Threats to OS Flashcards

Question

Briefly describe a "Buffer Overflow" vulnerability.

Answer 1

Answer: A Buffer Overflow occurs when a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory and causing crashes or allowing malicious code execution.

Answer 2

Answer: Operating Systems should provide proper boundaries between processes and ensure resource availability to prevent denial-of-service attacks.

Answer 3

Answer: Intrusion Detection and Authentication are two counter-measures for OS security.

Answer 4

Answer: An Intrusion Detection System (IDS) analyzes system events to identify potential security breaches or malicious activity.

Answer 5

Answer: HIDS monitors a single host for malicious activity, while NIDS monitors network traffic.

Answer 6

Answer: Firewalls protect networks by monitoring and controlling incoming and outgoing traffic, blocking unwanted or malicious access.

Answer 7

Answer: TLS/SSL certificates encrypt data transmitted between a user and a website, protecting sensitive information.

Answer 8

Answer: Physical security is crucial because an attacker with physical access can directly manipulate OS files and configurations.

Answer 9

Answer: The two steps are identification (presenting an identifier like a username) and verification (providing authentication information like a password).

Answer 10

Answer: Authentication verifies a user's identity, while authorization determines what actions or resources the user is allowed to access.

Answer 11

Answer: Biometric verification, such as fingerprint scanning, is a user attribution authentication technique.

Answer 12

Answer: Access control manages and restricts who or what can access specific system resources.

Answer 13

Answer: Type C2 security classification adds individual-level access control to protect user data.

Answer 14

Answer: The TCB is the set of hardware, firmware, and software components critical for enforcing the system's security policy.

Answer 15

Answer: According to the slide, Linux is considered the fastest operating system.

Answer 16

Answer: Linux enforces strict authorization policies, even during file creation, and ensures that the OS is aware of all resources being handled by users.

Answer 17

Answer: 1. Malware is malicious software designed to harm computer systems. Types include viruses, worms, Trojan horses, and logic bombs. 2. Viruses attach to executable files and spread when the infected file is executed, corrupting files and data. 3. Worms are self-replicating and can spread across networks, consuming resources and potentially causing system crashes. 4. Trojan horses disguise themselves as legitimate software to trick users into installing them, allowing attackers to gain unauthorized access or steal data. 5. Logic bombs are code snippets that execute malicious actions when specific conditions are met, such as a certain date or user action. The damage caused by malware can range from data loss and system instability to complete system compromise and unauthorized access.

Answer 18

Answer: A Buffer Overflow occurs when a program writes more data to a buffer than it is allocated, overwriting adjacent memory locations. This vulnerability can be exploited by attackers to inject and execute arbitrary code, gain control of the system, or cause it to crash. For example, if a program asks for a user's name and stores it in a buffer of 20 characters, providing an input longer than 20 characters can overwrite adjacent memory, potentially altering program execution flow or injecting malicious code. Buffer overflows are a significant threat because they can be exploited in various software, including operating system components, making them a target for attackers.

Answer 19

Answer: Operating systems can be protected through various security measures: 1. Regular Updates and Patches: Keeping the OS and software updated is crucial to address known vulnerabilities. 2. Antivirus Software: Antivirus software detects and removes malware. 3. Firewalls: Firewalls control network traffic, blocking unauthorized access. 4. Intrusion Detection Systems (IDS): IDS monitor systems for malicious activity. 5. Authentication: Verifying user identities to ensure only authorized users access the system. 6. Access Control: Implementing policies to restrict access to system resources based on user roles and privileges.

Answer 20

Authentication and authorization are fundamental to OS security. Authentication verifies who a user is, while authorization determines what they can do. Authentication ensures that only legitimate users can access the system, while authorization restricts their actions to prevent unauthorized access to resources. Authentication methods include: 1. Username/Password: Traditional method using unique credentials. 2. User Attribution: Biometric verification techniques like fingerprints or retina scans. 3. User Card and Key: Using physical cards or key generators for access. These methods aim to establish trust before granting access to system resources.

Answer 21

Access control is a security mechanism that manages and restricts who or what can access specific system resources. It ensures that users have appropriate permissions and prevents unauthorized access to sensitive data or system functions. Access control contributes to OS security by: 1. Enforcing security policies. 2. Mediating between users and the system. 3. Limiting the potential damage from insider threats or compromised accounts.

Answer 22

The Trusted Computing Base (TCB) is the set of all hardware, firmware, and software components critical to the computer's security. It's the foundation of security, and any vulnerability within the TCB can compromise the entire system. The TCB is significant because it: 1. Enforces the system's security goals. 2. Provides a trusted environment for the OS to operate. 3. Requires that the software that boots the system and enforces security is also trusted.

Answer 23

The Secure OS Trust Model assumes that the OS cannot trust processes outside of the TCB to behave as expected. This is a stricter approach compared to most modern systems, which often assume that programs run by a user will behave as the user intends. Advantages of the Secure OS Trust Model: 1. Easy to use and administer. 2. Aligns with the principle of least privilege. 3. Gives object owners more control over access.

Answer 24

The Linux OS architecture incorporates several security features: 1. Mandatory association of users with groups. 2. Files are owned by users and groups within the OS. 3. Prevention of changing file ownership to non-existent users. 4. Authorization policies applied during file creation and access. 5. Restriction of resources to only those managed by the OS. These features enhance security by enforcing strict control over file access and ownership, reducing the risk of unauthorized manipulation.

Answer 25

An Operating System (OS) plays a crucial role in providing a secure computing environment by managing system resources and enforcing security policies. Key responsibilities include: 1. Providing boundaries between processes: The OS must prevent processes from interfering with each other's memory or files, ensuring that a faulty or malicious process cannot compromise the entire system. 2. Managing resource allocation: The OS must schedule resources fairly to prevent denial-of-service attacks, where one process monopolizes resources and prevents others from functioning. 3. Implementing security mechanisms: The OS provides essential security features like authentication, authorization, and access control to protect system resources and data.

Answer 26

1. "Program threats" refer to malicious actions carried out by user programs that exploit OS functions to perform unauthorized tasks. Examples of program threats include: 1.1 Trojan Horses: Programs that appear legitimate but contain malicious code. 1.2 Logic Bombs: Code that executes malicious actions under specific conditions. 1.3 Viruses: Code that infects files and spreads to other systems. 2. "System threats," on the other hand, involve the misuse of OS services or network connections to harm users, such as denial-of-service attacks or port scanning.

Answer 27

Intrusion Detection Systems (IDS) are security tools that monitor systems or networks for malicious activity. Types of IDS include: 1. Host-based IDS (HIDS): Monitors the activity on individual host systems, examining log files and system events for suspicious behavior. HIDS use rules and policies to identify potentially malicious behavior. They can operate based on signatures (known patterns of attacks) or anomalies (deviations from normal behavior). 2. Network-based IDS (NIDS): Monitors network traffic for suspicious patterns or attacks.

Answer 28

Firewalls are essential security components that protect networks and systems from unwanted traffic. They act as a barrier between a trusted network and untrusted networks (like the internet), controlling the flow of data based on predefined rules. Firewalls protect systems by: 1. Blocking incoming malware. 2. Monitoring both incoming and outgoing traffic. 3. Enforcing local security policies.

Answer 29

TLS/SSL certificates are crucial for securing online communications by encrypting data transmitted between users and websites. This encryption protects sensitive information like login credentials, personal details, and financial transactions from being intercepted by attackers. Additionally, TLS/SSL certificates provide identity protection for websites, enhancing user trust.

Answer 30

Physical security is a fundamental aspect of OS security, as it protects the hardware and physical infrastructure on which the OS resides. Inadequate physical security can have severe consequences, as an attacker with physical access to a system can: Edit, remove, or steal important files. Access OS code and configuration files stored on the hard drive. Potentially install malicious software or hardware.

Answer 31

Authentication is the process of verifying the identity of a user or device attempting to access a system. It is crucial for OS security because it ensures that only authorized individuals can access system resources and prevents unauthorized access. The authentication process typically involves two steps: 1. Identification: Presenting an identifier, such as a username. 2. Verification: Providing or generating authentication information, such as a password, biometric data, or a security token. Various authentication techniques exist, including: 1. Username/Password: The most common method, relying on secret credentials. 2. User Attribution: Biometric methods like fingerprint or retina scans, verifying users based on unique physical characteristics. 3. User Card and Key: Using physical cards or key generators to gain access.

Answer 32

Authentication and authorization are distinct but complementary security processes. *Authentication verifies who a user is, confirming their identity. *Authorization determines what an authenticated user is allowed to do, granting or denying access to specific resources or actions. Both are essential because: 1. Authentication establishes trust in the user's identity. 2. Authorization enforces access control policies, ensuring that users only have the necessary privileges. 3. Without proper authorization, even authenticated users could perform unauthorized actions.

Answer 33

Access control is a security mechanism that manages and regulates who or what can access specific resources within a system. It involves implementing security policies that define access permissions for users, groups, or processes. Operating systems implement access control through various mechanisms, including: 1. File permissions: Controlling who can read, write, or execute files. 2. Access control lists (ACLs): Specifying permissions for individual users or groups for specific resources. 3. Role-based access control (RBAC): Assigning permissions based on user roles within an organization.

Answer 34

The Trusted Computing Base (TCB) is the set of all hardware, firmware, and software components that are critical for enforcing the system's security policy. It is the foundation of trust in a secure system. The TCB is crucial because: 1. Any security vulnerabilities within the TCB can compromise the entire system. 2. It is the minimal amount of software necessary to enforce security goals. 3. It includes software that defines and enforces security policies. 4. The software that initiates the TCB must also be trusted.

Answer 35

The Secure OS Trust Model operates under the principle that the OS cannot inherently trust processes running outside of the TCB. This means the OS does not automatically assume that a program will behave as the user intends. Advantages of this model: 1. Simplicity in use and administration. 2. Adherence to the principle of least privilege (granting only necessary permissions). 3. Greater control for object owners over access permissions. In contrast, many modern OSs operate on a model where the OS often assumes that programs run by a user are acting on the user's behalf, which can create security vulnerabilities if a program is compromised.

Answer 36

Several security features of the Linux OS architecture: 1. User-Group Relationship: Every user must belong to a group, while a group can exist without users. This helps in managing permissions and access control. 2. File Ownership: Files are owned by users and groups that are part of the Linux OS, preventing ownership by unknown entities. 3. Restricted Ownership Changes: File ownership cannot be changed to a non-existent user, maintaining file integrity. 4. Authorization During File Creation: Linux enforces authorization policies not only when accessing files but also when creating them, adding an extra layer of security. 5. OS Awareness of Resources: The OS manages all resources, preventing users from controlling resources unknown to the OS. These features enhance security by: 1. Enforcing strict access control and file ownership. 2. Preventing unauthorized manipulation of files and resources. 3. Ensuring that the OS has control over all system operations.

Threats to OS Flashcards

Important! (60 cards)