Guide to Operating Systems Security

0-619-16040-3

Guide to Operating Systems Security

Chapter 2 Solutions

Answers to the Chapter 2 Review Questions

  1. The Melissa virus was transported by ______.

Answer: c. e-mail

2.  Which of the following are used for updates in Windows XP Professional? (Choose all that apply.)

Answer: b. Windows Update

  1. A Windows Server 2003 server administrator, whom you know from another firm, is complaining about a virus that was installed on one of his firm’s servers from a device driver file that the server administrator downloaded from a freeware Internet site. What steps could that server administrator have taken to avoid getting a virus in this way? (Choose all that apply.)

Answer: a. both a and c

  1. You can use an emergency repair disk in ______.

Answer: a. Windows 2000

  1. The ______mode in Mac OS X enables you to view operating system files as they load.

Answer: d. verbose

  1. Which of the following is used by the Linux.Millen.Worm and the Code Red worms? (Choose all that apply.)

Answer: c. buffer overflow

  1. A server operator in your organization is planning to do a quick virus scan of a NetWare server before releasing the server for daily use, just after completing the overnight backups. She does not have much time and wants to do a fast virus scan only on executable files. Which of the following files are examples of executable files she should scan? (Choose all that apply.)

Answer: a., c., and d.

  1. Your Red Hat Linux 9.x system will not boot, and you decide to replace the MBR. What mode can you use to boot the system in order to replace the MBR?

Answer: b. rescue mode

  1. An employee in your company obtained a Microsoft Word XP template from a friend in another company and has distributed that template to other users. You have used a virus scanner on the template and found that it contains a virus. What should you do next?

Answer: d. Have users disable macros in Word XP

  1. Which of the following are steps you can take to protect a system from malicious software? (Choose all that apply.)

Answer: a., b., c., and d.

  1. Which of the following is not true of a service pack from Microsoft?

Answer: a. Only one service pack is issued at a time and there are options in that service pack so that it can be applied to any Microsoft operating system.

  1. On what menu in Windows Server 2003 can you access the Enable Boot Logging option?

Answer: d. Advanced Options menu when you boot the system

  1. Which of the following should you look for in a malicious software scanning tool? (Choose all that apply.)

Answer: a., b., c., and d.

  1. Where is the MBR found on a Red Hat Linux system?

Answer: a. boot or partition sector of a hard disk

  1. When a virus infects the boot sector of a hard disk, ______.

Answer: b. it is common that disks placed in the floppy drive may become infected, too

  1. Well-known vulnerabilities to malicious software exist in which of the following systems? (Choose all that apply.)

Answer: c. and d.

  1. Which of the following is an example of a NetWare 6.x file that may commonly house a virus?

Answer: c. startup.ncf

  1. Which of the following is an example of a Mac OS X folder that contains items that are commonly targeted by a virus?

Answer: b. Startupitems folder

  1. Which of the following is an example of a Red Hat Linux file that can be a target of a virus?

Answer: d. inittab

  1. The Simpsons AppleScript virus ______.

Answer: a. is a Trojan horse sent with an e-mail message

  1. As server administrator, you are the backup person for the SQL Server database administrator, who has informed you that the SQL Administrator account uses the password sa. Is the SQL Server at any risk with this password?

Answer: c. Yes, because the Digispid.B.Worm targets SQL Server systems that have this password.

  1. How do you check for updates available in Red Hat Linux 9.x?

Answer: b. Click the exclamation point icon in the Panel

  1. Which of the following systems use an Automated System Recovery set? (Choose all that apply.)

Answer: c. Windows Server 2003

  1. Which Trojan horse alters a system folder in Windows XP?

Answer: d. Backdoor.Egghead

  1. A major update in NetWare 6.x is performed through ______.

Answer: a. consolidated support packs


Hands-On Projects Tips and Solutions for Chapter 2

Project 2-1

For this project, students use the Cert Coordination Center to learn more about viruses.

In Step 3, at this writing there are 317 matches found for a search on virus.

Project 2-2

This project enables students to practice accessing the Windows registry with the Registry Editor.

In Step 3, the subkeys under HKEY_LOCAL_MACHINE are:

§  HARDWARE

§  SAM

§  SECURITY

§  SOFTWARE

§  SYSTEM

Project 2-3

In this project, students practice viewing the /etc/inittab file in Red Hat Linux 9.x.

In Step 5, students should note that a new window opens for the Emacs editor, which displays the contents of the /etc/inittab file.

Remind students not to make any changes to the /etc/inittab file and to exit properly.

Project 2-4

In this activity, students learn how to access the recovery console in Windows 2000 Server or Windows Server 2003. They will need access to the Windows 2000 Server setup floppy disks or the Windows 2000 Server or Windows Server 2003 installation CD-ROM.

In Step 4, students should report seeing a character-based screen and a prompt at which to type command-line commands.

In Step 5, after students type help and press Enter they will see a list of commands that can be used in the recovery console.

In Step 6, students see an explanation of the fixmbr command, which has an optional parameter to specify the device.

In Step 7, students see an explanation of the fixboot command.


Project 2-5

This project enables students to access the Red Hat Linux rescue mode.

In Step 2, students should report seeing the boot: __ prompt.

In Step 3, a minimal operating system is loaded from CD-ROM.

In Step 6, there is an option to mount the file systems as read-only, which is accomplished by using the tab key to select the Read-Only option.

In Step 8, to make the system run in the root environment, students learn that they can enter the command: chroot /mnt/sysimag

Project 2-6

In this project, students learn how to configure macro security in Microsoft Word XP. In conjunction with this project, consider holding a class discussion about different ways to educate users about employing security options that come with software.

In Step 5, high security means that macros are used only for digitally signed documents. In medium security, macros are disabled by default, but the user can select to disable macros for documents they believe to be from a trusted source. In low security, macros are enabled.

Project 2-7

.

This project enables students use the Automatic Updates Setup Wizard in Windows Server 2003.

In Step 5, the options students should report seeing are:

§  Every day

§  Every Sunday

§  Every Monday

§  Every Tuesday

§  Every Wednesday

§  Every Thursday

§  Every Friday

§  Every Saturday

Also, students should note that to configure updates to go automatically every Wednesday at 9 p.m. they would set the day of the week parameter to Every Wednesday and then set the time parameter to 9 p.m.

Project 2-8

In this project students learn how to use the Red Hat Network Alert Notification Tool.

In Step 2, students should record the number of updates available to be installed.

In Step 7, students should notice and record the amount of disk space required for the packages, which is shown near the bottom of the window.


Project 2-9

This project enables students to learn how to use the Software Update tool in Mac OS X.

In Step 3, the options are:

§  Daily

§  Weekly

§  Monthly

In Step 4, students should report the number of updates already installed.

In Step 6, students should note if any of the updates relate to security. Often they will see security updates, but not always.

Project 2-10

This project gives students an opportunity to boot into the Safe Mode in Windows 2000, Windows XP Professional, or Windows Server 2003.

In Step 4, students should report seeing the files that are loaded as the system boots up.

In Step 6, the desktop appears with a black background, no wallpaper, and large print.

Project 2-11

In this project, students boot using the Mac OS X verbose mode. If they have trouble booting into this mode, make sure that they are holding down the Command and v keys as soon as the system starts until they begin to see text on the screen.

In Step 2, students should see a black screen and lines of text showing what is being loaded as the system boots.

Project 2-12

Students use this project to learn how to configure driver signing in Windows 2000, Windows XP Professional, or Windows Server 2003.

In Step 3, the options students see in Windows XP Professional and Windows Server 2003 (the same options appear in Windows 2000, but the wording of the explanations for each is slightly different) are:

§  Ignore - Install the software anyway and don’t ask for my approval

§  Warn - Prompt me each time to choose an action

§  Block - Never install unsigned driver software.


Solutions to the Case Project Assignments

Nishida and McCormick is a large law firm that has hired you, through Aspen IT Services, to help with security and to train their new server and network administrator Jim Vialpondo. The former network administrator left suddenly and Jim, who was the PC support consultant has been promoted to this position. The main office houses 92 users and has two Red Hat Linux 9.0 servers, one Windows Server 2003 file and print server, a Windows 2000 server used for a Web site, and one NetWare 6.0 server. The firm has a satellite office 128 miles away from the main office that has 62 users on a Red Hat Linux 9.0 server. The attorneys and support staff and both locations primarily use Windows XP Professional, but there are also 12 Mac OS X users.

Case Project 2-1: Training the New Server and Network Administrator

The Computing Services Department director asks you to train the new server and network administrator about malicious software by discussing the ways in which the following can spread in both workstation and server systems:

§  Viruses

§  Worms

§  Trojan horses

Create a short study paper that the server and network administrator can use as a reference.

Answer:

Some typical ways in which a virus or other malicious software can spread include:

§  Boot or partition sector—which infects the boot or partition sector of a system, which is at the beginning of a disk. Sometimes this type of infection continues to spread by infecting floppy disks that are then taken to other computers.

§  File infector—which appends to program files, including system files.

§  Macro—infects macro files, which are instruction set files often used with word processors, spreadsheets, and other software. A macro in a template can be infected and continue infecting all systems using that template or a document using the template.

§  Multipartite—infects systems through a combination of ways, such as by using a file infector and a macro.

Worms may spread using a buffer overflow or by being sent as an e-mail attachment.

Trojan horses spread as e-mail attachments or when users want to share via floppy disk Trojan horse programs that appear to be harmless.

It is wise to caution users not to run programs that are not from a trusted source.


Case Project 2-2: A Malicious Macro

The administrative assistant to one of the managing partners has brought in a Word XP macro containing a virus. The macro spread from his home computer to a document on a floppy disk that he was working on at home and then used at work. What steps should be taken to keep the virus in the macro from spreading to other areas of the network?

Answer:

Several steps can be taken to prevent the spread of a macro containing a virus. First, the original user should not share this document with anyone else or let anyone else open it. Nor should the user open the document, until it is cleaned and verified by a scanner. Also, it is important that the document not be placed on a server or shared drive. If necessary, the administrative assistant’s computer might be disconnected from the network, until it is checked. Another step is to destroy the floppy disk containing the document.

A malicious software scanner should be used to find and clean the macro virus from the system of the original user. This should also be done on the user’s home computer.

Additionally, the use of macros should be disabled in Word XP or set to “high” on all computers in the firm and on the administrative assistant’s home computer.

Further, the firm should establish clear policies about taking files home and bringing them back to work. If users need to work at home, the firm might purchase scanning software for those users.