Isolation is one of the security measures of the operating system. Operating system security measures include: isolation, layering and internal control; isolation can be divided into four aspects: physical isolation, time isolation, logical isolation and password isolation.
#The operating environment of this article: Windows 7 system, Dell G3 computer.
Isolation, as one of the security measures of the operating system, can be divided into four aspects: physical isolation, time isolation, logical isolation and password isolation.
Security protection measures for the operating system
1. Use strong passwords
To improve security, one of the simplest ways is to use a password that does not know how to use it. Passwords that are easily guessed by brute force attacks. A brute force attack is an attack in which an attacker uses an automated system to guess a password as quickly as possible, hoping that it won't take long to figure out the correct password.
Passwords should contain special characters and spaces, use uppercase and lowercase letters, and avoid simple numbers and words that can be found in a dictionary; cracking this type of password is easier than cracking a password composed of your family members' names or your anniversary date. Passwords are much harder. Also keep in mind: every additional character in password length doubles the number of possible password character combinations. Generally speaking, any password less than 8 characters is considered too easy to crack. A password of 10, 12 or even 16 characters is safer. But don’t make your password too long, so you won’t be able to remember it or it will be too troublesome to enter.
2. Do a good job in border defense
Not all security issues occur on desktop systems. It's a good idea to use an external firewall/router to help protect your computer, even if you only have one computer. If you're considering a low-end product, you can buy a retail router device, such as routers from manufacturers such as Linksys, D-Link, and Netgear, which can be purchased from your local electronics store. If you are considering higher-end products, you can purchase managed switches, routers and firewalls from enterprise-level manufacturers such as Cisco, Vyatta and Foundry Networks.
You can also take a different approach and assemble your own firewall "from scratch"; or use pre-packaged firewall/router installers to build your own firewall, such as m0n0wall and IPCoP, which can fully achieve the same functions as major enterprise-level manufacturers The solutions are comparable. Proxy servers, anti-virus gateways, and spam filtering gateways all also help improve perimeter security. Remember: In general, switches have better security features than hubs; routers using the Network Address Translation (NAT) protocol have better security features than switches; and firewalls are an absolute must-have.
3. Update Software
Although in many cases it may be extremely important to test patches before deploying them to production systems, security patches must ultimately be deployed to the system. . If security patches are not updated for a long time, your computer may become an easy target for unscrupulous attackers.
Don’t let the software installed on your computer not be updated with the latest security patches. The same goes for any signature-based malware protection software, such as anti-virus software (if your system requires them): they will only provide the best protection if they are up-to-date and have the latest malware signatures added Effect.
4. Turn off unused services
Computer users often don’t even know what services are running on their systems that can be accessed through the network. Telnet and FTP are two services that often cause problems: if your computer doesn't need them, they should be turned off. Make sure you understand every service running on your computer and why it is running. In some cases, this may require figuring out how important the service is to your specific needs so that you don't make the mistake of turning off the Remote Procedure Call (RPC) service on a Microsoft Windows computer and not disabling logins, but turning it off Services that aren't actually used are always a good idea.
5. Use data encryption
For computer users or system administrators who are concerned about security, there are different levels of data encryption methods available; choose a reasonable encryption level to meet your needs Yes, this must be determined based on the actual situation. There are many methods of data encryption, from file-by-file encryption using cryptographic tools, to file system encryption, to encryption of the entire disk.
The above encryption methods usually do not include the boot partition, because that requires special hardware to help decrypt; but if there is a strong need to encrypt the boot partition to ensure privacy and it is necessary to invest this expense, you can also get this kind of encryption of the entire system. . For any application other than boot partition encryption, there are many solutions for each required level of encryption, including commercial proprietary and open source systems that implement whole disk encryption on all major desktop operating systems.
6. Protect data through backup
Backing up your data is one of the most important ways you can protect yourself and avoid disaster. There are many strategies for ensuring data redundancy, ranging from simple and basic strategies such as regularly copying data to a CD, to complex strategies such as regular automatic backups to the server. If the system must be kept running without interruption of service, a redundant array of inexpensive disks (RAID) can provide a failover redundancy mechanism in case of disk failure.
Free backup tools like rsync and Bacula can put together automated backup solutions no matter how complex. Version control systems like Subversion can provide flexible data management functions, so that not only can backup be performed on another computer, but multiple desktops or laptops can have the same latest data without any effort.
7. Encrypting Sensitive Communications
Cryptosystems used to protect communications and avoid being eavesdropped are extremely common. Software supporting the OpenPGP protocol for email, Off The Record plug-in for instant messaging (IM) clients, encrypted tunneling software for ongoing communications using secure protocols like SSH and SSL, and many other tools are used to ensure The data is not corrupted during transmission. Of course, in person-to-person communications, it is sometimes difficult to convince the other party to use encryption software to protect the communication, but sometimes this protection is crucial.
8. Don’t trust external networks
This is especially important for open wireless networks like the wireless network in your local coffee shop. Just because you're very cautious about security, it doesn't make sense that you can't use wireless in a coffee shop or some other untrusted foreign network. But the key is that you must ensure security through your own systems; don't trust external networks to be safe from malicious attackers. For example, on open wireless networks, it is extremely important to use encryption to protect sensitive communications, including when connecting to websites that use login session cookies to automatically authenticate your identity, or to enter a username and password.
The less obvious aspect is that you want to make sure that you are not running any network services that are not strictly necessary; because these services can be exploited if there are unpatched vulnerabilities. This applies to network file system software like NFS or Microsoft CIFS, SSH servers, Active Directory services, and many other services that may be used. Check your system inside and out to identify opportunities where malicious attackers might attempt to break into your computer, and make sure those entry points are protected as best as possible. In some ways, this is just an extension of the two security methods of turning off unnecessary services and encrypting sensitive communications; it's just that when dealing with foreign networks, you are allowing services running on the system and communications that you consider "sensitive" Extra caution must be exercised.
Protecting yourself on untrustworthy foreign networks actually requires a comprehensive re-evaluation of the security posture of the system.
9. Use uninterruptible power supply (UPS)
The role of UPS is not only to avoid losing files during power outages. There are more important reasons to use a UPS, such as power regulation and avoiding file system damage. For this reason, make sure you buy a UPS that can work with the operating system to notify the operating system when the UPS needs to be shut down in case you're not home when the power runs out. Also make sure you buy a UPS that provides battery power and power regulation. . Surge protectors simply aren't enough to protect your system from "dirty" power. Remember: a UPS is critical to protecting both your hardware and your data.
10. Monitor the system and find security threats and vulnerabilities
Don’t take it for granted that just because a series of security precautions have been taken, the system will definitely not be attacked by attackers. destroy. You should always establish some kind of daily monitoring mechanism to ensure that suspicious events are quickly brought to your attention; corresponding measures can be taken against possible security vulnerabilities or security threats. We need to put this focus not only on network monitoring, but also on integrity auditing and/or other local system security monitoring techniques.
Other security precautions may apply, depending on which operating system you are using. Some operating systems are not as secure as expected due to design characteristics, which brings additional security challenges; while some operating systems provide experienced system administrators with features to improve security. Whether you're using a proprietary system like Microsoft Windows and Apple Mac OS What time is it.
The operating system you chose adopts the default installation method without further consideration to protect system security, but it is safe enough. This situation is only a rare phenomenon. No matter what operating system you are using, start with the aspects mentioned above and then consider the specific security requirements of the operating system platform. The integrity of system security cannot be guaranteed by luck.
The above is the detailed content of Is isolation one of the operating system security measures?. For more information, please follow other related articles on the PHP Chinese website!