Security Principles

Question 1

What is the goal of minimizing attack possibilities?

Answer 1

Reduce the installed code to only what is necessary.

Question 2

What is the attack surface?

Answer 2

The set of points where an attacker can try to enter or extract data.

Question 3

What metrics count toward the attack surface?

Answer 3

Open sockets, pipes, RPC endpoints, services, and privileged services.

Question 4

How many services should run by default?

Answer 4

As few as possible to minimize vulnerabilities.

Question 5

What are ISAPI filters?

Answer 5

Microsoft’s web server services, also implemented by Apache mod_isapi.

Question 6

What increases attack surface in web servers?

Answer 6

Dynamic web pages and ISAPI filters/apps.

Question 7

How do weak ACLs affect security?

Answer 7

Files, directories, or registry keys with weak ACLs are vulnerable.

Question 8

Why aim for secure defaults?

Answer 8

Reduces attack surface and improves performance.

Question 9

What is defense in depth?

Answer 9

Multiple layers of security controls to protect a system.

Question 10

What is an example of defense in depth?

Answer 10

Bank security with guards, time-release doors, CCTV, and vault layers.

Question 11

How do time-release doors enhance security?

Answer 11

Prevent quick entry/exit, allowing remote locking to trap intruders.

Question 12

Why don’t bank tellers access the vault?

Answer 12

Least privilege principle limits their access to reduce risk.

Question 13

What is a feature of a bank vault?

Answer 13

Thick metal, multiple compartments, and controlled opening times.

Question 14

What is the least privilege principle?

Answer 14

Run processes with minimal privileges to limit damage from attacks.

Question 15

What happens if a vulnerability allows code injection?

Answer 15

Malicious code runs with the same privileges as the compromised process.

Question 16

How should web servers avoid admin privileges?

Answer 16

Run as low-privilege accounts, like Apache’s nobody account.

Question 17

How does Apache manage privilege?

Answer 17

Main httpd process starts as root, spawns low-privilege processes.

Question 18

What is Run As Different User?

Answer 18

A Windows 2000 feature to run apps with alternate credentials.

Question 19

What is Run as Administrator?

Answer 19

A Vista/Windows 7-10 feature to elevate app privileges temporarily.

Question 20

Why is closing an admin-privileged app safer?

Answer 20

Ends elevated privileges, reducing risk.

Question 21

What is backward compatibility in security?

Answer 21

Ensuring new protocols work with older systems.

Question 22

Why is backward compatibility a security issue?

Answer 22

Insecure older versions may persist due to non-upgrading clients.

Question 23

What is an example of a protocol with compatibility issues?

Answer 23

Server Message Block (SMB) protocol.

Question 24

When was secure SMB with packet signing introduced?

Answer 24

With Windows 98 and NT4 SP3.

Question 25

What does SMB packet signing prevent?

Answer 25

Man-in-the-middle attacks and data tampering.

Question 26

How does SMB ensure message integrity?

Answer 26

Digital signatures in packets, verified by client and server.

Question 27

What is a man-in-the-middle attack?

Answer 27

An attacker impersonates a communicator to monitor or control data.

Question 28

Why can attackers force old SMB versions?

Answer 28

Backward compatibility allows fallback to insecure versions.

Question 29

What is Internet Protocol Security (IPSec)?

Answer 29

A protocol addressing TCP/IP insecurities.

Question 30

Why is IPSec not enabled by default?

Answer 30

Not all servers support it, maintaining TCP/IP vulnerabilities.

Question 31

Why are security features not inherently secure?

Answer 31

Must be correctly chosen and implemented for specific threats.

Question 32

When is SSL/TLS ineffective?

Answer 32

If the client-to-server data stream isn’t the attack target.

Question 33

What is security by obscurity?

Answer 33

Relying on hidden information for protection.

Question 34

Why avoid security by obscurity?

Answer 34

Obscured information is easily discovered, offering weak defense.

Question 35

Why should code and data not be mixed?

Answer 35

Mixing enables exploits, like viruses in email or web scripts.

Question 36

What was Lotus 1-2-3’s security issue?

Answer 36

Macros mixed code with data, enabling dangerous actions.

Question 37

How does Office XP handle code and data?

Answer 37

Disables macro execution by default, user sets policy.

Question 38

What should developers do with security bugs?

Answer 38

Fix them and search for similar issues in the app.

Question 39

Why are security flaws compared to cockroaches?

Answer 39

Finding one suggests more exist in the code.

Question 40

How should security bugs be fixed?

Answer 40

Address the root cause openly, not just symptoms.

Question 41

Why avoid covering up security bugs?

Answer 41

Leads to conspiracy theories and distrust.

Question 42

What is an example of a low-privilege account?

Answer 42

Apache’s nobody account for handling web requests.

Question 43

What is the benefit of configurable protocol versions?

Answer 43

Allows clients to choose secure versions, reducing legacy risks.

Question 44

What attacks does secure SMB close?

Answer 44

Man-in-the-middle and data-tampering attacks.

Question 45

Why is TCP/IP considered insecure?

Answer 45

Lacks built-in protections against common network attacks.

Question 46

What is the role of a bank guard in defense in depth?

Answer 46

Provides an outer layer of physical security.

Question 47

How do CCTV cameras contribute to security?

Answer 47

Monitor all areas, deterring and recording threats.

Question 48

What is a secure default in app development?

Answer 48

Disabling unnecessary features to reduce attack surface.

Question 49

Why count open sockets in attack surface?

Answer 49

Each socket is a potential entry point for attackers.

Question 50

What are open pipes in security?

Answer 50

Communication channels that could be exploited if unsecured.

Question 51

What is an RPC endpoint?

Answer 51

A remote procedure call point, vulnerable if exposed.

Question 52

Why minimize services running with high privileges?

Answer 52

Reduces risk of system-wide compromise if exploited.

Question 53

How do weak ACLs on files increase risk?

Answer 53

Allow unauthorized access or modification.

Question 54

What is the default policy for macros in modern apps?

Answer 54

User decides whether to allow execution, not automatic.

Question 55

Why fix security issues openly?

Answer 55

Builds trust and avoids speculation about hidden flaws.

Question 56

What is the risk of running web servers as admin?

Answer 56

Exposes the system to severe compromise if hacked.

Question 57

Why is upgrading protocols challenging?

Answer 57

Large client bases may resist or delay upgrades.

Question 58

What is packet signing in SMB?

Answer 58

Adding digital signatures to packets for authenticity.

Question 59

Why is defense in depth like a bank?

Answer 59

Multiple independent layers ensure robust protection.