.04 RG Vocab system security - linux

Question 1

Source code

Answer 1

Programming code in text format compiled into software you can run

Question 2

GNU

Answer 2

Not UNIX; recognized as the start of the Open-Source Movement in 1983. GNU
software is included with the Linux kernel in the form of distribution or distros.

Question 3

Linux

Answer 3

Operating system kernel released in 1991 named after Linus Torvalds

Question 4

Open source

Answer 4

Describes software that allows the end user to have access to the source
code and the freedom to change and implement that software based on a less restrictive
license than closed-source software. Examples: GNU Core Utilities, Linux, FreeBSD

Question 5

Closed source

Answer 5

Describes software that gives the end user little to no access to the source
code and limited freedom to change and implement that software based on a very restrictive
license compared to open-source licenses. Examples: Microsoft, UNIX, IBM z/OS

Question 6

Linux kernel

Answer 6

A foundational Linux component responsible for the low-level interface
between an operating system and hardware

Question 7

Bootloader

Answer 7

Code run by a computer after it starts. The bootloader can then be pointed to
the Linux kernel on storage/disk to start the Linux kernel (i.e., bootstrapping).

Question 8

Drivers

Answer 8

Software that makes computer devices available for use by applications. File system
drivers “present” the filesystem to applications that save files.

Question 9

Network

Answer 9

Allows applications to communicate from a computer to other computers over
wired (Ethernet) and wireless networks (IEEE 802.11)

Question 10

Linux Security Modules (LSM)

Answer 10

Primarily designed as enhanced access control
mechanisms called mandatory access control (MAC); includes AppArmor, SELinux, Smack,
and TOMOYO. Do not confuse this MAC with the layer 2 media access control addresses in
Ethernet.

Question 11

Processes, instances, and threads

Answer 11

Hardware resources and “time” to run (i.e., an
instance) allocated by an operating system when code is run. This process can perform
multiple activities, which are known as threads.

Question 12

Sessions

Answer 12

Consists of a group of processes. When users log in, applications and services
(known as daemons) are instantiated and grouped into process groups.

Question 13

tty, pty

Answer 13

Teletype and pseudo-teletype; terminal types used for interactive CLI and GUI
applications

Question 14

Service (daemon)

Answer 14

A process that involves no interaction with a user

Question 15

Applications

Answer 15

Any process that the user can interact with

Question 16

Password

Answer 16

A series of characters known by a user and used in conjunction with user
accounts to assure a user’s identity

Question 17

Login prompt

Answer 17

Triggers applications and services (daemons) to instantiate and group into
process groups when a user logs in

Question 18

Command-line interface (CLI)

Answer 18

A user interface that allows for typing commands within a
Linux system; starts on bootup or launches from the graphical user interface (GUI) via the
terminal emulator application

Question 19

Graphical user interface (GUI)

Answer 19

A user interface that provides interaction with a windowed
environment to launch applications with a pointing device (e.g., a mouse); generally starts on
bootup

Question 20

GNU Core Utilities (coreutils)

Answer 20

A foundational Linux component that provides common
commands integrated with the command-line interface (CLI). The coreutils package contains
many common commands that include but are not limited to ls, mv, cp, touch, cat, and pwd.

Question 21

X server

Answer 21

A foundational Linux distro component that provides a graphical user interface
(GUI)

Question 22

Package management

Answer 22

A foundational component that provides software and service
installation, updates, and removal

Question 23

Client

Answer 23

Requests resources or services from a server

Question 24

Server

Answer 24

Provides resources or services for a client

Question 25

Protocols

Answer 25

Used by computer systems to agree on how to communicate with one another
over a network

Question 26

Vulnerabilities

Answer 26

Weakness in software or a system

Question 27

Threats

Answer 27

Actor that seeks to exploit vulnerabilities

Question 28

Exploits

Answer 28

An action taken by an actor to compromise a system by using vulnerabilities

Question 29

Ransomware

Answer 29

Malware used to deprive organizations of access to their information until
they pay a ransom

Question 30

Bot

Answer 30

A system infected by malware that allows for remote command and control (C&C) of the
infected systems

Question 31

C&C

Answer 31

Command and control or C2; refers to systems that control already infected systems
(bots) to launch various attacks (e.g., a DDoS or a coin-mining operation)

Question 32

Worms

Answer 32

Malware that propagates by detecting other systems on a network with specific
vulnerabilities and then by replicating its code on the system to exploit those vulnerabilities

Question 33

Shellshock

Answer 33

A vulnerability that existed for 30 years before being noticed in 2014; remains
an enterprise threat. Shellshock exploits a BASH vulnerability to provide an attacker with
elevated privileges that they would not have otherwise.

Question 34

Distributed Denial of Service (DDoS)

Answer 34

An attack that uses C&C and bots to send traffic to
systems that overwhelm those systems

Question 35

Kali Linux

Answer 35

A popular Linux distro that includes many useful security tools

Question 36

hashcat

Answer 36

An advanced password recovery utility that can determine the strength of
passwords based on the amount of time it takes to crack the password

Question 37

Endpoint security

Answer 37

Security controls installed on endpoint systems, such as computers

Question 38

ClamAV

Answer 38

A toolkit and malware detection engine that can quickly scan files

Question 39

Firewall

Answer 39

A system or device that has configurable rules that protect systems from other
hosts on the network

Question 40

iptables

Answer 40

A firewall software package for Linux systems

Question 41

DDoS mitigation

Answer 41

The people, processes, and technology involved in thwarting a DDoS
attack

Question 42

Hardening

Answer 42

An all-encompassing term that describes tools, controls, and processes used to
increase infrastructure security

Question 43

User configuration

Answer 43

Proper password rules and user setup, which are critical to server
security and required in modern server software

Question 44

Business requirements

Answer 44

The processes, assets, people, and practices that are necessary
for a business to operate and that must be considered when assessing security updates

Question 45

“Over hardening”

Answer 45

Occurs when the application of security controls impacts the ability of
users to work on a system (i.e., availability is impacted)

Question 46

“Under hardening”

Answer 46

Occurs when there are insufficient security controls in place to address
risks identified in the risk management process

Question 47

Access control

Answer 47

A security control that endeavors to limit access to individuals who need
permission to obtain specific information

Question 48

Baselining

Answer 48

A standard set of security configurations applied to a set of similar systems in an
organization

Question 49

Security controls

Answer 49

Any administrative, technological, or physical controls used to implement
proper security

Question 50

Host firewall

Answer 50

A generic term for a firewall installed on a host system. Example:
iptables/nftables

Question 51

Patching

Answer 51

Software updates that remediate security vulnerabilities

Question 52

Center for Internet Security (CIS) Benchmarks

Answer 52

Industry practice security configurations.
Three profiles are available: Level 1, Level 2, and STIG. Each profile addresses specific
organizational and system risks that find the right hardening balance.