Syllabus
Schedule
Reading
Discussion
Project
Test
Resource
Tip

Summary of
Chapter 2 Operating System Security Fundamentals

  1. An operating system is a collection of programs that allows the user to interact with the computer hardware.
  2. An operating system is one of the main access points to the database management system.
  3. If the operating system component of the database security environment is exposed, it can open the door for unlawful individuals to contravene all rules imposed to protect the database.
  4. Authentication is a process that validates the identity of the user in order to permit access to the operating system.
  5. Physical authentication methods allow physical entrance to the company property.
  6. Digital authentication methods are the processes of verifying the identity of the user by means of a digital mechanism or software.
  7. A digital certification is a digital passport that identifies and verifies the holder of the certificate.
  8. A digital token is a small electronic device that users keep with them to be used for authentication to a computer or network system.
  9. A digital card is similar to a credit card; it holds user identification information such as name, ID, and password.
  10. Kerberos enables two parties to exchange information over an open network by assigning a unique key to each user.
  11. LDAP is an authentication method that uses a centralized directory database to store information about people, offices, and machines in a hierarchical manner.
  12. PKI is an authentication method that user keeps a private key and the authentication firm holds a public key.
  13. Remote authentication Dial-In User Services (RADIUS) is an authentication method commonly used by network devices to provide a centralized authentication mechanism.
  14. Secure Sockets Layers is a method whereby authentication information is transmitted over the network in an encrypted form.
  15. SRP is a protocol in which the password is not stored locally in either encrypted or plain text form.
  16. Authorization is a process that determines whether the user is permitted to perform the function he or she requests.
  17. Authorization deals with privileges and rights that have been granted to the user.
  18. A good password policy is the first line of defense for protecting access to an operating system.
  19. The best password policy is the one that matches your company missions and is enforced at all levels of the organization.
  20. When set improperly, file permission and file sharing are common threats to system security.
  21. Sharing files naturally leads to security risks and threats.
  22. E-mail may be the tool most frequency used by hackers to exploit viruses, worms, and other computer system invaders.