Term
In networking, any device with an IP address is a ___.
Consequently, the term host includes ___. |
|
Definition
host
Servers, clients routers firewalls and even many mobile phones |
|
|
Term
| What are some elements of host hardening? |
|
Definition
backup regularly
restrict physical access
install OS with secure configuration options
minimize number of applications
harden all remaining applications
download and install patches
manage users and groups
manage access permissions securely
ENCRYPT DATA IF APPROPRIATE
Add host firewall
READ OS LOGS REGULARLY
run vulnerability tests |
|
|
Term
| what is a security baseline? |
|
Definition
| it is a set of specific actions to be taken to harden all hosts of a particular type (windows, Mac OS) and of particular versions within each type (windows 7, 8, XP, etc) |
|
|
Term
|
Definition
| a full copy of an OS installation which includes having created a few secure software installations and having tested them extensively. |
|
|
Term
| what is a virtual disk image? |
|
Definition
| an image that can be independently deployed across a variety of hardware platforms using virtualization |
|
|
Term
|
Definition
| allows multiple operating systems, with their associated applications and data, to run independently on a single physical machine. These Virtual Machines run their own OS and share local system resources. |
|
|
Term
Describe the following virtualization analogies.
Bachelor pad
single family home
Hotel |
|
Definition
Bachelor Pad: one OS running on one physical computer
single family home: running multiple OS running on a single physical computer. RAM, CPU and hard drive space are all shared.
hotel:a stack of physical servers hosting tens, or hundreds, of virtual machines at the same time. |
|
|
Term
| What are some benefits of virtualization in host hardening? |
|
Definition
| allows SAs to create a single security baseline for each server within the organization |
|
|
Term
| IT employees who manage individual hosts or groups of hosts are called ___. What don't these people do in their scope of work? |
|
Definition
Systems Administrators
They generally don't administer the network |
|
|
Term
|
Definition
| A screen, keyboard and a connection to a mainframe |
|
|
Term
What part of the network is a frequent target of attack?
Why is this? |
|
Definition
Server Operating System.
Servers contain valuable data, are a critical part of corporate information systems and provide an excellent platform to launch attacks. |
|
|
Term
| What is microsoft's server OS? |
|
Definition
|
|
Term
| Most administrative tools in windows server come in the same general format called ___. |
|
Definition
| Microsoft Management Console (MMC) |
|
|
Term
| In the "Computer Management" section in the MMC, what is an important feature? |
|
Definition
| Snap-ins, which are individual applications on the tree pane |
|
|
Term
| ___ is a popular OS for the largest servers |
|
Definition
|
|
Term
| A company doesn't just purchase UNIX, it purchases ___ |
|
Definition
| a specific version of UNIX |
|
|
Term
|
Definition
|
|
Term
| Different versions of UNIX usually have ___ |
|
Definition
| different management tools, including security tools. |
|
|
Term
| Linux is only the OS kernel. What linux vendors offer are ___. What do those do? |
|
Definition
Distributions.
They combine the kernel with other software. |
|
|
Term
| Linux is a version of UNIX that runs on ___ |
|
Definition
|
|
Term
| many firms find Linux is rather ___ to administer, especially if ___. |
|
Definition
Exepensive
they have many distributions in use from multiple linux vendors |
|
|
Term
| Even within a specific version of UNIX, the OS may come with ___. |
|
Definition
| several alternative user interfaces |
|
|
Term
| Linux has two popular GUIs. What are they. |
|
Definition
|
|
Term
| UNIX calls command line interfaces ___ |
|
Definition
|
|
Term
| What is a positive of a CLI shell? |
|
Definition
| uses fewer systems resources than a GUI |
|
|
Term
| the ___ was one of the first popular shells. The current market leader is the ___. |
|
Definition
Bourne shell
Bourne Again Shell (BASH) |
|
|
Term
| ___ are security weaknesses that open a program to attack |
|
Definition
|
|
Term
| some vulnerability finders sell found vulnerabilities to hackers who develop ___. What are these? |
|
Definition
| exploits: programs that take advantage of vulnerabilities. |
|
|
Term
| what is a zero-day attack? |
|
Definition
| an attack that comes before fixes are released. |
|
|
Term
| When is the most dangerous period when fixes are released? |
|
Definition
| Right after. attackers reverse engineer the fix and attack non-patched systems. |
|
|
Term
| What are the four fixes and their descriptions? |
|
Definition
work around: manual actions to be taken, no new software. Labor intensive, expensive, error prone.
Patches: small programs that fix vulnerabilities.
Service Packs: collections of patches and improvements
Upgrading to a new version: vulnerabilities fixed in new versions, old versions not supported |
|
|
Term
| Why must SAs be cautions about enabling automatic updates on all windows computers? |
|
Definition
| it can cause substantial downtime of critical systems. |
|
|
Term
| What is, often times, the best fix to vulnerabilities? |
|
Definition
| upgrade to the newest version. Problems are corrected in newer versions and each version has better security. |
|
|
Term
| Do UNIX vendors all use the same patch download approach? |
|
Definition
|
|
Term
|
Definition
| the method Linux vendors distribute patches. |
|
|
Term
| What are some problems with patching? |
|
Definition
sheer number of patches (time from the security manager)
Cost of patch installation (finding and installing)
Prioritizing patches by priority (some get left out) |
|
|
Term
| ___ describes what software is running on the servers and then actively assess what programs need to be patched and execute the patch. |
|
Definition
|
|
Term
| What is windows Server Update Services (WSUS) |
|
Definition
| a service on Windows Server that manages patches, hotfixes and updates in corporate environments. |
|
|
Term
| What are some risks of installing patches? |
|
Definition
added security often comes at the cost of reduced functionality.
some patches freeze machines or do other damage. |
|
|
Term
| For stand alone windows servers, an administrator can tun to the ___ MMC and use the ___ snap-in to manage users and groups. |
|
Definition
computer management
local users and groups |
|
|
Term
what is a super user account?
what is it called for windows and UNIX? |
|
Definition
an account that has total control over the computer.
Windows = administrator
UNIX = Root |
|
|
Term
| Why should you assign security measures to groups? |
|
Definition
reduces labor costs compared to assigning measures to individual accounts.
assigning permissions to groups reduces errors
because group permissions are more obvious than individual permissions. |
|
|
Term
| What is one of the main goals of hackers? |
|
Definition
| to take over the super user account |
|
|
Term
| How do you limit using the super user account? what is the command for windows and UNIX? |
|
Definition
use it as little as possible.
Use the RunAs command
SU (Switch User) |
|
|
Term
| what are the two steps to appropriately use a super account? |
|
Definition
| log in as ordinary user switch to super user only when needed |
|
|
Term
| to each account and group, SAs assign ___. What does that do? |
|
Definition
permissions.
specify what the user/group can and cant do to files directories and sub directories. |
|
|
Term
| What are the six standard permissions in windows? |
|
Definition
Full control.
modify
read and execute
list folder contents
read
write |
|
|
Term
| what does inheritance mean? |
|
Definition
| a directory receives permissions from the parent directory. |
|
|
Term
| How many permissions are in the advanced button on the security tab in windows? |
|
Definition
|
|
Term
| How many user/group permissions does UNIX have? What are they |
|
Definition
3
read (read only)
write (make changes)
Execute (for programs) |
|
|
Term
| What is one of the most effective ways of hardening a host? What are some basic guidelines for this? |
|
Definition
strong passwords
8 characters long
at least 1 change of case, not at the start
at least one digit, not at the end
at least one non-alphanumeric character, not at the end. |
|
|
Term
| What does windows and LINUX use for hashing? |
|
Definition
windows 7 = NTLM
Linux = DES, MD5, Blowfish or SHA |
|
|
Term
| the ___ separates password hashes from other user information and restricts access so only super users can access the file. |
|
Definition
|
|
Term
| stealing the ___ from a remote computer can be ___. |
|
Definition
password hashes
a substantial obstacle |
|
|
Term
| what are the four password cracking techniques? |
|
Definition
brute force guessing
dictionary attacks
hybrid dictionary attacks
rainbow tables |
|
|
Term
| Can dictionary attacks search for multiword combinations? |
|
Definition
|
|
Term
| ___ try simple modifications of common words contained in a dictionary file. These predefined modifications are called ___. |
|
Definition
hybrid dictionary attack
mangling rules |
|
|
Term
|
Definition
| a list of pre-computed password hashes that are indexed. |
|
|
Term
| what is a time-memory trade-off? |
|
Definition
| more memory is used to store pre-computed password hashes, but the time it takes to crack a password is reduced |
|
|
Term
| what are some other password threats? |
|
Definition
keystroke capture (physical key logger) and password stealing programs
shoulder surfing |
|
|
Term
| Windows Xp service pack 2 indtroduced the ___ to give the user a quick status check of the PCs main security posture settings. Windows 7 replaced this with ___ |
|
Definition
windows security center
windows action center |
|
|
Term
| In order to adequately harden a client PC, it is important that each of the following security components are enabled |
|
Definition
Windows Firewall
Windows update
virus protection
spyware protection
internet security settings
user account control
network access protection |
|
|
Term
| What type of firewall was introduced with XP service pack 2? |
|
Definition
| stateful packet inspection |
|
|
Term
| due to the short time between the release of patches and widespread use of exploits that take advantage of patched vulnerabilities, what is the only thing that makes sense in large corporations? |
|
Definition
| completely automatic operation (automatic updates) |
|
|
Term
| what are some ways that antivirus is made ineffective? |
|
Definition
user turns off the antivirus
user turns off automatic downloads for new signatures
computer is off during updates
user may not pay the annual fee |
|
|
Term
| ___ provide an audit trail for system events? |
|
Definition
|
|
Term
| What are some threats to laptops? |
|
Definition
loss/theft
loss of capital investment
loss of data that were not backed up
loss of trade secrets
loss of private information leading to lawsuits |
|
|
Term
| what are four good policies for sensitive data for mobile devices. Name the devices it should apply to. |
|
Definition
limit what sensitive data can be stored on a mobile PC
encrypt all mobile computers, regardless of sensitive information
protect them with strong passwords or biometrics
audit the first three policies.
USB RAM, MP3, phones, notebook disk drive |
|
|
Term
| what does computer recovery software accomplish? |
|
Definition
| allows the recovery of some lost or stolen notebooks. When it is connected to the internet, the software reports its IP address to a recovery company |
|
|
Term
| ___ focuses primarily on controlling initial access to the network |
|
Definition
| network access control (NAC) |
|
|
Term
|
Definition
| it queries the PC for information in windows security center/action center. this ensures that the PC has automated updating installed and has up to date antivirus program, etc. |
|
|
Term
| what happens if a client PC fails the initial NAC inspection? |
|
Definition
1. the NAC can forbid access to the network
2. More commonly, the user is given access to a single remediation server. |
|
|
Term
| Most NACs also monitor ___, after the initial health check. |
|
Definition
|
|
