Different Aspects of Security Problems in Network Operating Systems

Paper i proceeding, 2002

This paper presents research on computer security vulnerabilities in general-purpose network operating systems. The objective of this study is to investigate real intrusions in order to find and model the underlying generic weaknesses, i.e., weaknesses that would be applicable to many different systems. The paper is based on empirical data collected from three different systems, UNIX with NFS and NIS, Novell NetWare, and Windows NT. Five common security problems, improper input validation; improper use of cryptography; weak authentication; insecure bootstrapping; improper configuration, are identified, exemplified, and discussed from different perspectives. The work presented represents a further step towards a full understanding of the generic weaknesses that impair commercially available operating systems.