6.1 Operating System Security

Question 1

What does address space layout randomization do?

Answer 1

A technique an OS uses to shift memory in use around so tampering with it is more difficult.

Question 2

What is an exploit framework?

Answer 2

A collection of prepacked exploits and tools such as network mapping tools and sniffers - can be used to asses vulnerability of own network.

Question 3

What is the difference between a port scanner and a vulnerability assessment tool?

Answer 3

Scanners detects flaws in the host, ie - Nmap looks for open ports - Vulnerability tool looks for the actual network services running on the host. OpenVAS

Question 4

Explain the concept of an attack surface.

Answer 4

The sum of the areas that an OS could be attacked.

Question 5

Why might you want a firewall on your host if one already exists on the network?

Answer 5

Adds an extra layer of security - will packet filter and stateful packet inspection -

Question 6

What is operating system hardening?

Answer 6

Configuring the OS for enhanced security; OS hardening reduces attack surface by decreasing available avenues for attacks.

Question 7

What is the XD bit, and why do you use it?

Answer 7

XD (Execute Disable Bit) is Intel’s version of Executable Space Protection. (AMD calls it Enhance Virus Protection)

Question 8

What does executable space protection do for you?

Answer 8

Prevents OS and applications from using parts of the memory to execute code and thwart an attack from hijacking.

Question 9

How does the principle of least privilege apply to operating system hardening?

Answer 9

Makes system more secure. If attacker gets access to members account with least privilege (just enough to do their job) little can be done. If the client has a ton of privilege they have the keys to the system.

Question 10

Download Nmap from https://www.nmap.org and install it. Conduct a basic scan of scanme.nmap.org using either the Zenmap GUI or the command line (nmap <ip> is a good place to start). What ports can you find open?</ip>

Answer 10

several

Question 11

Operating system security includes securing the operating system (OS) to prevent what?

Answer 11

unauthorized access and reduce vulnerabilities.

Question 12

Name the five steps to harden an OS:

Answer 12

1. remove unnecessary software/services,
2. alter default accounts,
3. apply least privilege,
4. perform updates,
5. enable logging/auditing.

Question 13

How can you mitigate threats to the OS? 4 ways

Answer 13

Mitigate threats through OS hardening, anti-malware tools, firewalls, and intrusion detection systems.

Question 14

________ _________may have excessive permissions or standard/no passwords, posing security risks.

Answer 14

Default accounts

Question 15

Mitigate risks by disabling/removing unnecessary ________, renaming ______ accounts, and changing default _______.

Answer 15

accounts; admin; passwords

Question 16

Newly installed systems should be __________ before connecting to networks to prevent compromise.

Answer 16

patched

Question 17

Configure and enable appropriate ____________ to record important processes and activities.

Answer 17

Logging/auditing features

Question 18

Anti-malware tools use ______ and _______ to detect threats.

Answer 18

signatures; heuristics

Question 19

Anti-malware tools respond to threats by? 3 ways

Answer 19

killing processes, deleting/quarantining files, or leaving them alone.

Question 20

Anti-malware tools are installed on individual _____,_______ , and ____ _____

Answer 20

systems; servers; proxy servers.

Question 21

__________ _________ _________ prevents code execution in certain memory portions, mitigating buffer overflow attacks.

Answer 21

Executable space protection

Question 22

_________ _________ __________ _________ shifts memory contents to make tampering more difficult.

Answer 22

Address Space Layout Randomization (ASLR)

Question 23

_____________and ______________ add security layers to individual hosts.

Answer 23

Software firewalls ;host intrusion detection systems

Question 24

Host-based IDS analyze activities on or directed at a__________.

Answer 24

host’s network interface

Question 25

_________ _______________often have graphical interfaces and can be configured for automatic attacks

Answer 25

Exploit frameworks

Question 26

Popular exploit frameworks include (3).

Answer 26

Metasploit, Immunity CANVAS, and Core Impact.

Question 27

Centrally managed host IDS may have ______________issues during attacks.

Answer 27

communication

Question 28

________ ________ _____ can also assess host security.

Answer 28

Network security tools

Question 29

_________ ____________can detect open ports, service versions, and network information.
*

Answer 29

Scanning tools

Question 30

__________scripting Engine allows custom functionality and has extensive documentation.

Answer 30

Nmap

Question 31

_____ ____ _________ find and report known vulnerabilities in network services.

Answer 31

Vulnerability assessment tools

Question 32

__________: scanning tool with graphical interface for vulnerability assessment.

Answer 32

OpenVAS

Question 33

_______________take advantage of software flaws; security professionals use them to assess system security.

Answer 33

Exploits

Question 34

_____________ ____________ are collections of prepackaged exploits and tools for easier use.

Answer 34

Exploit frameworks

Question 35

____________ is used for port scanning, discovering devices, and searching for hosts on a network. It is an important tool to help identify and remove unessential services when hardening an opera

Answer 35

Nmap

Question 36

Wireshark is a __________ that is capable of __________ and ___________ traffic from both _____________ and __________ sources.

Answer 36

sniffer; intercepting; troubleshooting; wired and wireless

Question 37

________ are used to analyze activities on or directed at the network interface of a particular host.

Answer 37

HIDS - Host Based Intrusion detection system.