Module No.

3
Programs, operating system, and database security and integrity

Course Title: Information Assurance and Course Code: ITF404

security
Instructor: Jeremy E. Ponce Term & AY: 1st Sem., AY 2020 -2021
Contact no. 0935-4538-772 E-mail add: [email protected]

I. Overview
One of the fundamental concerns in the security of cyberspace and e-commerce is the security of operating
systems that are the core piece of software running in all information systems, such as network devices
(routers, firewalls, etc), Web servers, customer desktops, PDAs, and so on. Many of known vulnerabilities
discovered so far are rooted from the bugs or deficiency of underneath operating systems.

This module discusses the security (or lack of security) of most commercial operating systems like Unix and
Microsoft Windows, and its effect to the overall security of Web based applications and services. Based on
DOD’s trusted computer system model, the current effort toward development of secure operating systems
is presented, and as a case study, the publicly available security enhanced Linux, SE-Linux, is also analyzed.
II. Intended Learning Outcomes (ILOs)
Upon completion of this module, the students should be able to:
A. grasp the security of operating systems and database,
B. familiarize themselves with the functions of operating system,
C. evaluate operating system’s security; and
D. set file permission on files of windows operating system.
III. Learning Resources and References
-Cui-Qing Yang Version 1.4b, Option 1 for GSEC , Operating System Security and Secure Operating
Systems January 2003 (https://www.utc.edu/center-academic-excellence-cyber-defense/course-
listing/4670-lecture2-os.ppt)
- Vangie Beal /Windows Firewall / https://www.webopedia.com/TERM/W/windows-firewall.html
-Computer hope/File/https://www.computerhope.com/jargon/f/file.htm
Websites builder.com/December 14, 2019/https://websitebuilders.com/how-
to/glossary/file_permissions/
- Şerban Mariuţa/ Principles of Security and Integrity of Databases
/ Procedia Economics and Finance Volume 15, 2014, Pages 401-
405/https://www.sciencedirect.com/science/article/pii/S2212567114004651

IV. Lecture Content / Summary of Lesson

1. Operating System Overview

1.1) Operating system:
-collection of programs that allows user to operate computer hardware.
-
1.2) Three layers:
1. Inner layer, computer hardware
2. Middle layer, operating system
3. Outer layer, different software

Page 1 of 5
2. Key functions of an operating system:
a. Multitasking, multisharing
b. Computer resource management
c. Controls the flow of activities
d. Provides a user interface
e. Administers user actions and
accounts
f. Runs software utilities and
programs
g. Enforce security measures
h. Schedule jobs
i. Provide tools to configure the
operating system and hardware

3. The Components of an OS Security

Environment

✔ Used as access points to the database

✔ Three components:
a. Services
b. Files
c. Memory

a. Services

● Main component of operating system security environment

● Used to gain access to the OS and its features
● Include
✔ User authentication
✔ Remote access
✔ Administration tasks
✔ Password policies

b. Files
-A file is an object on a computer that stores data, information, settings, or commands
used with a computer program. In a GUI (graphical user interface), such as Microsoft
Windows, files display as icons that relate to the program that opens the file. For example,
the picture is an icon associated with Adobe Acrobat PDF files. If this file was on your
computer, double-clicking the icon opens it in Adobe Acrobat or the PDF reader installed
on the computer.

● Common threats:
✔ File permission
✔ File sharing
● Files must be protected from unauthorized reading and writing actions
● Data resides in files; protecting files protects data
● File Permissions
-System settings that determine who can access specified files and what they can do
with those files.

When you place files on a web server, you can assign the files various levels of
permission for your users. Likewise, companies often use permissions to limit access to
their intranet resources. Permission levels vary by program, but in general you will see
the following types of permission:

● Owner – The person who created the files.

 ● Administrator – The person responsible for managing and updating files, as well
as setting permission levels.
● Group Access – This allows you to designate specific groups of users and
provide unique settings specific to them.
● Global (sometimes called Anyone or Public) – Provides access to all users.
● Individual User – Many programs allow you to create a specific level of access
at the individual user level.
Like user levels, the type of access users can be permitted varies, but most programs
allow the following access levels:
● Read – Users with this level of permission can view files and copy them, but
they cannot make changes to the file or create new files.
● Write – Users with this level of permission can edit, rename, and move files. In
most cases, they can also create new files.
● Execute – Users with this level of permission can run a specific program or type
of program file. Many businesses use this to restrict access to company
programs or limit their employees’ ability to run potentially dangerous
executable files on company machines.
Frequently Asked Questions about file permissions:
Can I set custom permission levels?
Depending on the program you are using, you will likely be able to set your own levels
of access. Some users may be permitted to read and execute files. Others may be able
to write only certain types of files. If your program allows you to create custom groups,
you can create highly customized permission plans, restricting access to only the files
that each user or user group absolutely needs. Doing so is an excellent way to improve
your data security.

Can I assign permissions based on a file’s location?

Most programs will allow you to set specific permissions at a file and/or folder level.
This allows you to specify sections of your storage that only specific groups can access,
as well as sections that are open to all users. Companies often use this to enable team-
specific folders on their shared storage. Website administrators can use this to specify
who has access to certain sections of a site, such as member-only pages.

● File Transfer
▪ FTP (File Transfer Protocol):
-Internet service for transferring files from one computer to another
-Transmits usernames and passwords in plaintext
-Root account cannot be used with FTP
-Anonymous FTP: ability to log on to the FTP server without being
authenticated
● Best practices:
▪ Use Secure FTP utility if possible
▪ Make two FTP directories:
✔ One for uploads with write permissions only
✔ One for downloads with read permissions only
▪ Use specific accounts with limited permissions
▪ Log and scan FTP activities
▪ Allow only authorized operations
● File Sharing
- Is the practice of distributing or providing access to digital media, such as computer
programs, multimedia (audio, images and video), documents or electronic books. File
sharing may be achieved in a number of ways. Common methods of storage,
transmission and dispersion include manual sharing utilizing removable media,
centralized servers on computer networks, World Wide Web-based hyperlinked
documents, and the use of distributed peer-to-peer networking.
c. Memory
-Hardware memory available on the system can be corrupted by badly written software
-Can harm data integrity
-Two options to avoid loss of data integrity:
● Stop using the program

Page 3 of 5
 ● Apply a patch (service pack) to fix it
4. Windows Firewall
- is a Microsoft Windows application that filters information coming to your system from the
Internet and blocking potentially harmful programs. The software blocks most programs from
communicating through the firewall. Users simply add a program to the list of allowed programs to
allow it to communicate through the firewall. When using a public network, Windows Firewall can
also secure the system by blocking all unsolicited attempts to connect to your computer.
5. Principles of Security and Integrity of Databases
All systems have ASSETS and security is about protecting assets. The first thing, then, is to
know your assets and their value. In this chapter, concentrate on database objects (tables, views,
rows), access to them, and the overall system that manages them. Note that not all data is
sensitive, so not all requires great effort at protection. All assets are under threat.
The second thing to know is what THREATs are putting your assets at risk. These include
things such as power failure and employee fraud. Note that threats are partly hypothetical,
always changing and always imperfectly known. Security activity is directed at protecting the
system from perceived threats.
If a threat is potential, you must allow for it to become an actuality. When it becomes actual
there is an IMPACT. Impact you can consider and plan for. But in the worst case, there will be a
LOSS. Security activity here is directed at minimizing the loss and recovering the database to
minimize the loss as well as further protecting from the same or similar threats.

Threats to the database

You will build your security skills from two directions. One is from the appreciation and
awareness of changing threats, and the other from the technical remedies to them. Threats
include:
• Unauthorized modification:
Changing data values for reasons of sabotage, crime or ignorance which may be enabled
by inadequate security mechanisms, or sharing of passwords or password guessing, for
example.
• Unauthorized disclosure:
When information that should not have been disclosed has been disclosed. A general
issue of crucial importance, which can be accidental or deliberate.
• Loss of availability:
Sometimes called denial of service. When the database is not available it incurs a loss
(otherwise life is better without the system!). So any threat that gives rise to time
offline, even to check whether something has occurred, is to be avoided.
V. Learning Activities
Direction: Enumerate the following:
1. Steps in enabling the firewall of windows operating system
2. Steps in creating new user account and adding password in windows operating system.
3. Steps setting the restriction of folder windows operating system.
Note: Submit your output through our facebook group with the caption #activity2.

VI. Supplemental content

Video Presentation:
Operating Systems Functions Protection and Security

https://www.youtube.com/watch?v=whUdwhW9VWw
VII. Assessment
Direction: Study the following items and try answering them seriously. A summative assessment similar to
these items will be given to you through our facebook group later.
1. Which of the following operating systems is free and open-source?
a. Windows b. Mac OS X
c. Linux d. UNIX
2. What is Operating System?
A. It acts as an interface between the hardware and application programs.
B. It is a collection of programs that manage hardware resources.
C. It is a system service provider to the application programs.
D. All of the above
3. Which of the following is an example of operating system?
a. MS Word b. MS DOS
c. MS Excel d. MS Access
4. OS stands for
a. Operating System b. Operating style
c. Orientation system d. Operating signal

5. Operating system is also known as

a. Printer b. Database
c. Hardware d. System software

6. What is the most important type of system software in a computer system?

a. driver b. Operating System
c. Mozilla Firefox d. Web browser
7. Sometimes we need to disable file sharing to avoid the following except:
a. Malicious code b. adware
c. Email d. copyright issues
8. Which is not a key function of operating system?
a. Controls the flow of activities
b. Enforce security measures
c. Control the rotation of earth
d. Administers user actions and accounts
9. Which of the following is the built-in anti-malware of windows operating system?
a. Avast b. Windows media player
c. Windows Defender d. smadav
10. File must be protected from unauthorized reading and writing actions.
a. True b. False

Page 5 of 5