Security Problems In Computer Management Flashcards
(15 cards)
How have computer security issues evolved from 30 years ago to the 21st century?
30 years ago, security focused on locked computer rooms and insider threats (e.g., authorized users misusing accounts). Today, interconnected systems via the internet face viruses, worms, and vulnerabilities exploited by individuals or malware (e.g., Aliz worm).
What are the key steps outlined in RFC2196 for securing systems?
Identify what to protect, threats to protect against, likelihood of threats, implement cost-effective measures, and review and improve the process when weaknesses are found.
What are the main security problems in computer management?
Internet-based incidents, weak authentication, ease of spying/monitoring, ease of spoofing, flawed LAN services, mutually trusting hosts, complex configurations, and unscalable host-based security.
What are examples of security incidents on the internet?
Persistent vulnerabilities in server software (e.g., UNIX sendmail), Trojans in software (e.g., FTP server giving privileged access), sniffer programs installed by intruders, and use of toolkits.
Why is weak authentication a significant security problem?
Most incidents stem from weak passwords (e.g., <6 characters, dictionary words). Ancient UNIX stored encrypted passwords in readable files, crackable by programs. Some TCP/UDP services rely on host-level authentication, not user-level, violating least privilege.
How does DHCP affect host-based authentication?
DHCP dynamically assigns IP addresses, making reliance on IP-based authentication insecure, especially with mobile users. This necessitates user-level authentication or stronger methods like MFA or TLS client certificates.
What are modern solutions to weak authentication?
User-level authentication (username/password), Multi-Factor Authentication (MFA) requiring multiple verification methods, and TLS client certificates for secure client identification beyond host addresses.
How does ease of spying create security risks?
Passwords travel in plaintext via email, TELNET, or FTP, vulnerable to monitoring. SSH (e.g., PuTTY, OpenSSH) and TLS protocols are recommended. Military-grade encryption (≥1024 bits) or AES-256 protects sensitive data like credit card numbers.
What are specific examples of spying-related threats?
X-Window system vulnerabilities allowed intruders to read keystrokes. Email Trojans enable remote control for DDoS attacks. Keyloggers secretly send keystrokes to third parties.
What are bootkits, and why are they a critical security threat?
Bootkits infect the volume/master boot record or UEFI, running malicious code before the OS loads. UEFI bootkits, embedded in motherboards, evade detection and persist despite hard drive changes, often installed via free downloads or browser vulnerabilities.
How do rootkits undermine system security?
Rootkits operate below the OS, evading detection (e.g., Spicy Hot Pot rootkit, 2020, disabled antivirus and changed browser homepages). They enable remote control and malicious software installation, targeting network or application security.
How does IP spoofing work, and why is it a concern?
Attackers change their host’s IP to mimic a trusted client, using source routing to specify packet paths. Servers accept requests as legitimate, forwarding replies via the trusted client. Source routing is now blocked, reducing this threat.
How do insider attacks and email spoofing exploit systems?
Insider attacks impersonate offline systems. Email spoofing is easy without digital signatures, making email untrustworthy. DNS spoofing is harder but possible.
Why does host-based security not scale?
Host-based security, relying on IP addresses, lacks user-level granularity, is insecure with DHCP, and struggles with complex configurations and mutually trusting hosts, making it unscalable for modern interconnected systems.
Why are encryption standards like AES-256 critical?
AES-256 (US standard) and ≥1024-bit military-grade encryption protect sensitive data (e.g., credit card numbers) from spying, ensuring secure transmission and storage in databases.
