Os Security
1. What are the relative advantages and disadvantages of at least three different measures used to protect operating systems?
2. The ease of implementation of the measures.
3. The associated security management issues related to measures discussed above.
4. The ranking of the measures from best to worst with supporting rationale
Answer
Antivirus: Antivirus is the easiest protective measure that can be implemented on an operating system, and is also usually very easy to maintain. An update schedule is scheduled, or the antivirus software is configured to be managed by a central antivirus server which disseminates updates and virus signatures. Having an up-to-date anti-virus is always a good idea; it doesn't take much work, and offers a decent amount of protection.
Image-Locking software: This type of solution which exists in software such as Deep Freeze takes an image of the computer on startup to which it reverts after each restart. While this does little to prevent the computer from being compromised, it provides the ability to undo all changes, including any changes an attacker may have made, by restarting the computer. This is more difficult to implement, and is not an acceptable solution on hosts that need to maintain dynamic information, such as a database, as it would lose all new information entered since the image was created on reboot.
Host Intrusion Detection System: A Host Intrusion Detection system is similar to Antivirus in that it looks for suspicious activity and compares against a definition file, but it also inspects network traffic that comes through the local interface. This allows the HIDS to detect an attack before it has actually put anything on your computer. HIDS also creates a host baseline, to which changes are reported to an administrator. This can result in a lot of logs if changes are made on a regular basis. This solution is both difficult to configure and maintain.
In a real environment, you aren't restricted
2. The ease of implementation of the measures.
3. The associated security management issues related to measures discussed above.
4. The ranking of the measures from best to worst with supporting rationale
Answer
Antivirus: Antivirus is the easiest protective measure that can be implemented on an operating system, and is also usually very easy to maintain. An update schedule is scheduled, or the antivirus software is configured to be managed by a central antivirus server which disseminates updates and virus signatures. Having an up-to-date anti-virus is always a good idea; it doesn't take much work, and offers a decent amount of protection.
Image-Locking software: This type of solution which exists in software such as Deep Freeze takes an image of the computer on startup to which it reverts after each restart. While this does little to prevent the computer from being compromised, it provides the ability to undo all changes, including any changes an attacker may have made, by restarting the computer. This is more difficult to implement, and is not an acceptable solution on hosts that need to maintain dynamic information, such as a database, as it would lose all new information entered since the image was created on reboot.
Host Intrusion Detection System: A Host Intrusion Detection system is similar to Antivirus in that it looks for suspicious activity and compares against a definition file, but it also inspects network traffic that comes through the local interface. This allows the HIDS to detect an attack before it has actually put anything on your computer. HIDS also creates a host baseline, to which changes are reported to an administrator. This can result in a lot of logs if changes are made on a regular basis. This solution is both difficult to configure and maintain.
In a real environment, you aren't restricted