Basic Concepts Flashcards
The basics of OSS that you should know.
What are the three main components of the CIA Triad?
a) Control, Integrity, Availability
b) Confidentiality, Integrity, Accessibility
c) Confidentiality, Integrity, Availability
d) Control, Accessibility, Authentication
Answer:
c) Confidentiality, Integrity, Availability
Explanation:
The CIA Triad is a fundamental model in security, representing Confidentiality (secrecy, privacy), Integrity (only authorized modification), and Availability (authorized access).
Which of the following is an external security threat?
a) Unauthorized data modification
b) Viruses
c) Misuse of privileges
d) Unauthorized use of resources
Answer:
b) Viruses
Explanation:
Viruses are explicitly mentioned as an external security threat in the context of operating system security.
Which security mechanism uses encryption and authentication?
a) Protection
b) Security
c) Access Control
d) Intrusion Detection
Answer:
b) Security
Explanation:
The document states that security uses mechanisms like encryption and authentication.
What does protection primarily deal with in an operating system?
a) External threats
b) Unauthorized access
c) Access to system resources
d) Complex queries
Answer:
c) Access to system resources
Explanation:
Protection is defined as dealing with access to certain system resources.
Which of the following is considered a violation of availability?
a) Unauthorized reading of data
b) Unauthorized modification of data
c) Unauthorized destruction of data
d) Theft of service
Answer:
c) Unauthorized destruction of data
Explanation:
Unauthorized destruction of data is explicitly listed as a breach of availability, also known as a Denial of Service (DOS).
Which type of malware can replicate itself and consume system resources?
a) Trojan Horse
b) Virus
c) Worm
d) Trap Door
Answer:
c) Worm
Explanation:
A worm can destroy a system by using its resources to extreme levels, generating multiple copies and claiming all the resources.
What is the primary purpose of authentication?
a) To grant access to system resources
b) To identify users and verify their identity
c) To protect against external threats
d) To allocate system resources
Answer:
b) To identify users and verify their identity
Explanation:
Authentication deals with identifying each user in the system and ensuring they are who they claim to be.
Which authentication method uses a hardware device to create a secret key?
a) One Time Password
b) User Key/User Card
c) Secret Key
d) User Attribute Identification
Answer:
c) Secret Key
Explanation:
A hardware device can create a secret key related to the user ID for login.
What is a key security issue that OS design should address?
a) User-friendly interface
b) Fast processing speed
c) Preventing unauthorized privilege gain
d) Efficient memory management
Answer:
c) Preventing unauthorized privilege gain
Explanation:
A key security issue in OS design is to detect and prevent users and malware from gaining unauthorized privileges.
What type of intruder exploits a legitimate user’s account?
a) Misfeasor
b) Masquerader
c) Clandestine user
d) Malware
Answer:
b) Masquerader
Explanation:
A masquerader is an individual who is not authorized to use the computer and penetrates a system’s access controls to exploit a legitimate user’s account.
Which of the following is NOT a general means of authenticating a user’s identity?
a) Something the individual knows
b) Something the individual creates
c) Something the individual possesses
d) Something the individual is
Answer:
b) Something the individual creates
Explanation:
The four general means of authenticating a user’s identity are: something the individual knows, possesses, is (static biometrics), or does (dynamic biometrics).
What is the function of access controls?
a) To detect intrusions
b) To verify user identity
c) To implement a security policy specifying access rights
d) To encrypt data
Answer:
c) To implement a security policy specifying access rights
Explanation:
Access controls implement a security policy that specifies who or what may have access to each specific system resource and the type of access permitted.
What is an example of access control?
a) Intrusion Detection System
b) Firewall
c) Antivirus software
d) Encryption software
Answer:
b) Firewall
Explanation:
A firewall is given as an example of access control.
What is the purpose of an Intrusion Detection System (IDS)?
a) To prevent unauthorized access
b) To identify if an intrusion has occurred
c) To encrypt sensitive data
d) To authenticate users
Answer:
b) To identify if an intrusion has occurred
Explanation:
An IDS analyzes various system events to identify if an intrusion has occurred.
Which type of IDS monitors the characteristics of a single host?
a) Network-based IDS
b) Host-based IDS
c) Hybrid IDS
d) Distributed IDS
Answer:
b) Host-based IDS
Explanation:
Host-based IDS monitors the characteristics of a single host.
Which of the following is a logical component of an IDS?
a) Firewall
b) Sensor
c) Antivirus
d) Router
Answer:
b) Sensor
Explanation:
Sensors are responsible for collecting data, such as log files and system call traces, and are a logical component of an IDS.
What can an IDS detect?
a) Only human intrusion
b) Only malicious software intrusion
c) Both human and malicious software intrusion
d) Hardware failures
Answer:
c) Both human and malicious software intrusion
Explanation:
IDS can detect both human intrusion and malicious software intrusion.
Which security concept ensures that data is only modified by authorized parties?
a) Confidentiality
b) Integrity
c) Availability
d) Authentication
Answer:
b) Integrity
Explanation:
Integrity ensures that data is only modified by authorized parties and in authorized ways.
What is a denial-of-service (DoS) attack a violation of?
a) Confidentiality
b) Integrity
c) Availability
d) Authentication
Answer:
c) Availability
Explanation:
A Denial of Service (DoS) attack prevents legitimate use, which is a violation of availability.
Which countermeasure involves verifying the identity of a system entity?
a) Access Control
b) Intrusion Detection
c) Authentication
d) Firewall
Answer:
c) Authentication
Explanation:
Authentication is the process of verifying the identity that a system entity claims to be.
Define computer security.
Answer:
Computer security is preserving the integrity, availability, and confidentiality of information system resources.
What is confidentiality in the context of the CIA Triad?
Answer:
Confidentiality means that only those who are authorized to know can know (secrecy, privacy).
Explain the difference between protection and security in operating systems.
Answer:
Protection deals with access to system resources, handling simple queries and internal threats, and implements authorization mechanisms.
Security grants access to specific users, handles convoluted queries, and addresses external security threats using mechanisms like encryption and authentication.
List three common threats to protection and security.
Answer:
Virus, Trojan Horse, Worm
Describe what a Trojan Horse does.
Answer:
A Trojan Horse can secretly access the login details of a system, allowing a malicious user to enter the system and cause harm.
What is a worm and how does it affect a system?
Answer:
A worm can destroy a system by using its resources to extreme levels.
It generates multiple copies, claiming all resources and preventing other processes from accessing them.
Explain a Denial of Service (DoS) attack.
Answer:
DoS attacks prevent legitimate users from accessing a system by overwhelming it with requests, making it unable to function properly.
Name three methods of user authentication.
Answer:
Username/Password
User Key/User Card
User Attribute Identification
What is a one-time password?
Answer:
A one-time password is a password that can be generated exclusively for a login each time a user wants to enter the system and cannot be used more than once.
What are Operating System Security (OSS) policies?
Answer:
OS associates a set of privileges with each process.
Privileges dictate what resources the process may access, such as regions of memory, files, and privileged system instructions.
Privilege is assigned at configuration time.
What is the key security issue OS design should detect and prevent?
Answer:
OS design should detect and prevent users gaining unauthorized privileges (intruders) and malicious software gaining privileges (malware).
Define “Masquerader” in the context of intruders.
Answer:
An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account.
What is a “Misfeasor”?
Answer:
A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges.
What is the purpose of authentication’s verification step?
Answer:
The verification step involves presenting or generating authentication information that corroborates the binding between the entity and the identifier.
Name the four general means of authenticating a user’s identity.
Answer:
Something the individual knows,
something the individual possesses,
something the individual is (static biometrics),
something the individual does (dynamic biometrics).
What is the function of access controls in a system?
Answer:
Access controls implement a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.
How does a firewall act as a choke point?
Answer:
A firewall acts as a choke point by mediating between the user and the system.
What are the three logical components of an Intrusion Detection System (IDS)?
Answer:
Sensors, Analyzers, and User Interface.
What is the role of sensors in an IDS?
Answer:
Sensors are responsible for collecting data, e.g., log files, system call traces.
What types of intrusions can an IDS detect?
Answer:
Human Intrusion and Malicious Software Intrusion.
Discuss the CIA Triad and explain why each component is crucial for operating system security.
Answer:
The CIA Triad consists of Confidentiality, Integrity, and Availability.
Confidentiality ensures that information is accessible only to authorized users, protecting it from unauthorized disclosure.
Integrity guarantees that data is accurate and has not been tampered with, maintaining its reliability.
Availability ensures that authorized users can access the information and resources when needed, preventing disruptions.
All three components are crucial because they form the foundation of a secure operating system, protecting it from various threats and vulnerabilities.
Compare and contrast security and protection in operating systems.
Answer:
Security and protection are related but distinct concepts.
Protection deals with internal threats and access to system resources, focusing on authorization mechanisms and handling simple queries.
Security, on the other hand, addresses external threats and uses mechanisms like encryption and authentication to grant access to specific users and handle more complex queries.
Both are essential for a comprehensive security strategy, with protection forming the base layer and security adding additional safeguards against external attacks.
Explain the different types of security and protection violations, providing examples for each.
Answer:
The document outlines several types of security and protection violations:
1. Breach of Confidentiality: Unauthorized reading of data. Example: An attacker gaining access to a file containing sensitive user information.
2. Breach of Integrity: Unauthorized modification of data. Example: A virus altering financial records in a database.
3. Breach of Availability: Unauthorized destruction of data. Example: A Denial of Service (DoS) attack that shuts down a web server.
4. Theft of Service: Unauthorized use of resources. Example: Using a company’s computer network to mine cryptocurrency without authorization.
Describe the various types of malware and their potential impact on an operating system.
Answer:
The document mentions several types of malware:
1. Viruses: Small snippets of code that can corrupt files, destroy data, and crash systems. They can also replicate themselves.
2. Trojan Horses: Can secretly access login details, allowing attackers to wreak havoc on a system.
3. Trap Doors: Security breaches that can be exploited to harm data or files.
4. Worms: Can consume system resources by generating multiple copies, potentially shutting down a whole network.
5. Denial of Service (DoS): Attacks that overwhelm a system with requests, preventing legitimate users from accessing it.
Each type of malware poses a different threat, from data corruption to complete system shutdown.
Discuss the strengths and weaknesses of username/password authentication.
Answer:
Strengths: Username/password authentication is a widely used and relatively simple method. It’s easy to implement and understand.
Weaknesses: It can be vulnerable to attacks such as phishing, brute-force attacks, and social engineering. If a password is weak or compromised, the system’s security is at risk.
Explain how one-time passwords enhance security compared to static passwords.
Answer:
One-time passwords provide enhanced security because they are unique for each login and cannot be reused.
This significantly reduces the risk of password theft and replay attacks, where an attacker captures a password and uses it later.
Explain the concept of Operating System Security (OSS) policies and their importance.
Answer:
OSS policies involve the operating system associating a set of privileges with each process.
These privileges dictate what resources the process can access, such as memory regions, files, and system instructions.
These privileges are assigned during configuration.
The importance of OSS policies lies in their ability to define and enforce security boundaries within the system, preventing unauthorized access and protecting system integrity.
They are crucial for controlling the actions of both users and software, ensuring that they operate within defined limits.
Describe the different types of intruders and their methods of operation.
Answer:
The document identifies three types of intruders:
1. Masquerader: An unauthorized individual who penetrates a system’s access controls to exploit a legitimate user’s account. They operate by stealing credentials or finding vulnerabilities to bypass security measures.
2. Misfeasor: A legitimate user who accesses data, programs, or resources beyond their authorization or misuses their privileges. They operate from within the system, abusing their granted access.
3. Clandestine User: An individual who seizes supervisory control of the system to evade auditing and access controls. They operate by gaining high-level privileges to hide their activities.
Each type represents a different level of access and intent, posing unique challenges to security.
Discuss the two steps involved in the authentication process and explain their significance.
Answer:
The authentication process involves two key steps:
1. Identification Step: Presenting an identifier to the security system. This is where the user claims an identity (e.g., username).
2. Verification Step: Presenting or generating authentication information that corroborates the binding between the entity and the identifier. This is where the user proves they are who they claim to be (e.g., password, biometric).
The identification step establishes who the user claims to be, while the verification step confirms that claim. Both steps are essential to ensure that only authorized users gain access to the system.
Explain the four general means of authenticating a user’s identity, providing examples for each.
Answer:
The four general means are:
1. Something the individual knows: Information known only to the user, such as passwords or PINs.
2. Something the individual possesses: Physical items like smart cards or keys.
3. Something the individual is (static biometrics): Physical characteristics like fingerprints or retina scans.
4. Something the individual does (dynamic biometrics): Behavioral characteristics like voice patterns or typing speed.
Each method provides a different way to verify a user’s identity, with varying levels of security and convenience.
What are access controls, and why are they important in operating system security?
Answer:
Access controls implement a security policy that specifies who or what may have access to each specific system resource and the type of access permitted.
They mediate between users and the system, enforcing rules about who can access what and how.
Access controls are important because they are fundamental to enforcing security policies, preventing unauthorized access to sensitive data and critical system resources.
Explain the role of a firewall in access control.
Answer:
A firewall is an example of access control that acts as a choke point between networks.
It enforces a local security policy, determining which network traffic is allowed to pass through.
Firewalls are crucial for protecting internal networks from external threats by filtering and blocking unauthorized access attempts.
The document also states that a firewall is secure against attack.
What is an Intrusion Detection System (IDS), and how does it contribute to system security?
Answer:
An Intrusion Detection System (IDS) is a system that analyzes various system events to identify if an intrusion has occurred.
It contributes to system security by detecting malicious activity that may bypass other security measures.
By monitoring system behavior and identifying anomalies, an IDS provides an additional layer of defense, alerting administrators to potential security breaches.
Describe the difference between Host-based IDS and Network-based IDS.
Answer:
1. Host-based IDS: Monitors the characteristics of a single host, such as log files, system calls, and processes. It provides detailed information about activity on that specific machine.
2. Network-based IDS: Monitors network traffic for particular network patterns. It analyzes data flowing across the network to detect suspicious activity.
3. Host-based IDS focuses on individual systems, while network-based IDS focuses on network traffic.
Explain the three logical components of an IDS and their functions.
Answer:
The three logical components of an IDS are:
1. Sensors: Responsible for collecting data, such as log files and system call traces. They gather the raw information that the IDS analyzes.
2. Analyzers: Receive input from one or more sensors and analyze the data to detect intrusions. They process the collected data, looking for suspicious patterns or anomalies.
3. User Interface: Enables a user to view output and alerts from the IDS. It provides a way for administrators to interact with the IDS and respond to security events.
These components work together to collect, analyze, and report on potential intrusions.
Discuss the types of intrusions that an IDS can detect.
Answer:
An IDS can detect both human intrusion and malicious software intrusion.
This means it can identify unauthorized access by individuals as well as attacks by malware such as viruses, worms, and Trojans.
Elaborate on the importance of integrity in operating system security and provide examples of threats that can compromise it.
Answer:
Integrity is crucial in operating system security because it ensures that data and system resources are accurate and have not been tampered with.
It’s about maintaining the reliability and trustworthiness of information.
Threats that can compromise integrity include:
1. Unauthorized modification of data: For example, an attacker altering system files or database records.
2. Software bugs: Which can corrupt data or cause system errors.
3. Hardware failures: Which can lead to data corruption.
Maintaining integrity is essential for the correct functioning of the OS and the reliability of applications and data.
Explain the concept of availability in the context of operating system security and discuss the impact of denial-of-service attacks.
Answer:
Availability means that authorized users should be able to access information and resources when they need them.
It’s about ensuring that the system is operational and responsive.
Denial-of-service (DoS) attacks directly target availability by overwhelming a system with requests, making it unavailable to legitimate users.
The impact of DoS attacks can range from temporary inconvenience to complete disruption of services, causing significant damage to businesses and organizations.
Discuss the challenges in implementing effective operating system security and suggest potential strategies to address them.
Answer:
Challenges in implementing effective operating system security include:
1. Complexity: Operating systems are complex, with many components and potential vulnerabilities.
2. Evolving threats: Attackers constantly develop new techniques, requiring continuous adaptation.
3. User behavior: Human error and negligence can create security loopholes.
4. Resource constraints: Security measures can sometimes impact performance.
Strategies to address these challenges include:
1. Defense in depth: Employing multiple layers of security to increase resilience.
2. Regular updates and patching: To address known vulnerabilities.
3. Security awareness training: To educate users about best practices.
4. Automation: Using automated tools for monitoring and threat detection.
Imagine you are a system administrator.
Describe the steps you would take to secure a critical server, incorporating the concepts discussed in the document.
Answer:
As a system administrator, I would take the following steps to secure a critical server:
1. CIA Triad Implementation: Ensure confidentiality by encrypting sensitive data and using strong access controls, maintain integrity through regular backups and intrusion detection, and ensure availability with redundant systems and DoS protection.
2. Access Controls: Implement strict access controls using firewalls to filter network traffic and enforce the principle of least privilege, granting users only the necessary permissions.
3. Authentication: Enforce strong authentication methods, such as multi-factor authentication, to verify user identities.
4. Intrusion Detection: Deploy a robust Intrusion Detection System (IDS) to monitor system activity and detect any signs of intrusion, using both host-based and network-based IDS components.
5. Malware Protection: Install and regularly update antivirus and anti-malware software to protect against viruses, worms, and Trojans.
6. Regular Updates and Patching: Keep the operating system and all software up-to-date with the latest security patches to address vulnerabilities.
7. Security Audits: Conduct regular security audits and vulnerability assessments to identify and address potential weaknesses.
