Guide to Operating Systems Security Chapter 7 Solutions

advertisement
Guide to Operating Systems Security
0-619-16040-3
Guide to Operating Systems Security
Chapter 7 Solutions
Answers to the Chapter 7 Review Questions
1.
You are operating a network management station and discover that you cannot find out information
about network performance at a NetWare 6.0 server. Which of the following is the best solution?
Answer: d. Load the SNMP NLM.
2.
The fire marshal in your city has just inspected the wiring that goes through the ceiling on the second
floor of your building and says it is dangerous because the network wiring can cause toxic vapors in a
fire. What is the wiring most likely to contain?
Answer: b. PVC coating
3.
You are designing the network in a building and want to use a cable that will provide speed and
security for communications between floors in the building. Which of the following would be the best
choice?
Answer: d. multimode fiber-optic
4.
Which if the following is important when you centralize servers in a computer room? (Choose all that
apply.)
Answer: a. and c.
5.
Which type of cable is most difficult for an intruder to tap into without causing attention to his action?
Answer: a. fiber-optic
6.
In terms of security, a disadvantage of the star topology is that __________________________.
Answer: b. it has a single point of failure
7.
You are consulting about an older thin coax network when the network goes down because of the work
of an attacker. Which of the following is a likely cause of the problem?
Answer: c. The attacker removed a terminator.
8.
The twists in twisted-pair cable are there to __________________________________. (Choose all that
apply.)
Answer: d. help reduce interference
9.
On your NetWare server, someone occasionally loads NLMs that you have not authorized. The
financial auditors are very concerned about this problem. Which of the following offer(s) a solution?
Answer: a. use SECURE CONSOLE
10. Which of the following fit(s) the definition of a cipher lock that might be used to protect a machine
room? (Choose all that apply.)
Answer: a., b., and d.
11. In the design of a network you should plan to use which of the following? (Choose all that apply.)
Answer: b. and d.
12. A department head calls you because she is working on personnel evaluations and she does not want to
log off Red Hat Linux 9.x for security each time she leaves her desk for a few moments. What do you
recommend?
Answer: a. She should click Main Menu and then click Lock Screen.
1
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
13. Wiring closets should follow the ___________________________ standard.
Answer: a. EIA/TIA-569
14. When you replace a legacy cable plant, which of the following should you consider? (Choose all that
apply.)
Answer: a., b., c., and d.
15. Which cable is most flexible and has the tightest bending radius (providing some protection from a
malicious attack)?
Answer: c. twisted-pair
16. Which parameter used with SCRSAVER in NetWare enables you to display the screen saver’s current
settings?
Answer: d. status
17. An intermediate cross-connect is ______________________________.
Answer: b. a wiring closet
18. SNMP is used with which of the following? (Choose all that apply.)
Answer: a. and d.
19. Your department is almost out of money that is budgeted for this year, and so you are installing
twisted-pair cable yourself to connect several new computers to the network. Which of the following is
important for you to consider? (Choose all that apply.)
Answer: a., b., and d.
20. When you install SNMP, configure a _______________________ at the same time.
Answer: c. community name
2
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Hands-On Projects Tips and Solutions for Chapter 7
Project 7-1
Students configure a Windows 2000/XP/2003 screen saver with a password in this project.
In Step 4, students view the available screen savers and select the one of their choice.
Project 7-2
In this project, students configure the XScreenSaver in Red Hat Linux 9.x.
In Step 3, students click different screen savers to view them in the demonstration window.
Project 7-3
In this project, students set up screen effects and configure a password for screen effects in Mac OS X.
As students are configuring screen savers and screen effects for the operating systems, consider having
a class discussion about the best way to configure the screen saver and password protection parameters
for good security.
Project 7-4
This project gives students an opportunity to configure the console screen saver in NetWare 6.x. Make
sure that students have a user account and password that will enable them log back on after the screen
saver starts.
In Step 2, students should record the current configuration of the console screen saver. Note that the
defaults are:
 Screen saver enabled: Yes
 Lock screen when saved: Yes
 Delay before saving screen: 600 seconds
 Automatically clear unlock portal: Yes
 Delay before clearing unlock portal 60 seconds
Project 7-5
Students use the SECURE CONSOLE command in NetWare 6.x for this project. Before you give
permission for this project, keep in mind that the server will have to be rebooted to remove this
security measure.
To get the most out of this project, consider providing students with an NLM that they can try to load,
such as from a CD.
3
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Project 7-6
In this project, students install and configure SNMP in Windows 2000 Server and Windows Server
2003.
In Step 14 students should report seeing the following SNMP services in the list:
 SNMP Service
 SNMP Trap Service
Project 7-7
This project gives students the opportunity to view the contents of the /etc/snmp/snmpd.conf file in
Red Hat Linux 9.x. The project does not have them actually change the contents of the file, but to
simply learn how they might change the parameter for the community name.
Project 7-8
This project enables students to verify that SNMP is loaded in NetWare 6.x.
In Step 3, students should record the version number of SNMP.NLM.
In Step 10, the parameters that can be set for the community name are:
 Any Community May Write
 Leave as Default Setting
 No Community May Write
 Specified Community May Write
4
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Solutions to the Case Project Assignments
Balsam Music prints sheet music for banjo, guitar, violin, piano, harpsichord, and other instruments. The
headquarters office is in Atlanta. Balsam Music has just purchased another printing house in Raleigh, North
Carolina. The Raleigh location will be used to print music and provide central warehousing and shipping
for all of Balsam’s products. The new location has one three story building that is used for administrative
offices on the top two floors and has the printing presses on the ground floor. The other building is a two
story warehouse and shipping center. Both buildings have two elevators. The Raleigh, North Carolina
location is not currently networked and is being remodeled.
Balsam Music has hired you through Aspen IT Services to coordinate implementation of security at the
headquarters office and to consult about security and design issues for the new location in Raleigh.
Case Project 7-1: Workstation Security at the Headquarters Location
The Security Steering Committee at the headquarters office in Atlanta has created a mandatory policy that
all workstation users will have screen savers. The workstations at the headquarters office are running
Windows 2000 Professional, Windows XP Professional, and Mac OS X. Create a document that describes
for the workstation users the screen saver options for each of these operating systems. Include in your
document information about how to configure the screen savers.
Answer:
Windows 2000 Professional and Windows XP Professional include screen savers that can be configured
through the Control Panel Display option. There are many screen savers from which to select, such as the
following ones in Windows XP (also depending on the manufacturer of the computer):
 3D FlowerBox
 3D Flying Objects
 3D Pipes
 3D Text
 Beziers
 Blank
 Marquee
 My Pictures Slideshow
 Mystify
 Starfield
 Windows XP
Any of these screen savers can be configured with a password, so that when the screen saver starts, the user
must enter the password of the currently logged-on account to re-enter the system.
To configure a screen saver in Windows 2000/XP Professional:
1. In Windows 2000 Professional, click Start, point to Settings and click Control Panel. In Windows
XP Professional click Start, point to All Programs, and click Control Panel.
2. Click Display in Windows 2000 Professional, or in Windows XP Professional, click Appearances
and Themes, and then click Display.
3. Click the Screen Saver tab.
4. Select a screen saver in the Screen Saver box.
5. In the Wait box, enter the time in minutes to wait until the screen saver starts after inactivity at the
workstation.
6. In Windows 2000, select Password protected, and in Windows XP Professional, select On resume,
password protect.
7. Click OK.
8. In Windows XP, close the Appearance and Themes window.
5
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Case Project 7-1: Workstation Security at the Headquarters Location (Cont.)
Mac OS X offers the screen effects option, which is a screen saver that provides interesting screen effects.
Users should associate a password with screen effects for workstation security.
To configure the Mac OS X screen effects:
1. Click Go, click Applications, and double-click System Preferences.
2. Double-click Screen Effects.
3. Select the Screen Effects tab and choose one of the screen effects.
4. Click the Activation tab.
5. Configure the option for Set Time until screen effect starts, such as to 8 minutes.
6. Click Use my user account password.
7. Close the Screen Effects window.
8. Close the System Preferences window if it is open.
9. Click the System Preferences menu and click Quit System Preferences.
Case Project 7-2: Expanding Workstation Security
Balsam Music is impressed by the document you created in Case Project 7-1 and they want to continue to
explore ways to make user workstations more secure. The Security Steering Committee asks you to create a
report that describes ways to secure workstations that go beyond configuring screen savers.
Answer:
A sampling of ways to secure workstations that students might include in their reports are:
 Delete unused accounts on the workstation and configure all other accounts, especially the account
the user employs, with strong passwords
 Don’t give out the password to an account
 Log off or turn off workstations when away from the desk for several hours, such as over night
and on weekends
 Lock the office (if the user has an office) when away for a long time, such as over half an hour
 Do not block computer device ventilation holes
 Keep food and liquids away from the workstation
Case Project 7-3: Planning for Servers at the Raleigh Location
The three story building at the Raleigh location with house the Vice President of Operations and Shipping
and the managers on the top floor and these personnel will have a NetWare 6.5 server for their use. The
second floor will be home to shipping staff, who will use two different NetWare 6.5 servers for their work,
and the first floor will have accounting and payroll staff who will use three Red Hat Linux 9.0 servers. The
first floor will also house the IT Department for the Raleigh location. Balsam Music asks you to prepare a
report that compares using a centralized versus a decentralized approach to locating the servers. In your
comparison discuss the following points:
 Cost factors
 Security factors
 Management factors
Answer:
In general, a centralized approach works more favorably, when these factors are considered. Here are some
advantages of the centralized approach:
 In terms of cost, centralizing the servers enables the company to pool resources such as UPSs,
backup devices, power conditioning, fire suppression measures, administrator training costs,
number of personnel required to maintain the servers, security measures, and others. Pooling these
resources can save the company money on one-time and on-going expenses.
6
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Case Project 7-3: Planning for Servers at the Raleigh Location (Cont.)
Answer:


In terms of security, centralizing computers in a secured and environmentally controlled machine
room can offer the most consistent security. The limitations of centralization, though, are heavier
network traffic to the machine room location and that if there is a disaster, such as a flood, all of
the servers many be damaged because they are in one location.
In terms of managing the servers, using the centralized approach enables the use of consistent
management techniques, using the same management staff and management software, and
enabling SNMP to monitor network activity at each server from a network management station.
Case Project 7-4: Physical Security for the Raleigh Servers
The IT Department at the Raleigh location is hiring three new server administrators who are currently being
trained in Atlanta. As part of the training, Balsam Music asks you to prepare a report that describes how to
implement screen savers and other physical security options for the NetWare and Red Hat Linux servers
that will be implemented at the Raleigh location.
Answer:
Both NetWare and Red Hat Linux come with screen savers.
The procedure for implementing a screen saver in NetWare is as follows:
1. Access the system console.
2. Enter scrsaver help and press Enter to learn about the parameters you can use with the scrsaver
command.
3. Enter the scrsaver command along with the desired parameters and press Enter.
4. Enter scrsaver status and press Enter to view and confirm the configuration.
The procedure for implementing a screen saver in Red Hat Linux is:
1. Configure a screen saver on your administrative account, but not on the root account. (You cannot
configure a screen saver on the root account, at this writing.)
2. Click Main Menu, point to Preferences, and click Screensaver.
3. If you see a box that warns the XScreenServer daemon is not running, click OK to start the
deamon.
4. Select one or more screen savers on the Screensaver Preferences screen.
5. Enter the desired number of minutes in the Blank After box, which is the amount of time the
operating system waits idle until it activates the screen saver.
6. Enter a value for the Cycle After box, to determine how often to cycle through the screen savers.
7. Place a check in the Lock Screen After box and enter the desired minutes. This setting will lock
the screen after the specified minutes.
8. Click Close.
Other physical security options include:
 Use SECURE CONSOLE in NetWare.
 Implement SNMP to monitor network activity at the servers and configure a community name.
 Locate servers in secured rooms, such as a rooms secured with cipher locks.
 Provide servers with conditioned power and UPS backup power.
 Provide an environmentally controlled room (or rooms) in terms of dust, moisture, and
temperature.
 Control who can access the room(s) in which servers are located
7
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Case Project 7-5: Wiring Design
The Building Planning Committee and the Vice President of Operations and Shipping ask you to prepare a
set of general planning information for installing networks in both buildings at the Raleigh location. They
ask you specifically to make general cabling and network design recommendations that address:
 Reliability
 Security
 EMI/RFI concerns
 Placement and design of wiring closets
Answer:
Students should discuss using a combination of structured wiring and structured networking for the Raleigh
location. This includes using discrete horizontal wiring on each floor and fast fiber-optic pipes between
floors.
 For reliability, students might suggest following the wiring guidelines mentioned in the text along
with implementing redundancy. Redundancy can include using backup switches, dual NICs,
alternate network paths, redundant backplanes and redundant power supplies in network devices.
 For security, students should suggest using a combination of twisted-pair (horizontal) and fiberoptic (vertical) cabling, network device redundancy, protected wiring closets, and a protected
machine room.
 For EMI/RFI, students should discuss placing wiring closets and network cable away from sources
of interference, such as elevators, machinery, fluorescent lights, etc. Also, EMI/RFI is another
reason for using fiber-optic cable between floors – it won’t be affected by proximity to the
elevators, for example.
 The placement and design of wiring closets, should be central for the wiring needs, away from
EMI/RFI, and in dedicated closet structures. The wiring closets should be environmentally
controlled for dust, moisture, humidity, and provided conditioned power. They should be secured
with locks and they should not be shared with custodial functions.
8
© 2004 Course Technology and Michael Palmer. All rights reserved.
Download