Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Guide to Operating Systems Security

Guide to Operating Systems Security
0-619-16040-3
Guide to Operating Systems Security
Chapter 1 Solutions
Answers to the Chapter 1 Review Questions
1.
What type of port might be involved in a port-scanning attack?
Answer: b. TCP
2.
Which of the following operating systems enable you to configure a firewall? (Choose all that apply.)
Answer: a., b., c., and d.
3.
Failing to configure an operating system to require that passwords be changed regularly is an example
of which of the following?
Answer: a. human factor
4.
Which of the following are examples of wireless security measures? (Choose all that apply.)
Answer: c. 802.1x security
5.
The core code of an operating system is the operating system _____________________.
Answer: b. kernel
6.
Your server operators believe that someone has attempted to remotely access one of the Windows
2003 servers in the computer room. Which of the following might you do? (Choose all that apply.)
Answer: a., c., and d.
7.
One reason why an attacker scans ports is to ________________________________.
Answer: c. access an open or unused service
8.
You have received an e-mail from a friend that contains a forwarded message warning of a virus in a
file that is found in the operating system folder of your computer. If it does not truly contain a virus
then this is a example of ________________________________?
Answer: d. a virus hoax
9.
Which of the following are common security options in a computer's BIOS? (Choose all that apply.)
Answer: a. and c.
10. The components of an operating system that manage computer memory and use of the CPU are the
______________________________.
Answer: d. resource managers
11. Ganda is an example of which of the following? (Choose all that apply.)
Answer: b. and c.
12. A denial of service attack might be intended to stop which of the following communications services?
(Choose all that apply.)
Answer: a. and b.
13. The ___________________________ started the Global Information Assurance Certification Program
Answer: a. SANS Institute
14. The ___________________ command in Linux is used to stop a process.
Answer: b. kill
1
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
15. A __________________________ attack is one type of attack that has been used to go through a
network address translation device
Answer: d. source routing
16. Your organization has a problem in that many users employ short passwords between two and four
letters long. What can you do to address this security risk? (Choose all that apply.)
Answer: a., c., and d.
17. Which operating system security measure enables you to protect data in the event of a destructive virus
or a damaged spot on a disk drive.
Answer: c. backups
18. Call-back is an example of ___________________________ security.
Answer: d. remote access
19. Which of the following are examples of port scanning programs? (Choose all that apply.)
Answer: c. and d.
20. A ___________________ creates new files rather than infecting existing files.
Answer: a. worm
2
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Hands-On Projects Tips and Solutions for Chapter 1
Project 1-1
In this project, students get their first glimpse of operating system security by examining the BIOS
setup.
In Step 3, students should determine the password security available in the BIOS, such as:
 Password for a disk drive
 Password to boot into the computer
 Password to configure the BIOS setup
 Password to prevent reconfiguration of the BIOS setup
 Password to require booting only from a diskette
Project 1-2
This project enables students view where to stop a service in Windows 2000, Windows XP
Professional, or Windows Server 2003.
In Step 4, students should report whether or not the service is stopped. Also, they should note that the
Stop button is used to stop a service.
Project 1-3
In this project, students learn how to view the processes that are currently running in Red Hat Linux
9.x and then they learn how to stop a process. The process that they stop is the top process, which they
are instructed to start before listing the processes.
In Step 4, students should discover there are a number of processes running, including the top process.
Project 1-4
.
This project enables students to learn how to determine which NLMs are loaded in NetWare and they
learn to unload the REMOTE.NLM to prevent a remote workstation from accessing the server console.
In Step 1, some example modules that students might see include:
 REMOTE.NLM
 RSPX.NLM
 RS232.NLM
 NWCONFIG.NLM
 CDROM.NLM
 MONITOR.NLM
 RCONAG6.NLM
 SCRSAVER
 VREPAIR.NLM
 DSREPAIR
3
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Project 1-5
In this project students view where to start and stop a sharing service in Mac OS X.
In Step 2, the services that students can start and stop include:
 Personal File Sharing
 Windows File Sharing
 Personal Web Sharing
 Remote Login
 FTP Access
 Remote Apple Events
 Printer Sharing
Project 1-6
In this activity, students view where to configure ownership and the user access control list for the
Documents folder in Mac OS X. If students are unfamiliar with expanding a box, consider
demonstrating in class how to click the arrow to open or close information for display.
Project 1-7
In this project, students learn how to check the status of and to disable Remote Assistance and Remote
Desktop in Windows XP Professional. You might note in class that the steps are very similar for the
same process in Windows Server 2003. Also, consider holding a class discussion about the pros and
cons of using these types of utilities.
Project 1-8
In this project, students view the option to configure 802.1x security for wired and wireless
communications in Windows XP and Windows Server 2003.
In Step 3, the documentation notes that port-based access control is in use and credentials including
smart cards, certificates, and passwords can be employed.
4
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Project 1-9
This project gives students an opportunity to view the Mac OS X help documentation on security
topics.
In Step 3, the topics included at this writing are:
 Changing security for your keychain
 Identifying safe websites for new Sherlock channels
 Keeping network computers secure
 Creating a keychain
 Securing your computer
 Using your keychain on a different computer
 Adding channels to Sherlock
 Entering an administrator user name and password
 Changing your keychain password
 Subscribing to Sherlock channel services
 Using a keychain to store passwords and other sensitive information
 Adding items to your keychain
 Point-to-Point Tunneling Protocol
 Configuring the base station over the WAN port
 Creating a closed network
 How can I protect my network from denial-of-service attacks?
 Password-protecting your wireless network
 How do I set up a Computer -to-Computer network?
 New features in Airport
5
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Solutions to the Case Project Assignments
One of the best ways to learn is through experiencing different situations that require security analysis or
implementation. At the end of each chapter you have the opportunity to apply your newly gained
knowledge to a range of small- to large-sized fictitious organizations through the use of case projects and in
the role of an employee for a consulting firm. The advantage of using the role of a consultant is that you
will experience situations in many different kinds of organizations with different kinds of computer users.
Your role is as a consultant for Aspen IT Services. Aspen IT Services provides consulting services
throughout the United States and Canada, specializing in security for operating systems and networks.
Aspen's clients range in size from small single offices to large enterprise networks. Its customers are
businesses, corporations, schools, colleges, universities, and government agencies.
Your assignment this week is to work with Wild Rivers, which is a company that manufactures canoes and
kayaks for recreational use. Wild Rivers is developing a newly designed canoe, code named golden trout,
that works equally well in fast white water and on calm lakes and rivers. It is made with a specialized
material created by Wild Rivers, which has not yet been patented. The business, research, and
manufacturing activities of the company take place in a large industrial building that is fully networked and
is connect to the Internet by a high-speed connection. The company has a Web server that is a principle
source of orders from both sporting goods outlets and individual customers. The Web server is available 24
hours a day, seven days a week. On their internal network, they use NetWare 6.x and Windows 2003
servers. The client computers are a combination of Windows XP Professional, Red Hat Linux 9.0, and Mac
OS X computers. Wild Rivers is hiring you to consult on their security needs.
Case Project 1-1: The Need for Security
Wild Rivers has always been a family-run company with a family atmosphere. However, one of the
recommendations after the last financial audit was to implement security on all of the client and server
systems. The company president is not convinced of the need for security and in fact still does not lock his
home at night. Create a report for the president explaining why his company needs to implement security
on the client and server systems as well as on the network.
Answer:
There is an immediate need to protect information and resources on the servers and client computers at
Wild Rivers. This is particularly true because the company is developing a new canoe that seems destined
to have success on the market. They also have accounting, sales, human resources, and other sensitive data
that needs to be protected. If someone compromises their systems, the losses could be significant.
Compromised or lost accounting data could destroy the company. An intrusion into the human resources or
customer data may have legal ramifications. For a company like Wild Rivers that has a public Internet
presence, it makes no sense to have lax or no security.
Retaining the privacy of employees is another must for this company. If Wild Rivers issues a privacy
statement, then they need to back it up with security measures to guarantee that the information in their
systems about people and companies is not compromised. If an attacker obtains social security or credit
card information, this will put the company at risk of losing business and being sued.
Wild Rivers is likely to have many workflow processes that rely on their client and server computers. An
interruption in workflow processes, such as in the automated processing of orders, could be expensive for
the company.
Because Wild Rivers has a Web server on which they do business, having little or no security is extremely
risky and leaves the Web server open to attack. Part of advertising that the Web servers are available 24
hours a day, seven days a week involves taking steps to ensure that they can meet this commitment. Ecommerce Web servers are subject to all kinds of attacks, such as denial of service.
6
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Case Project 1-1: The Need for Security (cont.)
As part of a security plan, Wild Rivers should purchase hardware systems, software, and operating systems
that have tested security features. Also, it is important to continually upgrade systems as patches and
service packs are issued, as a way to fix security bugs and to have new security features.
In terms of human factors, it is important to train novice and experienced users in security. One place to
start is in strong password security. Another place is to train network and server administrators so they fully
understand the security features of their systems and how to effectively use them for the company’s
particular needs. The dollars spent in training will likely be quickly recovered through better security.
Case Project 1-2: Securing Servers
One of the NetWare servers contains all of the top secret research information about the new canoe design
for project golden trout. Word about the promise of this design has already reached other canoe
manufacturers, and one of the Wild Rivers' design engineers has already noticed that a document has been
accessed, through observing the dates associated with that document. Wild Rivers asks you to prepare a list
of recommendations for securing this server in particular.
Answer:
The NetWare administrator and users of the server containing the project golden trout documents should
immediately review how directory and file security is set up, particularly in the areas where there are topsecret files. After the review, they should close security holes in directory and file security by making
certain that only authorized users have access and that the access of each user is governed by what the user
needs to do with the information.
Also, security policies governing passwords should be implemented, to ensure that users of that system
have passwords that meet minimum requirements, such as length requirements, and requiring users to
regularly change their passwords.
If there are shared directories and files, the security should be reviewed on these and tightened as
necessary. Only authorized users should have access to shared folders and files.
Remote access of the NetWare server, such as from modems or other remote access network services,
should be reviewed. On this server, it may be good policy to close all remote access avenues, including use
of REMOTE.NLM.
There should be a solid disaster recovery plan for this NetWare server, particularly in terms of taking
regular backups and storing a copy of the backups in an offsite location.
7
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Case Project 1-3: Web Server Problem
The HTTP services on the Windows Server 2003, Web Edition server used for the company's Web site are
going down two or three times a month and no one knows why. Sometimes this results in the need to reboot
the server, which means lost of revenue while the server is down. In terms of troubleshooting this problem
from the perspective of security, create a short briefing about what you would investigate.
Answer:
If there is no identifiable hardware problem, then this situation may be related to an attack, such as a denial
of service or other form of a spoofing attack. An attack could also be related to port scanning for services to
exploit or attack on the server. Some immediate steps that Wild Rivers might take are:
 Install any outstanding upgrades or service packs for the operating system.
 Use monitoring tools on the server and for the network to monitor who is accessing the server.
 Disable or remove any unused services.
 Use this as a dedicated Web server without trying to run other programs or services that are not
part of the Web server mission.
Case Project 1-4: Hardening Against Port Scanning
The Wild Rivers IT director has read about port scanning, but is not sure what it is or how to defend against
it. She asks you to prepare a short briefing for the IT department that explains port scanning and that
outlines strategies to protect systems from this type of attack.
Answer:
TCP/IP is a very commonly used protocol. When this protocol is used, the TCP portion employs TCP ports.
A TCP port is an access or entry way, sometimes called a socket, in the protocol that is typically associated
with a specific service, process, or function. A port is like a virtual circuit between two services or
processes communicating between two different computers or network devices. The services might be for
transferring files, e-mail services, or many others. There are 65,535 ports in TCP. An attacker may use
software to first determine who is using a network, including which servers are on the network. Once the
attacker makes this determination she or he can next use software to scan the TCP ports of a user to
determine which are not being used. The next step is to create some mischief through one of those ports,
such as mischief that can misuse e-mail communications or that enables the attacker to disrupt domain
naming services or to transfer bogus files.
To protect against an attack, it is important to turn off unused services on clients and on servers. One way
to do this is to configure security policies in Windows Server 2003 that can be applied to Windows XP
Professional clients. Another is to use tools on servers, such as the Computer Management tool in Windows
2000, XP, and Server 2003 to locate and stop services that are not used. There are equivalent tools in
Linux, NetWare, and Mac OS X that can be used to turn off services. With fewer services running, the
operating system and networking environment will be safer.
8
© 2004 Course Technology and Michael Palmer. All rights reserved.
Guide to Operating Systems Security
0-619-16040-3
Case Project 1-5: Network Defense Techniques
Recently both of Wild Rivers’ network administrators left to accept jobs with other companies. Following
company policy, Wild Rivers has promoted from within and made two of their user support professionals
the new network administrators. In conjunction with this promotion, the IT director asks you to create a
learning paper for the new network administrators that summarizes ways in which to harden the Wild
Rivers internal network.
Answer:
Student answers should include the four network security features discussed in the text. These include:
 Authentication and encryption: Authentication involves making sure that only authorized users are
on the network. One authentication method is using domain-wide or directory services-based
logon authentication. This includes using user accounts, passwords, and security policies.
Encryption involves making data appear unintelligible when it is transmitted over a network. The
operating systems used by Wild Rivers all have encryption capabilities, such as encrypting
passwords when users log on.
 Firewalls: This is software or hardware (or both) that selectively allows or blocks access to a
network. Many operating systems also have firewalls that protect an individual computer.
 Topology: This involves designing networks to be secure. It includes determining where to place
systems and network devices, what communications media to use, and where to place firewalls.
 Monitoring: Operating systems generally come with tools that enable you to monitor that
operating system and even monitor the network. Monitoring enables you to determine what is
normal activity for a particular network, so it is easier to spot surreptitious activity, as well as
network problems.
9
© 2004 Course Technology and Michael Palmer. All rights reserved.
Related documents
Although\Therefore
Although\Therefore
The Negro Speaks of Rivers: Langston Hughes
The Negro Speaks of Rivers: Langston Hughes
Objective 2
Objective 2
to learn more about our work! - Midshore Riverkeeper Conservancy
to learn more about our work! - Midshore Riverkeeper Conservancy
The Great Fracking Indaba Pandora Schep
The Great Fracking Indaba Pandora Schep
Abstract
Abstract
Call of the Wild Post Reading Activities
Call of the Wild Post Reading Activities
Download