating systems. This new diversity of operating systems (in particular, the rise of Apple has kicked up turf wars) has created some shift in the focus of attackers. Prior to these developments, Windows was politically unpopular and far ahead in market share, making them the target of the majority of malware writers and other intrusions.

Select an operating system of your choices to focus on in this discussion. Use the study materials and engage in any additional research needed to fill in knowledge gaps. Discuss the following topics:

· Describe your particular operating system selection including the niche that it fills in the operating system market.

· Describe the threats and vulnerabilities that are most commonly associated with a particular operating system.

· Explain the security implications related to the concepts of privileged and non-privileged states as a function of an operating system.

Discussion 2

Operating System Processes, Threads, and Memory

One of the selling points for early versions of Windows was the ability that it had to leverage threads to allow users to do more than one activity at a time. Prior to this ability, computers were limited in the ability to multitask. Understanding how threads and processes work as a function of the operating system is important foundational information to understanding how threats can exploit those functions or what the potential vulnerabilities might be.

Many organizations have had the misfortune of experiencing a denial of service attack. The technical functioning of the operating system and how memory is used are also important concepts to understand in order to fully understand the exploits that use memory to attack organizational information assets.

Select an operating system of your choices to focus on in this discussion. Use the study materials and engage in any additional research needed to fill in knowledge gaps. Discuss the following topics:

· Describe how threads and processes work in an operating system including what they contribute to the overall functionality of the operating system.

· Describe the threats and vulnerabilities that are most commonly associated with threads and processes specific to a particular operating system.

· Explain the basics of virtual and real memory and what aspects of memory are the point of vulnerability for an attacker.