Guide to Operating Systems Security

0-619-16040-3

Guide to Operating Systems Security

Chapter 1 Solutions

Answers to the Chapter 1 Review Questions

  1. What type of port might be involved in a port-scanning attack?

Answer: b. TCP

2.  Which of the following operating systems enable you to configure a firewall? (Choose all that apply.)

Answer: a., b., c., and d.

  1. Failing to configure an operating system to require that passwords be changed regularly is an example of which of the following?

Answer: a. human factor

  1. Which of the following are examples of wireless security measures? (Choose all that apply.)

Answer: c. 802.1x security

  1. The core code of an operating system is the operating system ______.

Answer: b. kernel

  1. Your server operators believe that someone has attempted to remotely access one of the Windows 2003 servers in the computer room. Which of the following might you do? (Choose all that apply.)

Answer: a., c., and d.

  1. One reason why an attacker scans ports is to ______.

Answer: c. access an open or unused service

  1. You have received an e-mail from a friend that contains a forwarded message warning of a virus in a file that is found in the operating system folder of your computer. If it does not truly contain a virus then this is a example of ______?

Answer: d. a virus hoax

  1. Which of the following are common security options in a computer's BIOS? (Choose all that apply.)

Answer: a. and c.

  1. The components of an operating system that manage computer memory and use of the CPU are the ______.

Answer: d. resource managers

  1. Ganda is an example of which of the following? (Choose all that apply.)

Answer: b. and c.

  1. A denial of service attack might be intended to stop which of the following communications services? (Choose all that apply.)

Answer: a. and b.

  1. The ______started the Global Information Assurance Certification Program

Answer: a. SANS Institute

  1. The ______command in Linux is used to stop a process.

Answer: b. kill

  1. A ______attack is one type of attack that has been used to go through a network address translation device

Answer: d. source routing

  1. Your organization has a problem in that many users employ short passwords between two and four letters long. What can you do to address this security risk? (Choose all that apply.)

Answer: a., c., and d.

  1. Which operating system security measure enables you to protect data in the event of a destructive virus or a damaged spot on a disk drive.

Answer: c. backups

  1. Call-back is an example of ______security.

Answer: d. remote access

  1. Which of the following are examples of port scanning programs? (Choose all that apply.)

Answer: c. and d.

  1. A ______creates new files rather than infecting existing files.

Answer: a. worm

Hands-On Projects Tips and Solutions for Chapter 1

Project 1-1

In this project, students get their first glimpse of operating system security by examining the BIOS setup.

In Step 3, students should determine the password security available in the BIOS, such as:

§  Password for a disk drive

§  Password to boot into the computer

§  Password to configure the BIOS setup

§  Password to prevent reconfiguration of the BIOS setup

§  Password to require booting only from a diskette

Project 1-2

This project enables students view where to stop a service in Windows 2000, Windows XP Professional, or Windows Server 2003.

In Step 4, students should report whether or not the service is stopped. Also, they should note that the Stop button is used to stop a service.

Project 1-3

In this project, students learn how to view the processes that are currently running in Red Hat Linux 9.x and then they learn how to stop a process. The process that they stop is the top process, which they are instructed to start before listing the processes.

In Step 4, students should discover there are a number of processes running, including the top process.

Project 1-4

.

This project enables students to learn how to determine which NLMs are loaded in NetWare and they learn to unload the REMOTE.NLM to prevent a remote workstation from accessing the server console.

In Step 1, some example modules that students might see include:

§  REMOTE.NLM

§  RSPX.NLM

§  RS232.NLM

§  NWCONFIG.NLM

§  CDROM.NLM

§  MONITOR.NLM

§  RCONAG6.NLM

§  SCRSAVER

§  VREPAIR.NLM

§  DSREPAIR


Project 1-5

In this project students view where to start and stop a sharing service in Mac OS X.

In Step 2, the services that students can start and stop include:

§  Personal File Sharing

§  Windows File Sharing

§  Personal Web Sharing

§  Remote Login

§  FTP Access

§  Remote Apple Events

§  Printer Sharing

Project 1-6

In this activity, students view where to configure ownership and the user access control list for the Documents folder in Mac OS X. If students are unfamiliar with expanding a box, consider demonstrating in class how to click the arrow to open or close information for display.

Project 1-7

In this project, students learn how to check the status of and to disable Remote Assistance and Remote Desktop in Windows XP Professional. You might note in class that the steps are very similar for the same process in Windows Server 2003. Also, consider holding a class discussion about the pros and cons of using these types of utilities.

Project 1-8

In this project, students view the option to configure 802.1x security for wired and wireless communications in Windows XP and Windows Server 2003.

In Step 3, the documentation notes that port-based access control is in use and credentials including smart cards, certificates, and passwords can be employed.


Project 1-9

This project gives students an opportunity to view the Mac OS X help documentation on security topics.

In Step 3, the topics included at this writing are:

§  Changing security for your keychain

§  Identifying safe websites for new Sherlock channels

§  Keeping network computers secure

§  Creating a keychain

§  Securing your computer

§  Using your keychain on a different computer

§  Adding channels to Sherlock

§  Entering an administrator user name and password

§  Changing your keychain password

§  Subscribing to Sherlock channel services

§  Using a keychain to store passwords and other sensitive information

§  Adding items to your keychain

§  Point-to-Point Tunneling Protocol

§  Configuring the base station over the WAN port

§  Creating a closed network

§  How can I protect my network from denial-of-service attacks?

§  Password-protecting your wireless network

§  How do I set up a Computer -to-Computer network?

§  New features in Airport


Solutions to the Case Project Assignments

One of the best ways to learn is through experiencing different situations that require security analysis or implementation. At the end of each chapter you have the opportunity to apply your newly gained knowledge to a range of small- to large-sized fictitious organizations through the use of case projects and in the role of an employee for a consulting firm. The advantage of using the role of a consultant is that you will experience situations in many different kinds of organizations with different kinds of computer users.

Your role is as a consultant for Aspen IT Services. Aspen IT Services provides consulting services throughout the United States and Canada, specializing in security for operating systems and networks. Aspen's clients range in size from small single offices to large enterprise networks. Its customers are businesses, corporations, schools, colleges, universities, and government agencies.

Your assignment this week is to work with Wild Rivers, which is a company that manufactures canoes and kayaks for recreational use. Wild Rivers is developing a newly designed canoe, code named golden trout, that works equally well in fast white water and on calm lakes and rivers. It is made with a specialized material created by Wild Rivers, which has not yet been patented. The business, research, and manufacturing activities of the company take place in a large industrial building that is fully networked and is connect to the Internet by a high-speed connection. The company has a Web server that is a principle source of orders from both sporting goods outlets and individual customers. The Web server is available 24 hours a day, seven days a week. On their internal network, they use NetWare 6.x and Windows 2003 servers. The client computers are a combination of Windows XP Professional, Red Hat Linux 9.0, and Mac OS X computers. Wild Rivers is hiring you to consult on their security needs.

Case Project 1-1: The Need for Security

Wild Rivers has always been a family-run company with a family atmosphere. However, one of the recommendations after the last financial audit was to implement security on all of the client and server systems. The company president is not convinced of the need for security and in fact still does not lock his home at night. Create a report for the president explaining why his company needs to implement security on the client and server systems as well as on the network.

Answer:

There is an immediate need to protect information and resources on the servers and client computers at Wild Rivers. This is particularly true because the company is developing a new canoe that seems destined to have success on the market. They also have accounting, sales, human resources, and other sensitive data that needs to be protected. If someone compromises their systems, the losses could be significant. Compromised or lost accounting data could destroy the company. An intrusion into the human resources or customer data may have legal ramifications. For a company like Wild Rivers that has a public Internet presence, it makes no sense to have lax or no security.

Retaining the privacy of employees is another must for this company. If Wild Rivers issues a privacy statement, then they need to back it up with security measures to guarantee that the information in their systems about people and companies is not compromised. If an attacker obtains social security or credit card information, this will put the company at risk of losing business and being sued.

Wild Rivers is likely to have many workflow processes that rely on their client and server computers. An interruption in workflow processes, such as in the automated processing of orders, could be expensive for the company.

Because Wild Rivers has a Web server on which they do business, having little or no security is extremely risky and leaves the Web server open to attack. Part of advertising that the Web servers are available 24 hours a day, seven days a week involves taking steps to ensure that they can meet this commitment. E-commerce Web servers are subject to all kinds of attacks, such as denial of service.

Case Project 1-1: The Need for Security (cont.)

As part of a security plan, Wild Rivers should purchase hardware systems, software, and operating systems that have tested security features. Also, it is important to continually upgrade systems as patches and service packs are issued, as a way to fix security bugs and to have new security features.

In terms of human factors, it is important to train novice and experienced users in security. One place to start is in strong password security. Another place is to train network and server administrators so they fully understand the security features of their systems and how to effectively use them for the company’s particular needs. The dollars spent in training will likely be quickly recovered through better security.

Case Project 1-2: Securing Servers

One of the NetWare servers contains all of the top secret research information about the new canoe design for project golden trout. Word about the promise of this design has already reached other canoe manufacturers, and one of the Wild Rivers' design engineers has already noticed that a document has been accessed, through observing the dates associated with that document. Wild Rivers asks you to prepare a list of recommendations for securing this server in particular.

Answer:

The NetWare administrator and users of the server containing the project golden trout documents should immediately review how directory and file security is set up, particularly in the areas where there are top-secret files. After the review, they should close security holes in directory and file security by making certain that only authorized users have access and that the access of each user is governed by what the user needs to do with the information.

Also, security policies governing passwords should be implemented, to ensure that users of that system have passwords that meet minimum requirements, such as length requirements, and requiring users to regularly change their passwords.

If there are shared directories and files, the security should be reviewed on these and tightened as necessary. Only authorized users should have access to shared folders and files.

Remote access of the NetWare server, such as from modems or other remote access network services, should be reviewed. On this server, it may be good policy to close all remote access avenues, including use of REMOTE.NLM.

There should be a solid disaster recovery plan for this NetWare server, particularly in terms of taking regular backups and storing a copy of the backups in an offsite location.


Case Project 1-3: Web Server Problem

The HTTP services on the Windows Server 2003, Web Edition server used for the company's Web site are going down two or three times a month and no one knows why. Sometimes this results in the need to reboot the server, which means lost of revenue while the server is down. In terms of troubleshooting this problem from the perspective of security, create a short briefing about what you would investigate.

Answer:

If there is no identifiable hardware problem, then this situation may be related to an attack, such as a denial of service or other form of a spoofing attack. An attack could also be related to port scanning for services to exploit or attack on the server. Some immediate steps that Wild Rivers might take are:

§  Install any outstanding upgrades or service packs for the operating system.

§  Use monitoring tools on the server and for the network to monitor who is accessing the server.