ELEC 377

Question 1

What are the 4 security levels

Answer 1

1) Physical
2) Human
3) Network
4) OS

Question 2

Which two security levels are outside of OS control

Answer 2

1) Physical
2) Human

Question 2

What are 3 methods to implement physical security

Answer 2

1) Bios Password
2) Drive encryption (Can be device level or OS level)
3) Limit who has access to hardware

Question 3

What are some common Human Security attacks

Answer 3

Password Resets
Phishing
Baiting (Free hardware or software that contains viruses)
Tech Support callbacks
Fake services

Question 4

What is the CIA of system security

Answer 4

C - Confidentiality
I - Integrity
A - Availability

Question 5

What are confidentiality issues in system security

Answer 5

Issues that stem from data problems, such as unauthorized disclosure of data, personal information, corporate R&D, financials or government information

Question 6

What are integrity issues in system security

Answer 6

Modification of data such as balances on a credit card, or system modification, such as backdoor servers or software

Question 7

What are availability issues in system security

Answer 7

Unauthorized use (leads to loss of CPU cycles)
Denial of service, or a change of password

Question 8

Describe: Encryption at rest

Answer 8

Data in long term memory ie on a disk or hard drive is encrypted, and only decrypted when in use.

Question 8

What is application security

Answer 8

Security regarding applications a user installs. Applications may be vulnerable, or may be malicious. These attacks can be prevented by encryption at rest

Question 9

Security is?

Answer 9

Pervasive. Needs to be taken seriously by entire organization, or vulnerabilities will arise.

Question 10

What is a stack overflow attack

Answer 10

Binary code is written into a buffer, overwriting the return address to point to the buffer, executing that code

Question 10

What is the two types of Call/Return

Answer 10

intel/PPC/ZOS - Push return address to stack
ARM/NIOS - store return address in link register. If there are nested calls then push return address to stack

Question 11

What is a real life example of Stack Overflow attack mentioned in class

Answer 11

BMP attack - stack overflow attack on images

Question 12

How can we protect against stack overflow

Answer 12

Address Randomization - Logical address of data segment and stack segment change each time the process runs
Executability - Make stack pages not executable
Canary Values - Insert values into stack. If those values have been modified when exiting code we know an error is caused and terminate process

Question 12

Canary Values

Answer 12

Usually compiler generated. Random value is provided by OS and read into a global value during process startup

Question 13

What does the Device Driver Interface do?

Answer 13

It presents the devices connected to the programs. Devices are usually abstracted into different class such as SATA or SCSI drives.

Question 14

What are the two main types of devices discussed in class

Answer 14

1) Character Devices - Move data 1 byte at a time. Mouse, keyboard Modems
2) Block devices - Devices where the minimum unit of transfer is a block. Discs, tapes, network interfaces

Question 15

What does the /dev directory do

Answer 15

The /dev directory stores device files. Device files can only be created by root. Note that in unix everything is masked as a file

Question 16

How are files in /dev setup

Answer 16

inode attributes specify the device. There are no data blocks. Major and minor numbers are used to specify drivers and specific devices respectively.

Question 17

How do Character Device Drivers work

Answer 17

Major numbers connect the device to the driver. There can be multiple files with the same major number and the same or different minors. A process reads and writes to/from the device by reading & writing to/from the device file.

Question 18

What is the concept of informational security

Answer 18

Informational security is the idea that individual pieces of information reveal nothing, but collectively they reveal private information.

Question 19

What are some ways informational attacks take place

Answer 19

1) Carefully crafted queries. Asking a specific question that seems harmless but reveals information that may be important.
2) Traffic analysis

Question 20

What is authentication as discussed in class.

Answer 20

The question of ensuring the person trying to access information or a system is the person they are saying they are.

Question 21

What are the 3 authentication factors

Answer 21

1) Something you know like a password 2) Something you have like a security fob 3) Something you are like biometrics

Question 22

What are some specifications of the 2003 NIST password guidlines

Answer 22

1) Use special characters/numbers 2) Periodically change your password

Question 23

What are some problems with periodic password changes and what is the common time limit on password

Answer 23

4 months. Due to often changing passwords, people will use variants of their old password. This leads to easier password cracking attempts

Question 24

What were amendments made to the NIST guidelines in 2017

Answer 24

Organizations SHOULD not required arbitrary changes. They SHALL forces a change if there is evidence of a compromise. They SHOULD not impose composition rules. They SHALL compare to a list of common words and SHALL reject if the password is deemed weak. SHOULD permit the paste functionality to facilitate the use of password managers

Question 25

What are some common problems with passwords and passphrases

Answer 25

1) People use common substitutions that can be easily guessed. 2) People use common words or phrases or significant words/phrases that password crackers can find.

Question 26

What is the general rule for password guidelines

Answer 26

THE ONLY THING THAT MATTERS IS LENGTH!!! thats what she said (;

Question 27

What are some common password vulnerabilities not related to their composition

Answer 27

1) Packet sniffing - unencrypted network protocols can be compromised 2) Account sharing 3) Masquerade - A program that looks like a login screen and steals information. 4) Shoulder Surfing 5) ATM skimming

Question 28

What are some issues with biometric security

Answer 28

1) External devices can be logged/tracked 2) Biometrics lead to a false sense of security 3) Organizations can make uneducated decisions, or use biometrics for selfish reasons ie recording shoppers in a store. 4) Fake fingers - silicone or gelatin fingers that can mimic the attributes of skin 5) Face masks with photos - can be used to fool bad surveillance systems 6) Biometric systems can reduce anonymity - everyone has photos of everyone else

Question 29

What is the most recent changes made to the NIST guidelines in 2024

Answer 29

The recommendations from 2017 are not requirements. More multi factor and risk based authentication information is included.

Question 30

What are some ways websites can verify passwords when logging in, and prevent attacks

Answer 30

1) Store passwords in a secure encrypted 2) rate limiting - do not allow user to enter incorrect password many times in a row

Question 31

Linux password manger

Answer 31

?

Question 32

What is the difference between program threats and system threats

Answer 32

Program threats are types of vulnerabilities in programs that may lead to an incident or breach. System threats are the same but apply to systems

Question 33

What is a common threat implemented

Answer 33

Back Door attack. A hole left by the programmer to allow for an attack. Usually a hard coded number, password or identifier.

Question 34

How do SUID program attacks work

Answer 34

An SUID program is one that runs with administrator. A security check is made before doing an action then the action is done. The attack switches the action between check and do so the functionality the attacker wants is run with admin privilege.

Question 35

Why is parameter checking important to prevent program threats

Answer 35

Parameters need to be checked to prevent attackers from passing harmful code through bash scripts, web parameters or SQL injections

Question 36

Name a few system threats

Answer 36

1) Key loggers - track inputs and sometimes hardware decisions 2) Trojan Horse - program that pretends to do one thing while doing a different thing on the side. 3) Masquerade - Special type of trojan horse. Common examples are login or web site masquerades.

Question 37

What is the difference between a Virus or Worms

Answer 37

Viruses are sophisticated attacks that usually us a trojan horse to begin their attack. Worms are similar to viruses but they break into other systems and copy themselves onto that system. Viruses need human action to spread

Question 38

Why is the term metamorphic sometimes used to refer to Viruses and worms

Answer 38

Metamorphic viruses and worms constanly rewrite themselves, by changing lines such as mov eax, 0 to xor eax, eax. This allows them to hide from malware detectors which are signature based.

Question 39

Describe the process of a smurf attack

Answer 39

Ping packets are sent between systems. An attacker will lie about their IP address and send a global ping packet which will illicit many responses which are returned to the fake IP address which is actually the address of the target. This overwhelms the target system.

Question 40

What is the difference between a fraggle attack and a smurf attack

Answer 40

A fraggle attack uses echo responses instead of ping responses.

Question 41

What is Eavesdropping and what is an attempt to prevent it

Answer 41

Eavesdropping is listening in on another users internet traffic. Internet switches are supposed to prevent this however ARP poisoning is a problem

Question 41

What are 4 types of Network attacks that deny service

Answer 41

1) Smurf 2) Fraggle 3) ICMP 4) XMas tree

Question 42

What does ARP stand for and what is ARP poisoning.

Answer 42

ARP stands for address resolution protocol, and is man in the middle attack in switched environments. A user can change their MAC address to receive another users messages then pass them back to the other user as if nothing is happening.

Question 42

How can ARP poisoning be prevented

Answer 42

Logging MAC address changes to prevent sending information after a suspicious change

Question 43

Describe pharming as mentioned in class

Answer 43

Pharming attack start by compromising a DNS. They will impersonate a website, track information given, then pass the information on to the normal website and use the information later

Question 44

Define a rootkit as mentioned in class

Answer 44

A Root Kit is software used to hide the evidence of system modification. They were originally used by intruders in Unix system to hide backdoor changes

Question 45

Is a rootkit an initial vulnerability

Answer 45

No. Rootkits are not how an attacker broke into the system. Sometimes the attacker will patch the attack to prevent the system being taker

Question 46

How can a RootKit be caught?

Answer 46

Manually search device drivers & parse disk data structures. Then compare the values found to the values the os displays. If there are discrepancies there is something afoot.