Prime OSs Focused On Security
People keep a lot of different of information primarily on their computers
Most companies have valuable information that needs to be protected. Among various types of data it can be different: technical (for example, architecture of a new microchip or software), commercial (for example, researches on competitiveness or marketing plans), financial (plans of stock operations), juridical (for example, documents on potential confluence or company merger) and so on. The main part of such information is usually stored on computers. Home computers keep important data as well. Many people save their financial data, including tax returns, PIN codes of credit cards on personal devices. Even love letters are in a digital format now. Hard drives are full of important pictures, videos and films.
There is a need to protect information volumes, stored in computer systems, while their growth. Protection of such information from unauthorized usage becomes a priority for all operating systems.
Over past decades security issues of operating systems were changed radically. Before 1990 only some people used computers at home, in general, computational operations were conducted in companies, universities and other organizations on multiuser computers. Almost all these machines were isolated from each other and disconnected to any networks. For this reason, security issues were come down practically to deliverance of users from external interference. For example, if two individuals were authorized users of the same computer, there was assigned a task to guarantee that anyone of them would not be able to read or secretly change content of someone else’s files; however, it was necessary to provide joint usage of such files in case if users would like to do that. In view of this, improved models and mechanisms were engineered. They guaranteed that nobody would get access, which did not comply with provided rights.
Sometimes these models and mechanisms were not connected with separate users, but with their classes.
For example, data on military computers had to be marked with “Top secret”, “Secret”, “For Official Use Only”, “Without restriction”, that corporals could not observe general’s catalogs. Over years all these issues were researched, described and embodied in real developments. It was supposed that after all improvements software would not have any failures and it followed established rules in its work.
The situation has been changed due to a growing role of personal computers, tablets, smartphones and the Internet. For instance, many devices have only one user, that’s why there is no high risk of interference. It is clear that this statement is not related to general servers (that may create a cloud).The most interest here is attracted by the thing which can keep absolute isolation of users.
By the way, spying, for example, is possible in a network. If two people are connected to the same Wi-Fi network, one of them can intercept network data of the other. Encrypting does not always work in favor of users, because a network is not the only place for spying activities.
The reason can be in defects of software installed on a computer. When a defect influences security, we call it vulnerability. Entered data helping to use a defect usually is called exploits. Frequently well selected harmful codes by cyber criminals help to get full access over a computer. In other words, if somebody is sure that he is the only one user of own computer, he barks up the wrong tree – in reality many people can use it.
Hackers, having used a virus or a worm, can startup malware by themselves, or it can be started automatically. The difference between viruses and worms are not always clear. Viruses can be spread with the help of user actions. For example, a user is supposed to click on an attachment in an electronic letter to infect a machine. On the contrary, worms get into a system without external help. They will be spread independently from user actions.
For these and other reasons, it is good to find out more about special operating systems focused on security issues to know how to protect own computer and stored information on it.
We are going to explore a list of OSs that concentrated on reliable security. Here it is shown that such systems are designed to reach protection as a main aim. Therefore, some things can be safe without acting as “protection-oriented”. For instance, roughly all operating systems run into security errors during their technical life. Nevertheless, all of them gradually try to reach all known general security holes contained in their architecture with the latest concepts in an effort effectively to design a protected compute environment.
Security-oriented does not suppose a fail-safety OS, which is connected with operating systems that have got computer accreditation from a protection event auditing company. Above all things it is an operating system presenting proper support for multilevel protection and a confirmation of intactness to comply with a special suit of official requirements.
In fact, these systems are from Unix and Linux families.
BDS means “Berkeley Software Distribution”. This software was produced from a code base at the University of California in Berkeley. The system was an addition to the Unix operating system by AT&T company. Several operating systems were engineered with an open source code.
BDS has several variants such as:
1. FreeBSD increases productivity and simple to use for final users. It is liked by web hosters.
2. TrustedBSD is a set of extended security designed for FreeBSD.
3. HardenedBSD is a project designed to provide low level security upgrades to FreeBSD.NetBSD provides maximal mobility of a code. NetBSD supports both small machines and large servers.
4. OpenBSD is targeted on security and “purity” of a code. For this reason, many organizations choose OpenBSD to protect important information, for example, stocks, banks, governmental institutions.
5. Anonym OS was based on OpenBSD 3.8 with excellent encoding and anonymizing instruments. The purpose of the system was to guarantee safe web browsing access to ordinary users. The program was shut down after production of Beta 4 .
6. DragonFlyBSD shows high performance of efficiency.
7. TrustedBSD is a set of extended security designed for FreeBSD.
Linux has among different safety characteristics the Linux Security Module built into the baseline of Linux kernel. Nevertheless, there were developed special projects that aimed to make Linux more protected in most cases or exceptional situations.
1. Alpine Linux is a project oriented on security,lightweightness and low standards to resources. Usually it is used in built-in systems.
2. Annvix provides enhanced security. The distribution is based on Mandriva Linux and it contains a number of improvements in system security, such as SELinux, GCC with SSP protection and so on.
3. BlackArch Linux is a distribution for testing on penetration and security researches.
4. Debian is an open operating system encloses support for SELinux, Tomoyo and AppArmor.
5. EnGarde Secure Linux is a distribution providing secure services for users in aggressive Internet environment.
6. Fedora is a product by GNU/Linux. It is sponsored by Red Hat and supported by a community. The project serves for testing new technologies that will be incorporated into Red Hat products and other producers.
7. Hardened Gentoo is a project offering general system protection from cracking. Hardened kernel can block many potentially dangerous operations, and hardened-gcc protects compiled by him programs from cracking using typical methods. For example, a user has “holes” in his system and a hacker tries to break into it – that criminal will succeed, but in hardened – not.
8. Hardened Linux is a distribution for firewalls, VPN-gateways and intrusion detection systems based on Slackware with improved security.
9. Immunix is one the oldest among Linux distributions. It is presented as improved StackGuard by Wirex. The company, while creating this product, took a standard version of Red Hat Linux and with the help of StackGuard recompiled packages which are important in terms of security.
10. Kali Linux is a Debian Linux version created for digital criminalistics and intromission testing, famous as Backtrack in the past.
11. Mempo is a Debian-derived program targeted to guarantee protected and secure environment for an operating system. It has relations with Tor and the Freenet.
12. Openwall Project (Owl) is a distribution designed by Solar Designers. Owl can be used for creation of highly secure server systems.
13. Parrot Security OS is cloud focused GNU/Linux software grounded on Debian. Parrot Security OS is engineered to conduct protection and penetration testing, realize criminal investigation analysis or work in anonymity.
14. Pentoo Project is a live CD or USB created to conduct penetration tests and protection assessment.
15. Qubes OS is a Linux product designed to combine programs into a set of separated sandboxes to secure protection.
16. Replicant is a free and open OS grounded on the platform of Android. Replicant helps to relocate all patented Android parts with their free counterparts. It can be used on few tablet computers and smartphones.
17. Red Hat Enterprise Linux provides the same protection advantages as Fedora with extra support of back-porting security fixes to new versions of packages. It means that a system administrator does not need to do a great upgrade to receive a security correction.
18. Subgraph OS is developed to be hard to attack. This is possible due to hardening of the system, active focus on protection and reluctant to attacks .
19. The Amnesic Incognito Live System or Tails is designed to keep privacy and anonymousness.
20. Ubuntu Privacy Remix is a Ubuntu distribution oriented on protection.
21. Whonix is an operating system developed on the base of VirtualBox, I2P, Debian, Tor, GNU/Linux. Taking into account that the system combines two virtual machines, it provides great security in terms of preventing leaks of IP address or location.
22. IprediaOS is a system where connections go through I2P. The operating system is good at anonymous bittorent download.
23. Liberté Linux is a reliable, protected, lightweight program aimed to enable everyone to communicate safely in unfriendly environment.
24. Security Onion is a Linux distribution based on Ubuntu. It has a kit of instruments for providing security such as Snort, Bro, Suricata, Squil, Squert, Snorby, NetworkMiner and more. Security Onion is designed to detect intrusion and conduct network protection monitoring.
25. JonDo is built on Debian designed particularly for anonym surfing in the Internet. The distribution gives an anonymous proxy server available for different platforms such as Linux, BSD, Windows and Mac. The live version offers users to use JonDo or Tor proxy for protection of online confidentiality. All built-in apps preliminarily configured and set for maximal anonymity. The distribution includes several clients of instant messaging, in particular Pidgin and TorChat and private browsers (JonDoFox and TorBrowser).
It is an operating system developed by Sun Microsystems for the SPARC platform. A bigger part of Solaris’s code is opened and published in the OpenSolaris project, even though Solaris is a system with closed source code, mainly under the Common Development and Distribution License. The system itself is not basically protection-oriented.1. Improvements in OpenSolaris are not only protection related, but also back-ported to the main Solaris version.
2. Trusted Solaris is an operating system based on Solaris; it is equipped with guaranteed security by Sun Microsystems Company. Trusted Solaris uses a model of mandatory access control.