The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments

The Inevitability of Failure : The Flawed Assumption of Security in Modern Computing Environments 2005

Security in operating systems has been an important matter within military organisations for decades . Nowadays commercial companies are more concerned about their IT security , including secure operating systems . Operating systems are the prime providers of security in computing systems . Because they have such power they are sometimes targets for attacks . Breaking throw the defence of an operating system gives access to the secrets of computing

Today 's operating systems are more sophisticated and feature-rich than

ever before , which makes them substantially more useful to the enterprise but also adds to security vulnerability - unless the operating systems are configured , administered and monitored correctly . Contrary to popular belief , this can be accomplished with a minimum of fuss and bother . The key is to centralize and automate operating system security across the enterprise , rather than do it manually for each box

In fact , the costs and risks of not centralizing and automating operating system security are enormous . Over half of the security break-ins we read about daily are the result not of inherent weaknesses in operating system technology but of operating systems not being configured properly or not being verified and monitored regularly The operating systems were provisioned out of the box at the default security settings , which made them highly vulnerable to attack

Today , roughly 20 of user identifications and passwords have never been changed . The word password ' is still a common password in many organizations . The reason administrators neglect to configure these settings properly is simple : It would take approximately 20 ,000 hours to provision and verify a 1 ,000-server network manually , as it must be done in many organizations , and few organizations can afford the necessary time and money

The main idea of the The Inevitability of Failure : The Flawed Assumption of Security in Modern Computing Environments ' issued by National Security Agency is to attract public awareness to the necessity of creation of a secure operating system and to that fact that single security mechanisms out of entire secure operating system isn 't able to provide the appropriate protection

To that purpose the authors give the of the differences between mandatory and discretionary security policy and the necessity of using of mandatory security policy which is necessary to (National Security Agency : n .

: ensure that security mechanisms are applied as required and can protect the user against inadvertent execution of untrustworthy applications

A trusted path as one of the most efficient security points is also discussed . This mechanism can ' be imitated by other software and is a guarantee of user 's software safeness . Each operating system is to provide its own trusted path which would be closer to this operating systems needs precisely . Though , it is said also that trusted path mechanisms must be more extensible in to support the system policy administrator 's trusted applications

The enforcer component and decider component as the integral parts of an application-space access control are also presented...