Malicious Software

"malicious software": virus, trojan, spyware, etc.

There are many different kinds of programs which do bad things on your computer. They have technical names like virus, bot, trojan, spyware, key logger, adware, and more. All of them together can be called "malware". ("mal" is from Latin for "bad".)

What does malware do?

What does "dangerous emails and webpages" mean? What do they actually do?

Malware will be annoying or harmful to your own computer:

•  destroy files
•  modify files
•  change settings on your computer (to annoy you)
•  slow your computer down by using it to do other things (see below).

But these days it does more than that!

It gets information from your computer:

•  Get email addresses from Outlook Express and other programs, and send them (through your internet connection) so they can use for spam.
•  steals information about your surfing habits (what you click on, pages, ads etc what you search for, what websites you visit.)
•  Captures your keystrokes and sends them to someone (passwords! credit card numbers! personal information!)
•  Change settings on your computer (to enable it to do the bad stuff)

It puts things on your computer:

•  Redirects your home page or searches
•  Puts ads on your computer
•  Add links (to ads) in web pages you visit, in your favorites/bookmarks, on your desktop
•  change security settings in MSIE so that you will see sites you thought you had blocked, popup ads, etc.
•  Puts itself on flash drive to infect the next computer.

It does this by installing programs on your computer to do these things .. plus more we don't know about!

It uses your computer! to harm others, or more: to steal 
This uses your bandwidth and your computer ram, causing your connection and programs to run more slowly. Also makes it harder to trace the attack to its real source.

•  Uses your computer to relay spam
•  Uses your computer to send malware to other computers
Uses your computer to relay stolen information from other computers.
•  Use your computer to store files (often illegal) and make them available to others – shifting liability away from the attackers.
•  Use your computer to attack other computers (send viruses, DOS attacks, ...)
•  Use your computer as file server (transfer files between other computers, use your storage space).

It is used by rival businesses (and governments):

to attack rival spammers/hackers

to attack other businesses

And there is now big money for the bad guys:

send spam to the stolen email addresses (money from advertisers in the spam)

sell the stolen email addresses to other spammers

steal from bank account (transfer to another account)

order things with stolen credit card number

resell malware on the black market for cash -- tens of thousands of dollars each! -- which are, in turn, used by exploiters to steal

 

How does the malware get into your computer?

•  From email - as web page, as javascript, as image, ...
•  From a web page: infected (hacked or on purpose) webpages have code that attempts to install malware on visiting PCs.
•  From you installing it yourself, thinking it is a good program! (common ones are screensavers, browser toolbars, and even .. "anti-virus" programs)

How to protect yourself:

If you walk down the street, you don't hold out your hands (or your wallet!) and accept or give things to anyone you see. You have learned from childhood to recognise and choose, so it seems natural and you don't have to think about it. (In the west we call it "street smarts".) Computers are new, and we learn computer as adults. So it seems hard and complicated to "be safe" with computers. It isn't really — it's just something more to learn as you go through life.

If you can use Linux or Macintosh, do it.

Then ...

•  Just be sensible about what websites you visit.
•  Install software only through the repository, or through trusted websites.

If you must use MS Windows, the most useful things you can do are:

First: Don't

•  Don't use Internet Explorer (use FireFox or Opera or ...)
•  Don't use Outlook/Outlook Express (use Thunderbird or Eudora or ...)

Why? These programs are "tied in" to the operating system, and so are very easy for malware to get through to your computer.

Second: Do

•  Install a good anti-virus program, such as AVG or Awast or ClamWin
•  Keep it updated! otherwise it is no good, might as well not have it.
•  Install and use a firewall. 
  If you are running Windows XP you can use the built-in software firewall under Control Panel. Also there are free versions of firewalls that work on all versions of Windows.
•  (What is a firewall? What is an anti-virus program?)

Develop "net smarts" to go with your "street smarts"

Email:

•  Don't open mail or attachments from someone you don't know. 
  It will have a virus, and the minute you open it, you won't see anything to tell you, but you will have released the virus to infect your computer and also the other computers in your office.
•  Be careful opening email attachments, even from friends. 
  They may have viruses that your friends didn't put there.
•  Don't view your mail "as web page", view it "as text" 
  The things that make a "web page" (such as javascript) can get infected with viruses.

Web:

•  Be careful clicking on web links found on less reputable web sites. Um - don't even *go* to "less reputable" websites.
•  Pay attention to the "url" 
  (what is a url?) 
  If you think you are going to the Microsoft website, and the url says http://www.microsoft.comehere.com ... well maybe it is not actually Microsofts website!
•  Pay attention when clicking on web searches 
  The first link isn't always the best link - May be an advertisement site. May be a bad website.
•  Pay attention to links on a web page: 
  Does it say "advertisement" anywhere near the link?
•  If something seems "to good to be true", it probably is! 
  This is as true on websites as in life. If some website is offering you free downloads, free exciting pictures, etc, they are probably getting something from you in return: your virus-filled computer.

Passwords:

•  I bet i could get into the email accounts of about half the people i know! I would try things like this: tibet123 tpprc123 tashi70 tashi59 tashi310
•  If i can try this, a hacker can too — and get into your email, online accounts, and your computer.
•  How do hackers get passwords: not by sitting and clicking - but by running a program that has a file of words and names, and tries them over and over. A program doesn't get tired! It can keep trying until it gets it.
•  How to make a good password:
•  If you can remember it easily, the hacker probably can guess it. Bad! Make difficult passwords, and Keep a record of them *safely* somewhere.
•  What is a good password? 
  It has letters (upper and lowercase), numbers, punc.
•  Waaaah, that's too hard! 
  ... No, it's not: Start with a word that means something to you: 
  You already do this! So: 
  tashimarch10 
  Then, change it: replace some letters with numbers, punctuation, uppercase. 
  Tash;m8r10 
  Because it starts with a word that means something, you may be surprised that after typing it a few times, you *will* be able to remember it. 
  And a hacker can't guess it.
•  Use different passwords for different accounts: 
  That's too hard! ... No, it's not: 
  website file uploads: Tash;m8r10tp yahoo mail: Tash;m8r10yh google mail: Tash;m8r10gm 
  See, i use an abbreviation for the different sites at the end of the password.
•  Change your passwords every few months. 
  That's too hard! ... Well ... i admit it is annoying. But it's like brushing your teeth — Just do it.

Computer Attack

A computer attack may be defined as actions directed against computer systems to disrupt equipment operations, change processing control, or corrupt stored data.

Different attack methods target different vulnerabilities and involve different types of weapons, and several may be within the current capabilities of some terrorist groups.

Three different methods of attack have been identified, based on the effects of the weapons used. However, as technology evolves, distinctions between these methods may begin to blur.

• A physical attack involves conventional weapons directed against a computer facility or its transmission lines;
• An electronic attack (EA) involves the use the power of electromagnetic energy as a weapon, more commonly as an electromagnetic pulse (EMP) to overload computer circuitry, but also in a less violent form, to insert a stream of malicious code directly into an enemy's microwave radio transmission; and
• A computer network attack (CNA), usually involves malicious code used as a weapon to infect enemy computers to exploit a weakness in software, in the system configuration, or in the computer security practices of an organization or computer user. Other forms of CNA are enabled when an attacker uses stolen information to enter restricted computer systems.

Department of Defense officials have stated that while CNA and EA threats are “less likely” than physical attacks, they could actually prove more damaging because they involve disruptive technologies that might generate unpredictable consequences or give an adversary unexpected advantages.

Operating systems

An operating system (OS) is software that manages computer hardware and software resources and provides common services for computer programs. The operating system is an essential component of the system software in a computer system. Application programs usually require an operating system to function.

Examples of popular modern operating systems : 

Android is a mobile operating system (OS) based on the Linux kernel and currently developed by Google. With a user interface based on direct manipulation, Android is designed primarily for touchscreen mobile devices such as smartphones and tablet computers, with specialized user interfaces for televisions (Android TV), cars (Android Auto), and wrist watches (Android Wear). 

iOS  is a mobile operating system developed by Apple Inc. and distributed exclusively for Apple hardware. It is the operating system that powers many of the company's iDevices.Originally unveiled in 2007 for the iPhone, it has been extended to support other Apple devices such as the iPod Touch , iPad , iPad Mini  and second-generation Apple TV onward . As of June 2014, Apple's App Store contained more than 1.2 million iOS applications, 500,000 of which were optimized for iPad.These apps have collectively been downloaded more than 60 billion times.

Linux  is a Unix-like and mostly POSIX-compliant computer operating system assembled under the model of free and open-source software development and distribution. The defining component of Linux is the Linux kernel, an operating system kernel first released on 5 October 1991 by Linus Torvalds.The Free Software Foundation uses the name GNU/Linux to describe the operating system, which has led to some controversy.

Microsoft Windows or Windows is a metafamily of graphical operating systems developed, marketed, and sold by Microsoft. It consists of several families of operating systems, each of which cater to a certain sector of the computing industry. Active Windows families include Windows NT,Windows Embedded and Windows Phone; these may encompass subfamilies, e.g. Windows Embedded Compact (Windows CE) or Windows Server. Defunct Windows families include Windows 9x and Windows Mobile.

  

Top 10 Security Threats Every IT Pro Should Know !

What Constitutes a System Security Threat?

Definitions vary, but in the most general sense, a system security threat is a malicious event or action targeted at interrupting the integrity of corporate or personal computer systems. The motivation is to compromise data for the purposes of exploitation.

Data can be of the sensitive type; things like credit card information, passwords or contact lists. And another type is information that might interest advertisers, like your Internet browsing habits.

Top 10 Security Threats

What are the specific threats that you should be aware of for the Security+ exam? Here’s a list of the top 10 security threats you should be aware of.

1. Privilege Escalation

Software programs often have bugs that can be exploited. These bugs can be used to gain access to certain resources with higher privileges that can bypass security controls.

2. Virus

The term “virus” has been used as a catchall phrase for many threats. Essentially, a virus is a computer program that, like a medical virus, has the ability to replicate and infect other computers. Viruses are transmitted over networks or via USB drives and other portable media.

3. Worm  

A worm is a specific type of virus. Unlike a typical virus, it’s goal isn’t to alter system files, but to replicate so many times that it consumes hard disk space or memory. Worm victims will notice their computers running slower or crashing.

4. Trojan

Trojan horses, commonly referred to as Trojan, are programs. They masquerade as normal, safe applications, but their mission is to allow a hacker remote access to your computer. In turn, the infected computer can be used as part of a denial of service attack and data theft can occur.

A particularly nasty Trojan is a keystroke logger than can be used to capture passwords, credit card numbers and other sensitive information.

5. Spyware

Spyware usually invades computers through software downloads. Shareware and freeware downloads, in addition to peer-to-peer file sharing are typical infection points. Like Trojans, spyware can pilfer sensitive information, but are often used as advertising tools as well. The intent is to gather a user’s information by monitoring Internet activity and transmitting that to an attacker.

6. Spam

Some view spam is more of an annoyance than a threat. Still, legislation like the CAN-SPAM Act has been enacted to help combat the problem, so that view may not hold weight with many others. Spam is unsolicited junk mail. It comes in the form of an advertisement, and in addition to being a time waster, has he ability to consume precious network bandwidth.

7. Adware

Similar to spyware, adware observes a user’s Internet browsing habits. But the purpose is to be able to better target the display of web advertisements.

8. Rootkits

Rootkits are some of the most difficult to detect. They are activated when your system boots up — before anti-virus software is started. Rootkits allow the installation of files and accounts, or the purposes of intercepting sensitive information.

9. Botnets

Botnets are created with a Trojan and reside on IRC networks. The bot can launch an IRC client, and join chat room in order to spam and launch denial of service attacks.

10. Logic bomb

You may have also heard the term “slag code” to refer to logic bombs. They are bits of code added to software that will set off a specific function. Logic bombs are similar to viruses in that they can perform malicious actions like deleting files and corrupting data.

How to Arm Yourself Against These Threats :

The list of system security threats is extensive and growing. A defense strategy that includes anti-virus software, system patching and timely software updates are key to combating the problem. For system administrators and end-users alike, understanding the differences between these threats are the first step towards being able to eradicate them.

     

Security Systems in UAE

Security is one of the major concerns of businesses in the UAE. Implementing high performance security measures is considered by organizations as one of the most important facets of their business, and one that requires special care and concern. Companies need security measures as they have to routinely deal with a lot of sensitive data concerning their business and the details of their customers, and also to ensure that entry to corporate premises remains restricted to employees only.

Furthermore, there might also be need for surveillance measures to monitor the day to day workings of the company. For these purposes, we at Datazone Systems LLC offer top of the line security systems in UAE for enterprise use. With our solutions, you can meet all your security needs with effectiveness.

What We Offer

Datazone Systems LLC is one of the foremost providers for corporate security equipment in the UAE. We understand client requirements and use our special skills and vast experience in the field to provide solutions which are guaranteed to satisfy. Our security systems solutions include –

• CCTV – Modern, feature rich cameras with remote monitoring. Extra features include cameras which work with wireless networks, motion sensitive cameras, and infrared cameras, surveillance options on smartphones and tablets and video recordings of CCTV footage.
• 
  
• Network Security – High performance network security for office networks with the help of advanced firewall technology and Virtual Private Network setup.
• 
  
• Access Control – Efficient access control systems with included support for surveillance, which work with RFID based smart cards and biometric scanning systems. An added plus is the option to store entry and exit data for later retrieval and use.

With these superior security systems in Dubai, you can tighten security at your workplace so that your work environment and data remains safe and secure and you can go about advancing your business goals without worries.

Passwords and Authentication

The weakest security link in any network is authorized users. That their actions could expose their organization to a major security breach, resulting in damaged systems, stolen or destroyed information, malware infection, and so forth. There might also be legal issues to deal with after an attack, and a company can lose customers’ confidence as a result.
Companies should take steps to address this vulnerability. A comprehensive password policy is critical, as a username and password are often all that stands between an attacker and access. A password policy should include the following:

• ●  Change passwords regularly on system-level accounts (every 60 days at minimum).
  
• ●  Require users to change their passwords regularly (at least quarterly).
  
• ●  Require a minimum password length of at least eight characters (and 15 characters for administrative accounts).
  
• ●  Require complex passwords; in other words, passwords must include letters, numbers, symbols, punctuation characters, and preferably both uppercase and lowercase letters.
  
• ●  Passwords can’t be common words, words found in the dictionary (in any language), or slang, jargon, or dialect.
  
• ●  Passwords must not be identified with a particular user, such as birthdays, names, or company-related words.
  
• ●  Never write a password down or store it online or in a file on the user’s computer.
  
• ●  Don’t hint at or reveal a password to anyone over the phone, in e-mail, or in person.
  
• ●  Use caution when logging on to make sure no one sees you entering your password.
  
• ●  Limit reuse of old passwords. 
  
  
  
  In addition to these guidelines, administrators can configure domain controllers to enforce password age, length, and complexity. On Windows 2000 Server, Server 2003, or Server 2008 domain controllers, some aspects of a password policy can be enforced, such as the following:
  
  

  • ●  Account lockout threshold—Set the number of failed attempts before the account is disabled temporarily.
    
  • ●  Account lockout duration—Set the period of time the user account is locked out after a specified number of failed logon attempts.
    
    
    
    
    
  
  

Ethical Hacker

Jackpotting Automated Teller Machines Video

Embedded Operating Systems

An embedded operating system performs a very specific purpose to the exclusion of all other functions. These operating systems are typically found in standalone computerized equipment such as ATM machines or navigation systems. Such a system typically runs a specific piece of programming, such as the guidance system on a rocket, and nothing else. This type of embedded system is often very important for real-time computer functions

Dumpster diving

Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash.

Social engineering

Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.

Why social engineering is performed

Social engineering is a component of many -- if not most -- types of exploits. Virus writers use social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, and scareware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst.

Types of social engineering attacks

• Baiting. Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive or CD-ROM, in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
• Phishing. Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into installing malware on his or her computer or device, or sharing personal or financial information.
• Pretexting. Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
• Quid pro quo. A quid pro quo is when an attacker requests personal information from a party in exchange for something desirable. For example, an attacker could request login credentials in exchange for a free gift.
• Spam. Spam is unsolicited junk email.
• Spear phishing. Spear phishing is like phishing, but tailored for a specific individual or organization. In these cases, the attacker is likely trying to uncover confidential information specific to the receiving organization in order to obtain financial data or trade secrets.
• Tailgating. Tailgating is when an unauthorized party follows an authorized party into an otherwise secure location, usually to steal valuable property or confidential information. This often involves subverting keycard access to a secure building or area by quickly following behind an authorized user and catching the door or other access mechanism before it closes.

TCP/IP

TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP.

embedded operating system

An embedded system is a computer that is part of a different kind of machine. Examples include computers in cars, traffic lights, digital televisions, ATMs, airplane controls, point of sale (POS) terminals, digital cameras, GPS navigation systems, elevators, digital media receivers and smart meters, among many other possibilities. 

In contrast to an operating system for a general-purpose computer, an embedded operating system is typically quite limited in terms of function – depending on the device in question, the system may only run a single application.  However, that single application is crucial to the device’s operation, so an embedded OS must be reliable and able to run with constraints on memory, size and processing power.

Ethical Hacker.

An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the victim system(s) or network(s) is not.

Shoulder surfing

Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Having a strong memory will be useful if you want to try this out !

Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. So from now on cover your keyboard while typing your password !

Cryptography.

The art of protecting information by transforming it into an unreadable format, called cipher text. Only those who possess a secret key can decipher the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called codebreaking, although modern cryptography techniques are virtually unbreakable.

As the Internet and other forms of electronic communication become more prevalent, electronic security is becoming increasingly important. Cryptography is used to protect e-mail messages, credit card information, and corporate data. One of the most popular cryptography systems used on the Internet is Pretty Good Privacy because it's effective and free.

Cryptography systems can be broadly classified into symmetric-key systems that use a single key that both the sender and recipient have, and public-key systems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses.

Reference: http://www.webopedia.com/TERM/C/cryptography.html

Ethical hacker definition.

An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.

* Ethical hackers use the same methods and techniques to test and bypass a system's defenses as their less-principled counterparts, but rather than taking advantage of any vulnerabilities found, they document them and provide actionable advice on how to fix them so the organization can improve its overall security.

The purpose of ethical hacking is to evaluate the security of a network or system's infrastructure. It entails finding and attempting to exploit any vulnerabilities to determine whether unauthorized access or other malicious activities are possible. Vulnerabilities tend to be found in poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures.

Reference: http://searchsecurity.techtarget.com/definition/ethical-hacker

Port Scanner.

A port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer.

Types of port scans:

• vanilla: the scanner attempts to connect to all 65,535 ports
• strobe: a more focused scan looking only for known services to exploit
• fragmented packets: the scanner sends packet fragments that get through simple packet filters in a firewall
• UDP: the scanner looks for open UDP ports
• sweep: the scanner connects to the same port on more than one machine
• FTP bounce: the scanner goes through an FTP server in order to disguise the source of the scan
• stealth scan: the scanner blocks the scanned computer from recording the port scan activities.

Port scanning in and of itself is not a crime. There is no way to stop someone from port scanning your computer while you are on the Internet because accessing an Internet server opens a port, which opens a door to your computer. There are, however, software products that can stop a port scanner from doing any damage to your system.

Reference: http://www.webopedia.com/TERM/P/port_scanning.html

Common Types of Network Attacks: 

Without security measures and controls in place, your data might be subjected to an attack. Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself. Your networks and data are vulnerable to any of the following types of attacks if you do not have a security plan in place.

1. Identity Spoofing (IP Address Spoofing)

Most networks and operating systems use the IP address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to be falsely assumed— identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet.

After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data. The attacker can also conduct other types of attacks, as described in the following sections.

2. Denial-of-Service Attack

The denial-of-service attack prevents normal use of your computer or network by valid users.

After gaining access to your network, the attacker can do any of the following:

• Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion.
• Send invalid data to applications or network services, which causes abnormal termination or behavior of the applications or services.
• Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.
• Block traffic, which results in a loss of access to network resources by authorized users.

3. Sniffer Attack

A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key.

Using a sniffer, an attacker can do any of the following:

• Analyze your network and gain information to eventually cause your network to crash or to become corrupted.
• Read your communications.

4. Password-Based Attacks

A common denominator of most operating system and network security plans is password-based access control. This means your access rights to a computer and network resources are determined by who you are, that is, your user name and your password. 

Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user. 

When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time.

After gaining access to your network with a valid account, an attacker can do any of the following:

• Obtain lists of valid user and computer names and network information. 
• Modify server and network configurations, including access controls and routing tables.
• Modify, reroute, or delete your data.

Reference: https://technet.microsoft.com/en-us/library/cc959354.aspx#mainSection

Embedded Operating Systems:

An embedded system is a computer that is part of a different kind of machine. Examples include computers in cars, traffic lights, digital televisions, ATMs, airplane controls, point of sale (POS) terminals, digital cameras, GPS navigation systems, elevators, digital media receivers and smart meters, among many other possibilities. 

An embedded operating system is typically quite limited in terms of function – depending on the device in question, the system may only run a single application.  However, that single application is crucial to the device’s operation, so an embedded OS must be reliable and able to run with constraints on memory, size and processing power.

Reference:  http://whatis.techtarget.com/definition/embedded-operating-system