Shulou(Shulou.com)06/02 Report--

Editor to share with you what are the measures to ensure the security of the operating system, I hope you will gain something after reading this article, let's discuss it together!

Isolation is one of the measures for the security of the operating system. The measures of operating system security include isolation, layering and internal control, among which isolation can be divided into four aspects: physical isolation, time isolation, logical isolation and password isolation.

As one of the security measures of the operating system, isolation can be divided into four aspects: physical isolation, time isolation, logical isolation and password isolation.

Security Protection measures of operating system

First, use strong passwords

One of the easiest ways to improve security is to use passwords that are not easily guessed by brute force attacks. A brute force attack is an attack in which an attacker uses an automated system to guess a password as soon as possible, hoping to find the correct password soon.

Passwords should contain special characters and spaces, use uppercase and lowercase letters, and avoid simple numbers and words that can be found in dictionaries; cracking such passwords is much harder than cracking passwords made up of your family's name or your anniversary date. Also keep in mind that for every additional character in password length, the number of possible password character combinations increases exponentially. In general, any password of less than 8 characters is considered too easy to crack. It is safe to use 10, 12 or even 16 characters as passwords. But don't set the password too long, in case you can't remember it, or it's too troublesome to type it.

Second, do a good job in border defense

Not all security problems occur on desktop systems. It's a good idea to use an external firewall / router to help protect your computer, even if you only have one computer. If you consider low-end products, you can buy a retail router device, such as a router from Linksys, D-Link, and Netgear, which can be bought from your local electronics store. If you consider higher-end products, you can buy managed switches, routers, and firewalls from enterprise-class manufacturers such as Cisco, Vyatta, and Foundry Networks.

You can also find another way to assemble your own firewalls "from scratch", or use pre-packaged firewall / router installers to build firewalls on your own, such as m0n0wall and IPCoP, which are as functional as enterprise-class solutions. Proxy servers, antivirus gateways, and spam filtering gateways also help to improve border security. Remember: in general, switches are more secure than hubs; routers that use the Network address Translation (NAT) protocol outperform switches; and firewalls are absolutely essential.

Update the software

Although in many cases issues such as testing before deploying patches to a production system may be extremely important, security patches must eventually be deployed to the system. If the security patch is not updated for a long time, the computer you are using may become an easy target for unscrupulous attackers.

Don't let the software installed on your computer lag behind with the latest security patches. The same applies to any signature-based malware protection software, such as anti-virus software (if your system needs them): only if they are in the latest version and add the latest malware signature, to achieve the best protection.

4. Shut down unused services

Computer users often do not even know which services are running on their systems that can be accessed through the network. Telnet and FTP are two services that often cause problems: if your computer doesn't need them, you should turn them off. Make sure you know every service running on your computer and why it is running. In some cases, this may require figuring out how important the service is to your specific needs so that you don't make the mistake of shutting down remote procedure call (RPC) services on Microsoft Windows computers, and login is not disabled, but it's always a good idea to turn off services that are not actually in use.

Fifth, use data encryption

For computer users or system administrators who are concerned about security, there are different levels of data encryption methods available; choose a reasonable encryption level to meet their needs, which must be determined by the actual situation. There are many ways to encrypt data, from using password tools to encrypt files one by one, to file system encryption, to entire disk encryption.

The above encryption methods usually do not include boot partitions, as that requires specialized hardware to help decrypt; however, if there is a great need to encrypt boot partitions to ensure privacy and this expense is necessary, the encryption of the entire system can also be obtained. For any application other than boot partition encryption, there are many solutions for each required encryption level, including commercial proprietary and open source systems that implement entire disk encryption on major desktop operating systems.

VI. Protect data through backup

Backing up your data is one of the most important ways you can protect yourself from disaster. There are many strategies to ensure data redundancy, ranging from simple and basic strategies such as regularly copying data to a CD, to complex strategies such as regular automatic backup to the server. Redundant cheap disk arrays (RAID) can provide a redundant mechanism for automatic failover to avoid disk failures if the system must be running continuously and the service is uninterrupted.

Free backup tools like rsync and Bacula can combine automatic backup solutions, no matter how complex. Version control systems like Subversion provide flexible data management capabilities that not only make backups on another computer, but also enable multiple desktops or laptops to have the same up-to-date data without any effort.

VII. Encrypt sensitive communications

Cryptographic systems used to protect communications from eavesdropping are extremely common. Software that supports the OpenPGP protocol for e-mail, Off The Record plug-ins for instant messaging (IM) client software, encrypted tunneling software for continuous communications using security protocols such as SSH and SSL, and many other tools are used to ensure that data is not compromised during transmission. Of course, in person-to-person communications, it is sometimes difficult to persuade the other party to use encryption software to protect the communication, but sometimes such protection is crucial.

Do not trust foreign networks

This is especially important for open wireless networks such as the wireless network in the local coffee shop. It doesn't make sense that you can't use a wireless network in a coffee shop or on some other untrusted foreign network just because you are very careful about security. But the key is that you must ensure security through your own system; don't believe that foreign networks are secure and stay away from malicious attackers. For example, on open wireless networks, it is extremely important to use encryption measures to protect sensitive communications, including connecting to websites that use login session cookie to automatically verify identity, or enter a user name and password.

What is less obvious is that you need to make sure that you are not running any web services that are not entirely necessary, because if there are vulnerabilities that are not patched, they will be exploited. This applies to network file system software such as NFS or Microsoft CIFS, SSH servers, active directory services, and many other services that may be used. Check your system inside and out to find out what opportunities malicious attackers might take to try to break into your computer, and make sure these entry points are protected as reasonably as possible. In some ways, this is just an extension of the two security methods of shutting down unwanted services and encrypting sensitive communications; it's just that when dealing with foreign networks, you have to be very careful about the services you allow to run on the system and the communications you consider to be "sensitive".

Protecting yourself on an untrusted foreign network actually requires a comprehensive reassessment of the security of the system.

IX. Use uninterruptible power supply (UPS)

The role of UPS is not just to avoid losing files in the event of a power failure. There are more important reasons for using UPS, such as power regulation and avoiding file system corruption. For this reason, make sure that the purchased UPS works with the operating system to inform the operating system when the UPS needs to be turned off so that you are not at home when the power is exhausted, and that the purchased UPS provides battery power and power regulation. Surge protectors are simply not enough to protect your system from "dirty" power supplies. Remember: UPS is critical to protecting your hardware and data.

Monitor the system and find security threats and vulnerabilities

Don't take it for granted that just because a series of security precautions have been taken, the system will certainly not be compromised by attackers. You should always set up some kind of daily monitoring mechanism to ensure that suspicious events quickly attract your attention; action can be taken against possible security vulnerabilities or threats. We need to focus not only on network monitoring, but also on integrity review and / or other local system security monitoring technologies.

Other security precautions may apply, depending on which operating system you use. Some operating systems have different security conditions due to their design characteristics, which brings additional security challenges, while some operating systems give experienced system administrators the ability to improve security. Whether you are using proprietary systems like Microsoft Windows and Apple Mac OS X, or open source systems such as Linux distributions, FreeBSD, NetBSD, or even the very security-conscious OpenBSD, keep these points in mind when protecting your system.

The operating system you choose uses the default installation method, without further consideration to protect the system security, but is sufficiently secure, this is only a very rare phenomenon. No matter what operating system you are using, start with the above-mentioned aspects, and then consider the specific security requirements of the operating system platform. The integrity of system security cannot be guaranteed by luck.

After reading this article, I believe you have a certain understanding of "what are the measures to ensure the security of the operating system". If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.