Stephanie Quiles
Homework Chapter 11 and 12
October 6th 2015
Chapter 11
1. Imagine that you are the manager of a small business computing center. List at least three
techniques that you would use to convince a busy, reluctant night operator to perform regular
backups. Explain the best and worst possible technique to assure your success.
I would explain to the night operator that backups are crucial due to potential disasters that
may be beyond anyone’s control. Disasters, such as fire, a bad server, intrusion from an
unauthorized user, viruses, worms, or other malware could all be devastating if information is
not backed up regularly. All of those of things that cannot be anticipated and can occur at any
time. If explaining didn’t work, I could demonstrate to the operator how devastating not backing
up could be by showing them how vulnerable their system may be to outside threats. (this
would probably b the least effective way, as it could have devastating effects to the system if it is
not backed up prior to the demonstration).
2. Disgruntled employees can sometimes wreak havoc on a computer system because other
users leave their passwords written in plain view in the space surrounding their workstations.
How would you convince your users to safeguard their passwords? What specific advice
would you give them?
I would tell users not to leave their passwords written on or near their workstations, do not use
obvious password combinations such as their children’s names, significant others, or pet names.
I would also advise (or make mandatory) a combination of upper and lower case alphanumeric
and numeric combination in their passwords. Also I would suggest they change their passwords
every few months.
3. Explain how you would verify the effectiveness of a new password security policy. Explain
the critical elements of such a policy if it is to be successful.
I would verify the effectiveness of a new password security policy by perhaps attempting to
guess employee passwords. If some of these passwords were easy to guess then the password
security policy would be considered ineffective. A good password security policy would entail
proper training of employees on what to do and not to do in regards to their passwords. Giving
users the proper tools to set strong passwords that are hard to break but easy to remember is
key. Designing settings that require a combination of upper and lowercase letters, along with
numbers, and symbol that are at least 20 characters long or more will make for a stronger
password that will not be as easy to crack.
4. Describe the advantages and disadvantages of password generator software. Would you
recommend the use of such software for your own system? Explain why or why not.
There are many advantages to using password generator software, in that it normally serves as
a vault to store your password combinations for each website that is accessed, with one key
password. A downside is that if there is a breach in this software and the main password is
breached, all of your information is then compromised along with it. Where as if someone were
This study source was downloaded by 100000795602287 from CourseHero.com on 04-20-2022 23:30:46 GMT -05:00
https://www.coursehero.com/file/14485952/OS-CH11-12/
trying to find the password to a particular account they would only have access to that
particular account and no other. However, if done correctly this software will assist the user is
saving them the headache of memorizing multiple passwords for different websites, something
that we all fail at doing. It also becomes even harder when the passwords need to be changed
periodically, making it even more confusing for users to keep track of their changes. Another
potential downside is how the software may or may not work cross platforms. For example, Mac
and iOS use their own proprietary software called Keychain and though it is very good at
safeguarding information and prevent users from forgetting their multiple passwords across
their apple devices, it cannot be used on other devices that use Windows, Chrome or Android
OS. So, the user would then need the employ of third party software that can be used across all
different platforms. Software that may fill that need would be ones such as 1Password. Also,
another potential downside that one might to consider is cost. Many of the software options
out there require an upfront cost or a subscription fee, there are a few that are open source,
but of course that has it downsides in regards to support and potential threats.
5. Keeping the critical operating systems patches current is an important aspect of both
system security and system administration. Should executive management be made aware of
this or any aspect of system security? Explain why or why not.
Executive management should be made aware of how important it is to keep machines up to
date with any system patches. Any hole in the system can put the works of employees and
bosses in jeopardy as well as any possible breach of sensitive information that may be exploited
through unsecure systems.
Advanced:
8. Describe the unique threats to a data center posed by disgruntled employees. Describe
how you would identify such people, if possible, and how you would protect your system
from these threats.
An application developer, who lost his IT sector job as a result of company downsizing,
expressed his displeasure at being laid off just prior to the Christmas holiday by launching a
systematic attack on his former employer’s computer network. Three weeks following his
termination, the insider used the username and password of one of his former coworkers to
gain remote access to the network. He modified several of the company’s Web pages, changing
text and inserting pornographic images. He also sent each of the company’s customers an email message advising that the Web site had been hacked. Each e-mail message also contained
that customer’s usernames and passwords for the Web site. An investigation was initiated, but it
failed to identify the insider as the perpetrator. A month and a half later, he again remotely
accessed the network and executed a script to reset all network passwords; he then changed
4,000 pricing records to reflect bogus information. This former employee ultimately was
identified and prosecuted.
That is just an example of some of the things a disgruntled employee can do to harm a
company’s system. Some others include Denial of Service attacks (which denies service to an
authorized user by scheduling an unproductive task to run over and over), browsing
(unauthorized users gaining the capability to search through storage directories, for privileged
files), wiretapping, repeated trials (guessing authenticated passwords in order to gain access),
This study source was downloaded by 100000795602287 from CourseHero.com on 04-20-2022 23:30:46 GMT -05:00
https://www.coursehero.com/file/14485952/OS-CH11-12/
trapdoors (undocumented entry points to the system), trash collection (or dumpster diving, by
going through discarded items from computers memory as well as physically discarded items
which may be used to gain illegal access to system or its info), viruses can also be designed to
damage a system, Trojans and other malware can also be placed on a system by a disgruntle
employee.
Ways to try and identify disgruntled employees would be to keep a log on employees’ access to
aspects of the system and be restrictive on the amount of access granted to certain employees.
Being vigilant of when an employee is let go or quits (sending an email out to other employees
to alert them that the employee is no longer at the company and to make sure they do not
share any sensitive and proprietary information with the former employee), Changing
passwords to programs that can be accessed from outside the company network, such as
remote log in software or cloud storage, for example.
10. Identify three sets of security parameters (one each for good, better, and best protection)
for a computer that holds a university’s registration information. Consider not only the
operating system, but the protection software, access controls, and the room in which the
computer is located. Then make a recommendation based on the need for security vs. the
cost of that security.
Good- password policy – make sure that only authorized users are given privileges to access
sensitive student information and that passwords are complex enough that outsiders cannot
guess but easy enough for the employee/user to remember. Requiring periodic password
changes.
Better- Antivirus/ malware prevention software- having the pc be updated regularly to avoid
outside security threats, installing and maintaining (updating, paying for subscription, etc.) to
help avoid outside intrusions.
Best- Physical access to computer by individual users – locking the computer in an area that is
not accessible to people who do not need to or are not authorized to be near it, would be a
good way of securing the pc from unauthorized access. Backing up data in case the pc is
tampered with or damaged in an accident or natural disaster.
11. Using information from the CERT Coordination Center (www.cert.org), identify the latest
vulnerability for an operating system of your choice. List the threat, the criticality of the
threat, the potential impact, the suggested solution, the systems that are affected, and the
actions you would take as a system administrator.
13. Wireless LANs pose unique challenges for system operators because of their accessibility.
Imagine that you are the system administrator for a wireless network that is used in a scientific
research setting. Identify the five biggest security challenges and discuss how you would
address each of them in spite of your limited budget.
14. With identity theft becoming widespread, many organizations have moved to encode the
Social Security numbers of their customers, suppliers, and employees. Imagine that you are the
system administrator for a college campus where the students’ Social Security numbers are
This study source was downloaded by 100000795602287 from CourseHero.com on 04-20-2022 23:30:46 GMT -05:00
https://www.coursehero.com/file/14485952/OS-CH11-12/
used as the key field to access student records and are told that you need to extend backward
protection to the records of several decades of previous students. Describe the steps you would
follow to modify your system. Make sure your solution also removes the student Social Security
number on transcripts, course registration forms, student-accessible data screens, student ID
cards, health center records, and other record-keeping systems. Finally, identify which
individuals on campus would retain access to the Social Security numbers and explain why.
Chapter 12
Research B
Visit the Web site of a major operating system vendor and find the list patches that were issued
in the last 12 months. For each patch, find its criticality and size. Cite your sources. Then, as if
you were assigned the task of installing these patches, decide the timing for their installation.
For example, how many would you install immediately and which ones could wait for the next
quarterly patch cycle (assuming a four-per-year cycle)?
9/8/2015
MS15105
3091287
9/8/2015
MS15102
3089657
Vulnerabilities in Windows Task Management Could Allow Elevation of
Privilege
Importa
9/8/2015
MS15101
3089662
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
Importa
9/8/2015
MS15-098
3089669
Vulnerabilities in Windows Journal Could Allow Remote Code Execution
Critical
9/8/2015
MS15-097
3089656
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
Critical
9/8/2015
MS15-095
3089665
Cumulative Security Update for Microsoft Edge
Critical
8/18/2015
MS15-093
3088903
Security Update for Internet Explorer
Critical
8/11/2015
MS15-092
3086251
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege
Importan
8/11/2015
MS15-091
3084525
Cumulative Security Update for Microsoft Edge
Critical
8/11/2015
MS15-088
3082458
Unsafe Command Line Parameter Passing Could Allow Information Disclosure
Importan
8/11/2015
MS15-085
3082487
Vulnerability in Mount Manager Could Allow Elevation of Privilege
Importan
8/11/2015
MS15-080
3078662
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
Critical
Vulnerability in Windows Hyper-V Could Allow Security Feature Bypass
This study source was downloaded by 100000795602287 from CourseHero.com on 04-20-2022 23:30:46 GMT -05:00
https://www.coursehero.com/file/14485952/OS-CH11-12/
Importa
5. Imagine that you are managing the system for a consulting company that becomes I/O-bound
at the end of each fiscal year. What effect on throughput would you expect if you were allowed
to double the number of processors? If you could make one additional change to the system,
what would it be? Explain in your own words why you’d expect your changes to improve overall
system performance.
8. Remembering that there’s a trade-off between memory use and CPU overhead, give an
example where increasing the size of virtual memory improves job throughput. Then give an
example where doing so causes throughput to suffer, and explain why this is so.
9. Looking back over the past 12 months, let’s say your computer had failed unexpectedly and
catastrophically twice in that time. Identify the worst possible time for failure and the best
possible time. Then compare the time and cost it would have required for you to recover from
those two catastrophic failures. Describe in your own words the factors that differentiated the
worst experience from the best.
11. Calculate the reliability of a hard disk drive with an MTBF of 2,499 hours during the last 40
hours of this month. Assume e = 2.71828 and use the formula:
Reliability(t)=e-(1/MTBF)(t)
12. Calculate the reliability of a hard disk drive with an MTBF of 4,622 hours during the crucial
last 16 hours of the last fiscal quarter (the three-month period beginning October 1 and ending
December 31). Assume e = 2.71828 and use the reliability formula from the previous exercise.
13. Calculate the reliability of a server with an MTBF of 10,500 hours during the busy summer
selling season from May 1 through September 15. Assume that the server must remain
operational 24 hours/day during that entire time. Hint: Begin by calculating the number of
hours of operation during the busy season. Assume e = 2.71828 and use the reliability formula
from the previous exercises.
Advanced:
17. Compare and contrast availability and reliability. In your opinion, which is more important to
a system manager? Substantiate your answer in your own words.
18. In this chapter, we described the trade-offs among all the managers in the operating
system. Study a system to which you have access, and assuming you have sufficient funds to
upgrade only one component for the system, explain which component you would choose to
upgrade to improve overall system performance. Explain why.
This study source was downloaded by 100000795602287 from CourseHero.com on 04-20-2022 23:30:46 GMT -05:00
https://www.coursehero.com/file/14485952/OS-CH11-12/
I have an old Windows 7 Toshiba laptop. I would probably spend the money to upgrade the
RAM on this old laptop in order to be able to do the free Windows 10 upgrade and have it
running at its best. Right now the system is quite slow and bogged down by all the programs
that it has to run. Upgrading the ram will greatly enhance the user experience and make for a
more efficient machine. The laptop already has a 600GB hard drive with much of it still available
to me. It would be silly to upgrade the HD but leave the RAM as it is (I believe it is running a 2GB
at the moment). Also, upgrading the OS to the newest version would be pointless, as it will also
greatly reduce the speed at which it takes to run and load applications.
20. As memory management algorithms grow more complex, the CPU overhead increases and
overall performance can suffer. On the other hand, some operating systems perform remarkably
better with additional memory. Explain in detail (using your own words) why some perform
better with additional memory. Then explain in detail why some do not perform better.
22. Compare and contrast throughput, turnaround time, and response time. Explain what each
measures and how they are monitored. Which measurement is more important in your current
computing environment? Explain why.
This study source was downloaded by 100000795602287 from CourseHero.com on 04-20-2022 23:30:46 GMT -05:00
https://www.coursehero.com/file/14485952/OS-CH11-12/
Powered by TCPDF (www.tcpdf.org)