Security Architecture and Design Flashcards
Linux/Unix File Permissions (3)
- Read (r)
- Write (w)
- Execute (x)
NTFS Permissions (5)
- Read
- write
- Read & Execute
- Modify
- Full Control
*nix Privileged Programs
- setuid (set User ID) : Makes an executable run with the premissions of the file’s owner and NOT the running user.
- setgid (set Group ID): programs run iwth the permissions of the file’s group.
passwd
This *nix program runs as root allowing users to change their passwords.
Define “Virtualization”
Virtulization adds a software layer between an OS and the underlying computer hardware. This allows mulitple “guest” operating systems to run simultaneously one one physical “how” computer
Types of Virtualization (2)
- Transparent Virtualization (Full Virtualization) - Runs on stock OS (e.g. Windows, Ubuntu) as virtual guest. No changes to the OS are required.
- Paravirtualization - Requires changing the guest OS
Hypervisor
Virtualization Security - controls access between virtual guests and host hardware.
- Type 1 hypervisor (bare metal) - is part of an OS that runs directly on host hardware.
- Type 2 hypervisor - runs as an application on a normal OS.
VMEscape
The risk of virtualization escape - where an attacker exploits the host OS or a guest from aonther guest.
Many network-based security tools (e.g. NIDS) can be blinded by virtualization.
Three common Cloud Service levels
- Infrastructure as a Service (IaaS)
- Platorm as a Service (Paas)
- Software as a Service (SaaS)
Thin Client
Thin Client Applications
Thin clients are system which rely on central servers for OS, kernel, applications, etc. May be a diskless workstation
A Thin Client Application run a system with full OS but use a web browser as a universal client providing access to application downloaded from the thin client server. Typically use TCP port 80 (http) and 443 (https)
TEMPEST
NSA standards for shielding electromagnetic emanations from computer equipment
Buffer Overflow
These occur when a programmer fails to perform “bounds checking”. That is, if a given input excedes the prescribed length, then excess input may overwrite the memor buffer.
TOCTOU/Race Conditions
Time of Check, Time of Use attacks. An attacker attempts to alter a condition AFTER it has been checked by the OS but BEFORE it is used.
Backdoors
A shortcut in a system that allows a user to bypass security checks to log in. Attackers may install a backdoor after gaining access to a system.
A maintenance hook is a type of backdoor using by system designers and programmers during development.
Malware
Malicious Code
A generic term for any type of software that attacks an application or system. Includes viruses, worms, trojans and logic bombs