Introduction
An operating system is the software that allows a computer systems programs and applications to be run when the system is turned on. The operating system includes system services, libraries and application program interfaces. The kernel is the core program of the operating system, the kernel deals with memory and converting software functions to instruction for the Central Processing Unit. The Operating System allows users to easily communicate with the device they are using through a user friendly interface. Examples of operating systems are Linux and Microsoft Windows.
Discussion
Windows 10
Operating systems have may have security vulnerabilities that can be unsafe for users for example Windows 10 has a Redirect to SMB vulnerability. This has always been a problem for Windows 10, with the original problem meaning that a user could accidentally click on a link that would lead to a URL that starts with file://. The Operating System would try to validate with a server using SMB (server message block) protocol. The attacker could then crash the target machine. The redirect to SMB attack forms a way to redirect the target from an HTTP server to an SMB server. This means that sensitive data can be sent over HTTP/HTTPS. This attack could be carried out through a malicious ad or a shared wireless access point. To prevent this, the user could block outbound traffic from TCP ports 139 and 445. However, blocking port 139 blocks all SMB communication which may stop features that need SMB. (Michael Heller, April 2015)
There are more risks in Windows 10 such as MS15-079 which is a vulnerability in Internet Explorer. If a user visits a specific webpage using Internet Explorer, it could allow for remote code execution. The attacker could gain the same user rights as the current user. This means that the attacker could execute code from a remote server. If the current user has administrative rights then the impact could be worse than a user with no rights as the attacker would have access to more. Microsoft’s security update modifies how Internet Explorer handles objects in memory. The affected versions of Internet Explorer must implement the ASLR security feature. (microsoft.com, August 2015)
ASLR (Address Space Layout Randomisation), randomises different parts of a program in virtual memory. Every time the program is run, the components of the program (the stack, heap and libraries), are moved to a different address in memory. (Dennis Stewart, October 2016)
Windows 10 has security features that are built in but that can also be run by users. Windows Defender smart screen checks any application that the user tries to download. If the application is from the Internet, smart screen will see if the application has a bad reputation or contains anything malicious. If smart screen finds these things to be true it will warn the user of the risk or it prevent the execution of the application completely.
Windows Defender anti-virus has various different ways of protecting users. Cloud delivered protection can detect and stop/block malware in a matter of seconds. It uses machine learning to protect endpoints. Rich local context improves how malware is recognised, where it is stored, information about the source and its history. (microsoft.com, October 2017). There are many other features of this anti-virus that protect windows users from various cyber threats.
Microsoft Edge is a new browser from Microsoft that is more secure than a normal browser. Browser components that have exposed attack surfaces are removed in this browser. However, a downfall is that It still supports Flash content which could potentially leave it slightly unprotected. When Microsoft Edge runs on a 64-bit PC it only runs 64-bit processes as they are more secure whereas, if a 64-bit PC uses an older version of Windows then it may run 32-bit processes which supports older and less secure extensions. Microsoft Edge is compartmentalised and is sandboxed from the system, data and other applications. The browser’s default settings are in line with more secure practices. (microsoft.com, October 2017)
Microsoft Server 2012
When Windows Hyper-V fails to properly confirm input from an authenticated user on a guest operating system, the remote code execution vulnerability exists (CVE 2018-8439). An attacker who manages to successfully exploit the problem could execute arbitrary code on the host operating system. Hyper-V is Microsoft’s virtualisation platform. This means that multiple operating systems can exists on one physical server. To fix this issue Windows server must be kept up to date. (MITRE, September 2018)
There is also a buffer overflow vulnerability. (cvedetails.com). A buffer overflow attack is when an attacker can write lots of data to a fixed length buffer which would be more than the buffer could store. The hacker will most likely send corrupted or malicious data to the buffer that will overwrite the data already stored in the buffer, this can happen easily if the right restrictions are not in place. This can allow hackers to gain access to the whole entire system. Preventing buffer overflow attacks requires constant monitoring of the source code which can be hard to do as it is hard to look through lines and lines of code to find the vulnerability.
A Windows server 2012 security feature is Dynamic Access Control. This controls wanted or unwanted access to a network. It lets you tag sensitive information that should not be accessed by unauthorised people. Only certain groups or individuals can have access to the tagged information. You can use Rights Management services to encrypt delicate files when they leave the network.
BitLocker is used to encrypt the hard drive to protect it from offline attacks on the operating system. The new and improved BitLocker includes network protector mode, which is the capability to unlock encrypted disks along the network as long as they belong to an Active Directory joined server. You can encrypt disk drives before the windows installation, and it encrypts the used drive space only.