11) Operating System Security Flashcards
What type of OS hardening is the following action:
All user IDs are password protected and were changed when setting up the computer.
Alter default accounts
What type of OS hardening is the following action:
Admin and Administrator usernames are changed
Alter default accounts
What type of OS hardening is the following action:
Regular user IDs do not have the ability to install software.
Apply the principle of least privilege
What type of OS hardening is the following action:
Never connect a new computer to the corporate network unless patches have already installed.
Perform updates
What type of OS hardening is the following action:
Knowing what ports are open is useful to complete this hardening task.
Remove all unessential services
What type of OS hardening is the following action:
The database server is stripped down except for mySQL.
Remove all unnecessary software
What type of OS hardening is the following action:
The trail of significant OS events are placed on the hard drive.
Turn on logging and auditing
(T/F) Executable space protection is a software technology implemented by operating systems to stop attacks using the same techniques used in malware.
False
Executable space protection requires two components to function: a hardware component and a software component. Both AMD and Intel CPU chips manufacturers support the hardware and many operating systems support the software required.
This type of host-based software may communicate with the management device by sending regular beacons.
HIDS
HIDS is a type of host-based software that may communicate with the management device by sending regular beacons. What does HIDS stand for?
Host intrusion detection system
What type of security tool is the following:
Metasploit
Exploit Framework
What type of security tool is the following:
CANVAS
Exploit Framework
What type of security tool is the following:
Nmap
Scanner
What type of security tool is the following:
Nesus
Vulnerability Assessment Tool
The process of reducing the number of available avenues through which our operating system might be attacked.
Operating system hardening
The total of the areas through which our operating system might be attacked.
Attack surface
A principle that states we should only allow a party the absolute minimum permission needed for it to carry out its function.
The principle of least privilege
A particularly complex and impactful item of malware that targeted the SCADA systems that run various industrial processes; this piece of malware raised the bar for malware from largely being a virtual-based attack to actually being physically destructive.
Stuxnet
Stuxnet is a particularly complex and impactful item of malware that targeted the SCADA systems that run various industrial processes. What does SCADA stand for?
Supervisory Control and Data Acquisition
A type of tool that uses signature matching or anomaly detection to detect malware threats, either in real-time or by performing scans of files and processes.
Anti-malware tool
The process of anomaly detection used by anti-malware tools to detect malware without signatures.
Heuristics
A hardware/software-based technology that prevents certain portions of the memory used by the operating system and applications from being used to execute code.
Executable space protection
The act of inputting more data than an application is expecting from a particular input, creating the possibility of executing commands by specifically crafting the excess data.
Buffer overflow attack
A security method that involves shifting the contents of memory around to make tampering difficult.
ASLR
An ASLR is a security method that involves shifting the contents of memory around to make tampering difficult. What does ASLR stand for?
Address space layout randomization
This type of firewall generally contains a subset of the features on a large firewall application, but is often capable of similar packet filtering and stateful packet inspection activities.
Software firewall
A system used to analyze the activities on or directed at the network interface of a particular host.
HIDS
A HIDS is a system used to analyze the activities on or directed at the network interface of a particular host. What does HIDS stand for?
Host intrusion detection system
A type of tool that can detect various security flaws when examining hosts.
Scanner
A tool that is aimed specifically at the task of finding and reporting network services on hosts that have known vulnerabilites.
Vulnerability assessment tool
A well-known vulnerability assessment tool (it also includes a port scanner)
Nessus
A group of tools that can include network mapping tools, sniffers, and exploits.
Exploit framework
Small bits of software that take advantage of flaws in other software or applications in order to cause them to behave in ways that were not intended by their creators.
Exploits
The total of the available avenues through which our operating system might be attacked.
Attack surface
What security strategy best protects an operating system from buffer overflow attacks?
a) Implement anti-malware tools
b) Apply software updates
c) Implement executable space protection
d) Install a host intrusion detection system
c) Implement executable space protection
Which well-known tool is a scanner with a large and broad set of functionality?
a) Nmap
b) Hping3
c) NetStumbler
d) Metasploit
e) Stuxnet
a) Nmap
Which tool is a well-known vulnerability assessment tool that also includes a port scanner?
a) NetStumbler
b) Metasploit
c) Nessus
d) Immunity CANVAS
c) Nessus
Small bits of software that take advantage of flaws in other software or application to cause them to behave in ways that were not intended by their creators.
Exploits