Processor protection deters infinite program loops that could affect availability. Inserting a timer prevents programs from being stuck in infinite loops, and never returning control to the operating system. The operating system timer can be fixed or variable. However, the system parameter for the timer should be set at a generally accepted practice range with instructions to interrupt the operating system timer considered a privileged authorization for incident prevention.
Reducing the risk of IT program manipulation
Lastly, user program protection dictates user access to shared user resources. Rather than include all necessary instructions in an application program, many programs simply reference other programs, or subroutines, that may be available in the program library. When a program makes a reference to subroutine, it is the operating system that calls the subroutine in from the library and makes it available to the requesting program.
Sources:
Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.
Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2
Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4
Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239
Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50
“View Part I of the Essential Operating System Protection Mechanisms series here”
Post Note: “Essential Operating System Protection Mechanisms – Part IV” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”
A potential consequence for a breach in memory protection is a halt in all current processing. Therefore, the operating system should monitor the partitions to ensure that no program coding or data are moved into the wrong partition to prevent information corruption and unauthorized manipulation. Furthermore, operating systems should check to ensure data read into devices from other media are of the correct length. The operating system’s data length check prevents errors, such as blocks of records being too long for the memory buffer storage area.
Controlling privileged instructions
I/O allocation and control dynamically matches and assigns channels and devices with the processes’ particular requirements, monitors the status, and controls operations. Where online features are part of the IT configuration, communication with a terminal control unit (TCU) or front-end processor (FEP) are typically included in operating system duties. I/O protection prevents users from accessing privileged instructions.
Sources:
Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.
Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2
Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4
Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239
Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50
“View Part I of the Essential Operating System Protection Mechanisms series here”
Post Note: “Essential Operating System Protection Mechanisms – Part III” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”
In most instances, the purpose of operating system protection mechanisms are to prevent programs from interfering with each other during processing and to ensure there are no errors in referencing of subroutines in the program library; as well as ensure no unauthorized changes are made to authorized instructions.
Regarding entity software controls, all of the functions utilizing the Central Processing Unit (CPU) and associated storage as well as connected input and output devices are potential candidates for operating system defense strategies. Tactically, four primary operating system protection mechanisms are deployable: memory, I/O, processor, and user program controls.
Protecting against unauthorized modification
Memory protection restricts unauthorized modification to privileged programs. The operating system can partition associated memory into segments. Under this condition, each application program or program set will be assigned a particular memory partition. This allows several programs to process simultaneously in a multiprogramming environment, without interfering with each other.
Sources:
Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.
Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2
Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4
Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239
Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50
“View Part I of the Essential Operating System Protection Mechanisms series here”
Post Note: “Essential Operating System Protection Mechanisms – Part II” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”
Third Generation iPod Nano With Embedded Operating System 1.1.3
From mainframe computers to industrial robots to cellular phones, a variety of operating systems are available for deployment. Nevertheless, reflective of current capabilities, an IT operating system is software that controls the execution of electronically encoded instructions and may provide scheduling, debugging, input/output (I/O) control, accounting, compilation, storage assignment, job management, as well as other related services. Of these other related services, operating system protection mechanisms are crucial to ensuring information integrity.
Operating system processor functionality
Operating system functionality is determined by the lead software manufacture. However, operating systems consist of a kernel and at least one processor; with each operating system processor having specific functions that are executed based on user and/or program interface syntax. Whereby, modern operating system processors commonly perform defined process management, memory management, device management, storage management, as well as application-interface and/or user-interface related tasks.
Sources:
Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.
Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2
Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4
Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239
Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50
Post Note: “Essential Operating System Protection Mechanisms – Part I” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”
Data encryption provides an additional level of security and privacy over message transmissions. Data encryption is the re-encoding of electronic signals to disguise their meaning. The original data can only be read by the person or device that knows the key that decodes the message. Encryption processing can be implemented utilizing hardware or software and can be applied in a variety of communication situations.
A few cautionary considerations regarding online data communication access controls
“E-mail seems to sometimes transpose words …”
Have you ever had to send out the above notice to explain why your message appears unreadable? Did you ever consider the circumstances that would cause this type of E-mail problem? Could it be; the very networking controls that are utilized to prevent unauthorized access, such as message intermixing, can generate unacceptable communication conditions?
“View Part I of the Online Data Communication Access Controls series here”
Post Note: “Online Data Communication Access Controls – Part IV” was originally published through Suite101.com under the title “Online Data Communication Access Controls”
Hot off the dotted line! MetricStream doing business as (dba) ComplianceOnline has commissioned me to contribute training material.
In computer networking, fragmentation is the communication of a message one parcel at a time. The central computer technology, for example, might only accept one byte of a message in each communication with the sending device. To obtain an entire message, a ‘wiretapper’ would have to intercept all bytes that constitute a particular message.
Message intermixing as an access control
Message interception is arduous when fragmentation is utilized with message intermixing. Message intermixing is the conveyance of several messages simultaneously. A bank, for instance, could transmit bytes from two or three branch terminals along a single telephone line to the central computer technology. Consequently, a novice ‘wiretapper’ would have difficulty identifying which bytes belonged to which message from which branch terminal.
“View Part I of the Online Data Communication Access Controls series here”
Post Note: “Online Data Communication Access Controls – Part III” was originally published through Suite101.com under the title “Online Data Communication Access Controls”
Hot off the dotted line! MetricStream doing business as (dba) ComplianceOnline has commissioned me to contribute training material.
Control over access to communication devices may not be effective in an online infrastructure unless access to the employed communication configuration is also restricted. Yet, many online infrastructures have communication devices located at a considerable distance from the central computer technology enabling connections through data networking. Consequently, access controls over communication devices may only be effective in an online infrastructure where alternative communication protection techniques are deployed.
As a specific instance where deployment of alternative communication protection techniques is required, many communication configurations are vulnerable to unauthorized access via the ‘wiretapping’ of channels carrying datum to and from message presentation centers. In order to combat this potential threat, controls that can be deployed to reduce the danger from ‘wiretapping’ include: fragmentation, intermixing, and encryption.
“View Part I of the Online Data Communication Access Controls series here”
Post Note: “Online Data Communication Access Controls – Part II” was originally published through Suite101.com under the title “Online Data Communication Access Controls”
Hot off the dotted line! MetricStream doing business as (dba) ComplianceOnline has commissioned me to contribute training material.
Access to communication devices should be restricted by physical security access controls. As a particular, access to the communication devices should be restricted in much the same way that access is restricted to a data center. For example, typically, the door to the data center is locked; with entry gained by key, card, badge, or some other authentication technique. However, in many technologies, this may not be possible because the communication devices are physically and organizationally dispersed.
Dispersion of communication devices to insular locations makes it difficult or impossible to establish data center type physical security, especially when communication devices are mobile. In such situations, access should be restricted by installation of physical device locks. These types of locks restrict usage of communication devices to those who possess the appropriate token(s).
Post Note: “Online Data Communication Access Controls – Part I” was originally published through Suite101.com under the title “Online Data Communication Access Controls”
Hot off the dotted line! MetricStream dba ComplianceOnline has commissioned me to contribute training material.
In TDM (typically utilized for digital signals) a device is given a specific time slot during which it can utilize a particular channel. In contrast, with FDM (typically utilized for analog signals) the channel is subdivided into sub-channels, each with a different frequency width that is assigned to a specific signal.
Through TDM incorporation, optical-fiber networks can use dense wavelength-division multiplexing (DWDM), also known as wave division multiplexing (WDM), in which different data signals are sent in different wavelengths of light in the fiber-optic medium.
How networking services are maintained by enterprises
Network Administration is the function designated to maintain a secure as well as reliable on-line communications network and serves as liaison with user departments to resolve network needs and problems. Specifically, this function is generally responsible for maintaining network security, maintaining optimum system performance, and providing technical assistance to users. Thus, just like the ‘telephone service technician‘, the network administrator should be considered the specialist capable of reestablishing communication if service quality is diminished.
“View Part I of the A Few Fundamentals of Networking Electronically Encoded Data series here”
Post Note: “A Few Fundamentals of Networking Electronically Encoded Data – Part IV” was originally published through Suite101.com under the title “A Few Fundamentals of Networking Electronically Encoded Data”
Packet assembly and disassembly between telecommunication links
Input or output (I/O) channels are paths along which datum are transmitted to and from primary storage. These communication channels also handle the transfer of datum to and from I/O devices. As a result, this function can relieve the Central Processing Unit (CPU) of responsibility for data transfers to and from I/O devices, increase the number of input and output operations that can be performed simultaneously and reduce the time a CPU must wait for datum to arrive from, or sent to, an I/O device.
A common IT transmission technique for telecommunications is multiplexing. Multiplexing is the process of transmitting multiple (but separate) signals simultaneously over a single channel or line. The two main types of multiplexing methods are time-division multiplexing (TDM) and frequency-division multiplexing (FDM). Because the signals are sent in one complex transmission, the receiving end has to separate the individual signals through de-multiplexing.
“View Part I of the A Few Fundamentals of Networking Electronically Encoded Data series here”
Post Note: “A Few Fundamentals of Networking Electronically Encoded Data – Part III” was originally published through Suite101.com under the title “A Few Fundamentals of Networking Electronically Encoded Data”
This blog provides content regarding IT Governance, Risk, and Compliance topics. Occasionally, readers will receive suggestions enabling organizational enhancements to IT managerial principles and practices consistent with generally accepted international standards.
Central Processing Unit, Configuration Management, Control Techniques, IAP, ICT, Information Communication Technology, Information Security, Information Security Infrastructure Management, Infrastructure Management, IT Configuration, IT Controls, IT Infrastructure, IT Security Infrastructure, Logical Security, Operational Level Agreement, OS, Risk Management, Risk Mitigation
0 Comments
RSS Feed
Email a friend
