os security intro

Question 1

what is os security

Answer 1

measures and mechanisms implemented to protect the os from threats vulnerabilities and unauthorised access

Question 2

what is access control

Answer 2

controlling the resources that a user can access based on authentication and authorization

Question 3

authentication

Answer 3

verifying the identity of a user

Question 4

authorization

Answer 4

granting and restricting access based on the users roles and permissions

Question 5

what is the active entity

Answer 5

the subject
user/process

Question 6

what is the passive entitiy

Answer 6

the object
the file/resource

Question 7

discretionary access control

Answer 7

the owner of the resource decided who is allowed access

Question 8

mandatory access control

Answer 8

a system-wide policy decides who is allowed access

Question 9

what are user identifiers

Answer 9

unique numbers assigned to users to identify and manage their access

Question 10

what are the five types of user identifiers

Answer 10

user id uid
group id gid
effective uid euid
real uid ruid
saved uid suid

Question 11

uid

Answer 11

assigned to each user

Question 12

what is the uid of the root and why is this special

Answer 12

0
gives unrestricted access to the system

Question 13

gid

Answer 13

assigned to a group of users

Question 14

what are two benefits of gid

Answer 14

more effective as you dont need to configure permissions for each user
easier to modify permissions for the group rather than each user separately

Question 15

euid

Answer 15

determines permissions for processes

Question 16

ruid

Answer 16

the uid of the user who started the process

Question 17

suid

Answer 17

allows a process to switch back to privileged uid after temporarily dropping privileges

Question 18

nobody uid

Answer 18

massive number
used for running untrusted processes so it has minimal priveleges

Question 19

how does assigning uid work

Answer 19

when a user logs in the system designs their uid and guid and all the files and processes created by them have the same uid and gid
when they attempt to access a resource the permissions are checked against their uid and gid

Question 20

what are two of the potential threats with access control

Answer 20

privilege escalation
uid reuse

Question 21

how is uid reuse a potential threat in access control

Answer 21

reassigning the uid to a new user may mean that they still have the same privileges of the old user

Question 22

how is privilege escalation a potential threat in access control

Answer 22

hackers can exploit a misconfigured uid to gain privileges

Question 23

what is file system security

Answer 23

protecting files and directories via permissions and encrypting sensitive data to avoid unauthorised access

Question 24

what are the three parts of file permissions (+ explain them)

Answer 24

ownership: all owned by a specific user/group that decide the permissions
permission types (r, w, x)
levels: user(owner) , group, others

Question 25

which two apps can we use to check the integrity of a file and what exactly do they do

Answer 25

tripwire aid checks for unauthorised access

Question 26

what is the concept of least privilege

Answer 26

is privileges are appropriate they'll allows processes and users to have the least privileges required to carry out their tasks

Question 27

what are the uid 1-999 reserved for

Answer 27

for system services and daemons

Question 28

how does file permissions work in linux

Answer 28

rwx stored together for user, group and others with - if they dont have that permission e.g. rwxr-----

Question 29

process isolation

Answer 29

ensures that each process has its own space so they dont interfere with each other and access/ corrupt each others memory

Question 30

what is an example of process isolation

Answer 30

windows container

Question 31

memory protection

Answer 31

ensures that a process only accesses authorised memory regions prevents unauthorised access to the kernel and other memory regions

Question 32

how do privilege levels work in process and memory protection

Answer 32

separate user and kernel space the user has limited access whilst the kernel has access to all software hardware and memory resources

Question 33

what are the three potential threats in process and memory protection

Answer 33

denial of service privilege escalation buffer overflow

Question 34

how do we mitigate privilege escalation in process and memory protection

Answer 34

strict separation between user and kernel mode

Question 35

how do we mitigate dos in process and memory protection

Answer 35

resource limits and process scheduling

Question 36

what is a buffer

Answer 36

a contiguous memory block that stores data temporarily

Question 37

how do attackers use buffer overflows to their benefit

Answer 37

overwriting memory via exploiting poorly written code to execute malicious code

Question 38

what can an attacker do with a buffer overflow

Answer 38

add an account control the app remotely alter the system configuration force the program to execute commands to the cmd shell

Question 39

what are the three types of messages with buffer overflows

Answer 39

bus error segmentation error general protection fault

Question 40

segmentation error + general protection fault

Answer 40

memory protection deny access: usually means that theres a buffer overflow

Question 41

bus error

Answer 41

memory doesnt exist

Question 42

what are some good practices for memory and process protection

Answer 42

secure coding to avoid buffer overflows enabling security features regular software updates limit privileges monitor and audit

Question 43

what are some security features that can be enabled in memory and process protection

Answer 43

alsr: address space layout randomisation nx: non-executable

Question 44

alsr: address space layout randomisation

Answer 44

random memory allocation to attackers dont know where the buffers are

Question 45

nx: non-executable

Answer 45

protected areas

Question 46

patch management

Answer 46

applying security patches(updates) regularly and updating the os to fix vulnerabilities and bugs

Question 47

what are the four types of patches

Answer 47

security bug fixes feature update performance patches

Question 48

security patches

Answer 48

fix vulnerabilities that could be exploited by hackers

Question 49

big fixes (patches)

Answer 49

resolve bugs causing crashes and errors

Question 50

feature updates (patches)

Answer 50

new functionality/ improve existing features

Question 51

performance patches

Answer 51

optimise os usage and increase software performance

Question 52

what are the four types of audits

Answer 52

security compliance operational forensic

Question 53

security audit

Answer 53

evaluate the effectiveness of security control and identify vulnerabilities

Question 54

compliance audit

Answer 54

ensure adherence to regulated requirements

Question 55

operational audit

Answer 55

assess efficiency and effectiveness of operational processes

Question 56

forensic audit

Answer 56

investigate security incidents/breaches to determine the cause and impact

Question 57

what are the five types of logs

Answer 57

system application security network audit

Question 58

system log

Answer 58

record system events e.g. shutdown

Question 59

application logs

Answer 59

track events within specific apps e.g. login attempts

Question 60

security logs

Answer 60

security related events e.g. authentication

Question 61

network logs

Answer 61

monitor the network for traffic and connections

Question 62

audit logs

Answer 62

track user activities for accountability

Question 63

what are the best practices for auditing and logging

Answer 63

enable comprehensive logging centralise log management protect logs regularly review logs retain logs conduct regular audits

Question 64

what do we mean by enable comprehensive logging

Answer 64

ensure all critical components generate logs and are logging relevant details e.g. timestamps, uid pid

Question 65

how do we centralise log management

Answer 65

collect and analyse logs from multiple sources

Question 66

how do we protect logs

Answer 66

encrypt and restrict access to logs user write-once storage to prevent tampering

Question 67

why and how do we regularly review logs

Answer 67

to detect anomalies via automated tools

Question 68

how do we retain logs

Answer 68

should keep them for a time period as defined by policies and regulations they should be archived for future reference

Question 69

why do we conduct regular audits

Answer 69

we can use audit trails to investigate incidents and track changes

Question 70

auditing

Answer 70

reviewing and analysing logs and records to detect anomalies

Question 71

logging

Answer 71

recording events and activities in the system/app/network

Question 72

what are the 6 key components of patch management

Answer 72

inventory and assessment vulnerability monitoring patch acquisition testing deployment (deploy after testing) verification and documentation

Question 73

inventory and assessment (patch management)

Answer 73

maintaining an inventory of hardware and software identify which applications require patches

Question 74

vulnerability monitoring (patch management)

Answer 74

using vulnerability scanners to find new vulnerabilities and patches

Question 75

patch acquisition (patch management)

Answer 75

downloading patches from trusted sources and verifying their integrity via checksums/digital signatures

Question 76

testing (patch management)

Answer 76

testing patches in a controlled environment and checking for compatibility with the system/apps usually dont by the company deploying them

Question 77

verification and documentation (patch management)

Answer 77

check theyre successfully applied and functioning correctly monitoring for issues maintain records of patching activities - which ones have been applied where and when