Study Guide - Chap19: Embracing Best Security Practices Flashcards
(10 cards)
3- Jaime is interested in using a distributed database method for authorizing users to access resources located on multiple network servers. Which authentication method would be best for her to use?
- LDAP
- Kerberos
- Tokens
- RADIUS
- PKI
LDAP
The LDAP authentication method allows administrators to create a distributed database that not only authenticates user accounts but tracks user authorization of network resources, so option A is correct. The Kerberos and RADIUS authentication methods don’t use a distributed database, nor can they authorize users to access network resources, so options B and D are incorrect. Tokens and PKI are two‐factor authentication methods that don’t use distributed databases, nor do they authorize users to access network resources, so options C and E are incorrect.
4- Fred wants to block users from logging in directly with the root user account from any console or terminal session. What is the best way he can do that?
- Implement biometric authentication.
- Implement tokens.
- Use Kerberos authentication.
- Remove root user entry from the /etc/passwd file.
- Set the default login shell for the root user to /usr/sbin/nologin.
**Set the default login shell for the root user to /usr/sbin/nologin.
**
When you specify the nologin utility as the default shell for a user account, users will receive a message upon successful login that they aren’t allowed to access the system, so option E is correct. Biometrics, tokens, and Kerberos are all authentication methods that won’t prevent the root user account from logging in, so options A, B, and C are all incorrect. Removing the root user account from the /etc/passwd file removes the root user account from the system, which will break applications that require the root user account to run, so option D is incorrect.
6- Sally is concerned about an application that allows guests to connect to her Linux system and access a database. What can she do to limit the application to a specific directory structure on the Linux server so it can’t access system data?
- Block the application network port.
- Move the application port to a private port number.
- Place the application in an encrypted partition.
- Run the application with chroot.
- Place the application in a separate partition.
Run the application with chroot.
The chroot program restricts an application to a specific area within the virtual filesystem structure, so option D is correct. Blocking the application network port would prevent guests from connecting to the application, so option A is incorrect. Moving the application to a private port number wouldn’t restrict access to directories, so option B is incorrect. Placing the application in an encrypted partition or on a separate partition wouldn’t prevent the application from accessing data outside of the application, so options C and E are incorrect.
chroot
- a command that changes the apparent root directory for a running process and its children, creating an isolated environment where the process cannot access files outside the new root.
- Primary uses include creating secure sandboxes for applications, setting up build environments, system recovery operations, and containing potentially dangerous processes.
- Security limitation provides only basic isolation since processes can still escape chroot jails through various methods, making it less secure than modern containerization technologies like Docker.
LUKS
Linux Unified Key Setup (LUKS) feature provides disk‐level encryption
8- Ned notices in the logs that a user account schedules a job every day at noon that uses all of the system resources. How can he prevent that user account from doing that?
- Use chroot for the user account.
- Use nologin as the user’s default shell.
- Add the user account to the /etc/cron.deny file.
- Add the user account to the /etc/hosts.deny file.
- Create a /etc/motd message telling users to not schedule large jobs.
Add the user account to the /etc/cron.deny file.
The /etc/cron.deny file is a list of user accounts prevented from scheduling jobs, so adding the user to that file would stop them from scheduling the job, making option C correct. The chroot program restricts applications to a specific location in the virtual filesystem; it doesn’t block users from scheduling jobs, so option A is incorrect. The nologin program prevents user accounts from logging into the system, which is an extreme solution to the problem, so option B isn’t a good solution. The /etc/hosts.deny file blocks hosts from accessing the system and not users from scheduling jobs, so option D is incorrect. The /etc/motd file displays a message to all users as they log into the system, but it won’t block them from scheduling jobs, so option E is incorrect.
9- Tom sees an attacker continually attempt to break into a user account on his Linux system from a specific IP address. What can he do to quickly mitigate this issue?
- Place the application in a chroot jail.
- Add the nologin shell to the user account.
- Implement two‐factor authentication.
- Add the attacker’s IP address to the /etc/hosts.deny file.
- Add the user account to the /etc/cron.deny file. incorrect.
Add the attacker’s IP address to the /etc/hosts.deny file.
The fastest way to deter an attacker is to place their IP address in the /etc/hosts.deny file, preventing them from accessing the system, so option D is correct. Placing applications into a chroot jail prevents the application from accessing files outside of the jail filesystem but doesn’t prevent the attacker from continuing to access a user account, so option A is incorrect. Adding the nologin shell to the user account will prevent the attacker from accessing the user account but will also block the valid user from accessing the account, so option B is incorrect. Implementing two‐factor authentication will help stop the attacker but isn’t a quick solution, so option C is incorrect. Adding the user account to the /etc/cron.deny file prevents the user account from scheduling jobs but won’t stop the attacker from trying to log in as the user account, so option E is incorrect.
10- Despite his warnings, Fred continues to see users transfer files to his Linux server using unsecure FTP. How can he stop this?
- Place a message in the /etc/motd file telling users to stop.
- Move the FTP application to a different network port.
- Place the user accounts in the /etc/hosts.deny file.
- Place the user accounts in the /etc/cron.deny file.
- Disable the FTP application ports.
Disable the FTP application ports.
Disabling the FTP application network ports will prevent users from being able to use the FTP service, so option E is correct. Placing a message in the /etc/motd file to display when users log in won’t prevent them from using the FTP service, so option A is incorrect. Moving the FTP application to a different network port may temporarily solve the problem, but once users find the alternative ports, they can continue using FTP, so option B is incorrect. The /etc/hosts.deny file contains IP addresses or hostnames of remote hosts to block, not user accounts, so option C is incorrect. The /etc/cron.deny file blocks users from scheduling jobs, not accessing network applications, so option D is incorrect.
DenyHosts
A security tool that monitors SSH login attempts and automatically blocks IP addresses that show suspicious activity like repeated failed login attempts by adding them to /etc/hosts.deny.
Key difference is that Fail2Ban supports multiple services and uses firewall rules for blocking, while DenyHosts focuses specifically on SSH protection using TCP wrappers for access control.
Fail2Ban
a more comprehensive intrusion prevention system that monitors various log files (SSH, web servers, email) and temporarily bans IP addresses showing malicious behavior using iptables rules.
Key difference is that Fail2Ban supports multiple services and uses firewall rules for blocking, while DenyHosts focuses specifically on SSH protection using TCP wrappers for access control.
