Operating System Guidance

Category Definition

Operating systems (OS) are software packages that act as intermediaries between the user and the computer’s hardware. Common examples include Apple’s macOS, the many flavors of Linux (e.g., Arch, RedHat, or Ubuntu), and Microsoft Windows.

Why a defender should care about Operating Systems

Operating systems are software packages managing access to all of a computer’s resources. Think of an operating system as a circus ringleader negotiating access to hardware, scheduling software execution, and providing the basic security model for a computer’s operations. Expect operating systems to have access to all data processed and for attacks to interact with operating systems in some way.

It is important not to think of an operating system as a single application. Modern operating systems are groups of related applications. The tools shipped with operating systems often execute with privilege and can be used by attackers for malicious purposes.

Why an attacker is interested in Operating Systems

Attackers care about operating systems because knowledge of the OS will provide information about possible and probable defenses. This knowledge helps set the fundamental requirements for any attack as the technique must adhere to the specific OS-level specifications to succeed.

Operating systems generally play a role in enforcing system security. Host-based defenses are dependent upon configuration and control from the OS. Attackers obtaining OS access expect to gain the ability to evade or weaken the target’s defenses.

Lastly, most corporate OS deployments have some mechanism for central management of credentials and access (domains, etc.). Access to these operating systems gives the attacker information about other computers and networks. It allows them to use credentials managed by the OS to access and tamper with these systems.