Threat Monitoring in Operating System:
Definition and Explanation:
Threat monitoring is a management technique that can improve a security system. This system can easily check any suspicious activity to violate security. A good example of threat monitoring is when a user is attempting to log in. The system may count the number of incorrect passwords given when trying to log in. After a few attempts of incorrect password input, a signal is sent to warn that an intruder might be trying to guess the password.
Another common technique is an audit log. An audit log records information such as time, user name and type of accesses to an object. If a sign of security violation occurs, a collection of data is recorded to determine how and when the violation occurred.
A scanning method can be used to scan the computers to check for security holes, scan looks for the following aspects of a system:
- Short or easy-to-guess passwords
- Unauthorized programs in system directories.
- Unexpected long-running process
- Improper directory protections, on both user and system directories
- Improper protections on system data files, such as password file, device drivers, or even the operating-system kernel itself
- Dangerous entries in the program search path (i.e. Trojan horse)
- Changes to system programs detected with checksum values
When problems are found by the security scan, they be automatically fixed or be directly reported to the managers of the system.
Internet is a main source of security problems as it connects millions of computers. One solution to protection and security through the Internet is a firewall. A firewall is a computer or router that sits between the trusted and the un-trusted. It limits network access between the two security domains, and monitors logs and connections.