An operating system (OS) is system software that manages computer hardware and software resources and provides common services for computer programs. Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised.
Because of the crucial role of the operating system in the operation of any information/computer systems, the security (or lack of security) of an operating system will have fundamental impacts to the overall security of a system, including the security of all applications running within the system. A compromise of the underneath operating system will certainly expose danger to any application running in the system. Lack of proper control and containment of execution of individual applications in an operating system may lead to attack or break-in from one application to other applications.
In normal case application work on the top-up of the operating system and in efforts to achieve total security in such arrangement to be based on the flawed assumption that adequate security can be achieved in applications with the basic security at the operating system level. While in other hand reality is that secure applications demand secure operating systems, and tackling application compromises by operating system enforced controls should be considered as an effective approach.
Now question piling up for most of the Cybersecurity Architect / Administrator / Manager is that how to establishing secure operating system foundations for the overall security of the information system and applications? If we simplify this than it has four high-level focus area only.
- Operating System Product Security
- Operating System Products Secure Implementation and Operations
- Testing Operating System Implementation and Operation.
- Maintain Compliance
Let’s talk about first about product security
