Troubleshooting Operating System Security Issues – CompTIA Network+ N10-006 – 4.7

An operating system’s security must be constantly maintained. In this video, you’ll learn about OS patches, updates, and malware attacks.
<< Previous: Troubleshooting Firewall Security IssuesNext: Troubleshooting Denial of Service >>

Keeping our operating systems up to date is one of the most important things you can do especially when you’re concerned about security. These patches, of course, are designed to make your operating system more stable and usable, but there are often very important security patches included with these as well. Some of these patches can arrive in service packs where a large number of patches are put together and provided to you all at once.

Very often you’ll get these patches in monthly updates where they’ll provide you a little update every single month to keep your operating system as secure as possible. And occasionally there will be a problem that occurs that affects everybody that needs to be patched immediately. So you may see emergency patches or what they call out-of-band updates because they don’t come during the normal update cycles. These will have zero-day patches and vulnerabilities that have been discovered that somebody is now taking advantage of that need to be patched as soon as possible.

There are many ways to perform these updates across many different operating systems. In Windows, we have Windows Update which could be scheduled on an individual device to perform all of the update functions. You may want to integrate this with the Windows Server Update Services. This will centralize the management of all of your updates to a central device in your environment, and now all of your devices can access the Windows Server Update Services to get all of the approved updates. On Mac OS X, you’ll find the updates in one of two places depending on what version of OS X you’re running.

It will either be available on the Apple menu or you’ll go to the App Store and there’s an update section inside of the Apple App Store. If you’re running a Linux operating system, there are many options available. There’s yum and apt-get, and rpm, and there are graphical front-ends for all of these as well. So regardless of what type of system you have, there’s going to be a way to update the operating system and the applications automatically. The update process is designed to be as seamless as possible, but occasionally you’ll run across a patch that either does not install properly or it causes problems with other things in your operating system.

So you may want to perform some tests and make sure that the patch is going to work well across all of the devices in your environment. This is one of the challenges we run into is that we might apply a patch and that patch breaks something else. So you’re applying a fix to one issue and now you’ve got another issue to contend with. So now you have to choose which thing is more important. Is the patch more important or is the thing that’s now broken more important?

And you’ll now have to decide which one of those you’re going to choose, and how you will eventually want to integrate this patch into the operating system. In large environments, these patches are centrally managed. So instead of going to Microsoft to get all of your updates, you go to a central server that’s within your organization. This way the IT department can do all of their testing and when they feel that the patch is ready to be rolled out, they can add it to the internal update server where it’s then deployed to all of the devices in your network.

Not only does this allow you a managed process that allows you to test the patches first and then deploy them, but it also saves bandwidth because everybody’s talking to an internal server rather than everyone going out to the internet. One of the biggest challenges we have for operating system security these days is malware. This malicious software is getting very good at getting into our systems and it’s causing a lot of problems for our users. Some malware doesn’t make itself obvious on your computer, you have no idea it’s even installed, but it’s behind the scenes watching every single keystroke you’re making and reporting those keys back to a central server.

This means when you log into your file server or log into your bank or log into your insurance company, this malware is watching every single thing you’re typing in including the username and the password. Some malware is very social. It participates in a very large botnet. This is a robot network that is able to send emails, provide denial of service attacks on other locations, or gather information from all of the different devices on the network. And they’re all under the control of whoever is in charge of the botnet.

You obviously don’t want your systems participating in this worldwide botnet, so you have to be very careful that that type of malware is not installed onto these systems. Some malware is all about the money. It wants you to look at advertising. Whenever you visit any web page, advertisements appear inside the web page or extra pop up boxes appear with advertising on them. And the bad guys are hoping that they can install as much malware on as many systems as possible because they’re making money every time they show you an ad.

Some of this malware viruses and worms can encrypt your data and you have to pay the malware author to get a key that can then decrypt all of your personal data. You may want to make sure that your backups are working properly and that you have the latest antivirus and anti-malware signatures on your computer. The reason malware has become such a problem is that it’s getting very good at how it embeds itself on our systems. Assuming that your users are not clicking on a link in an email or visiting a site they should not visit, one of the ways that malware starts is by taking advantage of a vulnerability with an application or with the operating system.

It will embed their code inside of the operating system at that point, and then they’re able to perform anything they’d like. They could even sit there without installing anything and later on provide access to that system through a back door that they then can use to install additional software onto your computer. To start this process though, the computer has to run an executable. It might be a link from an email that you’re clicking. We do not want to click any links inside of an email because of that.

Maybe visit a website and get a pop up message that says software needs to be updated when, in reality, no software really did need to be updated. That’s just another way the malware uses to get onto your system. Maybe it’s a drive-by download. You visit a website and just by visiting a page, it begins to download a file to your computer.

Or it might be a worm that hops from computer to computer taking advantage of a known vulnerability and embedding itself on as many systems as possible. The key is to keep your operating system updated. Make sure that you’re installing all of the latest patches and you’re staying up to date with all of the application updates as well.