Learn about the security-relevant characteristics of operating system data and how it can contribute to improving network security.
- Operating systems play an instrumental role in delivering network packets. Operating systems send and receive packets as their origin and destination in terms of IP addresses. Once a network application, say Network Application A, generates data to be sent to another application, an operating system, or OS, transforms it into a packet with headers including information such as source and destination IPs and port numbers.
Once the same packet arrives at a destination host with a target IP, another OS takes over and removes all the headers and trailers to extract the data meant to be delivered to an application expecting to receive it. The OS then hands it over to the target application. When this happens, the OS knows which application, out of the many it hosts, is receiving the data according to a port number received from the packet header earlier. In addition to being an integral part of the network communications, OS's are also at the forefront of network defense.
Attackers constantly probe OS's vulnerabilities which requires them to have their own built in firewalls called host firewalls. OS's are intricately involved in sending and receiving network packets and therefore, generate many data to remain to network security. A lot of this data is captured in event logs maintained and stored locally by the OS itself. These event logs can also be forwarded to a centralized log server or SIEM.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization