Information Technology Reference
In-Depth Information
Auditing the security of operating systems in
complex enterprise environments involves evalu-
ation of a number of factors which is beyond the
scope of this chapter. The evaluation presented
represents a start. A next step would be the ex-
pansion of evaluative criteria in addition to the
security principles identified here followed by the
assignment of statistical weights for those crite-
ria. The statistical weights used would represent
the perceived value of those security criteria to
the enterprise. Aggregation of those weights
would provide a representative score for each
operating system which could then be combined
with other qualitative criteria to arrive at a final
assessment.
Howell, J. & Kotz, D. (2000). End-to-end autho-
rization.
Proceedings of the 4th Symposium on
Operating Systems Design and Implementation
(151 164). San Diego, CA.
Karsten, W. (n.d.). Fedora Core 2, SELinux
FAQ. Retrieved on January 5, 2005 from http://
fedora.redhat.com/docs/selinux-faq-fc2/index.
html#id3176332
Kerberos1 (n.d.). Kerberos: the Network Authen-
tication Protocol. Retrieved January 5, 2005 from
http://web.mit.edu/kerberos/www/
Lampson, B. (1974). Protection.
SIGOPS Operat-
ing System Review, 8
, 18-24.
Lampson, B. (2004). Computer security in the
real world.
IEEE Computer, 37
, 37-46.
referenceS
Lemos, R. (2003). Cracking Windows passwords
in seconds. CNET News.com. Retrieved July 22,
2003 from http://news.zdnet.com/2100-1009_22-
5053063.html
Bacic, E. M. (n.d.). UNIX & Security. Canadian
System Security Centre, Communications Se-
curity Establishment. Retrieved January 7, 2005
from http://andercheran.aiind.upv.es/toni/unix/
Unix_and_Security.ps.gz
Loscocco, P. A., Smalley, S. D., Mucklebauer,
P. A., Taylor, R. C., Turner, S. J., & Farrell, J. F.
(1998). The inevitability of failure: The flawed
assumption of security in modern computing
national security agency.
Bates, R. (2004). Buffer overrun madness.
ACM
Queue, 2
(3).
CERT1 (2004). CERT, [Data File]. Accessed on
December 20, 2004 from http://www.cert.org/
cert_stats.html
Microsoft-1, Microsoft Security Bulletin MS03-
026, Buffer Overrun In RPC Interface Could Al-
low Code Execution (823980) revised September
10, 2003, Retrieved on January 7, 2005 from http://
www.microsoft.com/technet/security/bulletin/
MS03-026.mspx
CERT2 (2003). Incident note IN-2001-09, Code
Red II: Another worm exploiting buffer over-
flow In IIS indexing service DLL. Retrieved on
December 20, 2004 from http://www.cert.org/
incident_notes/IN-2001-09.html
Microsoft-2, Microsoft, Inc. (2005).
Loading and
Running a GINA DLL
. (n.d.). Retrieved January 7,
2005 from http://whidbey.msdn.microsoft.com/
library/default.asp?url=/library/en-us/security/
security/loading_and_running_a_gina_dll.asp
CERT3 (2005). CERT Vulnerability Note
VU#596387, Icecast vulnerable to buffer overflow
via long GET request. US-CERT Vulnerability
Notes Database. Retrieved on January 4, 2005
from http://www.kb.cert.org/vuls/id/596387
Morris, R., & Thompson, K. (1979). Password
security: A case history.
Communications of the
ACM , 22
, 594-597.
Kadrich, M. (2007).
Endpoint security
. New York:
Addison-Wesley Professional.
Search WWH ::
Custom Search