Basic Concepts Flashcards

Question

Describe what a Trojan Horse does.

Answer 1

Answer: A Trojan Horse can secretly access the login details of a system, allowing a malicious user to enter the system and cause harm.

Answer 2

Answer: A worm can destroy a system by using its resources to extreme levels. It generates multiple copies, claiming all resources and preventing other processes from accessing them.

Answer 3

Answer: DoS attacks prevent legitimate users from accessing a system by overwhelming it with requests, making it unable to function properly.

Answer 4

Answer: Username/Password User Key/User Card User Attribute Identification

Answer 5

Answer: A one-time password is a password that can be generated exclusively for a login each time a user wants to enter the system and cannot be used more than once.

Answer 6

Answer: OS associates a set of privileges with each process. Privileges dictate what resources the process may access, such as regions of memory, files, and privileged system instructions. Privilege is assigned at configuration time.

Answer 7

Answer: OS design should detect and prevent users gaining unauthorized privileges (intruders) and malicious software gaining privileges (malware).

Answer 8

Answer: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account.

Answer 9

Answer: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges.

Answer 10

Answer: The verification step involves presenting or generating authentication information that corroborates the binding between the entity and the identifier.

Answer 11

Answer: Something the individual knows, something the individual possesses, something the individual is (static biometrics), something the individual does (dynamic biometrics).

Answer 12

Answer: Access controls implement a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

Answer 13

Answer: A firewall acts as a choke point by mediating between the user and the system.

Answer 14

Answer: Sensors, Analyzers, and User Interface.

Answer 15

Answer: Sensors are responsible for collecting data, e.g., log files, system call traces.

Answer 16

Answer: Human Intrusion and Malicious Software Intrusion.

Answer 17

Answer: The CIA Triad consists of Confidentiality, Integrity, and Availability. Confidentiality ensures that information is accessible only to authorized users, protecting it from unauthorized disclosure. Integrity guarantees that data is accurate and has not been tampered with, maintaining its reliability. Availability ensures that authorized users can access the information and resources when needed, preventing disruptions. All three components are crucial because they form the foundation of a secure operating system, protecting it from various threats and vulnerabilities.

Answer 18

Answer: Security and protection are related but distinct concepts. Protection deals with internal threats and access to system resources, focusing on authorization mechanisms and handling simple queries. Security, on the other hand, addresses external threats and uses mechanisms like encryption and authentication to grant access to specific users and handle more complex queries. Both are essential for a comprehensive security strategy, with protection forming the base layer and security adding additional safeguards against external attacks.

Answer 19

Answer: The document outlines several types of security and protection violations: 1. Breach of Confidentiality: Unauthorized reading of data. Example: An attacker gaining access to a file containing sensitive user information. 2. Breach of Integrity: Unauthorized modification of data. Example: A virus altering financial records in a database. 3. Breach of Availability: Unauthorized destruction of data. Example: A Denial of Service (DoS) attack that shuts down a web server. 4. Theft of Service: Unauthorized use of resources. Example: Using a company's computer network to mine cryptocurrency without authorization.

Answer 20

Answer: The document mentions several types of malware: 1. Viruses: Small snippets of code that can corrupt files, destroy data, and crash systems. They can also replicate themselves. 2. Trojan Horses: Can secretly access login details, allowing attackers to wreak havoc on a system. 3. Trap Doors: Security breaches that can be exploited to harm data or files. 4. Worms: Can consume system resources by generating multiple copies, potentially shutting down a whole network. 5. Denial of Service (DoS): Attacks that overwhelm a system with requests, preventing legitimate users from accessing it. Each type of malware poses a different threat, from data corruption to complete system shutdown.

Answer 21

Answer: Strengths: Username/password authentication is a widely used and relatively simple method. It's easy to implement and understand. Weaknesses: It can be vulnerable to attacks such as phishing, brute-force attacks, and social engineering. If a password is weak or compromised, the system's security is at risk.

Answer 22

Answer: One-time passwords provide enhanced security because they are unique for each login and cannot be reused. This significantly reduces the risk of password theft and replay attacks, where an attacker captures a password and uses it later.

Answer 23

Answer: OSS policies involve the operating system associating a set of privileges with each process. These privileges dictate what resources the process can access, such as memory regions, files, and system instructions. These privileges are assigned during configuration. The importance of OSS policies lies in their ability to define and enforce security boundaries within the system, preventing unauthorized access and protecting system integrity. They are crucial for controlling the actions of both users and software, ensuring that they operate within defined limits.

Answer 24

Answer: The document identifies three types of intruders: 1. Masquerader: An unauthorized individual who penetrates a system’s access controls to exploit a legitimate user’s account. They operate by stealing credentials or finding vulnerabilities to bypass security measures. 2. Misfeasor: A legitimate user who accesses data, programs, or resources beyond their authorization or misuses their privileges. They operate from within the system, abusing their granted access. 3. Clandestine User: An individual who seizes supervisory control of the system to evade auditing and access controls. They operate by gaining high-level privileges to hide their activities. Each type represents a different level of access and intent, posing unique challenges to security.

Answer 25

Answer: The authentication process involves two key steps: 1. Identification Step: Presenting an identifier to the security system. This is where the user claims an identity (e.g., username). 2. Verification Step: Presenting or generating authentication information that corroborates the binding between the entity and the identifier. This is where the user proves they are who they claim to be (e.g., password, biometric). The identification step establishes who the user claims to be, while the verification step confirms that claim. Both steps are essential to ensure that only authorized users gain access to the system.

Answer 26

Answer: The four general means are: 1. Something the individual knows: Information known only to the user, such as passwords or PINs. 2. Something the individual possesses: Physical items like smart cards or keys. 3. Something the individual is (static biometrics): Physical characteristics like fingerprints or retina scans. 4. Something the individual does (dynamic biometrics): Behavioral characteristics like voice patterns or typing speed. Each method provides a different way to verify a user's identity, with varying levels of security and convenience.

Answer 27

Answer: Access controls implement a security policy that specifies who or what may have access to each specific system resource and the type of access permitted. They mediate between users and the system, enforcing rules about who can access what and how. Access controls are important because they are fundamental to enforcing security policies, preventing unauthorized access to sensitive data and critical system resources.

Answer 28

Answer: A firewall is an example of access control that acts as a choke point between networks. It enforces a local security policy, determining which network traffic is allowed to pass through. Firewalls are crucial for protecting internal networks from external threats by filtering and blocking unauthorized access attempts. The document also states that a firewall is secure against attack.

Answer 29

Answer: An Intrusion Detection System (IDS) is a system that analyzes various system events to identify if an intrusion has occurred. It contributes to system security by detecting malicious activity that may bypass other security measures. By monitoring system behavior and identifying anomalies, an IDS provides an additional layer of defense, alerting administrators to potential security breaches.

Answer 30

Answer: 1. Host-based IDS: Monitors the characteristics of a single host, such as log files, system calls, and processes. It provides detailed information about activity on that specific machine. 2. Network-based IDS: Monitors network traffic for particular network patterns. It analyzes data flowing across the network to detect suspicious activity. 3. Host-based IDS focuses on individual systems, while network-based IDS focuses on network traffic.

Answer 31

Answer: The three logical components of an IDS are: 1. Sensors: Responsible for collecting data, such as log files and system call traces. They gather the raw information that the IDS analyzes. 2. Analyzers: Receive input from one or more sensors and analyze the data to detect intrusions. They process the collected data, looking for suspicious patterns or anomalies. 3. User Interface: Enables a user to view output and alerts from the IDS. It provides a way for administrators to interact with the IDS and respond to security events. These components work together to collect, analyze, and report on potential intrusions.

Answer 32

Answer: An IDS can detect both human intrusion and malicious software intrusion. This means it can identify unauthorized access by individuals as well as attacks by malware such as viruses, worms, and Trojans.

Answer 33

Answer: Integrity is crucial in operating system security because it ensures that data and system resources are accurate and have not been tampered with. It's about maintaining the reliability and trustworthiness of information. Threats that can compromise integrity include: 1. Unauthorized modification of data: For example, an attacker altering system files or database records. 2. Software bugs: Which can corrupt data or cause system errors. 3. Hardware failures: Which can lead to data corruption. Maintaining integrity is essential for the correct functioning of the OS and the reliability of applications and data.

Answer 34

Answer: Availability means that authorized users should be able to access information and resources when they need them. It’s about ensuring that the system is operational and responsive. Denial-of-service (DoS) attacks directly target availability by overwhelming a system with requests, making it unavailable to legitimate users. The impact of DoS attacks can range from temporary inconvenience to complete disruption of services, causing significant damage to businesses and organizations.

Answer 35

Answer: Challenges in implementing effective operating system security include: 1. Complexity: Operating systems are complex, with many components and potential vulnerabilities. 2. Evolving threats: Attackers constantly develop new techniques, requiring continuous adaptation. 3. User behavior: Human error and negligence can create security loopholes. 4. Resource constraints: Security measures can sometimes impact performance. Strategies to address these challenges include: 1. Defense in depth: Employing multiple layers of security to increase resilience. 2. Regular updates and patching: To address known vulnerabilities. 3. Security awareness training: To educate users about best practices. 4. Automation: Using automated tools for monitoring and threat detection.

Answer 36

Answer: As a system administrator, I would take the following steps to secure a critical server: 1. CIA Triad Implementation: Ensure confidentiality by encrypting sensitive data and using strong access controls, maintain integrity through regular backups and intrusion detection, and ensure availability with redundant systems and DoS protection. 2. Access Controls: Implement strict access controls using firewalls to filter network traffic and enforce the principle of least privilege, granting users only the necessary permissions. 3. Authentication: Enforce strong authentication methods, such as multi-factor authentication, to verify user identities. 4. Intrusion Detection: Deploy a robust Intrusion Detection System (IDS) to monitor system activity and detect any signs of intrusion, using both host-based and network-based IDS components. 5. Malware Protection: Install and regularly update antivirus and anti-malware software to protect against viruses, worms, and Trojans. 6. Regular Updates and Patching: Keep the operating system and all software up-to-date with the latest security patches to address vulnerabilities. 7. Security Audits: Conduct regular security audits and vulnerability assessments to identify and address potential weaknesses.

Basic Concepts Flashcards

The basics of OSS that you should know.